The Quincecare Duty And Its Implications In The Fintech Era

Businesses and individual consumers are continuing to pivot from traditional banks to financial technology (“Fintech”) service offerings because of the accorded convenience, speed, accessibility, and (sometimes) reduced cost. Because the law has had its time with traditional banks, there have been a plethora of express and implied duties imposed on these banks by regulators. While Fintechs are not entirely without regulation, traditional banks have naturally been subject to longer, and stricter, regimes including certain implied duties imposed on banks on behalf of the Customer. One of such duties is the Quincecare Duty.

While the Quincecare duty originally applied to traditional banks alone, it has acquired renewed relevance in an era where traditional banks serve as the underlying infrastructure (and mostly the custodian of customers’ funds) on which fintech transactions flow. This article examines the Quincecare duty and its application within the stacked financial structure of Fintech operations.

What is Quincecare?

The Quincecare duty derives its name from the English case of Barclays Bank v Quincecare Ltd¹. It is a duty that requires that a bank pause (and ultimately refuse) to execute a payment instruction where there are reasonable grounds to suspect that the instruction is fraudulent.

In its parent case, Barclays Bank plc v Quincecare Ltd, Barclays Bank provided a £400,000 loan to Quincecare ltd. for the purchase of some shops, The loan was paid by Barclays Bank into the client account of one Mr Bairstow, who was both Quincecare's solicitor and a director. Instead of using the funds for an intended property purchase on behalf of Quincecare, Mr. Bairstow misappropriated £340,000 for personal use. When Barclays sued for repayment, Quincecare counterclaimed in negligence, arguing the bank should not have released the funds on Mr Bairstow's instructions. The court established the Quincecare duty, ruling that a bank must pause or refuse to execute a payment instruction if it has reasonable grounds to believe the order is an attempt to misappropriate funds even where the instruction comes from an authorised signatory like a director. On the facts, however, Barclays was found not to have breached this duty, as nothing at the time ought to have raised suspicion.

The Quincecare duty does not apply in cases where the Customer authorized the dispersion of the funds, even if there were reasonable grounds to suspect that the recipient was perpetrating fraud. In Philipp v Barclays Bank UK PLC² , the Supreme Court of the United Kingdom affirmed the decision of the High court in holding that the Quincecare duty did not extend to protecting customers from authorised push payment (APP) fraud. Here, the respondent, Philipp, sought compensation from Barclays Bank after losing £700,000 due to an authorised push payment (“APP”) fraud in 2018. Philipp and their spouse were deceived by fraudsters into believing they were assisting a Financial Conduct Authority (FCA) and National Crime Agency (NCA) investigation. They were persuaded to, and eventually transferred their life savings to safe accounts in the United Arab Emirates. These transfers and arrangements were made in person at their bank, the Barclays Bank, and the bank, fully cognizant of the facts, executed the transfers. Notably, the Supreme Court held that a bank's duty to comply with its duty to the customer (carrying out the customer’s instructions promptly) is strict.

The duty found more expression in Singularis Holdings Ltd v Daiwa Capital Markets Europe Ltd³, as it was expanded to offer protection to entities when the fraudulent threat came from their own shareholders. In the Singularis case, Daiwa held surplus cash of around $204 million for Singularis, a company set up to manage the personal assets of Saudi businessman Mr. Al Sanea. On Al Sanea’s instructions, Daiwa made payments totalling $204,500,000 to his business group, leaving Singularis unable to meet its creditors’ demands. Singularis’ liquidators brought a claim against Daiwa for breach of the Quincecare duty, with the central question being whether Singularis’ claim could be defeated on the basis that Mr Al Sanea, as chairman and sole shareholder of Singularis, could have his fraudulent act of diverting the funds attributed to Singularis. The court of first instance found against Daiwa. 

Daiwa’s appeal⁴ was unanimously dismissed, with the holding that Mr Al Sanea’s fraud could not be held to be Singularis’ act, as there is no principle of law that the fraudulent conduct of a director is automatically attributed to a company simply because it is a one-man company. The Court further affirmed that the purpose of the Quincecare duty is to protect customers from misappropriation of their funds, and that a bank cannot escape liability by relying on the very act that triggered its duty in the first place. Notably, in dismissing Daiwa’s further appeal, the Supreme Court⁵ of the United Kingdom held that the purpose of the Quincecare duty extends to protecting a bank’s customers from harm caused by those for whom the customer is, one way or another, responsible.

