Global menu

Our global pages


Financial Services Litigation Trends - Spotlight on Duties of Care on Financial Institutions around the world

  • United Kingdom
  • Financial services disputes and investigations
  • Litigation and dispute management


In this article we take a high-level look at some of the key trends in the development of duties of care imposed on financial institutions outside express contractual terms in some key jurisdictions around the world and whether the scope of such duties are expanding.

England & Wales

Contractual discretions: In relation to contractual discretions, which are common in financial contracts (for example, in relation to the application of default interest under a loan agreement or considering margin calls), subject to some exceptions, the courts will generally require the party exercising the discretion (usually the financial institution): (i) to ensure all relevant and no irrelevant factors are taken into account; and (ii) not to exercise the discretion in a way that is arbitrary, capricious or irrational - one exception being an absolute right of contractual termination.1

General tort: Unless expressly excluded by the contract, firms will generally owe a parallel common law duty of care to customers in tort (often but not necessarily consistent with the express contractual terms) to take reasonable care in relation to the services they provide, advice they give and statements they make. Disputes are common in relation to the effectiveness of contractual wording to exclude tortious duties of care and whether the extent or type of the loss claimed falls within the scope of the relevant duty. The current approach of the English courts, when considering the scope of the duty of care assumed by a professional adviser, is to look at the purpose of the advice sought (i.e. what risk was the duty supposed to mitigate against) and then consider whether the loss suffered flowed as a result of that specific risk in fact coming to pass.2

Key statutory duties i.e. consumers/private persons: Private persons (broadly those not acting in the course of a business) may sue firms for breaches of certain rules in the Financial Conduct Authority’s Handbook, including, for example, the appropriateness or suitability of their advice. The FCA is currently consulting on whether to introduce a broader Consumer Duty, relying on broader concepts of good faith and requiring firms to put themselves in their “customers’ shoes” in relation to the services they provide, which may also include an additional and more extensive private right of action against firms.

Fraudulent payments: Banks owe a primary duty to make payments promptly on the instructions of their customers. In the case of consumers, there are various rules requiring banks to compensate customers for fraud on their accounts provided they have not been grossly negligent. In terms of corporate customers, there is also a secondary (and arguably contradictory) duty on banks not to make payments when put on inquiry that a payment instruction may be an attempt to misappropriate the funds of the customer (referred to as the “Quincecare duty”). The scope of this secondary duty continues to be the subject of significant litigation as claimants seek to expand the instances when it is engaged, for example, beyond corporate customers3 and in relation to the detection of Ponzi schemes.4 Who should bear the risk when the customer is a victim of fraud is a key battle ground in English law jurisprudence at present and this is a theme we are seeing in other jurisdictions (as indicated in the subsequent sections of this article).

Class actions: Class actions are less common in England & Wales than in, for example, the United States or Australia. However, where permitted by statute, for example in relation to misstatements in securities offering circulars, audited accounts and data breaches (a particular concern to firms holding large quantities of customer data), there is an increasing trend for legal action brought by multiple claimants. Significant hurdles to such claims remain but it is a developing area of law.

Hong Kong

General tort: In general terms, financial institutions owe a duty of care to their customers to exercise reasonable skill and prudence in providing services to them. Customers frequently take legal action against banks for negligent advice or mis-sold investments alleging breach of this duty of care. In the past, these disputes often turned on the effectiveness of the bank’s standard non-reliance clauses and risk disclosure statements.5 However, following amendments to local financial regulation which came into effect in June 2017, financial institutions regulated in Hong Kong are no longer able simply to rely on contractual terms to exclude liability in relation to mis-sold investments. Hong Kong financial institutions must generally comply with the Code of Conduct for Persons Licensed by or Registered with the Securities and Futures Commission (“Code of Conduct”), the Securities and Futures Commission being the principal financial regulator in Hong Kong. The Code of Conduct imposes standards of professional duties on licensed corporations and persons. Amendments to the Code of Conduct in June 2017 required regulated institutions to add a mandatory suitability clause in every agreement with customers, which negates the legal effect of any non-reliance clause. In addition, this overriding provision contains a clause that prohibits derogation by way of any other contractual arrangement.

