In Tecnimont Arabia Limited v National Westminster Bank Plc , the High Court has held that the receiving bank should not be made liable (in unjust enrichment) to a third party who was the victim of an authorised push-payment (APP) fraud. The judgment gives some comfort to receiving banks that, provided robust anti-fraud procedures are followed, liability to the victim of the APP fraud for claims of unjust enrichment is unlikely.
The scam followed what is quite a typical pattern for an APP fraud: a hacked email and an impersonation of a company executive by the fraudster led to a substantial sum (in this case, US$5m) being wired by the victim (TAL) to a bank account that, instead of belonging to the company to whom the transfer was intended, was controlled by the fraudster. The funds were then dissipated and the victim was unable to recover the funds from the fraudster. The victim then turned its attention to the fraudster’s bank, in this case NatWest. A claim pursuant to the Contingent Reimbursement Model Code was not available.
Among other claims (which were dismissed by the Court on technical legal grounds), a claim pursued by TAL was that NatWest had been “unjustifiably enriched” by having received US$5m from TAL which had been paid by mistake. If true, that would mean that TAL was entitled to be reimbursed for its losses by NatWest.
A classic defence to an unjust enrichment claim is what is known as “change of position”: this defence is open to any party whose position has changed so fundamentally as a result of the transaction in question that it would be inequitable to require him to make restitution. In this case, the Court considered whether NatWest’s conduct was such that the change of position defence was not open to it. In particular, TAL alleged that:
- NatWest’s investigation of AML concerns should have been quicker.
- The anti-fraud detection systems deployed by NatWest ought to have identified the fraud being perpetrated on a third party (TAL), and
- NatWest ought to have acted more quickly in suspending the account once a fraud risk had been identified.
Comfort for banks
The Court dismissed TAL’s claim and held as follows:
- AML versus fraud detection: the judge was told that current banking practice is to monitor for fraud in real time, but to investigate AML concerns retrospectively. The judge found this to be a perfectly reasonable way to proceed in the circumstances.
- Protecting the customer, not third parties: NatWest was looking for fraud on its own customer – in this case, the fraudster – rather than on a third party (TAL). The parties agreed that NatWest’s fraud team had made a bad call by waving through one of the payments and not calling the customer to check it; but the judge found that this had no impact in this case where the customer – the fraudster – would no doubt have assured the bank that all was well anyway. The judge noted that: “the Bank is entitled […] to concentrate its efforts on protecting its customers rather than investigating them.”
- Reaction time: on the day NatWest became aware of the fraud, they were told about it shortly before noon. The account was frozen a little after 4pm, but in the interim, another payment out (of around $30,000) had been made by the fraudster. The judge thought the freeze could have been dealt with more efficiently, but he did not think that the delay was so bad that the bank should have to pay for it.
The claim was an ambitious attempt to fix the bank with an almost Quincecare-style duty to prevent fraud on third parties, which the judge had no appetite to allow. The Court reiterated the law, following earlier cases, that the key question on unjust enrichment claims such as these is whether the conduct of the party seeking to rely on a change of position defence was such that it would be unjust to permit it to rely on that defence.
Clearly, and as this case highlights, the availability of a change of position defence will be determined by the specific facts of the case. While such a defence ought generally to be available to a defendant bank even if their own fraud-detection procedures were followed less than perfectly (as in this case), banks should review their procedures to make sure:
- they are in line with best practice,
- they are followed, and
- that if notice of fraud is received, it can be acted on very quickly.
This publication is a general summary of the law. It should not replace legal advice tailored to your specific circumstances.
© Farrer & Co LLP, August 2022