THE BOTTOM LINE
- Internal Controls First: The primary responsibility for preventing employee fraud lies squarely with the company, not the bank where the fraudulent employee holds personal accounts.
- High Bar for Bank Liability: A bank is only liable to a non-customer for failing to stop fraud if it had actual knowledge of the wrongdoing or was subjectively aware of “serious indications“—a significantly higher standard than mere negligence.
- Transaction Monitoring Has Limits: Regular anti-money laundering (AML) monitoring of a customer’s account is not expected to automatically detect a third party’s internal fraud scheme, especially when transactions are not individually extraordinary.
THE DETAILS
In a significant ruling for the financial sector, the District Court of Amsterdam has clarified the limits of a bank’s duty of care towards third parties who fall victim to fraud. The case involved Distripoint, a company that lost over €1 million over 11 years due to embezzlement by one of its administrative employees. The employee had systematically falsified invoices and transferred the funds to her personal accounts at ABN AMRO. Distripoint, which did not bank with ABN AMRO, sued the bank, arguing that it had breached its duty of care by failing to detect and act upon the suspicious pattern of transactions flowing into its client’s accounts.
The court rejected Distripoint’s claims, establishing a crucial distinction between a bank’s duties to its own clients and its obligations to third parties. While banks have a societal duty of care that extends to non-customers, liability only arises in specific circumstances. The court reiterated established case law that a bank can only be held liable if it had concrete knowledge of the fraud or possessed “subjective knowledge of serious indications” that should have compelled it to investigate. The burden is not on what a bank could have or should have known through meticulous analysis, but what it was actually aware of.
Ultimately, the case turned on whether the transaction patterns were suspicious enough to meet this high threshold. Distripoint argued that the employee’s relatively low salary, combined with numerous incoming payments of €1,000-€2,000 from her employer marked with invoice numbers, should have been a clear red flag. The court disagreed. It found that, spread over more than a decade, these transactions were not inherently alarming. It deemed such amounts and payment descriptions to be common and stated that expecting a bank to scrutinize every such transaction in detail would be impractical and would undermine the efficiency of the payment system. The court concluded that the company itself, not the employee’s bank, was in the best position to prevent the decade-long fraud.
SOURCE
Source: Rechtbank Amsterdam
