The Supreme Court finally handed down judgment in Philipp v Barclays Bank UK Plc this week; a great relief for Banks but a set-back for those who have fallen victim to APP fraud. APP fraud is where customers are targeted and induced to make personal faster payments into an account held by the fraudsters. APP fraud is on the rise and the use of artificial intelligence or “number spoofing” whereby the victim is called from what appears to be the Banks telephone line is making APP fraud even harder to detect.

Philipp’s case was based on the well-known “Quincecare” duty, which established that Banks have a duty to halt payment instructions where they believe there is reasonable grounds that an agent is attempting to defraud its customer. In this case, Mrs Philipp had been induced by fraudsters to transfer £700,000 to bank accounts located in the UAE by way of two payments. Mrs Philipp claimed that the Bank was responsible for her losses as they owed her a duty under their contract and or under common law not to carry out her payment instructions due to there being reasonable grounds to believe the payments were fraudulent. The initial claim was issued in the High Court, where a ruling was made in favour of the Bank, although the Court of Appeal later allowed the claim to proceed on the basis that Banks were under a duty to make inquiries if they suspect fraud.

In handing down its Judgment, the Supreme Court overturned the decision of the Court of Appeal, explaining that where a customer has authorised a payment (and when Banks must act promptly in making the payment), there is no legal duty of care to reimburse customers. The court confirmed that its role was not to formulate policy on whether Banks should bear the loss caused by APP fraud or whether they should reimburse victims when they have been a victim of APP fraud.

It is not all doom and gloom for consumers however, as it is anticipated that new Payments Services Regulations are likely to come into force next year following a policy paper published in June 2023 by the Payment Systems Regulator. This will require reimbursement by payment service providers in “qualifying cases” of APP fraud, where (a) the case relates to a payment order executed over the Faster Payments Scheme, and (b) the payment order was executed subsequent to fraud or dishonesty. Currently, the Contingent Reimbursement Model (CRM) Code is in play and is designed to give victims a route to redress but there are only around ten Banks signed up to that Code. The new regulations should apply to all Payment Service Providers and Banks will need to ensure that they are actively preparing for the introduction of those new requirements.

Banks may also remain liable if they continue with transfers and do not make further inquiries where they have received information suggesting that the payment instruction is associated with a fraud. Banks must continue to take reasonable steps to promptly trace and recall payments if a customer instructs that they have been a victim of fraud.