In its recent decision in Major Shipping & Trading Inc v Standard Chartered Bank (Singapore) Ltd [2018] SGHC 4, the Singapore High Court held that a bank was not liable to its customer who had been the victim of a fraud by impersonation.

Facts

The plaintiff was a company incorporated in the British Virgin Islands, and was in the business of trading and shipping cement clinker. The defendant was a bank.

In December 2011, the plaintiff opened an account with the defendant. The relationship between the parties was governed by the defendant’s standard terms and a letter of indemnity (LOI).

Clause 1.1 of the standards terms defined an “instruction” as any instruction which the defendant believed “in good faith” as being given by an authorized person.

Under clause 3.1 of the standard terms, the defendant undertook to use “reasonable care and skill.”

Clause 5.5 of the standard terms stated that the defendant could act on the plaintiff’s instructions received through any channel if it believed them to be “genuine and complete.” It further stated that the defendant “may” require confirmation prior to acting on such instructions.

Clause 10.1 of the LOI stated that the defendant would not be liable for any losses suffered by the plaintiff except to the extent that it was caused by any “fraud, gross negligence or wilful misconduct” on the part of the defendant.

The LOI also included wording stating that the plaintiff understood the risk involved in sending instructions by telephone, facsimile and other electronic communication, and agreed that the defendant would not be liable for any losses or damages provided that it had acted “in good faith.”

Under the account opening documents, Mr. Majnu, one of the beneficial owners of the plaintiff, was listed as an authorized person of the account. He provided a Bangladesh landline number and a Yahoo email address to the defendant.

Between 17 and 26 June 2013, the defendant received six outward telegraphic transaction (OTT) instructions in the form of remittance applications forms, which were attached to emails sent from the Yahoo account, and which were also faxed to the defendant. These were for various amounts between approximately US$85,000 and US$1,440,000. The signatures on the OTT instructions were consistent with those of Mr. Majnu’s specimen signature in the defendant’s records.

Upon receipt of each of the OTT instructions, the defendant’s personnel sent several emails in reply. Mr. Majnu denied any knowledge of the emails sent from the Yahoo account and the replies from the defendant.

On 18 June 2013, Mr. Majnu received two text messages on his mobile phone containing Yahoo verification codes. It could not be conclusively determined why the codes were sent, although it was suggested that this was because someone was seeking to access the Yahoo account from a different device.

In respect of the first four OTT instructions, officers of the defendant attempted to call the plaintiff’s representatives to confirm them. However, none of the calls were answered, except a call in respect of the first OTT instruction. It was a call made to Mr. Ali, another authorized person of the account. Mr. Ali told the defendant’s officer not to disturb him.

On 24 June 2013, after the execution of the third and fourth instructions, the defendant’s officer sent an email to Mr. Majnu requesting that he provide the defendant with updated contact details, explaining that the defendant’s officers had tried to contact him many times without success.

On the same day, an email from the Yahoo account was sent to the defendant’s officer stating that Mr. Majnu was unable to receive phone calls as he was receiving medical treatment for health problems, and that he would update his details on 1 July 2013.

While the first four OTT instructions were executed by the defendant, the fifth and sixth instructions were not as there were insufficient funds in the bank account.

The plaintiff denied that it had given the six transaction instructions and commenced proceedings against the defendant for acting on unauthorized instructions, breaching its duty to use reasonable care and skill, and breaching its duty to take steps or have the necessary facilities and/or system in place to prevent unauthorized fund transfers.

In its defence, the defendant argued that Mr. Majnu had in fact sent the OTT instructions, or it was authorized to act on the instructions as it believed in good faith that they were issued by Mr. Majnu, or that it had not breached its duty to use reasonable care and skill. The defendant also argued that any loss suffered by the plaintiff was wholly caused or contributed to by the plaintiff’s own negligence. Lastly, the defendant relied on the exclusion clauses in clause 10.1 of the LOI.

Judgment

The judge dismissed the plaintiff’s claim as it was not able to show that the defendant had been in breach of its duties.

First, the judge held that the term “good faith” in the standard terms and the LOI incorporated a subjective standard of acting honestly and an objective element of a lack of gross negligence. On the facts, the judge found that the defendant had acted in good faith, as there was nothing that would have put a reasonable banker on notice that Mr. Majnu did not issue the OTT instructions.

The plaintiff had argued that there were a number of “red flags” that, taken individually or cumulatively, would have put a reasonable banker on notice that the instructions had not been sent by Mr. Majnu. These were:

  1. The frequency and quantum of the instructions were high and unprecedented;
  2. The instructions were to beneficiaries in countries which the plaintiff had not remitted money to previously;
  3. The plaintiff’s name was misspelled;
  4. The purpose of the instructions was not stated therein;
  5. The date of the third and fourth instructions had a typographical error;
  6. The OTT instructions were sent to the defendant by email first and by fax later, contrary to Mr. Majnu’s previous practice;
  7. The instructions were faxed via eFax, which Mr. Majnu had not used before;
  8. The instructions were sent by email and fax to the defendant even though Mr. Majnu had previously discussed another platform, the S2B platform, which was a more effective way to transfer funds;
  9. The defendant’s officer was asked by email for the balance in the bank account on 18 and 19 June 2013; and
  10. The sending of the email which stated that Mr. Majnu had health problems.

The judge held that these purported “red flags” would not have put a reasonable banker on notice either individually or cumulatively. In consequence, the defendant had acted in good faith.

In addition, the judge held that the defendant was not negligent in not obtaining callback confirmation for all of the instructions, as to impose such a requirement for all similar transactions regardless of whether a bank was put on notice of a possible fraud would be unreasonable and impractical given the volume of instructions received by the bank.

The judge also held that there was nothing preventing the defendant from relying on the exclusion clauses in clause 10.1 of the LOI, as the defendant was not grossly negligent. Further, the exclusion clauses did not contravene the Unfair Contract Terms Act as the plaintiff was a commercial entity that entered into a contractual relationship with the defendant, and these were clauses that were commonly found in the standard terms of Singapore banks.

In relation to the defendant’s arguments, the judge also found that there was no evidence that Mr. Majnu had sent the OTT instructions himself, and that there was no contributory negligence on the part of the plaintiff, as there was nothing that would have put Mr. Majnu on alert that something suspicious was taking place.

Points to Note

This judgment gives an indication as to how the courts will approach a situation where a customer has been the victim of identity fraud and money withdrawn from his/her bank account.

Based on this judgment, unless there are suspicious circumstances that would put a reasonable banker on notice, it will be difficult for a customer to argue that the bank is liable for the losses of such fraud. A bank customer will need to show more than just mere irregularities or differences in the manner of instruction or the circumstances surrounding the fraud to succeed in such a claim.

Further, bank customers will need to be careful not to simply rely on bank callbacks for confirmation of transactions, as the court has held that this is not a necessity.

Lastly, whether the Unfair Contract Terms Act excludes liability on the part of the bank does not appear to be fully resolved in the favour of the banks, especially in relation to individual customers. This case dealt with a corporate bank customer, which is treated differently from an individual consumer under the Unfair Contract Terms Act. It therefore remains to be seen how the Singapore courts will deal with such an issue when it arises.