A code of conduct has been introduced with the aim of helping bank account holders regain money that has been lost to fraud. But businesses still need to steer their own course of action to ensure they can regain what is theirs.
The new code has been agreed and published by the Authorised Push Payment Scams Steering Group, set up at the start of 2018 and made of up representatives from banks and consumer groups. The code covers individuals who are targeted by those committing authorised push payment (APP) fraud. APP fraud involves a person being sent a fake invoice by an individual posing as someone who did work for them, in order to have the target send money to a bank account controlled by the individual committing the fraud. Yet while the code is to be welcomed, it does not cover companies.
Barclays, HSBC, Lloyds Banking Group, Metro Bank, Nationwide, Royal Bank of Scotland, NatWest and Santander are among the lenders that have signed up to the code of conduct to protect those who are targeted by APP fraud. They will reimburse customers for their losses, provided that it can be shown that the customers had taken reasonable care. If the bank does not believe a customer took reasonable care and is not prepared to reimburse the customer, the burden of proof is on the bank to prove that the customer acted carelessly when they were defrauded.
Banks have often refused customers refunds for APP fraud, arguing that they are liable as they authorised the transaction. While £145.4M was lost in the UK in the first half of 2018 to APP fraud, only £31M was repaid to customers. The new code may see the repayment figure rise rapidly.
APP and Businesses
But while the new code should see the amount of APP-related repayments increase dramatically for individuals that will not be the case for businesses. The code only applies to individuals, very small enterprises – with limits imposed on turnover and staff numbers – and charities.
For the vast majority of those in business, asset recovery through the civil courts will remain the main route for them to recoup funds lost to APP fraud. APP fraud is also known as invoice hijacking as it can involve the person committing the fraud placing themselves between a company that hired another company for goods or services: the individual sends an invoice to the former claiming to be from the latter, with any payment made being directed to the individual’s account. It is not uncommon for those looking to commit such fraud to make efforts to find out about a company’s trading arrangements in order to devise the most convincing fake invoice.
If a company is faced with such a situation it has to act quickly and take steps to freeze the funds that have been taken. One benefit of using asset recovery methods is that proceedings can be commenced swiftly. In such situations, a company cannot afford any delay caused by a wait for the police to decide if they will prosecute.
Urgent Effective Options
The effectiveness of such an option was illustrated in World Proteins Kft v Persons Unknown  EWHC 1146 (QB); a case where the company had paid 1.5M euros and a further 500,000 euros to pay fake invoices that purported to come from one of its longstanding suppliers. While the company was able recall the 1.5M euros payment in time, it was unable to do so for the 500,000 euros.
The High Court issued a freezing injunction against ‘persons unknown’ - an unnamed individual responsible for the fraud. The bank records of the account where the defrauded sums had been paid were disclosed, leading to the individual’s identity and address being obtained.
On 1 July, shortly after the freezing injunction hearing - and the resulting freezing of the assets and identification of the individual behind the fraud - the High Court granted default judgment in World Proteins’ favour, stating that all money held by the respondent resulting from this fraud must be returned to the applicant within 14 days.
The freezing injunction and the ancillary orders against the persons unknown were the forerunner to the matter’s resolution via default judgment, which will result in the almost immediate return of €500,000 which would otherwise have been lost forever to fraud.
The Use of Interim Tools
In addition to the above measures, there are also various interim tools available for the disclosure of information when a business – or, for that matter, an individual - has been targeted by APP fraud. Depending on the circumstances, an order for disclosure from the banks pursuant to Norwich Pharmacal and/or Bankers Trust principles is an option. This helps provide the necessary information in order to pursue the ultimate wrongdoer.
An order for the banks to provide the required information can be obtained if it can be successfully argued that:
- A wrong has been carried out by an ultimate wrongdoer. The “wrong” may be a crime, tort, breach of contract, equitable wrong or contempt of court. The wrong has to be identified at least in general terms. This was laid out in Ramilos Trading v Buyanovsky  EWHC 3175 (comm).
- There is a need for an order to enable action to be brought against the ultimate wrongdoer.
- The respondent (i.e. the bank) is likely to be able to provide the information necessary to enable the ultimate wrongdoer to be sued.
Once these conditions are satisfied, the court will have discretion as to whether or not such an order should be made. While the bank may owe a duty of confidentiality to its customers, this will rarely trump the applicant’s interests in obtaining disclosure, given the nature of the wrongdoing.
Courts’ Approach to APP
In reaching its decision in World Proteins Kft v Persons Unknown  EWHC 1146 (QB); the High Court stated that it was relevant that the default judgment application had been properly notified to the respondent and that he had not replied – and that it would have been disproportionate and unnecessary to expect the applicant to jump through further legal hoops when the respondent had not attended. In simple terms, the court was saying the respondent could not escape the law by simply not engaging with the legal process.
As a case, this shows that the courts appear to be taking a realistic and rational approach to invoice jacking. World Proteins had clearly lost money due to fraud and the default judgement allowed it to regain the money held in the account – money that could be shown to be what had been taken from World Proteins in the fraud.
While individuals who are targeted by APP fraud now have – in most cases, at least – the new code of conduct to fall back on, this is not available to the vast majority in business.
The case of World Proteins indicates that the route taken by that applicant must be seen as the most effective way forward for businesses looking to recover APP-related losses. Businesses facing such issues need to consider urgently their civil options. The need for a quick response cannot be over-emphasised. The courts will consider any delay as a factor. It is important, therefore, for businesses in such a situation to seek the right legal advice immediately.