Fraudulent payments: Banks owe a general duty to their customers to act on those customers’ instructions in accordance with general terms and the account mandate. However, banks also owe a co-existing Quincecare duty to customers, i.e. to refrain from executing a customer’s payment order when the bank is put on inquiry that the order is an attempt to defraud the customer. Recent case law has limited the scope of application of the Quincecare duty to situations where the bank has received instructions on behalf of its customer (e.g. from an authorised agent of a corporate customer), rather than directly from the customer.6

Fiduciary duty: A fiduciary duty will arise where a firm undertakes to act for a customer in circumstances which give rise to a relationship of trust and confidence, such as where the firm has undertaken to: (i) offer financial/investment advice to the customer, (ii) manage the customer’s assets on a discretionary mandate or (iii) act as a custodian of the customer’s securities. The specific duties which arise from such relationships will depend on the facts of each case. In a recent Court of Final Appeal decision, it was held that, on the particular circumstances of that case, a bank which acted as a trustee of a customer’s assets did not owe a high level supervisory duty to that customer in supervising investments of the trust.7 Further, even if the circumstances had been different, such that the duty may otherwise have arisen, a clause (known as an the “anti-Bartlett” clause) contained in the trust deed, which expressly excluded the trustee’s responsibility to supervise the investment and business management of companies in which the trust is invested, had displaced that duty.8

Norwich Pharmacal orders: We commonly see cases where the proceeds of a fraud perpetrated on a victim having been deposited into a bank account are promptly then dispersed to accounts at other banks. In this situation, Norwich Pharmacal orders are often sought to compel the relevant recipient banks to disclose information to assist the victim in tracing the stolen funds. A recent judgment in the Court of First Instance ruled that a Norwich Pharmacal order may be obtained for disclosure relating to bank accounts held in overseas branches of banks incorporated in Hong Kong.9 In light of this judgment, applications for Norwich Pharmacal orders may become more common in Hong Kong to trace the proceeds of cross-border fraud.10

United States

In the United States, state law generally governs the relationship between banks and their customers. Generally, banks owe no fiduciary duty to their depositors; the relationship between a bank and its depositors is founded on contract, and is not fiduciary in nature. Although banks are obligated to act with reasonable care in handling its depositors’ transactions, the contract upon which the bank/depositor relationship is based does not include any implied duties to supervise the customer’s account activity or make any inquiry into the purpose for which the depositor’s funds are used. Instead, the relationship between borrower and lender is generally “an arm’s length business relationship in which both parties are looking out for their own interests.” Further, “in an ordinary lender-borrower relationship, the lender does not owe any duty to its borrower beyond the terms of the loan agreement.”

There are some exceptions to the general rule. For example, an exception arises where the lender becomes a financial advisor. Borrowers who are private banking or “wealth management” clients of a bank are generally owed a fiduciary duty. The same applies if the bank provides financial planning, tax planning or trust services to the customer. Another exception to the rule occurs when the bank steps outside of its traditional role as banker and takes a financial interest in the borrower’s project. Once the bank stops wearing its banking hat and becomes a partner or investor, it becomes easier to show that the bank owes its customer a higher, fiduciary duty. Courts have also shown a willingness to hold banks to a higher standard when the bank, as lender, fails to act in good faith and engages in an “egregious breach… of the lender's duty of good faith and fair dealing.”

Banks in the US also owe no duty to their depositors to police activity in other depositor’s accounts. In a recent California case, a company sued its bank for failing to detect fraud conducted through an employee’s account, which was maintained at the same financial institution. In that case, a bookkeeper added the fictitious business name “Income Tax Payments” to her personal bank account and directed the company to write its quarterly state and federal income tax payments by check to Income Tax Payments. She then deposited those checks into her personal account. By the time the company detected the fraud, the bookkeeper had embezzled approximately $700,000. The company sued the bank for negligence for failing to monitor the bookkeeper’s account for signs of fraud arguing that the bank should not have permitted the bookkeeper to add the “inherently suspicious” name Income Tax Payments to her personal account, and that the bank should have notified it of the bookkeeper’s suspicious behaviour. The bank prevailed at the trial court level and the company appealed.

