In this article, first published in the Legal Business Disputes Yearbook, Tim Symes and Alice Glendenning discuss the common claims of online and open banking and the difference between dishonest and negligent banks.

We reported in our 2021 Yearbook article on the close link between recessions and fraud. This was clearly seen in the fallout from the 2007-8 crisis when fraud cases increased year-on-year by value and volume. The recession and the subsequent company failures allowed officeholders to uncover the full extent of unethical or fraudulent behaviour previously hidden by ‘business as usual’ activity.

It also drove officers to further fraudulent behaviour attempting to cover up the true state of a company’s finances and their own conduct. Take the use of Repo 105 at Lehman Brothers, an accounting loophole used to artificially improve the bank’s leverage ratio and assist it in issuing billions of dollars in worthless securities prior to filing for bankruptcy. Similarly, the use of circular loans of €7.2bn by Anglo Irish Bank to bolster its balance sheet and keep under wraps hundreds of millions in unreported directors’ loans. Likewise, the fabrication of stories by Stanford International Bank to hide the reality when investors rushed to redeem their deposits as the crisis hit (namely, the second largest Ponzi scheme in history).

In that article, we considered the likelihood of a similar surge in the wake of the Covid-19 pandemic, anticipating that the successive lockdowns and economic crisis would prove fertile ground for fraudulent behaviour. We picked up this theme in our 2022 article, where we also considered the recent developments in case law to banking litigation.

The rise in claims against banks and financial institutions can be attributed, at least in part, to the changing nature of banking in recent decades, both from a regulatory and technological standpoint. Following the 2008 crisis, there was a global effort to increase the regulation and supervision of financial institutions, as well as improve standards of conduct in the sector. This has come hand in hand with the digitisation of the industry, which was given a huge impetus by the pandemic.

Online banking and the rise of open banking (the ability for third parties to access customers’ data, such as bank balance and transaction history), among other developments, signals a welcome overhaul of the sector. However, it also invites new threats. Alongside cyberattacks and the risk of digital assets being used for illegal purposes, technological developments have led to ever more opportunities for fraudsters, with a 149% increase in digital fraud attempts between 2020 and 2021. In short, the task of banks and financial institutions to scrutinise payments and police transactions in line with technological developments comes at a time when the concomitant threats are greater than ever.

Where banks or financial institutions fail to prevent these frauds or are found to have assisted them, their deep pockets and the growing body of victim-friendly judicial authorities make them an attractive target for victims seeking to recover their losses.

We consider below the most common claims we are seeing in this context. One way to distinguish the kinds of claims a bank can face is by drawing a line between the dishonest banks and the honest (but negligent) ones.

Dishonest banks

Fraudulent trading

Fraudulent trading claims can be brought by insolvency officeholders where a company has been wound up or has entered administration, and the business of the company was carried on with the intent to defraud creditors (whether that be the company’s or anyone else’s) or for any fraudulent purpose.

The net is cast wide when it comes to who can be liable. A claim can be brought against any persons who were ‘knowing parties’ to the carrying on of the business in a fraudulent manner, even if they were not involved in the management of the company and were outsiders to the company. Following the important case of Bank of India v Morris [2005] EWCA Civ 693, more claims have been made against banks.

Dishonest assistance

Likewise, banks or financial institutions can be held to have dishonestly assisted a person who holds a position as a trustee of the misapplied assets, for example, in making unauthorised transfers. Company directors are trustees of the company’s assets, so a misapplication of company funds assisted by a bank can render the bank liable in dishonest assistance. See the case of Abou-Rahmah v Abacha, where it was claimed that the City Bank of Lagos, the fifth defendant, had dishonestly assisted fraudsters in receiving and transmitting misappropriated funds which had been paid to facilitate the investment of a family trust fund worth $65m (which never existed) in an Arab country.

