Article

The Quincecare duty FAQs

Read Time
5 mins
Published Date
Feb 20 2023
Although the courts first recognised the so-called Quincecare duty over 30 years ago, it has generated significant litigation in the last few years. Following clarification of the law by the UK Supreme Court, we answer some of the questions most frequently asked about this duty.

What is the duty?

It is an application of the general duty owed by a bank to act in accordance with its customer's instructions. Where a bank has reasonable grounds for believing that a payment instruction given by an agent is an attempt to defraud the customer, this duty requires the bank to refrain from executing the instruction while it makes inquiries to confirm that the customer has authorised the instruction. Usually, the relevant agent would be a director or other senior office of the company. Where a bank has breached the duty, it will not be entitled to debit the payment to the customer's account.

Does it only apply where an agent of the customer instructs the relevant payment?

Yes. A recent UK Supreme Court judgment has confirmed that the application of the Quincecare duty is limited to scenarios where the customer's agent provides the payment instructions. The duty focuses on ensuring that the relevant instruction is authorised. In a commercial context, this will usually be a director or employee of a company authorised to sign on its behalf. Where the customer directly gives the payment instructions, the question of whether the payment is authorised does not arise. For this reason, the duty does not apply in authorised push payment (APP) fraud i.e., where a fraudster deceives the customer into authorising a payment from their account. 

Is the duty limited to corporate customers?

No, the duty is owed to all bank customers wherever one person is given authority to sign cheques or give other payment instructions to a bank on behalf of another. Only high-value payments are likely to justify the costs and risks of litigation, so most of the decisions relate to extremely high-value payments. Historically, many lower-value claims were made by the Financial Ombudsman Service. Over the last decade, the Ombudsman has determined several hundred cases that alleged a breach of the Quincecare duty.

Is the duty limited to retail customers?

No, the duty is owed to all bank customers, although many bank customers act directly rather than through agents. The most common agency scenario in a commercial context is that a company acts through its agents i.e. its directors and other senior officers.

Does it apply only to banks?

Although most cases alleging a breach of the Quincecare duty have been made against banks, the court has held it to be arguable that a payment service provider owed the duty, and future claims could be brought against electronic money institutions and payment institutions.

How many cases have found the bank liable in England for breach of the Quincecare duty?

One. It was only in 2019 that a bank was found liable for the first time.

Why does the duty exist?

The duty exists to ensure that a bank does not make a payment which the customer has not authorised. Where a bank makes a payment that the customer does not authorise, it acts outside its mandate (the terms on which it is authorised and has undertaken to carry out its customer's instructions to make payments) and cannot debit the customer's account.

How does the duty fit with a bank's contractual duty to comply promptly with authorised payment instructions from its customer?

It is part of establishing that the customer properly authorises the payment. While generally, a bank has to execute a customer's payment orders promptly to avoid a loss to the customer, the bank should not execute an order where there are reasonable grounds to believe that the order is an attempt to misappropriate customer funds. The authority conferred on an agent by a bank customer to give payment instructions on behalf of the customer does not include the authority to act dishonestly in pursuit of the agent's own interests. If there is no reason to believe this is the case, the bank should pay as instructed.

What guidance have the courts given when a bank is "put on inquiry"?

The following passages from the case that first established the duty put it best:

  • "When judging whether a bank has been put on inquiry, it is the external standard of the likely perception of an ordinary prudent banker that is the governing one."
  • "Everything will … depend on the particular facts of each case. Factors such as the standing of the corporate customer, the bank's knowledge of the signatory, the amount involved, the need for a prompt transfer, the presence of unusual features, and the scope and means for making reasonable inquiries may be relevant."
  • "[I]n the absence of telling indications to the contrary, a banker will usually approach a suggestion that a director of a corporate customer is trying to defraud the company with an initial reaction of instinctive disbelief…. [I]t is right to say that trust, not distrust, is also the basis of a bank's dealings with its customers. And full weight must be given to this consideration before one is entitled, in each case, to conclude that the banker had reasonable grounds for thinking that the order was part of a fraudulent scheme to defraud the company."

If a bank is "on inquiry", what should it do?

It should not make the payment and make inquiries to confirm whether the customer authorises the instruction. How to discharge that duty will be fact-specific. However, it might include asking other directors and officers of the company to confirm that the payment is authorised, what the payment is for, and who the recipient is. Depending on the responses received, the bank might need to ask for confirmatory evidence, e.g., an invoice/contract requiring the payment and confirming the payment account details.

Have the courts sought to limit the duty?

Yes, the courts have indicated that the duty is narrow and confined. The duty focuses on the bank's belief about the specific payment instruction, as contrasted with its knowledge of broader issues relating to the customer and its operations, such as money laundering and financial crime concerns (although these might give rise to separate reporting obligations). Unless the bank is on notice that the payment instruction in question is vitiated by fraud – i.e. that the payment instruction itself is an attempt to misappropriate the customer's funds – the duty does not arise.

