Office: +501-223-353 WhatsApp: +501-621-9902
In today’s digital era, consumers, and banking service providers are more susceptible to fraud and cyber-attacks than ever before. Even with the best due diligence mechanisms, KYC protocols and call back verifications, there may still be instances where fraudsters take advantage of the vulnerabilities of banking service providers or the consumer.
A 2024 State of Fraud Benchmark Report published by Alloy, a company specializing in risk identification for financial service providers, revealed that nearly 60% of banks, fintechs, and credit unions suffered over USD $500,000.00 in direct fraud losses in 2023. Globally, the most common types of fraud include Authorized Push Payment (APP) fraud, bust-out fraud, and account takeover fraud.
Despite agreements between banks and their customers attempting to exclude liability for fraud, a bank at common law still owes a Quincecare duty to its customers. This duty requires banks to refrain from executing a customer’s payment instructions if they have reasonable grounds to believe the transaction is an attempt to misappropriate funds.
Understanding the Quincecare Duty
The duty originates from the English case of Barclays Bank plc v Quincecare Ltd [1992], which established that the relationship between a bank and its customer is generally that of debtor and creditor. However, when processing a customer’s payment instructions, the bank also acts as the customer’s agent and, therefore, owes fiduciary duties. The court emphasized that banks must exercise reasonable skill and care in executing customer instructions and should not act on directions if put on notice of potential fraud.
In that case, the court remarked that the circumstances of the transaction were “worth a call,” highlighting that simple, prudent measures might prevent large-scale financial loss. While this duty may appear burdensome, it is crucial in protecting customers from internal and external fraud.
Limits of the Duty: Philipp v Barclays Bank
Whether this duty places a heavy burden on banks is a question worth considering. However, in cases like Philipp v Barclays Bank [2023] UKSC, where the Appellants lost their entire life savings in push fraud owing to the bank processing an order instructed by their clients who were being defrauded, the duty requires banks to be scrupulous with each transaction.
In Philipp v Barclays Bank Mrs. Philipp scammed into transferring £700,000.00 to fraudsters. issue which concerned the court was whether the bank owed a Quincecare duty to an individual customer.
The UK Supreme Court held that the Quincecare duty is not a standalone duty; rather, banks’ obligation is grounded in their contractual and tortious duties to act with reasonable care. This case clarified that banks do not have a positive duty to prevent a customer from making a mistaken decision, unless acting through an agent.
The court criticized the duty on two grounds. First, it noted that a bank’s duty of care may potentially conflict with its duty to execute its customer’s payment instructions. Secondly, the court observed that the approach adopted in the decision in Quincecare effectively imposes obligations on banks and their customers, regardless of whether they would have chosen those obligations themselves.
The duty to combat fraud or protect consumers against fraud is not ordinarily implied in the contractual relationship between a bank and its customer. Nevertheless, despite these concerns, the Quincecare principle remains binding law and continues to be the subject of ongoing debate among scholars, jurists, and banking professionals.
Regional Application: Caye International Bank v Rosemore
The Caribbean Court of Justice (CCJ) addressed the Quincecare duty in Caye International Bank v Rosemore [2023] CCJ 4 (AJ) BZ.
In that case, the bank facilitated a transfer of funds based on instructions that were allegedly fraudulent, sent by individuals purporting to be the bank’s customer. The court considered whether the Quincecare duty applied in circumstances where a fraudster, without the customer’s authority, sent an email with an attached wire transfer request to the bank, appearing to originate from the customer.
The court recognized that in the current internet banking environment, banks are already implementing enhanced security systems and authentication methodologies. Therefore, applying the Quincecare duty to online banking cannot be said to impose an unduly onerous standard on banks. The court affirmed that the duty is part of the prevailing law in Belize.
Importantly, the bank did not provide any evidence of the measures it took after being put on inquiry about the possibility of fraud. The court held that, in the circumstances of the case, the bank should have exercised greater care in the verification process—such as by performing a call back verification or sending an email to the client’s registered address.
The court found that the bank breached its Quincecare duty and ordered that the bank return the sum of money that had been fraudulently transferred.
Why Should Banks Care? Practical Implications
A bank’s client base spans individuals of modest means to high-net-worth customers and corporate entities. Regardless of status, banks are entrusted with safeguarding their customers’ financial well-being. The Quincecare duty reinforces this obligation.
Trust is foundational to banking relationships. With banking now largely digital, breaches in trust can significantly damage customer confidence. The rise of cryptocurrencies, marketed as more secure alternatives, only heightens the pressure on traditional banks to maintain strong ethical and security standards.
Reputational risk is another key concern. Neglecting simple safeguards such as updated customer records or matching email addresses for verification can expose banks to costly legal action and public scrutiny. Litigation over fraud is both expensive and damaging to a bank’s brand.
Regulatory compliance is also a compelling reason for banks to be diligent. In 2013, the Caribbean Financial Action Task Force (CFATF) identified Belize and Guyana as having significant AML/CFT deficiencies. Belize has since implemented legislation and systems to strengthen its banking sector and reduce its international risk profile. Maintaining strong compliance frameworks, including adherence to the Quincecare duty, supports these national efforts and helps banks avoid regulatory sanctions.
A Call to Diligence
The Quincecare duty reflects more than just a legal obligation; it is a standard of care that calls for diligence, ethical conduct, and a proactive stance against fraud. In fulfilling this duty, banks not only protect their clients but also themselves—preserving trust, maintaining regulatory standing, and mitigating financial and reputational risks.
To meet this standard, banks must routinely review internal procedures, upgrade systems, and ensure that employees are well-trained to recognize red flags. As financial crime grows more sophisticated, so too must the banking industry’s efforts to combat it.
Immanuel P.O. Williams is an Associate at Glenn D. Godfrey & Co. LLP. You can reach him at immanuel@godfreylaw.net or visit godfreylaw.bz. This article is for general information and not legal advice.