BANKING FRAUD: DO BANKS HAVE A DUTY TO SAFEGUARD CUSTOMER ACCOUNTS
Fraudsters take advantage of security loopholes in digital platforms, used by the financial services sector. Recent reports of banking fraud have exposed the tremendous risks borne by depositors and banks arising from complex schemes by fraudsters who exploit the weaknesses of financial systems.
In many cases consumers of financial services are left to bear the burden as they cannot explain how the fraudsters acquired their ATM Cards or credentials such as user names and passwords.
Equally banks’ face exposure to lawsuits in situations where dodgy employees conspire with fraudsters to circumvent financial systems security. Some common types of banking fraud include:
- Identity Theft/Impersonation
- QR Code Scanning
- Use of unverified mobile applications
- Use of phishing websites
- ATM Card skimming
- Remote access using screen sharing apps
SIM SWAP/CLONING
Banks Duty of Care
The relationship between a bank and its customer is primarily regulated by the laws of contract. These are contained in the terms and conditions customers sign on to when opening a bank account. However, banks have a common law duty of care, to ensure customers funds/transactions are kept in a safe financial system and are protected from fraudsters. This duty is known as the Quincecare Duty.
The Quincecare Duty
The Quincecare Duty was first established in 1992, in Barclays Bank plc v Quincecare Ltd (1992) 4 All E.R 363. The Court held that the relationship between a bank and its customer was that of Agent and Principal. Accordingly, the bank owed fiduciary duties to its customer. Consequently, “it was an implied term of the contract between the bank and the customer that the bank would observe reasonable skill and care” when executing the customer’s instructions.
It was further held that a bank would breach this implied term if it:
- Executed the customer’s instructions knowing that those instructions were dishonestly given, or shut its eyes to the obvious fact that the customer’s instructions were being dishonestly given.
- Acted recklessly in failing to make those inquiries into the customer’s instructions that an honest and reasonable person would make.
- Executed the customer’s instructions whilst it had reasonable grounds for believing that the instructions were an attempt to misappropriate funds.
Scope of Quincecare Duty
The Quincecare duty protects a bank’s customer from the misappropriation of funds by a trusted agent of the customer who is authorized to withdraw its money from the account.
The Quincecare duty is subordinate to the bank’s contractual duty to act upon a valid instruction (whether the payment of cheques, acting on oral/written instructions to transfer monies, or automated bank payment methods). The Quincecare duty is both ancillary and subject to that primary duty.
The operative standard of the ordinary prudent banker enables a claimant customer to hold a defendant bank to objective (or industry) standards of honesty; it is not a test based on subjective dishonesty or “lack of probity” on the bank’s part
Application of the duty
In Singularis Holdings Ltd (In Official Liquidation) (A Company Incorporated in the Cayman Islands) v Daiwa Capital Markets Europe Ltd the Court held that Daiwa Capital Markets Europe Ltd (Daiwa), had acted in breach of its Quincecare Duty to Singularis Holdings Ltd (SH), by executing payment instructions approved by the sole shareholder of SH, Mr Al Sanea. This was because there was no proper basis for the payments to be made. Pursuant to the instructions, Daiwa had paid USD 204,500,000 out of the account held by SH.
The Court found that Daiwa had negligently acted in breach of its Quincecare Duty by giving effect to the payment instructions because there was no proper basis for those payments to be made. In summary, the Court held that “any reasonable banker would have realised that there were “many obvious, even glaring, signs that Mr Al Sanea was perpetrating a fraud on the company.”
NB: Singularis is the first example of damages being awarded for a breach of the Quincecare Duty. It is likely that similar claims against may arise in future.
Can Quincecare duty be excluded by contract?
In JP Morgan Chase Bank N.A. v The Federal Republic of Nigeria (Morgan Chase), the Federal Republic of Nigeria (Nigeria) brought a claim against JP Morgan Chase Bank N.A. (the Bank) on the grounds that the Bank had acted in breach of its Quincecare Duty by executing payment instructions pursuant to which USD 875,740,000 was paid out in three tranches. The Bank applied for summary judgment on the basis that Nigeria’s claim had no realistic prospect of success. This was because the contract governing the relationship between the parties had expressly excluded and/or negated the effect of the Quincecare Duty. The Bank’s application for summary judgment was defeated.
This decision indicates that it is possible for a bank and its customer to agree to exclude the Quincecare Duty – but anything less than express reference to its exclusion will not suffice.
In Phillip Vs Barclays Bank plc (2022) EWCA Civ 318 , the court examined the scope of Quincecare Duty as it relates to banks, corporate and individual customers. Mrs Phillips was a victim of fraudsters who tricked her into transferring 700,000/= pounds to bank accounts in the United Arab Emirates. She filed suit against Barclays on the basis that the bank had a duty of care to detect, prevent, reverse fraudulent transactions. It was her argument that the ordinary prudent banker would have flagged the transactions as suspicious.
In this case, the English Court held that the Quincecare Duty applies to Individual customers in equal measure provided that the circumstances are such that the bank is aware that executing the instructions would result in the customers funds being misappropriated.
While the Quincecare Duty has not received the attention of the Kenyan Courts, it has been held that banks have a fiduciary duty to safeguard customers accounts, especially where there are suspicious transactions.
In Akiba Bank Limited v Liteline Enterprises Limites Civil Appeal No.606 of 2015
In this case the Bank was found to be in breach of its Quincecare Duty because of its failure to make relevant inquiries towards the withdrawal of Kshs. 2, 669, 000/= from an account by way of cheque on numerous occasions from an employee of the respondent who was not a signatory to that account.
Summary
Banks need to adopt internal policies to safeguard customer’s deposits and transactions.
The Quincecare Duty imposes a duty of care on banks vis their customers. This duty can only be excluded by express contractual provisions.
The Quincecare duty applies to both corporate and individual customer instructions.
The standard of care required by banks is that of an ordinary prudent banker in investigating and flagging suspicious transactions.
Bank customers who are victims of fraud should report the theft as soon as possible and ensure they obtain all the necessary documentation.