In the recent case of Tecnimont Arabia Limited v National Westminster Bank PLC  EWHC 1172 (Comm), the High Court refused to hold a bank liable for losses suffered by the victim of an authorised push payment (APP) fraud in circumstances where the bank received funds in an account held by fraudsters and failed to act to prevent their dissipation to third parties.
What is APP fraud?
An APP fraud is perpetrated by a fraudster deceiving a victim into instructing their bank to transfer funds from their account to an account controlled by the fraudster. As the transfer is made using real-time payments, the victim cannot reverse it once they are aware they have been deceived.
Have banks been held liable in the past?
Victims of APP fraud have previously brought claims against their own banks. In April 2022, we examined the Court of Appeal decision in Philipp v Barclays Bank UK plc  EWCA Civ 318 (read more here), which extended the scope of the Quincecare duty originating in Barclays Bank plc v Quincecare Ltd  4 All E.R. 363. The Quincecare duty is an implied duty imposed on a bank requiring it to refrain from executing a customer payment when the bank is “put on inquiry”. This will occur when there are reasonable grounds to believe that the consequence of acting on instructions for payment may be that the customer’s funds are misappropriated. When a bank is put on inquiry, it has a duty to investigate the transaction and any other suspicious activity on the account. If the bank fails to do so, then it can be liable for a breach of the Quincecare duty.
In Philipp v Barclays, the Court of Appeal rejected the argument that the Quincecare duty only applies where there is fraud by an agent acting for a principal. The court held that the duty can extend to situations of APP fraud where the bank is on inquiry that executing a customer’s payment instruction could result in the customer’s funds being misappropriated.
Tecnimont Arabia Limited v National Westminster Bank PLC  EWHC 1172 (Comm)
In this case, Tecnimont Arabia Ltd (TAL) was deceived by an APP fraud which resulted in it paying USD5m into a NatWest account held by fraudsters in the name of Asecna Limited, an English registered company. When the fraudster attempted to dissipate the funds, NatWest received anti-fraud alerts generated by its real-time anti-fraud system. The purpose of these alerts, however, was to detect potential fraud against the NatWest customer (i.e. the fraudster), rather than frauds perpetrated by a NatWest customer. NatWest followed steps to determine whether the payments requested by the fraudster had been induced by fraud but by doing so did not uncover the fact that its own customer was a fraudster. By the time NatWest became aware of a potential fraud and identified the fraudster’s account there was only USD36,000 left in the account, of which a further USD33,989.88 was paid out before the account was frozen later the same day.
TAL subsequently brought a claim against NatWest seeking to hold it responsible for failing to suspend the fraudster’s account before the funds were all but drained. In doing so, it was asking the Court to extend the scope of the Quincecare duty to non-customers. The basis of TAL’s claim was that NatWest should have known of the fraud, or at least been put on inquiry, and so should have prevented the further transfer of funds. TAL also argued that NatWest had been unjustly enriched as the recipient of the payment of USD5m.
The High Court found that NatWest had not been unjustly enriched at the expense of TAL. Additionally, the Court found that NatWest would have been able to rely on the defence of change of position had TAL established that NatWest had been unjustly enriched. This was because (among other things):
- There was nothing in the way NatWest’s systems were designed or operated that would make it unjust to allow it to rely on a defence of change of position. Assuming they follow an appropriate due diligence procedure, banks are entitled to proceed on the basis that their customers operate legitimately. NatWest was therefore entitled to focus on protecting, rather than investigating, its customer.
- Whilst there was a delay of slightly less than two hours between NatWest having the information necessary to freeze the fraudster’s account and the account being frozen, that delay was not such as to allow the judge to conclude that it would be unjust to allow NatWest to rely on a defence of change of position.
The Court’s dismissal of the claim highlights the challenges victims of APP fraud face in trying to recover their losses from the fraudster’s bank as opposed to their own bank or from the fraudsters themselves. The number of victims of APP fraud is increasing, with a 71% increase in APP fraud during the first half of 2021, and in recent case law we are seeing victims adopting various approaches in an attempt to hold banks accountable for failing to prevent their financial losses.
The judgment in this case should offer some comfort to banks who have proper anti-fraud procedures in place to limit their exposure to liability from claims brought by victims as a receiving bank. However, it should also serve as a reminder to banks of the importance of having rigorous KYC and anti-fraud procedures, together with high levels of vigilance, to protect themselves and their customers. For victims, the High Court’s judgment serves as a timely reminder to be vigilant for the possibility of fraud and to be suspicious of any written requests for monies to be sent to an alternative account, especially if that account is in a different country. Corporates should have robust systems in place to counter attempted APP frauds. It is difficult for victims of fraud to trace misappropriated funds all over the globe and the judgment in this case should underline, to the extent that it is at all necessary, that when it comes to APP fraud, prevention is the best remedy.