Longer Reads
Recourse options available for corporate victims of payment frauds
In the wake of the the case of Japanese publisher Nikkei, Robin Henry looks at fraudulent payments made in a corporate capacity, particualrly the possibilities for recourse.
2 minute read
Published 18 November 2019
Authors
- Visit profile
Robin Henry
Partner - Head of Dispute Resolution Services
- Read more from Robin
Key information
The case of Japanese publisher Nikkei recently reported to have lost $29m in an alleged fraud involving a third party who purported to be a management executive, is an all too familiar example of the kind of payment fraud that is affecting companies worldwide.
Fraudsters have become increasingly sophisticated in passing themselves off as company insiders. Having hacked into a company’s email system, they can spend weeks making themselves familiar with payment arrangements, even to the extent of imitating the writing style of authorised managers. They are then in a position to issue instructions diverting payments from bona fide recipients to accounts controlled by the fraudsters.
So what recourse does a company have once a fraud has been discovered? Speed is of the essence in seeking recovery. The fraudsters’ best bet is to try to make tracing the funds as difficult as possible by dispersing them to as many different accounts as possible. In addition to reporting the fraud to its bank and the police, a company can take civil legal action to try to recover assets. The first step in tracing the missing funds is to obtain disclosure orders from the court against banks to which money has been dispersed and freezing orders over those accounts. Many of the suspect accounts are likely to be overseas, so international legal action may be needed. One successful example of this kind of action is the case of CMOC v Persons Unknown and others, which was notable for the fact that the court was willing to impose worldwide freezing orders even against unknown persons.
Another possibility to consider is whether the company’s bank may be sued in negligence for allowing the fraud to happen. Banks may be negligent if they are “put on notice” that a fraud is likely to occur but the question is how high that threshold is.
Rigorous systems to detect frauds
At one extreme, the courts will not require banks to investigate all payment transfers for signs of fraud because it is recognised that companies have to accept a trade-off between the convenience of high-speed transfers and the risk of fraud. To date, the courts have accepted it is not practically possible for a bank to check every transfer, given the speed and number of transactions that occur. The Tidal Energy v Bank of Scotland case highlighted the situation where a bank had complied with a Clearing House Automated Payment System (CHAPS) transfer mandate which had been authorised by the customer. The customer had been given the correct sort code and account number but had been misled about the payee’s name. The bank was not held to be liable since, under the existing CHAPS rules, only the sort code and account number need to be correct for a bank to accept instructions to transfer payment. Although this particular danger will soon be mitigated because payee names will be required for transfers from March 2020, the courts may still be reluctant to impose a duty on banks to proactively investigate individual transactions when they are dealing with a huge number of daily transfers.
On the other hand, the courts will order banks to recompense companies where it can be shown that they have been put on notice of a fraud and it seems the courts are more willing to require banks to take a more active role in preventing payment fraud. In the case of Singularis v Daiwa, the Supreme Court recently upheld a decision that where a bank was on notice that a dominant director of its corporate customer was likely to attempt to withdraw funds fraudulently, the bank was liable to the customer if it allowed those payments to be made. It is noteworthy that the Supreme Court expressly recognised the public policy of increased reliance on banks and other financial institutions to play an important part in reducing and uncovering financial crime.
Companies are best advised to put in place rigorous systems to ensure as far as possible that frauds can be detected before they occur. One way to do this is to ensure that payment instructions (particularly for international transfers) are double-checked by speaking to the authoriser in person (email may not be sufficient where the fraudsters still have access to emails). However, with fraudsters adopting ever more sophisticated techniques, prevention is unlikely to be foolproof and companies need to be aware of the potential legal remedies available should they fall victim to fraud.
This article was originally published in FinancialDirector on 18 November: https://www-financialdirector-co-uk.cdn.ampproject.org/c/s/www.financialdirector.co.uk/2019/11/18/recourse-options-available-for-corporate-victims-of-payment-frauds/amp/
Back to InsightsLonger Reads
Recourse options available for corporate victims of payment frauds
In the wake of the the case of Japanese publisher Nikkei, Robin Henry looks at fraudulent payments made in a corporate capacity, particualrly the possibilities for recourse.
Published 18 November 2019
Authors
The case of Japanese publisher Nikkei recently reported to have lost $29m in an alleged fraud involving a third party who purported to be a management executive, is an all too familiar example of the kind of payment fraud that is affecting companies worldwide.
