Authorised Push Payment (“APP”) fraud and the Quincecare duty Court of Appeal, 14 March 2022

Authorised Push Payment (“APP”) fraud and the Quincecare duty Court of Appeal, 14 March 2022

15 Mar, 2022

Summary

In an important judgment handed down by the Court of Appeal (the Chancellor, Coulson and Birss LJJ) on 14 March 2022, and reported under neutral citation [2022] EWCA Civ 318, the appellant customer’s appeal was allowed, and it was held that: (1) the Quincecare duty, requiring a bank to refrain from acting on a payment instruction if, and for as long as, it was put on inquiry by having reasonable grounds for believing that the instruction was an attempt to misappropriate funds, does not depend on the fact that the bank is instructed by an agent of the customer of the bank, and thus is capable in principle of applying where monies are lost due to an authorised push payment (“APP”) fraud; and (2) the question of whether or not such a duty in fact arose on the facts of the case was a matter for trial. In the judgment of Birss LJ (with whom the Chancellor and Coulson LJ concurred) the reasoning underlying the Quincecare duty was considered, and it was concluded that it was not restricted simply to cases of misuse of authority by an agent, and so could in principle apply to APP fraud.

APP fraud

As noted by Birss LJ in paragraph 1 of his judgment, “When the customer of a bank is a victim of APP fraud, they have been deceived by a fraudster to instruct their bank to transfer money from their account into an account controlled by the fraudster. It is called a “push” payment as a contrast with “pull” payments. A push payment occurs when the customer instructs the bank to pay money to someone else, whereas with a pull payment, the receiving party instructs the bank to transfer the money from the payer’s account (e.g. by direct debit). APP fraud is referred to as “authorised” because, from the bank’s point of view, the payment is authorised by the customer.”

The customer under consideration in the case was a victim of APP fraud, having been induced to transfer £700,000 (in two payments) to a bank in the UAE in March 2018. They did so under the mistaken belief that by doing so they were transferring funds to a safe account, and assisting the National Crime Agency and the Financial Conduct Authority.

The duty issue

The question arising on appeal was whether or not a bank owed a duty of care to its customer in those circumstances, having regard to the fact that the customer had authorised the payment. The bank contended that if the customer had authorised the payment it was required to make the payment and no duty of care, at common law, was owed to protect the customer. The judge at first instance accepted that argument and concluded that the Quincecare duty was restricted to cases involving misuse of authority by an agent against their principal. It could not therefore apply to APP fraud.

The Court of Appeal disagreed. It noted that in Singularis Holdings v Daiwa Capital Markets [2019] UKSC 50 Lady Hale summarised the decision and duty in Quincecare at paragraph [1], to refrain from executing an order to make payment, if and for so long as it was put on inquiry by the existence of “reasonable grounds for believing that the order was an attempt to misappropriate funds”. It noted that this summary was capable of applying whether or not the attempted misappropriation was by an agent or a third party.  It was noted that whilst the case law in which the Quincecare duty was developed and/or established arose in the context of cases of the bank being on notice of fraud being committed by company agents, the principle was not limited to agency, or “insider” fraud cases. The court found that the reasoning of the cases indicated that the duty was a duty to protect the customer from being a victim of fraud, and which could apply on a wider basis, including where the customer was mistakenly induced to make a payment as a result of being induced to authorise a payment by a fraudster. The reasoning, properly understood, involved asking and answering three questions or issues. The first was to identify the relationship as being one of agency: the bank is the agent for the customer, and as such owes duties of care in and about the services it undertakes for the customer. The second was to ask whether a bank should be required to refrain from making a payment if it knew that the instruction involved an attempt to misappropriate funds of the customer. The obvious answer to this was it should. The third question was what lesser state of knowledge would put the bank under a legal obligation to refrain from making a payment. The answer was if the circumstances were such that an ordinary prudent banker would be “on inquiry”. The court noted that none of that reasoning in the Quincecare line of cases depended on the fraud in question being limited to fraud by an agent of the customer.

The court also rejected the notion that the duty would be unworkable, since a duty to refrain from making a payment, and make further inquiry, would only arise if the bank had reasonable grounds, assessed by reference to the conduct of the ordinary prudent banker, for believing that the order was an attempt to misappropriate the funds of the customer.

The duty of care contended for on behalf of the customer was found to be one established by the application of established principles of law. It was stated that the Quincecare duty itself is one aspect of the bank’s overall duty to exercise reasonable skill and care in the services it provides.

At [78] Birss LJ summarised the relevant conclusions on the appeal as follows:

I would allow the appeal. I express my conclusions in two parts. I hold that as a matter of law the duty of care identified in Quincecare, which is a duty on a bank to make inquiries and refrain from acting on a payment instruction in the meantime, does not depend on the fact that the bank is instructed by an agent of the customer of the bank. That is the only legal conclusion necessary to resolve this appeal. It follows from it  that it is, therefore, at least possible in principle that a relevant duty of care could arise in the case of a customer instructing their bank to make a payment when that customer is the victim of APP fraud. The second part of my conclusions is that the right occasion on which to decide whether such a duty in fact arises in this case is at trial. Summary judgment in favour of the respondent bank was wrongly entered and should be set aside.”

Comment

The judgment will come as welcome news to the many victims of APP fraud, including those who are induced, by fraud, to make international transfers to fraudsters’ accounts abroad.  Those international payments fall outside voluntary industry reimbursement schemes (such as the Contingent Reimbursement Model code, which was brought into force in 2019). It will also come as a relief to those who are unable to receive full compensation under a complaint to the Financial Services Ombudsman as it opens up the possibility of seeking full compensation from the courts on the application of common law principles.

Hugh Sims QC, of Guildhall Chambers, acted for the appellant, instructed by Squire Biggs Law Limited. The judgment can be found at https://www.bailii.org/ew/cases/EWCA/Civ/2022/318.html.


Related profiles:
Hugh Sims QC


Subscribe To News Updates

To be kept up to date with our news and events please email us, including your name, company (if appropriate), and email address.