Hamblin & Anor v Moorwand Ltd and RND Global Ltd⁶ offers one of the most direct judicial pronouncements on the application of the Quincecare duty to Fintechs. In Hamblin, the Hamblins (a couple) were defrauded into investing £160,000 into a company called RND Global Ltd, which held an account with Moorwand, an FCA-regulated payment services provider. Fraudsters quickly emptied the account after the funds arrived. It should be noted that RND was incorporated by the Fraudsters in order to carry out the Fraud, using a stolen identity as the sole director. Though the Hamblins had no direct relationship with Moorwand, they sued on RND's behalf. The central legal question was whether Moorwand had breached the Quincecare duty and the Supreme Court found that there were enough red flags —including documentation irregularities at onboarding and suspicious transaction patterns — to put Moorwand on notice. By processing the payments without further scrutiny, Moorwand breached that duty. The Court also rejected Moorwand's attempt to rely on an exclusion clause in its terms and conditions, finding it couldn't shield the company from liability for failing to exercise reasonable care or for acting outside its payment mandate. This clause, however, protected Moorwand from the Hamblins’ claim for damages. Moorwand was ordered to restore the full £160,000 to RND's account.

Hamblin is interesting because the customers of the PSP were allowed to sue on behalf of the PSP, by passing the privity of contract that would ordinarily have protected Moorland from the Hamblins. Even though RND was essentially a vehicle for fraud, it was treated as being owed the duty.

The Quincecare Duty in a Layered Payment Stack

In the traditional banking model, the Quincecare duty easily finds its footing. It is just as easy in the neo-banking model as the traditional bank is easily substituted with the Fintech. To be sure, the mischief behind the Quincecare duty is that the financial custodian of the customer’s funds protects the customer. It would be overly rigid to interpret the duty as being applicable solely to traditional banks especially since, save for a few exceptions like Mobile Money Operators, most fintech services cannot take deposits and the Settlement banks are tasked primarily with holding these sums on their behalf.

In the Fintech structure, the roles of the settlement bank and the Fintech never coalesce to permit a commingling of obligations. Instead, these duties are separate, and this separation is enforced by existing regulation. For Instance, Fintechs are obligated to ensure proper authentication structures are in place, as well as necessary Customer Due Diligence measures. The Settlement banks, on the other hand, are only concerned with ensuring appropriate debits and credits, and that set transaction limits are not surpassed.

It is more likely that the Quincecare obligation would arise between the fintech (as a trustee on behalf of the customer) and the settlement bank and, as was the case in Hamblin, Service level agreements, which govern relationships between settlement banks and fintechs, generally contain provisions allocating liability in the event of breaches that cause the loss of customer funds.

The Quincecare duty in practice.

In practice, the Quincecare duty does not require that banks second guess every transaction. Instead, banks and Financial Institutions set reasonable suspicion thresholds which are borne from asking whether in the case of such a transaction, what steps a reasonable and prudent banker would take, or whether it would raise red flags to such a banker. Where that threshold is crossed, the banks would then refrain from processing the transaction.

For all its glamour, the Quincecare duty is substantially birthed from foreign case law, which is only persuasive in Nigeria⁷. Thankfully, Nigerian Courts have held in a number of cases that Banks owe a duty of care to their customers⁸.

There are also regulations that appear to subsume the Quincecare duty. The Money Laundering (Prevention and Prohibition) Act, 2022, for instance, imposes an obligation on financial institutions to identify and report suspicious transactions to the NFIU. It establishes the offence of money laundering, defines the obligations of financial institutions, and empowers the CBN and NFIU to supervise and investigate. Fintechs are also mandated to have systems for unusual and suspicious activity on a group wide basis from branches and subsidiaries⁹. Additionally, fintechs must file suspicious activity reports with the Nigeria Financial Intelligence Unit within 24 hours¹⁰, and maintain a temporary watchlist for Bank Verification Numbers linked to suspicious transactions for up to 24 hours while contacting customers for clarification¹¹. Admittedly, most of these regulations focus on the prevention of Money Laundering, Terrorism or Proliferation Financing.

