Posted on Feb 09, 2015 by Iain McDougall | Tags: banking, fraud, contract, delict, online, account-emptying scam, sir peter burt, money laundering regulations, fraudsters, duty of care, implied contractual duty of good faith, dishonest bank staff, sophisticated fraud, vishing | 0 Comments
It is fair to say that banking fraud is increasing in the UK at an alarming rate. In the first six months of 2014 £29.3million of losses were reported through fraud, a 71% increase from the same period in 2013. Furthermore fraudsters are getting more organised, technically sophisticated and devious.
Ironically many of these scams take the form of the fraudster contacting the victims and convincing them to urgently transfer funds to protect them from purported cybercriminals or dishonest staff at their local bank branch.
In some cases fraudsters are able to make it appear that they are calling from a legitimate bank number and can even keep lines open so when the victim attempts to independently call the bank, for reassurance and to verify the fraudsters call, they are put through to a another member of the gang perpetrating the fraud. These techniques are known as voice phishing or vishing.
LEGAL HURDLES FACING FRAUD VICTIMS
Despite the volume of fraud taking place not much is being paid out in compensation to fraud victims. The statistics show that in most cases the victim is unable to recover any money from the fraudsters and banks are understandably reluctant to compensate customers who have been defrauded by third parties.
Whilst we have had some success here at MBM in recovering funds for fraud victims from their banks, the legal hurdles a fraud victim is required to clear in order to successfully raise a claim for fraud losses in court are considerably high.
BANK'S DUTY OF CARE
The starting point is that legally a bank is under an implied contractual duty of reasonable skill and care in its dealings with its customer. The bank is required to follow the customer’s instructions, using reasonable skill and care in executing the customer’s orders. The bank must not execute any order that should objectively set alarm bells ringing.
COMMERCIALLY REASONABLE SECURITY PROCEDURES?
To fulfil the bank's duty of care, the bank arguably must put in place commercially reasonable security procedures to identify whether there are reasonable grounds for believing that the supposed order was “suspicious” and may have been an attempt to misappropriate the customer’s funds.
As the methods of fraudulently extracting money from customers become more sophisticated, the more routine they will appear to the banks’ security systems and therefore harder to detect. As fraud becomes harder to detect, the legal test set out above becomes harder to satisfy.
It is worth mentioning that there is still very little reported case law on this subject in the UK and some of the arguments we have used at a negotiation stage have been based on the approaches adopted in the US Courts.
SIR PETER BURT STEPS IN
For the reasons set out above, the lack of legal redress open to victims of online banking fraud can often be a double blow to customers who are left feeling like they have nowhere to turn. It is therefore welcome news that the former Chief Executive of the Bank of Scotland has stepped in on behalf of customers.
In a recent Sunday Times article he banded the banks’ treatment of fraud victims a “disgrace”. His view however is that instead of looking to their own banks for recovery of money lost to fraudsters, customers should instead be seeking redress from the banks that operated the accounts to which their funds were fraudulently transferred. Burt believes that by allowing fraudsters to open bank account the banks themselves are becoming “accomplices” to fraud.
Secondly Burt believes that the receiving bank can become liable in the event that it fails to prevent a transaction which appears to be suspicious, which would again be in breach of the money laundering regulations.
CIVIL LIABILITY & MONEY LAUNDERING
The money laundering regulations confer a number of duties on banks. Banks must carry out appropriate Identify checks when opening new accountants and take steps to verify that customers are who they say they are. Furthermore the regulations also place a duty on the bank to monitor transactions and to report and in some cases block those which appear to be suspicious.
If a bank is found to have breached the money laundering regulations, it could be subject to a regulatory fine. But regulatory fines of the kind referred to by Burt will be of cold comfort to fraud victims. The offending bank, whether in the US or UK, will be required to pay a fine to their regulator as opposed to those who have actually lost money.
PURSUING RECIPIENT BANKS IS FRAUGHT WITH DIFFICULTY
Raising an action against a recipient Bank would be fraught with difficulty. Whilst the customer has a contractual relationship with their bank, there is no such relationship with the fraudster’s bank. Any such claim would have to be raised under the law of delict (or tort in England). This would involve asserting that the banks owe a duty of care to the public at large to guard against suspect transactions and to put reasonable security measures in place. Whilst a breach of the money laundering rules may point towards such a breach, it is not a foregone conclusion.
As the means by which customers are defrauded become more sophisticated and harder to detect, so too do the means by which the fraudsters move and transfer the funds they have acquired. As well as having access to better forgeries fraudsters are also able to access accounts for their activities which were opened entirely legitimately and in full compliance of the anti-money laundering regulations.
So-called money mules are people who are co-opted by fraudsters to transfer money for them. Often paid for their services under the pretence of some of sham employment, the money mule may have no idea that their bank account is being used to move funds acquired by fraud. As such it will only get harder to detect fraudsters at the account opening stage.
At the moment there appears to be a disconnect between the law and the issues facing bankcustomers who have been victims of fraud. Pursuing fraudsters is always going to be either very difficult or impossible and it is therefore not surprising that customers are turning to their banks to seek redress.
It will be interesting to see whether a body of case law develops (as it has done in United States) regarding the measures banks must put in place to protect their customers from fraud here in the UK or if victims follow Sir Peter Burt’s advice and start pursuing the banks to whom their money was transferred.
If you have been affected by a phishing/vishing scam and your bank has refused to pay out then we may be able to provide you with the necessary legal assistance to seek recovery of your losses from your bank. Please feel free to call a solicitor in our Financial Services & Banking Disputes Team on 0131 226 8200.
DISCLAIMER: While every effort has been made to ensure the accuracy of this blog post, it is not intended to provide legal advice as individual situations will differ. No recipients of content in this blog post should act or refrain from acting on the basis of the blog post without seeking the appropriate legal advice on the particular facts and circumstances at issue from a qualified solicitor in their jurisdiction. The blog post is for general information only and is not legal advice. The law changes frequently and varies from jurisdiction to jurisdiction. No solicitor-client relationship is formed nor should any such relationship be implied. If you require legal advice, please consult with a solicitor qualified to practise in your jurisdiction.