From banks to fintech: the Quincecare duty reaches PSPs

The High Court recently delivered a significant judgment exploring the scope of the Quincecare duty and its application to payment service providers (“PSPs”), as well as the legal avenues available to fraud victims who are not customers of the financial institution involved. The decision in Hamblin & Anor v Moorwand Ltd and RND Global Ltd [2025] EWHC 817 (Ch) reflects growing scrutiny of the conduct of PSPs in the context of authorised push payment (“APP”) fraud and illustrates the use of derivative actions to recover losses.

Background

A number of significant Quincecare cases have reached the courts over the last few years. Our previous Perspectives covers the evolution of the law around the Quincecare duty,  including a description of the background to the previous cases, and their appellate history.

In this case, Mr and Mrs Hamblin were persuaded to invest £160,000 into what they believed was a legitimate investment opportunity. The money was sent to RND Global Ltd (“RND”), which held an account with Moorwand Ltd (“Moorwand”), a PSP and FCA-regulated electronic money institution. Through Moorwand, RND operated an electronic wallet enabling it to make and receive payments in Sterling, Euro and Bitcoin.

Unbeknownst to the Hamblins, those inducing them to deposit the money into RND’s account were fraudsters and shortly after the Hamblins’ funds had been deposited, RND's account was emptied by the fraudsters. Although the Hamblins were not customers of Moorwand and had no contractual relationship with the company, they sought legal recourse to recover their losses from both Moorwand and RND.

The claim

The Hamblins pursued (among other claims) a derivative claim on behalf of RND, alleging that Moorwand had acted in breach of its duty of care by allowing the relevant payments to proceed in suspicious circumstances. This was initially dismissed but the Hamblins were given permission to appeal to the High Court. The judge’s decision to give permission to bring the claim in the form of a derivative claim was not appealed by Moorwand and was therefore not in issue in the High Court proceedings.

The crux of the High Court case was whether Moorwand had breached the Quincecare duty. This requires banks (and now, potentially, PSPs more broadly) to refrain from executing payment instructions if there is reason to suspect fraud.

The Hamblins argued that Moorwand had ignored clear red flags, such as anomalies in the account setup and patterns of activity that should have prompted further scrutiny. They also claimed Moorwand had acted beyond its authority in processing the payments, thus breaching its duty to act with reasonable care and skill.

Moorwand contended that it had merely executed instructions from its customer, RND, and that it bore no responsibility for the fraud. It further argued that, in any event, its terms and conditions excluded liability for the loss.

The decision

The High Court disagreed with Moorwand’s position and found in favour of the Hamblins. The Court determined that there were sufficient warning signs—both at the onboarding stage and in the transaction history of the RND account—to put Moorwand on inquiry. These included discrepancies in documentation, the speed with which funds were moved, and other indicators of suspicious activity. By failing to pause and investigate, the Court held that Moorwand had breached its Quincecare duty.

Moorwand’s reliance on an exclusion clause in its customer agreement was also rejected. The clause was interpreted narrowly, and the Court found that it could not exclude liability for acting outside of the payment mandate or failing to exercise reasonable care.

The Court therefore ordered Moorwand to restore the £160,000 to RND’s account.

Comment

This case has several important implications for PSPs, fraud victims, and financial institutions generally and clarifies that the Quincecare duty is not limited to traditional banks. Courts may now impose this duty on PSPs and electronic money institutions where appropriate, especially in situations involving clear evidence of fraud. This marks a shift towards greater accountability in the fintech and payments sector, where institutions have historically operated with less scrutiny than mainstream banks.

In addition, the Court's acceptance of a derivative action by a fraud victim marks an important development in access to justice. Victims who transfer funds into fraudulent accounts—often held by shell companies—are frequently left without clear legal remedies. By allowing a derivative claim on behalf of the defrauded company, the Court has created a potential pathway for recovery that could be of considerable benefits to claimants in future APP cases.

The case also reaffirms the courts’ resistance to exclusion clauses that seek to absolve institutions from fundamental duties. The judgment suggests that where there has been a failure to act responsibly or within the bounds of proper authority in this type of context, financial service providers cannot simply rely on standard terms to shield themselves from liability.

This decision highlights the increasing expectations placed on PSPs to monitor and investigate suspicious activity and broadens the legal mechanisms available to recover fraudulently obtained funds. For victims, legal practitioners, and financial institutions alike, this case serves as both a warning and a guidepost in navigating the growing challenges posed by financial fraud in the digital age.