The application of these claims against ‘dishonest’ banks and financial institutions (more fairly put as dishonest players within these organisations) played a significant role in the long-running Bilta litigation brought by insolvency officeholders of Bilta UK Ltd, which was involved in carbon credit trades giving rise to VAT fraud in 2009. In Bilta’s claim against Natwest Markets Ltd, it was held that the bank’s carbon desk traders were liable under fraudulent trading and dishonest assistance for their role in facilitating the wrongdoing. Likewise, in Bilta’s claims of fraudulent trading and dishonest assistance against Tradition Financial Services (TFS), a broker and intermediary in the carbon trading fraud, the Court of Appeal recently confirmed that fraudulent trading does not just apply to persons with a controlling or managerial function at the company and could therefore apply to an outsider who knows that the business he is dealing with is fraudulent.

Negligent banks

Cases where banks or financial instructions are found to have been dishonest, thankfully, do not occur at anything like the rate of frauds, although neither are they as rare as we might hope. That is not to say that ‘honest’ banks are immune to claims where frauds have been perpetrated, as was established by the courts some 30 years ago in the landmark case of Barclays Bank plc v Quincecare.

Quincecare

Following Quincecare, banks and financial institutions may be held to have breached their duty of care to their customer if they execute what turns out to be a fraudulent payment order. For so long as a bank is ‘on inquiry’, ie it has reasonable grounds to believe an order may be an attempt to misappropriate funds, it should refrain from executing a customer’s order. If it fails to do so, it can be held liable for any losses suffered.

Historically, this claim was only successful when the purported agent for the customer had given payment instructions to the bank directly. Following the Court of Appeal decision in Philipp v Barclays Bank UK plc, an individual customer can now rely on Quincecare even where they issued the payment instruction to the bank themselves. In that case, Mrs Philipp fell victim to an authorised push payment (APP) fraud when a scammer posing as a Financial Conduct Authority operative tricked her into transferring £700,000 to two bank accounts in the UAE. Mrs Philipp was successful on appeal. It was held that Quincecare could extend to circumstances where an individual customer instructs their bank to make a payment when that customer is a victim of APP fraud. The Supreme Court has now heard the appeal, and judgment is awaited.

Claim in debt?

An alternative to bringing a Quincecare claim against an honest but negligent bank may be available following the Hong Kong Final Court of Appeal judgment in PT Asuransi Tugu Pratama Indonesia TBK V Citibank N.A. In that case, the applicant (Tugu) sought to recover funds totalling $52m transferred out between 1994 and 1998 from its account with Citibank on the dishonest instructions of its signatories, who were officers of the company. Tugu brought claims against Citibank (i) for Quincecare breach of duty; and (ii) in debt on the basis that the unauthorised debits were a ‘nullity’ (ie legally void). It was held that Tugu’s Quincecare claim failed because it was statute barred, and in any event, Tugu would have been held to be contributorily negligent for 50% of its losses. On final appeal, the debt claim was upheld: a customer is entitled to disregard an unauthorised debit as a nullity and bring a claim in debt for the reconstituted balance of the account, payable on demand.

While of persuasive authority only, this decision may offer an alternative means for officeholders and companies to recover misappropriated funds when looking at historical transactions or those where officers of the company have been complicit in the misappropriation.

Conclusion

As insolvencies pick up following the pandemic and more recent headwinds, and officeholders begin to investigate companies’ affairs, we can expect to find more banks in the hot seat for their role in facilitating wrongdoing, whether wilfully or negligently. Technology has been at least one driver of the rise in fraud, leading to claims against banks for failing to identify and prevent it. Technology is also likely to be the industry’s lifeline. UK Finance has reported that banks are investing in advanced security systems, including real-time transaction analysis, tracking technology, the imposed implementation of multi-factor authentication, and the exploration of ‘behavioural biometrics’ to identify suspicious activity.

It is hoped such developments will practically automate the identification and prevention of fraud. While a positive step, the counterpoint to this will be that it will be much harder for banks to argue they did not have the requisite knowledge of wrongful conduct or have been ‘put on inquiry’ when funds have been misappropriated in spite of these systems.