Home Banking A New Standard of Care for Banks in Cases of Corporate Fraud?

A New Standard of Care for Banks in Cases of Corporate Fraud?

by Prashant

The Singularis v Daiwa litigation

By Christian Tuddenham, Partner, Jenner & Block

In the summer of 2009, the London brokerage arm of Japanese banking group Daiwa Securities Group Inc. received instructions from its client Singularis Holdings Limited to make a series of payments to various companies in the Saad Group, to which Singularis was affiliated. The instructions were provided in accordance with established procedures and originated from Singularis’s chairman, Maan Al-Sanea. Daiwa’s compliance team raised certain enquiries concerning the instructions and received assurances and documentation in support from Singularis. Daiwa’s in-house legal function provided advice on the situation. Senior management in London and Tokyo were kept informed.

After the payments were made, it transpired that this was an asset-stripping exercise orchestrated by Mr. Al-Sanea. Daiwa had inadvertently facilitated this scheme. Singularis subsequently entered insolvent liquidation, and in 2014, the company’s liquidators commenced proceedings against Daiwa. In October 2019, the Supreme Court of the United Kingdom held Daiwa liable for negligently facilitating the misappropriation of funds out of Singularis’s account. Including interest and costs, Daiwa was ordered to pay Singularis in excess of US$200 million.

According to one view, this was a case where the fraudster avoided liability, and an innocent party was made to foot the bill. Some commentators have also described the Supreme Court’s decision as fundamentally changing the duty of care that financial institutions owe to their clients. So does the case herald a new era of litigation for banks that find themselves caught up in someone else’s fraudulent activities? And what can banks do to protect themselves?

The duty of care

Daiwa was held liable for having breached the relatively specialised duty of care that is owed by a financial institution to its customer in circumstances in which there are reasonable grounds to suspect that a payment instruction has the purpose of defrauding the customer. The duty in question is often referred to as the Quincecare duty because it was established in the early 1990s in the case of Barclays Bank plc v Quincecare Ltd.

The duty will arise only in cases for which it can be said that an ordinary, prudent banker would have a reasonable basis for suspicion that a particular payment instruction would result in the misappropriation of a customer’s money. Typically, this will be in cases where an authorised account signatory, such as a director or partner, instructs a bank to transfer funds out of a company or partnership account to a third party. Whilst the duty may arise in cases where there is a suspicion of money laundering, the duty is not limited to such scenarios.

Once the duty is engaged, the institution is obliged to refrain from executing the payment instruction in question unless and until it is able to satisfy itself that the instruction is not for a fraudulent purpose. This obligation takes priority over the usual contractual mandate to execute customer instructions promptly.

Why should a bank bear financial responsibility for another’s fraud?

In understanding the outcome in Singularis v Daiwa, it is important to appreciate that the operation of the Quincecare duty is highly fact-sensitive. The first question of whether the duty has arisen and the second question of whether it has been breached are both answered by looking at what an ordinary, prudent banker would have thought and done in that same situation. Whilst this is, therefore, an objective test, it is applied by reference to the particular circumstances of the case in question. This means that it is not applied inflexibly or without regard to commercial reality. So, for example, a global institution with large retail operations handling millions of daily payments is not expected to (and indeed cannot) police transactions in the same way as a small brokerage firm handling perhaps 10 or 20 payments a day. It will not be enough for a claimant to show that a given payment instruction was out of the ordinary; the court will require cogent evidence that this ought to have been apparent to those tasked with handling the payment.

The duty was found to have arisen in Singularis v Daiwa because the trial judge held that there were “many obvious, even glaring, signs that Mr. Al-Sanea was perpetrating a fraud on the company” and that Mr. Al-Sanea “was clearly using the funds for his own purposes and not for the purpose of benefiting Singularis”. Having established that the duty was engaged, the judge went on to find that Daiwa breached the duty because “there was failure at every level… what went wrong was that no one seems to have considered it his job to make the inquiries that [Daiwa’s Head of Compliance] said should be made or to ensure that the right people were tasked with dealing with payment requests”.

Daiwa had quite properly raised queries with its client in relation to some of the payment requests but unfortunately then failed to evaluate the client’s answers properly. In the case of one payment request, different and entirely inconsistent explanations were given for that same request. These explanations were also fundamentally at odds with what Daiwa knew about the business of its client. In addition, it was apparent from the face of documents supplied as evidence of the purported corporate obligations that those documents had been created after Daiwa had asked for them.

It is important to understand that in cases when the Quincecare duty is engaged, it can be discharged by refraining from making the payment. The primary obligation is an obligation to do nothing. The bank is not required to conduct a formal investigation. Nor must the bank be able to prove that its suspicions are well founded. In December of last year, in a claim brought by the Federal Republic of Nigeria against JP Morgan Chase Bank, the Court of Appeal of England and Wales stated that “something more” than simply refraining from executing the instruction may be required, meaning that some level of enquiry is expected of the bank. Although the Court did not elaborate, the premise seems uncontroversial. Subject to the anti-money laundering tipping-off restriction, the reality is that a payments or compliance team will usually want to ask a customer to provide further information or documentation about a suspicious payment request with a view to helping the bank understand whether or not the payment is for a legitimate commercial purpose. The bottom line, however, is that if the bank cannot assuage its reasonable concerns, then it is entitled to refuse to make the payment. In a situation where the payment is to be made to a third-party beneficiary, one option is to seek fresh instructions from the client, authorising the payment to be made directly back to the client rather than a third party.