More relevant is the CBN's (Draft) Guidelines for Handling Authorised Push Payment Fraud ("APP Fraud Guidelines"), which imposes a proactive fraud-prevention obligation on financial institutions that closely mirrors the practical effect of the Quincecare duty. Under the APP Fraud Guidelines, financial institutions are required to implement, at a minimum, an Early Warning System (“EWS”) for the prevention and timely detection and mitigation of APP fraud. The EWS carries specific operational requirements, including the red-flagging of accounts on suspicion of fraudulent activity, behavioural monitoring of account holders, and the maintenance of documented EWS indicators such as accounts identified through established fraud typologies, repeated fraud complaints, unusual inflows or outflows, or prior involvement in fraud cases. Accounts meeting these criteria are to be subjected to enhanced monitoring and, where appropriate, restricted pending investigation¹². 

Conclusion

For Fintechs, the Quincecare duty and its analogues carry several practical implications. For one, the proper risk allocation factors need to be decided via contracts with settlement banks, with AML and fraud monitoring obligations, information-sharing protocols that preserve the bank's ability to act on systemic risk indicators expressly allocated, and representations and warranties regarding the fintech's compliance with applicable regulations must be included.

Fintech platforms should invest in transaction monitoring systems that are genuinely capable of identifying the red flags that the duty requires them to act upon. The duty is not satisfied by systems that merely log transactions; it requires systems that can flag, pause, and where necessary refuse to execute suspicious instructions in real time.

Footnotes

1 [1992] 4 All ER 363

2 [2023] UKSC 25

3 [2019] UKSC 50

4 Singularis Holdings Ltd v Daiwa Capital Markets Europe Ltd [2018] EWCA Civ 84

5 Singularis Holdings Ltd (In Official Liquidation) (A Company Incorporated in the Cayman Islands) v Daiwa Capital Markets Europe Ltd [2019] UKSC 50.

6 [2025] EWHC 817 (Ch)

7 This principle has been established a plethora of case law. In Oguejiofor v. State ((2025) LPELR-80765(CA)), the Court of Appeal observed that while there is nothing wrong with citing foreign decisions, and they are treated with optimum respect, they have only persuasive effect and are not binding authorities. This position was further solidified by the Supreme Court in Precision Associates Ltd. V. Federal Ministry Of Finance & Ors ((2025) Lpelr-81019(Sc)), where the Court held that it is not bound by the decisions of courts of other jurisdictions, as such decisions are merely of persuasive authority.

8 For instance, in UBN Plc V. Charles (2025) LPELR-80953(CA)⁸, the Court of Appeal held that a bank’s duty of care transcends traditional boundaries and extends to risks involving mobile banking and automated teller machines. The Court of Appeal also held in Amacha Enterprises (Nig) Ltd & Anor V. Keystone Bank (2019) LPELR-48258(CA) ⁸ that a bank has a duty under its contract with its customer to exercise reasonable care and shall in carrying out its part regarding operation within its contract with its customers. The Court stated further that the duty to exercise reasonable care extends through the whole range of banking business within the contract with the customers.

9 2.6 Guidance Note on Anti-Money Laundering And Combating Financing Of Terrorism Regulations For Other Financial Institutions, 2022.

10 Section 7(2) of the Money Laundering (Prevention and Prohibition) Act 2022 in Nigeria mandates that financial institutions and designated non-financial businesses/professions (DNFBPs) must report suspicious transactions to the Special Control Unit Against Money Laundering (SCUML) within 24 hours of identifying them, particularly when they involve potential proceeds of crime or criminal activity.

11 As of early 2026, the Central Bank of Nigeria (CBN) has implemented strict AML/CFT regulations, requiring customers to report fraud within 72 hours for potential refunds and mandating AI-driven transaction monitoring for financial institutions.

12 6.0 Draft Guidelines for Handling Authorised Push Payment Fraud

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.