When a banking customer falls victim to a fraud on his or her account, the bank that unknowingly facilitated the fraud may be faced with the question of whether it acted with sufficient care to prevent it. The decision of the Ontario Superior Court of Justice in Du v. Jameson Bank, 2017 ONSC 2422 demonstrates how well-drafted account opening documentation can protect a bank from liability in these circumstances.

The facts

The plaintiff, Yunsheng Du, (Du), was the victim of a fraud in connection with two wire transfers processed by the defendant, Jameson Bank (Jameson), as a result of instructions received by Jameson via email from Du’s e-mail address.

In January 2012, Du opened an account at Jameson (the Account) and signed account opening documents that included key terms that the bank later relied on to avoid liability in this case. Importantly, in opening his Account, Du provided an email address (the Email Address) as his means of electronic communication. From the outset of their banking relationship, Du and Jameson communicated using the Email Address. In February 2012, Du instructed Jameson, by email, to wire funds to an American company. They exchanged further email correspondence during March and April 2012 without issue. As the court noted, no concerns were raised by Du with this form of communication.

Subsequently, in May 2012, two fraudulent wire transfers were made through the Account following instructions given to Jameson through the E-mail Address after the Email Address had been hacked. Jameson only learned of the alleged fraud several days later.

Du sued Jameson in negligence. The decision concerned Du’s motion to amend his claim to add causes of action in breach of contract, conversion, breach of fiduciary duty, oppression and for breaching Guideline 6 of the Proceeds of Crime (Money Laundering) and Terrorist Financing Act, SC 2000, c. 17 (Act), as well as Jameson’s motion for summary judgment.

Jameson’s successful motion

Du's claim in negligence and his request to add allegations of breach of contract and breach of fiduciary duty were denied in large part because of the terms of the account opening agreements, even though Du insisted that he did not read them. Du's proposed claims under the Act, in oppression and in conversion, were rejected on other grounds.

The key terms relied upon by Jameson on the motions were as follows:

2.2 Reliance on instructions Jameson may rely and act upon ... electronically transmitted instructions from or purporting to be you ... and which Jameson believes to be genuine[...]
5. Wire transfers d) Absent gross negligence or wilful misconduct by Jameson ... Jameson shall not be responsible or liable for any damages ... in connection with any wire transfer ... nor shall it be held responsible for the ... conduct ... by any other bank, entity of person, in connection with the wire transfer ...[...]
7.3 Your responsibility (A) You are responsible to ensure the accuracy of settlement and delivery instructions in respect of each and every Deal (including, but not limited to, any wire instructions) ... (B) You agree to maintain security systems, procedures and controls to prevent ... (iii) losses due to fraud or unauthorized access to the service ...[...]
8.6 Electronic communications ... Any electronic communication that Jameson receives from you or in your name will be considered to be duly authorized and binding upon you.

i. Breach of contract

Jameson was able to rely upon clause 5(d) (set out above), which required Du to establish that Jameson had engaged in gross negligence or wilful misconduct. Justice Beaudoin found that Jameson had acted in accordance with the terms of the agreement, which allowed the bank to act on Du’s instructions so long as he had sufficient credit. Additionally, Jameson was entitled to treat Du’s mandate at face value and had no reason to doubt the authenticity of the emails because the fraudster referenced details that would not ordinarily be known by unrelated third parties, such as the name of Du's financial advisor and his bank account at Wells Fargo.

Justice Beaudoin noted that in the absence of special facts, the relationship between a bank and its customer is one of debtor/creditor and does not given rise to fiduciary duties. There were no such special facts in this case.

Justice Beaudoin focused on the language of the agreements and found that Jameson did not give any advice or make any representations to Du, nor did it have any discretion in connection with the Account. Jameson and its agents agreed only to act on and comply with the instructions of Du or an authorized representative. Furthermore, Du contractually accepted the risks associated with giving instructions by email. In such circumstances, Jameson did not owe a fiduciary duty to Du.

iii. Negligence and gross negligence

Justice Beaudoin again focused on clause 5(d) to inform his analysis of the standard of care. The agreement made it clear that Du assumed the duty of care in relation to the risks associated with electronic communications and established that Jameson could only be liable for gross negligence or wilful misconduct. Again, because Jameson and Du had historically communicated using the Email Address and there was nothing on the face of the instructions that should have alerted Jameson to the fraud, Jameson was not grossly negligent and did not act with wilful misconduct.

The Du case demonstrates the power of well-drafted account opening documentation in defending against allegations that a bank is liable for a customer’s losses when it unknowingly permits or assists in enabling fraudulent activities of a third party. Even if the customer later claims that it did not read the account opening documentation, a bank will still be entitled to rely on its terms.

This case suggests that banks should have closer regard to the terms of their account agreements. When drafting or revising account opening documentation, consider the following:

  • How the agreement will allocate the risks relating to electronic communications and in particular, modes of communication that are within the customer's control (such as email addresses);
  • How the bank is to receive instructions and when it can consider an email instruction to be authorized; and
  • The applicable standards that will govern liability (in other words, gross negligence or wilful misconduct).

Taking these precautions at the outset may assist with avoiding costly litigation through early motions for summary judgment.