It is not uncommon for individuals or companies to fall victim to internet fraudsters. The victims are often deceived to deposit money into accounts purportedly belonging to business partners and investment brokers who turn out to be fraudsters. This has become a widespread phenomenon across the globe, with the accrued damage amounting to an estimated 100 billion euros annually.
In most cases where the victims reside in Europe or the US, the accounts involved are located abroad, such as in Hong Kong, China or other Asian countries. As soon as the transfers are credited, these accounts are usually emptied almost immediately before a freezing order can be obtained from a law enforcement agency or a competent authority, resulting in a total and an irrecoverable loss.
Since the fraudsters and the funds are no longer traceable, the victims are left with no option but to consider the possibility of recovering their losses from a third party. A legal question that commonly arises is whether the victims would be able to hold the beneficiary banks liable on the ground that there are potential breaches on the applicable laws and regulations on AML (antimoney laundering) and KYC (know-your-client) requirements.
To address the question, one must turn to examine the "Quincecare duty" under English and Hong Kong law, which imposes a duty on a bank to refrain from executing a transfer order from a customer in the event it has actual knowledge or reasonable suspicion that such order is associated with an element of fraud.
In the 1992 decision where the Quincecare duty first arose, an accountant of a company had forged the signature of his supervisor and initiated a transfer from the company's account to his personal account. As the signature was poorly forged, the court ruled that the bank in question should have detected the flaws, which it failed to do, and as a result damages were awarded to the aggrieved company.
However, to balance a bank's function and its primary obligation to execute the orders of its customers in a timely delay, the threshold for applying the Quincecare duty is exceptionally high and its imposition is found only in limited circumstances.
Moreover, the Quincecare duty only exists between an account holder and the bank with which the account is maintained. This is the remitting bank in most instances. The duty has yet to be extended to govern the relationship of the paying party, namely the victim and the beneficiary bank, i.e. the bank of the fraudster. Thus, it is unlikely that these internet fraud victims will be able to rely on the doctrine to recover their losses from a third-party bank.
Hypothetically, even if this gate would be opened in the future allowing victims to claim against the beneficiary banks, the burden of proof would likely remain with the claiming party, or the victims, who would then be required to satisfy the court of the existence of a breach of duty on the part of the banks. If and how the victims could overcome the hurdle and gather evidence with only limited access to the internal procedures of the beneficiary banks is another problem in recovering the losses.
Extra caution should always be taken as far as invitations to invest, whether encountered online or otherwise, are concerned. It is also advisable to contact your business partners by phone to confirm their account details, especially when the transfer is being directed to a foreign account or an account to which you have not transferred money before. This article is co-written by Anna Lau.