Author: Sophia Purkis
This article was published in Solicitors Journal on 3 May 2016.
Online banking fraud is becoming more sophisticated, causing large losses to individuals and companies. Unsurprisingly, the number of cases against banks involving online fraud is increasing.
In March, Sir Bernard Hogan-Howe, head of London’s Metropolitan Police, suggested banks should not fully refund victims of fraud who have not protected themselves. Whilst not universally well received, his remarks are a reminder that there is no guarantee of a bank refund. So, if it is not forthcoming, what steps can be taken to recover money?
It is vital to act quickly. Money may disappear at a frightening speed not only from the client’s account but from recipient accounts.
The duty to notify the bank immediately is long established and probably also required under the relevant account terms and conditions. Following notification, the bank should commence its recovery processes and comply with its reporting requirements. It is important to liaise with the bank and police to make sure that there is a co-ordinated approach and to minimise a client’s costs.
If the bank does not take the requisite steps, clients should consider their options such as seeking freezing or disclosure orders against the transmitting and/or receiving bank(s). Again speed is of the essence.
Lost sums are likely to be unauthorised payments, possibly in breach of mandate, and should be refunded by the bank with any charges and compensation for lost interest.
Whilst the banks may have regulatory obligations to follow, for example under the Banking: Conduct of Business Sourcebook (“BCOBS”) and the Payment Services Regulations 2009, they may be able to rely on usual banking practice to escape liability, as in Tidal Energy Ltd v Bank of Scotland plc 2 All ER 15 (which has an outstanding appeal).
The bank may also rely on exclusion clauses in its terms and conditions and refuse a refund if the customer acted with gross negligence.
If the bank does not provide a refund, the terms and conditions may require the customer to make a complaint to the bank. The response could be useful to indicate the bank’s potential defences to a claim.
After the bank’s complaints procedure, complaints to the Financial Ombudsman Service (FOS) can be brought – if the matter falls within its jurisdiction – by individuals acting outside their trade, business or profession and by “micro-enterprises” (which are defined as having fewer than 10 employees and turnover or balance sheet of under €2m).
FOS complaints are usually less expensive than other remedies and there is not the same liability for opponents’ costs as with legal claims. However, there is a limit on awards of £150,000.
First, the terms and conditions at the date of the fraud should be considered with any arrangements regarding the account, such as online banking agreements and payment mandates.
Then, consider claims against the banks for breach of contract, for an account and/or a declaration that the account be re-credited as the payments were unauthorised. Also consider consequential loss claims for any reasonably foreseeable losses.
Negligence claims for damages could be brought even if the payment was apparently authorised (e.g. a PIN was used), for example where the bank had reasonable grounds for believing the instruction to make payment was an attempt to misappropriate funds (e.g. due to the nature, timing or destination of the payments) as found in Barclays Bank Plc v Quincecare Ltd  4 All E.R. 363.
If the client is a ‘private person’, consider arguments that the loss is suffered as a result of the bank’s breach of a Financial Conduct Authority (or Prudential Regulation Authority) rule, such as those in BCOBS, then a claim for damages is available under section 138D of the Financial Services and Markets Act 2000.
Prevention is better than cure but we must be realistic: cybercrime is an ongoing reality and the number of claims arising as a result will continue to grow.
Sophia Purkis, Partner, Fladgate LLP (email@example.com)