The Court of Appeal recognized that the relationship between a bank and its depositors is founded on contract, and is not fiduciary in nature. Although banks are obligated to act with reasonable care in handling its depositors’ transactions, the contract upon which the bank/depositor relationship is based does not include any implied duties to supervise the customer’s account activity or make any inquiry into the purpose for which the depositor’s funds are used. The Court held further that banks owe no duties to non-customers to investigate or disclose suspicious activity engaged in by their depositors.


In addition to their express contractual obligations, financial institutions are subject to a certain number of statutory duties deriving from diverse sources, but mainly from the French commercial code and case law. In particular, they owe an important duty of care to their clients, especially towards consumers. Such duties are particularly relevant in times of crisis, when the risks to customers increase, both in terms of the frauds they suffer and the financial difficulties they may encounter.

This is illustrated in particular by the considerable increase of false investment frauds in recent years, which reinforce the importance of financial institutions' duties of care and the provision of proper advice. The COVID-19 crisis and the increase in online transactions accompanying it have intensified cybercrime and remote scamming techniques. In May 2020, the Financial Action Task Force noted an upsurge in illegal activities on the internet due to the increase in online transactions. A "task force to combat fraud and scams" was thus created at the end of the lockdown under the aegis of the Ministry of the Economy and Finance, targeting frauds that are now typical in the context of the pandemic. On a judicial level, deprived savers usually fail to recover direct losses resulting from fraud and may then invoke their bank’s civil liability for having failed in its duty of care. In such cases, a bank could be accused of not having exercised greater supervision over the transactions recorded on its client's deposit account, not having alerted its client to the dubious nature of the transfer orders linked to the false investments or even not having refused to execute the suspect orders, arguably thereby directly contributing to the damage suffered from the loss of funds.

The increase in litigation has contributed to the emergence of case law in this area. The courts have been required to analyse a banker’s compliance with his obligations, in addition to the client’s behaviour in light of the duty of care. However, the duty of care remains subsidiary to its duty of non-interference, which requires the banker not to investigate the origin, motive or appropriateness of movements on his client's deposit account, nor to take his place. Hence, the courts will generally seek to balance these duties. A banker is required at least to question his client and inform him of the suspicious nature of the planned transaction when the disputed transaction is marred by an "apparent anomaly", of a material or intellectual nature, which reveals a risk of illegality. In such cases, the banker shall be authorised to take more restrictive measures, including refusing to execute the order despite the non-interference duty, depending on the circumstances and the degree of risk.

In cases of this type, the client will generally be the originator of the instructions given to their banker, meaning that the “material” propriety of the payment orders should not be debated. However, the question of their “intellectual” propriety also arises. Recent decisions provide some detail on the criteria examined by the courts to evaluate the transactions and determine whether or not such transactions should have attracted the banker’s attention. The courts operate according to the “bundled indicator” methodology by taking into account the amounts and frequency of the transactions, the destination of the funds, the history and the position of the account, the profile of the customer and the customer’s investment habits. Nowadays, this type of scam is becoming more publicly known as it is mentioned regularly in the press, which arguably reinforces the position of the bank where a claimant has shown blameworthy carelessness for the sake of gain. The coming months should determine how judges will deal with these cases in the context of the current health and social crisis.

The Netherlands

In the Netherlands, the special duty of care (bijzondere zorgplicht) in the financial sector is a relatively well-developed area of law. In various cases the Dutch Supreme Court (Hoge Raad) has ruled that banks have a special duty of care not only towards their clients but also to third parties. A clear trend is evolving as increasing numbers of banks and other financial institutions are more often and on a larger scale being successfully held liable before the civil courts for breaches of their special duty of care.11


Initially financial institutions, most particularly banks, were concerned about the possibility of damages based on a breach of the special duty of care towards its private and non-professional clients (consumers). The special duty of care towards those clients is mainly manifested by duties to investigate, advise, warn (if necessary) and verify (if necessary).

