Bank transfer fraud: what is the bank’s responsibility?

‘Push Payment Fraud’ – where a fraudster deceives someone into paying money to an account controlled by that fraudster – is increasingly common.  The true cost of this type of scam is unknown, but it is believed to run into hundreds of millions of pounds a year.  In most cases it leaves the victim with large losses and very limited recourse unless it is lucky enough to have insurance cover in place.

Many banks and other payment providers have now signed up to a Code which is intended to provide for compensation to be made to consumers, charities and micro-enterprises who have fallen victim to this type of bank fraud.

Unfortunately the Code does not offer protection for businesses other than micro-enterprises, and many companies are therefore left without a right of recourse under the Code and have to consider other avenues for recovery.

It will normally be too late to take action to freeze the money in the fraudster’s account before it is transferred on, because there is usually some delay between making the payment and discovering it has not reached the intended recipient.

It is possible to make a court application to obtain details of the true holder of the bank account to which the money has been fraudulently diverted, but of course by the time that such details have been obtained the money will have been moved on, and normally outside the UK.  It is again possible to trace such transfers, but it is only economically feasible to do so in large value frauds because of the cost of bringing actions across multiple jurisdictions.  Moreover, there is no guarantee of recovery.

There may sometimes  be other parties involved – for example the involvement of a rogue employee at the company to whom payment was intended – giving another avenue for recovery, but such cases are uncommon.

It is no surprise, therefore, that victims of such bank transfer frauds turn their attentions to the banks themselves, and equally unsurprising, given the vast sums involved, that the banks have consistently sought to deny responsibility in such cases (save voluntarily under the Code).

A recent case, I.F.T.S.A.L. Offshore -v- Barclays Bank Plc has shed some light on the circumstances which could give rise to such responsibility on the part of a bank (although the case itself was only concerned with the use of evidence and not with the merits of the underlying claim).

IFT was the victim of a push payment fraud and were induced to transfer US$249,721 (intended to pay an Austrian supplier for raw meat products) to a fraudster holding an account with Barclays Bank.  The money was paid on 15 January 2019, and was paid out from the Barclays’ account to an account in the UAE in tranches between 16 and 18 January.  The last payment was made 2 hours before IFT notified the fraud to Barclays.

IFT subsequently applied to court for an order that Barclays provide them with details of the account holder with the intention of pursuing that account holder.  That in turn led to attempts by IFT, through its solicitors, to recover the money via legal action overseas, although the case reports ‘there is no realistic prospect of recovery from the fraudster or tracing of the monies’.

However, in the meantime, IFT had reviewed the documents provided to it by Barclays and took the view that they may in fact have a case against Barclays.  The reported case dealt with the fact that IFT now wanted to use the information obtained from Barclays for a different purpose than that originally applied for – namely pursuing Barclays itself, and the court consented to this.  But of wider interest are the factors which the court identified as leading IFT to believe it may have a claim against Barclays which were as follows:

1. The Barclays account was opened only a month or so before the fraud by a Polish national for his sole trader painting contractor business trading from a residential address in North London. The customer declared an initial investment of £2,000 and an annual turnover of £60,000.
2. Between the opening of the account on 7 December 2018 and 14 December 2019, the largest single transaction was a credit of £200. Also on 14 January 2019, the customer made a small payment out of the account to an account in Dubai.
3. On 15 January 2019 the account was credited with the fraudulently diverted payment from IFT of US$249,696.44 with a reference ‘settlement of invoice.. frozen chicken pork’.
4. All of this money was paid out from the Barclays account between 16 and 18 January 2019 by six payments to an account with Noor Bank Dubai.
5. At some point in time, Barclays had also made a suspicious activity report on accounts that this customer had with Barclays, seemingly accounts other than those which processed the fraudulent payment.
6. On being notified of the fraud, Barclays took no action whatsoever for four days and no steps to block the account for five days, and apparently no steps to recall the payments made.

It is important to recognise that this case did not decide that Barclays had any liability: the only comment the Judge made was that he was “unable to say that there may not be a claim”.

It will be interesting to see whether IFT ever pursue a claim against Barclays on the basis of the evidence obtained, and of course if it is settled out of court then nothing further is likely to be heard about it.  However, it does point to the fact that in certain circumstances there may be a possible claim against the banks involved even if all other avenues for recovery are hopeless.

Although making an application to obtain the details of the fraudster’s bank account may prove fruitless as the money – and fraudster – is likely to have disappeared, there may still be a valuable collateral benefit if evidence of carelessness or more on the part of the bank is uncovered.