In our previous article titled ‘Cybercrime Claims – Are Banks Liable for Making a Transfer to a Fraudster?’ we outlined the ways in which victims of cybercrime may have potential claims against professional advisers and banks in relation to money transfers made by victims to fraudsters.
In this article we consider the developments in this area of law following the High Court decision earlier this year in Hamblin and another v Moorwand Ltd and another.
Can a bank be held liable for facilitating a transfer to a fraudster?
The Quincecare case (referenced in our previous article) established that banks may be held liable where they execute a payment despite having reasonable grounds to suspect it may be fraudulent. The Hamblin case has confirmed and extended these principles.
The facts of the Hamblin cybercrime case
The fraudsters used the identity of a director of RND Global Limited to open an account with Moorwand Ltd, a payment services provider, in RND’s name. The fraudsters then tricked Mr and Mrs Hamblin into transferring £160,000 to RND’s account at Moorwand. The fraudsters issued payment instructions to Moorwand that enabled them to transfer the funds out of the account.
As RND was the account holder and customer of Moorwand, Mr and Mrs Hamblin could not make a direct claim against Moorwand. Instead they sought to bring a claim on RND’s behalf, known as a derivative action.
The decision
The High Court held that Moorwand had been “put on inquiry”: there were sufficient warning signs that should have prompted further checks before the payments out of RND’s account were made. These included:
- Discrepancies between the stated business activities of RND and how the account was being used. The fraudsters had made and received payments in bitcoin and purchased a luxury watch.
- Inconsistencies and credibility issues in the onboarding documents, such as an incorrect date of birth for a director.
Significance of the case for cybercrime
One key development in this case is the use of a derivative action. Although the Court did not directly consider this issue in the proceedings against Moorwand, the Hamblins had brought a derivative action in another case and the Court had permitted it on the basis that the company involved was used as a vehicle for fraud and essentially held the money transferred to it as trustee for the Hamblins.
The case also confirms that non-bank institutions, such as Payment Service Providers like Moorwand, are subject to the Quincecare duty not to execute a payment instruction where they reasonably believe such instruction to be fraudulent.
If you have been the victim of cybercrime, it is important to take legal advice on any potential claims you may have. If you would like to discuss your options, please get in touch with our expert professional negligence team.
You can read also more about professional negligence claims here.
This article was written jointly by Catherine Mathews, partner, and Farida Rashwan, trainee solicitor in our Commercial Dispute Resolution team.