Cape Caribbean (Antigua) Ltd has seen a claim against the Royal Bank of Canada over an alleged breach of duty which saw the company lose more than US$100,000 through a fraudulent wire transfer dismissed.
According to court documents published on December 24, the claimants alleged that a wire transaction worth US$119,257.44 (EC$322,299.19) was fraudulently debited from their US account with the bank in February 2019 and sent to a Chinese trading company, Qian Wan Li (HK) Ltd.
Cape Caribbean claimed that their US current account held at the bank could only be accessed by two authorised officers who were the only authorised signatories to the US$ bank account—its director James Flynn and Luis Rios.
They further alleged that unknown persons hacked an email address authorised for transactions, impersonating Michael Campbell, an authorised representative for the company, and forged Rios’ signature to authorise the wire transfer.
They argued that the authorising email addressed to RBC used distorted versions of Cape Caribbean employees’ email addresses, to give the impression that they were aware of the transaction while giving them no opportunity to stop the fraud from occurring.
The company alleged that it was the bank’s duty to confirm the wire transfer request, via a telephone call to any of the company’s principals or signatories to the account, and that RBC and its agents failed to do so.
Attorney Justin L. Simon, who represented Cape Caribbean, sought the full return of the money plus interest.
In a counterclaim against the company, however, RBC alleged Cape Caribbean did not provide clear evidence that their email address, by which the wire request was sent, was hacked.
RBC said in its defence that the wire transfer request had been ostensibly signed by Rios, a signatory to the account, and that they were obliged to follow through, although they admitted to the court that such an authorisation of a wire transfer via email was never done prior to the alleged fraud.
They said the bank was entitled to rely on the email instructions, which it deemed genuine at face
value.
The bank also claimed that they had no obligation to call the company to confirm the transaction and that the company “was bound to take all necessary action to ensure that…appropriate security was in place for its email addresses so as to prevent the unauthorized transmission of email instructions” in line with the service agreement between the two entities.
The judgement revealed that the RBC employee, listed as a Financial Solutions Specialist and the RBC Account Manager for the company, had noticed an error in the initial emails sent to her with a wrong date attached in that the invoice post-dated the email instructions.
She told the judge that she sought to contact Campbell, whose email was allegedly hacked unbeknownst to her at the time, to correct the errors which was done in a subsequent email.
Justice Jan Drysdale dismissed both sides’ claims, noting that the company had failed to bring in an expert witness to prove that the bank had been negligent in line with standard banking practices.
“Without a clear benchmark of industry norms, the court lacks the necessary foundation to make an informed determination about negligence.
“In the context of the contractual term and the claimant’s burden to prove breach, the failure to
establish industry norms is fatal to the claim in negligence,” the judgement read.
Additionally, the court found that requiring the bank to have a “call-back requirement on all
electronic transactions would be unreasonable and unduly burdensome on the bank, considering their
high daily transaction volume and the contractual duty to pay”.