Govan Law Centre considers how this week’s UKSC decision in Philipp v. Barclays Bank UK plc impacts on retail banking fraud redress by the Financial Ombudsman Service and suggests this may be off-set by the new FCA Consumer Duty.
The Financial Conduct Authority’s (FCA) rules on unauthorised bank transactions are clear: if you haven’t authorised a payment, the bank should refund the money – so long as you haven’t acted fraudulently, or with intent or “gross negligence”.
The Financial Ombudsman Service (FOS) – the UK independent statutory body that deals with financial complaints – take the view that “gross negligence” is a suitably high bar that goes well beyond ordinary carelessness.
For payments that customers have authorised themselves, the general rule is that banks won’t be liable for losses, even when it’s the result of a scam. However, the legal position is complex and it may be possible to obtain redress through the FOS in certain circumstances, as we discuss below.
Many banking fraud cases in the UK take place through “authorised push payment” fraud (APP). UK Finance advise there were 207,372 incidents of APP fraud in 2022 with losses of £485.2 million. APP fraud is where consumers are scammed into transferring money from their account to another person’s account and authorise the fraud by consenting to the payment – such as via their mobile banking app or online banking website.
Most banks will give you warnings when you set up a new recipient to pay through online banking and they will also check the recipient’s name matches up to the account number and sort code. That said, it remains your responsibility to check whether the payment should be made – is it due or is it a sensible transaction to authorise?
For APP fraud it is important to appreciate that contract and common law doesn’t provide any easy solutions for consumers. This week, the UK Supreme Court held that a bank was not liable where its retail customer instructed it to make a payment to a fraudster. In Philipp v Barclays Bank UK plc [2023] UKSC 25, Mrs Philipp and her husband were victims of APP.
The Philipps were duped into instructing their bank to transfer £700,000 from Mrs Philipp’s current account to accounts abroad where their money was stolen.
In Philipp, the UK Supreme Court held there was no reasonable duty of care on a bank not to carry out a customer’s payment instruction where there were reasonable grounds for believing a consumer was being defrauded.
This was distinct to where a bank was acting on a customer’s agent’s instruction: in Barclays Bank plc v Quincecare Ltd [1992] 4 All ER 363, the court found a bank should not execute a payment instruction from a customer’s agent where it reasonably believed the instruction was fraudulent.
The essence of the decision in Phillip is that contract and common law will be of no assistance where a consumer instructs his or her bank to make an online banking payment to a fraudster, however, there might be some possible routes for alternative redress through regulatory rules and guidance.
Having regard to the various banking industry codes and guidance – particularly in relation to vulnerable consumers – means the FOS may consider there are circumstances where a bank should, fairly and reasonably take additional steps, or make additional checks, before processing a payment, or in some cases decline to make a payment altogether, to help protect customers from the possibility of financial harm.
That said from Govan Law Centre’s summary analysis of APP decisions, it is clear that the FOS has considered the Quincecare duty extends to APP instructions made directly by customers. For example, a typical FOS redress decision will generally say: “The law recognises that a bank may be liable to its customer if it makes a payment in circumstances where it has reasonable grounds (although not necessarily proof) for believing that the payment instruction was an attempt to misappropriate the funds of its customer (known as ‘the Quincecare duty’)”.
Clearly, that general statement of the law by the FOS is no longer competent or correct standing the UKSC’s decision in Philipp v Barclays Bank UK plc [2023] UKSC 25. However, might the loss of reference to the Quincecare duty this month for retail APP fraud be made up by the impact of the new FCA Consumer Duty?
The FCA’s Consumer Duty rules come into force on 31 July 2023 (for financial products or services that are open for sale or renewal). One of the core rules that forms part of the Consumer Duty is the cross-cutting rule that “a firm must avoid causing foreseeable harm to retail customers” (PRIN 2A.2.8).
The FCA’s finalised guidance (FG 22/5) states that an example of foreseeable harm includes: “consumers becoming victims to scams relating to their financial products for example, due to a firm’s inadequate systems to detect/prevent scams or inadequate processes to design, test, tailor and monitor the effectiveness of scam warning messages presented to customers” (see para 5.23 of FG22/5).
Accordingly, banks must provide adequate warnings to their customers about the threat of APP scams; it may well be that FOS redress will in future turn on the sufficiency and effectiveness of those warning systems, particularly in relation to vulnerable consumers.
If you believe you have made a banking payment to a fraudster contact your bank immediately and let them know. Ask if they can recall the payment. If they cannot or will not refund you, consider your scope to complain to your bank and ultimately the FOS where appropriate. You may be able to obtain free advice from a local law centre or advice agency.
