Further developments on the retrieval duty in the context of APP fraud

The retrieval duty has resurfaced in the High Court’s recent judgment in Barclay-Ross v Starling Bank Limited. The possibility of banks owing a “retrieval duty”, or a duty which requires them to take steps to retrieve a customer’s money after being notified of fraud, was first suggested by the Supreme Court in Philipp v Barclays Bank plc. In Santander UK PLC v CCP Graduate School Ltd, the High Court rejected an argument that in the context of authorised push payment (APP) fraud a receiving bank owed the duty to another bank’s customer to retrieve funds. In this latest case, the retrieval duty was not originally pleaded against the sending bank but the Court suggested that it should be and allowed that part of the case to continue to trial. 

Background

The claimant in this case, Ms. Barclay-Ross, a customer of Starling Bank (the Bank), fell victim to APP fraud. Having been approached by a Mr. Kevin Sheridan offering her certain financial products called “standby letters of credit” which could be monetised, between May and June 2024 she authorised a series of payments to an entity called “Thor Renewables Foundation LLC” based in the United States. On 1 July the fraud became apparent, and the claimant notified the Bank and asked for the payments to be stopped. The Bank replied the next day that it had asked the receiving bank to return the payments made at the claimant’s instruction. 

A few weeks after discovering this fraud, on 22 July the claimant made a separate payment in euros to a Belgian entity in the name of “Holland Astor Associates Limited”. This also proved to be fraudulent. In late October, the claimant asked the Bank to recover this payment and, again, the payments to Thor Renewables, whereupon the Bank established an internal investigation and initiated unsuccessful recall requests – while the Bank was successful in reaching out to the intermediary payment services provider, the receiving US bank never responded to the recall requests and therefore no money was recovered. 

The claimant initiated proceedings against the Bank in March 2025, claiming £120,000 which represented the transferred funds, as well as damages for distress and inconvenience, and alleging:

(a) breach of the contingent reimbursement model code (the CRM Code), a voluntary agreement between certain banks to reimburse customers for APP fraud;

(b) breach of Principle 6 of the FCA Handbook to pay due regard to its customers’ interests and treat them fairly; and

(c) that the Bank negligently handled the attempts to recover the payments. 

The Bank then brought a strike-out application under CPR 3.4(2)(a) alleging various defects in the claimant’s case. 

Decision

Arguments which were struck out

In the High Court, Mr. Andrew Kinnier KC struck out allegations (a) and (b) as well as the claim for damages for distress and inconvenience, confirming several uncontroversial points:

• The CRM Code’s scope is limited to circumstances where both the sending and receiving bank accounts are GBP-nominated and UK-domiciled and the facts refer to sums paid to a US-dollar-dominated account and Euro-nominated account ([25]);
• Principle 6 of the FCA Handbook is not actionable by individuals ([28]); and
• Damages for distress and inconvenience are not available in relation to claims involving contracts for banking services ([31]). 

Arguments which were not struck out

However, the court did not strike out allegation (c). 

It held that allegation (c), if re-pleaded, could have been advanced as an allegation that the Bank breached its duties of reasonable care and skill in contract and/or tort by failing to seek the claimant’s instructions to recover the funds once notified of the fraud ([32]), with reference to paragraph 118 of the Philipp judgment. In that case, Mrs. Philipp had notified Barclays in March 2018 that she had been induced to make fraudulent payments, but no attempt was made to seek her instructions or recover the funds until the end of May. Lord Leggatt observed, in the context of refusing a summary judgment application, that it was arguable that, once notified of the fraud, the bank should have taken steps sooner to attempt to recall the funds.   

In Barclay-Ross, Mr. Andrew Kinnier KC gave the claimant a final opportunity to provide amended Particulars of Claim within 28 days re-pleading the issues he had identified, including various issues relating to quantum. 

In that context he noted that a claim for breach of the retrieval duty “can only be” a claim for the loss of a real and substantial chance of recovering the funds transferred. This is ultimately a factual assessment and any award of damages would be reduced to reflect the chance in question. 

Implications for financial institutions

The further consideration of the retrieval duty in this case at trial will be of interest to retail banks, given the potential route to compensation it might offer for APP fraud victims. If upheld, banks will be particularly interested in the circumstances in which any retrieval duty would be breached, including the timeframes in which they are expected to act to recall any funds transferred fraudulently.

As recognised in Philipp, the reality may be in these cases that there is a slim chance of reclaiming the money transferred as it is likely that the payments made to the receiving bank are quickly dissipated – which would need to be factored into any damages awarded for breach of the duty. 

For now, sending banks would be advised to focus on reinforcing their internal processes for responding to customer notifications of fraud, ensuring that they can demonstrate that steps were taken as soon as practicable to recall misappropriated funds.