Who must prove that there was fraud/misappropriation?

The customer. Establishing that funds have been misappropriated is the first and critical step in a case that a bank has breached its Quincecare duty, and the burden of proof sits with the customer alleging the breach of duty. This could be a significant hurdle in more complex commercial cases.

Does it apply only to current accounts?

No. In addition to current accounts, the duty has been applied to brokerage and depositary accounts.

To what extent can the bank rely on an agent's apparent authority?

It cannot rely on the doctrine where it is "on inquiry". The principle of apparent authority protects a bank which acts in reliance on a representation by a principal that an agent has the authority to bind the principal. However, this protection is only justified if reliance on that representation is reasonable. The apparent authority doctrine will not protect a bank with reason to believe that the agent is acting without authority and fails to make the inquiries that a reasonable person would have made in the circumstances to verify that the agent had authority.

Can the beneficial owners of an account bring a claim?

No. The duty is owed to the account holder only and does not extend to a third party who is not the bank's customer.

In claims by corporate customers, is it a defence that the director or officer authorising the payment was acting dishonestly?

No. The court has held that allowing this illegality defence would deprive the duty of any value in cases where it was most needed - where the instructions to pay out money to a third party were given by the person who the company had entrusted as a signatory to the bank account (i.e. the agent).

Can a claimant be held contributorily negligent?

Yes. A damages award for a breach of the Quincecare duty can be reduced under the Law Reform (Contributory Negligence) Act 1945 to reflect contributory negligence by the claimant.

Can you exclude liability for breach of the Quincecare duty in commercial contracts?

In principle, yes.

  • The courts have held a bank and its customer can agree expressly that the Quincecare duty will not arise and that the bank is entitled to pay out on instructions of the authorised signatory even if it suspected the payment was in furtherance of a fraud which that signatory was seeking to perpetrate on its customer. However, as with any exclusion clause, clear wording is required if the clause is to be construed as removing this protection. The courts have recognised that a party is unlikely to have agreed to give up a valuable right that it would otherwise have had without clear words.
  • Indeed, more general words have been held not to exclude the Quincecare duty. The words "[the Bank] shall be under no duty to enquire into or investigate the validity, accuracy or content of any instruction or communication" were held to be consistent with the duty rather than exclude it, as the clause read in context was not concerned with circumstances where an individual authorised by the customer gave a genuine (albeit fraudulent) instruction.
  • Likewise, a bank could, in principle, agree to an indemnity from its customer covering a breach of the Quincecare duty. However, it would require "very clear words" to establish that was the intended effect of the indemnity given the duty is specifically aimed at protecting the customer from fraud.
  • In addition to the clarity of any exclusion clause, other considerations will apply when an institution seeks to exclude liability for breach of this duty in its dealings with less sophisticated customers. Consideration will need to be given as to whether any clause is contrary to the statutory and regulatory protection afforded to customers, particularly the provisions of the Unfair Contract Terms Act 1977, the Consumer Rights Act 2015, and the Payment Service Regulations, as well as the FCA's conduct rules and its new consumer duty.

Have regulators sought to address fraudulent payments?

Yes. The Payments Systems Regulator (PSR) has announced regulatory changes to address APP cases with a stated intention of incentivising banks to identify and prevent fraud. The Financial Services and Markets Act 2023 provides a framework for all in-scope banks (including high-street banks, building societies and smaller payment service providers (PSPs) to reimburse victims of APP fraud in qualifying cases. The framework will come into force from 7 October 2024.

This framework is focused on domestic payments only and has a financial limit of GBP415,000, and will only compensate consumers, smaller charities, and micro-enterprises. Larger businesses will not be eligible for compensation. While this will not capture all cases of APP fraud, the PSR estimates that the financial limit would result in 99.8% of eligible victims being compensated in full. It provides for a 50:50 allocation of compensation costs between the sending and receiving PSPs, including where the receiving PSP provides an account to a larger business customer who would not (were it the victim) be eligible for compensation. This represents a significant development in the statutory and regulatory response to APP fraud.

The PSR, FCA and Bank of England propose to introduce comparable protections concerning payments settled over CHAPS, although again this will not cater for international payments. Many of the significant cases in this area have involved high-value international payments.

What is the likely future battleground for the Quincecare duty?

It is likely to be around the so-called "retrieval duty". This is the question of whether a bank has a duty after the fraud has been discovered to take adequate steps to recover the money. This was left open by the UK Supreme Court because it did not have the facts to decide the issue. We expect the courts will continue to develop further guidance in future cases on whether this is a proper basis for liability.

Another area for more recent claims has been attempts to recover fraudulent payments from the recipient bank/PSP (as opposed to the paying bank/payment provider, which is the focus of the Quincecare duty).

Related capabilities