Invoking the Quincecare obligations in App fraud situations: The derivative claim scenario
In a significant ruling that has clarified the legal status of derivative claims against payment services providers (PSPs) for breaching their Quincecare duty in cases of Authorised Push Payment (APP) fraud, the High Court's decision in **Hamblin and another v Moorwand Ltd and another company [2025] EWHC 817 (Ch)** has set a new precedent.
The case, which involved victims of APP fraud, the Appellants Mr and Mrs Hamblin, who paid £160,000 to an account of RND Global Ltd (RND) held with Moorwand, has reaffirmed the Quincecare duty, a responsibility on banks to refrain from executing a payment instruction if they have reasonable grounds for believing that the instruction is an attempt to misappropriate funds.
Justice Marcus Smith J allowed the appeal and ordered Moorwand to restore the monies back to the RND account for the use of RND. This decision underscores the importance of PSPs detecting and preventing fraudulent payment instructions, a duty that was revisited and clarified most recently at the Supreme Court level in the **Philipp case**.
The Hamblin v Moorwand case further examines this duty in the context of APP fraud, with the High Court grappling with the scope and extent of banks’ responsibilities under the Quincecare duty. While the exact full text of the judgment was not detailed in the search results, it is part of an evolving jurisprudence confirming that payment services providers can be liable for failing to detect and prevent such frauds, particularly where the transaction was authorised but fraudulent.
The legal environment now increasingly supports derivative claims (claims brought by a company on behalf of itself against third parties, including payment providers) where there is a breach of the Quincecare duty in APP fraud scenarios. This reflects a wider recognition of the need for banks to implement stronger controls and for courts to enforce these protective duties responsibly.
Companies like RND, which have been set up to effect APP fraud, may not have that many creditors that rank ahead of the claimant to begin with, making the derivative claim route a viable option for claimants to seek recovery for APP fraud. It is worth noting that the Appellants' derivative APP claim is a debt claim, not a claim which sounds in damages, and does not require claimants to be concerned about issues of causation of loss and mitigation.
The decision also aligns with broader regulatory and risk management expectations articulated by the UK Financial Conduct Authority (FCA), emphasizing the importance of proportionate risk frameworks and liquidity and fraud risk management in payments services firms.
In conclusion, derivative claims for breach of the Quincecare duty against payment services providers in APP fraud cases are currently supported by recent case law, including Hamblin v Moorwand, which reinforces banks’ obligations to detect and prevent fraudulent payment instructions. This legal clarity strengthens the position of companies pursuing claims when payment services providers fail in their duty of care and risk management obligations.
- The ruling in Hamblin and another v Moorwand Ltd and another company [2025] EWHC 817 (Ch) has essentially set a new standard within the banking-and-insurance sector, as it establishes payment services providers as liable for failing to detect and prevent fraudulent payment instructions, particularly in cases of Authorised Push Payment (APP) fraud.
- In the aftermath of the Hamblin v Moorwand case, businesses and financial institutions alike are being strongly encouraged by regulatory bodies, like the UK Financial Conduct Authority (FCA), to implement robust risk management frameworks that address liquidity and fraud risks, as it has become evident that such measures are essential for maintaining industry integrity and minimizing financial losses due to fraud.
