News

In a significant new precedent, we obtained a judgment in favour of our client against a bank concerning an erroneous transfer of funds resulting from fraudulent actions by third parties. In recent years, many companies and individuals have fallen victim to email hacking, where payment requests are sent with altered bank account details. As a result, transfer instructions are issued to the bank, leading to payments being made into the wrong account, after which the fraudster transfers or withdraws the funds.

Separate from the criminal case, the injured party has the right to pursue civil remedies to recover the amount transferred due to the fraud and to investigate the identity of the fraudster. The case also examined the bank’s liability, specifically whether it had committed a fault or legal violation that would give rise to responsibility.

In this dispute, we represented the client who fell victim to the fraud, seeking to hold the bank liable for the transfer on the grounds that it had committed multiple legal violations in executing the transaction. The Court of First Instance, however, held that the bank had not committed any fault and had complied with the Central Bank’s instructions regarding transfers, which are executed via IBAN without relying on other information. The court further noted that it was the client’s responsibility to verify the precision of the IBAN details.

During the appeal stage, the Court appointed a banking expert, different from the one in the first instance, to verify several points. Pursuant to the preliminary decision, the expert obtained data on the fraudster who owned the account, the account opening documents, and the account’s transaction history.

The Court of Appeal established the following:

• The change of the IBAN was not the sole and direct cause of the transfer. The client had sent a payment request via email specifying the company to which the transfer should be made, whereas the transfer was made to a personal account. The payment request was also delivered by hand to the bank’s staff.
• The bank had a list of procedures requiring the responsible employee to verify payment details, such as the beneficiary’s name, bank, and IBAN. When entering the IBAN, the beneficiary’s name appears automatically; however, the bank employee failed to notice that the name on the payment request differed from that of the account holder to whom the funds were transferred.
• Furthermore, the court confirmed the bank’s fault in ignoring mandatory procedures issued by the Central Bank regarding “Know Your Customer” (KYC). A large sum was transferred despite the account holder having declared in the account opening documents that his source of funds was a monthly salary, especially given that he carried out unusually large and unexplained withdrawals over a short period.

The Court of Appeal concluded that the faults committed by the bank directly led to the execution of the transfer and held it liable to compensate the client for the claimed amount. The Court of Cassation upheld this ruling, adopting the same analysis and confirming the presence of fault, damage, and the causal link between them.

This judgment constitutes an important precedent regarding the determination of a bank’s liability in similar matters. However, as the circumstances of each case differ, banks must take careful measures to mitigate such risks. This includes, from the outset, complying with mandatory “Know Your Customer” (KYC) requirements when opening client accounts, monitoring transfers of large sums that may raise suspicions, and thoroughly verifying all bank transfers before execution. Such measures are essential to safeguard clients’ funds and to avoid liability arising from violations of legal provisions in this regard.