One of the first prominent cases was the matter of Rabobank v. Everaars (1997), in which the Dutch Supreme Court adopted a special duty of care of banks towards private, non-professional clients in a case about option trading.12 The Dutch Supreme Court ruled that due to the potential risks to which investors in option trading are exposed, a bank – being professional and knowledgeable in this area – has to observe a special duty of care towards its private, non-professional clients. This duty of care follows from the requirements of reasonableness and fairness (redelijkheid en billijkheid) as they relate to the nature of the contractual relationship with this type of client and aims to protect the client against his own lack of insight and sophistication. In principle, any mistakes made by the client are considered to carry less weight than any mistakes made by a bank. Furthermore, the bank was required in this case to take into account the expertise and experience of its client, their investment goals and their financial position (i.e. income and wealth). In this case, the duty of care was also held to include an obligation on the bank to act in compliance with the applicable trade rules.13 Later the duty of care on banks was also extended to investment advice and asset management.

Another development in the duty of care was prompted by the offering of so-called “securities leases” to consumers, starting from the late 1990’s up to and including the start of the 21st century. In 2009, the Dutch Supreme Court confirmed the special duty of care towards private clients in three key judgments regarding securities leases.14 The Supreme Court added that the scope of such duty depends on the particular circumstances. Relevant circumstances to take into account are: (i) the expertise and experience of the bank's counterparty; (ii) the product’s complexity; (iii) the risks involved; and (iv) the applicable regulatory framework. This case law also triggered local rules and regulations for intermediaries of certain types of financial products.

This trend in the expansion of the duty of care continues. It is noteworthy to highlight the development of the duty of care of banks with regard to interest rate swaps used to hedge the interest on loans sold to small to midsize companies (not consumer clients).15 In the majority of these cases the breach of duty entailed the breach of the bank’s obligation to adequately warn the client of the risks of interest rate swaps.


A subsequent line of case law illustrates another way in which the special duty of care is expanding, namely concerning the banks' liability towards third parties. In 1998, the Supreme Court held that the role that banks have within society means that banks have a special duty of care, not only towards clients on the basis of contractual relationships, but also towards third parties whose interests the bank has to take into account on the basis of the requirements of unwritten law.16

In 2005 this line of the Supreme Court was confirmed in the landmark case Safe Haven , which concerned a fraudulent investment services provider using a bank account. In Safe Haven17 the bank was held liable to third parties (being the consumer clients of the account holder) based on the fact that the bank had realised at a given point in time that the services were possibly fraudulent since (amongst other things) they were provided without the required regulatory licences. The bank had failed to investigate this further and take appropriate action, as a consequence of which the consumer clients of the accused firm incurred damages. The bank was compelled to compensate these clients for their damages.

After Safe Haven there were several cases based on the duty of care of a financial institution to third parties, some successful and some unsuccessful. In a more recent case this duty of care was again extended when the Amsterdam Court of Appeal ruled on 14 May 2019 that a bank had breached its duty towards a third party, multinational company.18 In this case Footlocker successfully established liability against ING Bank, because the bank did not properly follow up internal reports and alerts regarding unusual transactions in a newly opened bank account. The Amsterdam Court of Appeal considered that the bank knew of the unusual transactions and was therefore (partly) to blame for the losses incurred by Footlocker. The judgment of the Amsterdam Court stated that the bank must bear half of the damage suffered after the alert came to light and insufficient action was taken.

The continued expansion of the scope of the special duty of care is a clear trend in the Netherlands. Whereas it was initially primarily banks that had reason to be concerned about claims for damages based on a breach of this duty, other financial institutions are now also having to take the possibility of such claims seriously. Subsequently, the special duty of care owed by financial institutions was extended to apply not only in relation to their dealings with their clients, but also with third parties in a broader sense.