None of the above changes the fact that a bank might inadvertently process an illegitimate payment and then find itself facing a claim from the very company that gave the instruction to make the payment. The courts may allow such claims in cases in which it is right to distinguish between the bank’s client, on the one hand, and the individuals actually responsible for the misappropriation of funds, on the other. The Quincecare duty exists to protect innocent shareholders and creditors, which is part of the reason why, in certain cases, a court will be prepared to hold a bank liable for facilitating a fraud that it had a reasonable opportunity to prevent.

It should also be noted that when a court finds that the duty has been breached, it may be prepared to apportion liability for the resulting losses between the bank and its customer on the basis of contributory negligence. This is what happened in Singularis v Daiwa: the trial judge reduced the damages payable by Daiwa by 25 percent to reflect the fact that the other directors on the board of the company, whilst innocent of Mr. Al-Sanea’s wrongdoing, negligently failed to step in and prevent it.

Has the standard of care expected of banks changed?

The decision in Singularis v Daiwa has attracted attention. Some commentators have said that the ruling raises the required standard of care, or even introduces a new set of obligations, and thereby increases the existing burden on banks to identify and prevent financial crime. That is not the case. In the short term, the publicity around the litigation may result in an increase in the number of Quincecare-type claims, but the nature and scope of the duty have not changed, and such claims have not become more difficult to defend. Financial institutions remain subject to precisely the same duty of care, and the same standards, as they did prior to the Supreme Court’s decision in Singularis v Daiwa.

What has happened, however, is that the litigation has helped to develop the law with regard to the nature and scope of the Quincecare duty. For example, the Court made clear that the liquidators of a company are entitled to pursue Quincecare claims on behalf of creditors. Further, Daiwa argued that the duty could apply only to a licensed deposit-taking entity such as a bank and not to a broker such as Daiwa. It is now clear that this is a distinction without a difference for the purposes of the Quincecare duty—the key question is whether the bank or broker is handling client monies appropriately.

The courts in this litigation had regard to the growing reliance that regulators and other authorities are placing on financial institutions to play a role in combatting financial crime. The trial judge heard expert evidence concerning not only the letter of the applicable rules but also about what the English regulators expect and would like to see happening. These regulatory requirements and expectations will inform the court’s assessment of the standard that an ordinary, prudent banker can be expected to reach. If the rulings in Singularis v Daiwa do contain a warning for the financial services industry, it is that the duty of care may arise with increasing frequency as the regulatory expectations placed on the industry continue to grow.

What can institutions do to protect themselves?

An obvious question is whether liability for breaching the Quincecare duty can be excluded through the insertion of an exclusion clause in the contractual documentation governing the relationship with the client. This question was considered in the case mentioned above brought by the Federal Republic of Nigeria against JP Morgan Chase Bank.

In that case, the Court of Appeal considered that it was possible for a bank and its client to agree to exclude the Quincecare duty provided sufficiently clear words were used, and subject to statutory restrictions such as those contained in the Unfair Contract Terms Act 1977. However, the Court noted that such wording would need to make clear that the bank should be entitled to pay out on instruction of the authorised signatory even if it suspects the payment is in furtherance of a fraud which that signatory is seeking to perpetrate on its client. It must be the case that many customers would be unlikely to agree to such a provision, and indeed it is doubtful that many banks would want to include that sort of wording in their standard terms. That said, there may be certain relationships and situations that merit the inclusion of this form of specific contractual protection.

Compliance and legal departments should obviously ensure that staff understand the legal requirements and what may constitute reasonable grounds for suspicion. Staff with responsibility for executing payment instructions should understand that third-party payment instructions pose particular risks, even when the instruction is to pay a corporate customer’s funds to another company within the same group, and even when the payer and payee companies share the same owner(s) and/or director(s). Special care must be taken in cases where the corporate customer is an entity that is owned and controlled (actually or effectively) by a single (or small number of) individual(s).

When staff have suspicions, these suspicions must be communicated to all relevant personnel, and sufficient information provided to enable people to understand the particular situation and associated risks. It will ordinarily be sensible to designate an individual within the legal or compliance team with overall responsibility for the management of the situation and all associated communications with other functions within the bank. The trial judge in Singularis v Daiwa highlighted communication failures in her judgment against the bank.

Whilst a decision on whether to process a particular payment is pending, all staff who may be involved in considering or processing the instruction (or any other instruction relating to the account or client) ought to be notified of the situation and directed not to undertake activity in relation to the account or customer without prior clearance from an appropriate member of the legal or compliance team. Unless there are anti-money laundering concerns and associated risks of tipping off, it is perfectly proper for staff to explain to the customer that a particular instruction is under internal review, and indeed it will usually be necessary to seek further information or documentation from the customer as part of that process.

Those tasked with responsibility for handling payment instructions must be properly supported in their role and be able to access advice and direction when required. Any explanation or documents that are provided by the customer in support of the payment instruction must be considered critically, with appropriate supervision, and in the context of what the bank already knows (or ought to know) about the business and financial position of the customer. One of the reasons why Daiwa allowed the payments to proceed was because relatively junior staff were left to take a final decision on whether to make very substantial payments. These staff had neither the knowledge of the customer’s business, nor the experience of handling third party payments, to enable them to identify red flags in the explanations and documentation provided.

It will not necessarily be enough for a bank to show that it has appropriate compliance procedures in place, or even that those procedures were followed correctly. The central question will always be whether the bank behaved according to the standard of an ordinary, prudent banker.

Leave a Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.