Fraudsters have become increasingly sophisticated in passing themselves off as company insiders. Having hacked into a company’s email system, they can spend weeks making themselves familiar with payment arrangements, even to the extent of imitating the writing style of authorised managers. They are then in a position to issue instructions diverting payments from bona fide recipients to accounts controlled by the fraudsters.
So what recourse does a company have once a fraud has been discovered? Speed is of the essence in seeking recovery. The fraudsters’ best bet is to try to make tracing the funds as difficult as possible by dispersing them to as many different accounts as possible. In addition to reporting the fraud to its bank and the police, a company can take civil legal action to try to recover assets. The first step in tracing the missing funds is to obtain disclosure orders from the court against banks to which money has been dispersed and freezing orders over those accounts. Many of the suspect accounts are likely to be overseas, so international legal action may be needed. One successful example of this kind of action is the case of CMOC v Persons Unknown and others, which was notable for the fact that the court was willing to impose worldwide freezing orders even against unknown persons.
Another possibility to consider is whether the company’s bank may be sued in negligence for allowing the fraud to happen. Banks may be negligent if they are “put on notice” that a fraud is likely to occur but the question is how high that threshold is.
Rigorous systems to detect frauds
At one extreme, the courts will not require banks to investigate all payment transfers for signs of fraud because it is recognised that companies have to accept a trade-off between the convenience of high-speed transfers and the risk of fraud. To date, the courts have accepted it is not practically possible for a bank to check every transfer, given the speed and number of transactions that occur. The Tidal Energy v Bank of Scotland case highlighted the situation where a bank had complied with a Clearing House Automated Payment System (CHAPS) transfer mandate which had been authorised by the customer. The customer had been given the correct sort code and account number but had been misled about the payee’s name. The bank was not held to be liable since, under the existing CHAPS rules, only the sort code and account number need to be correct for a bank to accept instructions to transfer payment. Although this particular danger will soon be mitigated because payee names will be required for transfers from March 2020, the courts may still be reluctant to impose a duty on banks to proactively investigate individual transactions when they are dealing with a huge number of daily transfers.
On the other hand, the courts will order banks to recompense companies where it can be shown that they have been put on notice of a fraud and it seems the courts are more willing to require banks to take a more active role in preventing payment fraud. In the case of Singularis v Daiwa, the Supreme Court recently upheld a decision that where a bank was on notice that a dominant director of its corporate customer was likely to attempt to withdraw funds fraudulently, the bank was liable to the customer if it allowed those payments to be made. It is noteworthy that the Supreme Court expressly recognised the public policy of increased reliance on banks and other financial institutions to play an important part in reducing and uncovering financial crime.
Companies are best advised to put in place rigorous systems to ensure as far as possible that frauds can be detected before they occur. One way to do this is to ensure that payment instructions (particularly for international transfers) are double-checked by speaking to the authoriser in person (email may not be sufficient where the fraudsters still have access to emails). However, with fraudsters adopting ever more sophisticated techniques, prevention is unlikely to be foolproof and companies need to be aware of the potential legal remedies available should they fall victim to fraud.
This article was originally published in FinancialDirector on 18 November: https://www-financialdirector-co-uk.cdn.ampproject.org/c/s/www.financialdirector.co.uk/2019/11/18/recourse-options-available-for-corporate-victims-of-payment-frauds/amp/
Authors
Need some more information? Make an enquiry below.
Subscribe
Please add your details and your areas of interest below
Article contributor
Robin
HenryPartner - Head of Dispute Resolution Services
Specialising in Banking & financial disputes, Commercial disputes, Corporate recovery, restructuring & insolvency, Financial regulatory and Personal insolvency
Enjoy reading our articles? why not subscribe to notifications so you’ll never miss one?
Subscribe to our articlesMessage us on WhatsApp (calling not available)
Please note that Collyer Bristow provides this service during office hours for general information and enquiries only and that no legal or other professional advice will be provided over the WhatsApp platform. Please also note that if you choose to use this platform your personal data is likely to be processed outside the UK and EEA, including in the US. Appropriate legal or other professional opinion should be taken before taking or omitting to take any action in respect of any specific problem. Collyer Bristow LLP accepts no liability for any loss or damage which may arise from reliance on information provided. All information will be deleted immediately upon completion of a conversation.
Close