General tort: The common law position in Ireland is that a bank does not have a duty to take upon itself the responsibility to advise a customer with whom it is dealing, but once they do, they must exercise it with care. Banks also have no duty to advise a customer as to the wisdom of a commercial transaction. The tort of reckless lending does not exist in Irish law as a civil wrong.

Key statutory duties: Financial service providers are regulated by the Central Bank of Ireland (“CBI”). The Consumer Protection Code 2012 (as amended) states that a regulated entity must ensure that it acts honestly, fairly, professionally and in the best interests of its customers, and does not recklessly, negligently or deliberately mislead a customer as to the real or perceived advantages of a product or service.

Consumer complaints: The Financial Services and Pensions Ombudsman (“FSPO”) provides an independent service to resolve consumer complaints through either informal mediation, leading to a potential settlement, or formal investigation and adjudication, leading to a legally binding decision which can include compensation. The FSPO also has the power to determine cases relating to the mis-selling of payment protection insurance (“PPI”).

Fraudulent payments: Under the EU payment service rules, banks are required to reimburse customers for fraud on their accounts, provided they have not been grossly negligent. The Bank of Ireland’s recent U-turn over a refusal to reimburse customers who fell victim to a “smishing” scam highlights the importance of their duty to customers outside these rules following various complaints to the FSPO.

Tracker mortgages: A CBI report in July 2019 found that 40,100 Irish borrowers had been wrongly denied a cheaper ‘tracker’ mortgage by their bank. Many of Ireland’s largest banks were heavily fined. Since then the FSPO have dealt with complaints by borrowers not satisfied by the outcome of CBI investigation. The CBI has stated that if the FSPO finds in favour of an individual who makes a complaint, the lender must apply this to all other customers in that category.

Unfair terms: The High Court recently considered consumer rights and unfair terms in a repossession case. Terms are considered to be unfair where they cause a significant imbalance in the parties’ rights and obligations to the detriment of the consumer.19

Financial mis-selling cases: The limitation period for negligent mis-selling claims with regard to investment products was considered in late 2020 by the Supreme Court. It heard an appeal from a High Court judgment which held that the cause of action accrued when the investment value fell below the amount invested. The Supreme Court ultimately upheld the decision of the High Court.


By way of background, Dubai International Financial Centre (the “DIFC”) is an offshore free-zone and leading international financial hub. Although based in Dubai, the DIFC has an independent, English-speaking, common law judicial system in which the ‘onshore’ civil code of the UAE does not apply. Many international financial institutions have set up branches in the DIFC. The DIFC and any company registered within the DIFC is regulated by the Dubai Financial Services Authority (the “DFSA”) and is recognised by the UK’s FCA, the US Federal Reserve and other global jurisdictions. Additionally, the UAE Central Bank (the “Central Bank”) regulates financial institutions in the UAE and oversees the UAE’s financial infrastructure.

Good faith: Like many jurisdictions across the globe, the DIFC’s Contract Law20 recognises the concept of “good faith” and provides that all parties’ contractual obligations incorporate an implied duty to act in good faith, whether or not expressly stated in the contract. Consequently, financial institutions need to take account of this duty when considering the manner in which they are entitled to exercise their obligations, rights and discretionary powers towards their customers. Parties to a contract of insurance are under a higher duty pursuant to the DIFC’s Law of Obligations which requires them to act with ‘utmost good faith’.21

Fiduciary Duty: In circumstances where a DIFC customer can demonstrate that there is a relationship of “trust and confidence”, the financial institution’s duties will be deemed to be fiduciary in nature: "a person is a fiduciary of another if he has undertaken (whether or not under contract) to act for or on behalf of another in a matter in circumstances which give rise to a relationship of trust and confidence."22 Although not explicitly expressed in the law, a fiduciary duty may arise where a bank acts on behalf of a customer in the context of investments for example. A fiduciary relationship imposes a range of additional duties on the institution, including the obligations to maintain confidentiality, avoid conflicts of interest and act with loyalty, care, skill and diligence.23

Regulatory obligations: A key and longstanding priority for the DFSA is to ensure that firms provide information to their customers in a clear, transparent and suitable manner. This is set out in the DFSA’s Regulatory Law24 and further expanded upon in its Rulebook on the Conduct of Business which, among other things, requires firms to:

• avoid making false and misleading communications;

• ensure that the financial products or financial services recommended are suitable for the particular customer; and

• avoid conflicts of interest between itself and its customers and between one customer and another.

