Do Banks & Payment Service Providers Owe a ‘Retrieval Duty’ in Authorised Push Payment (APP) Fraud Cases?

APP fraud is a type of scam where an individual or corporate victim is misled to make payment transfers to the fraudster, typically via social engineering. Can victims sue their bank or payment service providers (PSPs) where they suffered APP fraud?

Historically, the Quincecare duty (Barclays Bank Plc v Quincecare Ltd [1992] UKHC), required banks to refrain from executing payment instructions if they had reasonable grounds to suspect fraud. However, this duty has been limited to cases where an agent, rather than the customer itself, gave the instructions. The UKSC in Philipp v Barclays Bank UK PLC [2023] reaffirmed this limitation, rejecting the extension of the Quincecare duty to situations where the customer themselves authorised the payment.

This means that the Quincecare duty may be engaged if a customer’s representative instructs a PSP to transfer funds and the PSP has reason to believe it is due to fraud. Yet, if a customer herself makes the instruction, the duty may not arise.

C.f. Inter-Pacific Petroleum Pte Ltd (in liquidation) v Goh Jin Hian [2024] SGHC 178 affirming the Quincecare duty’s application in Singapore along the lines of agency principles, rationalising the SGCA decision of Hsu Ann Mei Amy v Oversea-Chinese Banking Corp Ltd [2011] 2 SLR 178 (which Lord Legatt discussed in Philipp).

However, a recent English HC decision has considered the possibility of banks and PSPs having a ‘retrieval duty’ to take reasonable steps to trace and recover funds that have been fraudulently transferred (CCP Graduate School Ltd v National Westminster Bank Plc [2024]), something commented on in Philipp but not examined in detail.

Here, the Court noted that a bank which is on notice of fraud could offer an indemnity to the receiving bank against liability which they might incur to its customer when freezing further transfers or payment. Such a chain of indemnities thus makes the retrieval duty workable as such. Presumably, it cannot be fathomable that a receiving bank which has been put on notice that its own customer is a fraudster is nonetheless obliged to pay out monies to the customer.

Thus, the development of this ‘retrieval duty’ may be a new string to the bow for fraud victims, although the law is nascent and in flux.

PSPs, including banks, payment account / e-money wallet operators, and digital asset exchanges and service providers, must implement robust fraud detection and prevention, and asset recovery, mechanisms. It also highlights the need for PSPs to have policies and procedures to address potential retrieval duties, ensuring that they can effectively respond to APP fraud.

The potential establishment of a retrieval duty could provide a new avenue for victims of APP fraud to seek redress and recover their losses. Case law and judicial discussion in Singapore on this is sparse, ripe for legal development.

#FinancialFraud #APPFraud #LegalUpdate #BankingLaw #QuincecareDuty #RetrievalDuty #FraudPrevention 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.