The DFSA continues to hold individuals to account when such standards are not met, using its enforcement powers to fine, restrict, and censure those who act in breach. Whilst we are not aware of any DIFC Court precedent where a breach of a firm’s regulatory duties has given rise to a civil cause of action upon which a customer can rely to sue for damages, we do expect to see more enforcement activity in this area as both the DFSA and Central Bank continue to highlight the importance of open, transparent and non-misleading communications to a well-regulated financial system.

  1. Braganza v BP Shipping Limited Ltd [2015] UKSC 17
  2. Manchester Building Society v Grant Thornton UK LLP [2021] UKSC 20.
  3. Philipp v Barclays-UK PLC [2021] EWHC 10 (Ch)
  4. Stanford International Bank v HSBC Bank plc [2021] EWCA Civ 535
  5. Chang Pui Yin & Ors v Bank of Singapore Ltd (CACV 194/2016).
  6. Luk Wing Yan v CMB Wing Lung Bank Limited [2021] HKCFI 279.
  7. Claims that fiduciary duties apply to financial institutions often arise in litigation in England & Wales. There is a high bar to establishing them. They may be found to exist in certain circumstances but the question is fact-sensitive.
  8. Zhang Hong Li and another v DBS (Hong Kong) Ltd and others [2019] HKCFA 45.
  9. A1 and Another v. R1 and Others [2021] HKCFI 650.
  10. Norwich Pharmacal orders are available in England & Wales as well.
  11. D. Busch, ‘The future of the special duty of care in the financial sector’, NJB 2020/424.
  12. Supreme Court 23 May 1997, ECLI:NL:HR:1997:AG7238 (Rabobank/Everaars).
  13. The special duty of care applies not only in the pre-contractual stage, but also during the term of the contract between the client and the bank. If a bank breaches the pre-contractual special duty of care, it commits the tort of infringing an unwritten rule of due care (Article 6:162 (2) Dutch Civil Code (DCC)). During the term of the contract, a failure to perform the special duty of care will constitute a breach of contract, often on account of a breach of the duty to exercise the care expected of a good provider of services (Article 7:401 DCC).
  14. Supreme Court 5 June 2009, ECLI:NL:HR:2009:BH2815 (T./Dexia); ECLI:NL:HR:2009:BH2811, (Levob/B.) and ECLI:NL:HR:2009:BH2822 (Stichting Gedupeerden Spaarconstructie/Aegon).
  15. District Court Oost-Brabant 4 March 2015, ECLI:NL:RBOBR:2015:1320; District Court Zeeland-West-Brabant 12 August 2015, ECLI:NL:RBZWB:2015:5415; District Court Oost-Brabant 22 July 2015, ECLI:NL:RBOBR:2015:4429;District Court Amsterdam 10 September 2014, ECLI:NL:RBAMS:2014:7010
  16. Supreme Court 9 January 1998, ECLI:NL:HR:1998:ZC2536 (Mees Pierson/Ten Bos).
  17. Supreme Court 23 December 2005, ECLI:NL:HR:2005:AU3713 (Safe Haven).
  18. Amsterdam Court of Appeal 14 May 2019, ECLI:NL:GHAMS:2019:1611 (Footlocker/ING bank).
  19. Grant and Grant -v- The County Registrar from the County of Laois and Pepper Finance Corporation (Ireland) DAC [2019] IEHC 185
  20. DIFC Law No.6 of 2004 Part 6 s.57
  21. DIFC Law of Obligations No. 5 of 2005 s.62
  22. DIFC Law of Obligations Part 8, s.158 (1)
  23. DIFC Law of Obligations Schedule 3 Article 159
  24. Regulatory Law No.1 of 2004