Understand Your Rights. Solve Your Legal Problems
Lawyer Monthly hears from Elliott Fellowes and Kate Gee of Signature Litigation as they examine the state of the cryptocurrency ecosystem and what is being done to tackle fraudulent activity within it.
Regulators and central banks may not like it, but Bitcoin’s recent trillion-dollar market valuation and Tesla's $1.5 billion investment in Bitcoin have made big headlines in 2021. As the biggest single investor by far, Elon Musk has joined a global army of Bitcoin holders which is now estimated at 30 million worldwide.
These investors have been attracted by Bitcoin’s sharp price rise and the accompanying blitz of media coverage about it. However, while Bitcoin may have been the first cryptocurrency (and is now the most famous and valuable), the use of others such as Ethereum, XRP and Litecoin is rapidly growing too. All of these are built on blockchain, or distributed ledger technology (DLT).
However, despite increased appetite to invest in cryptocurrencies and increasing institutional acceptance, such as JP Morgan’s newly announced “Cryptocurrency Exposure Basket”, cryptocurrencies are still regarded as highly volatile and controversial. This is in large part due to their opaque ownership structure, which is inherent in investments underpinned by DLT.
Governments and regulators are keen to support the use and expansion of DLT as it has many potential applications, including the secure sharing of medical data, cross-border payments, supply chain and logistics monitoring, real estate processing and voting mechanisms.
Central banks are also looking at future opportunities for digital currencies which they issue and regulate (CBDCs). The Bank for International Settlements and seven central banks have published a report laying out the key requirements for CBDCs, indicating that they consider that CBDCs have real potential to operate as an alternative to fiat (paper) currencies, which at present give these banks control over how much money is printed and in circulation.
Governments and regulators are keen to support the use and expansion of DLT.
However, there remains a lack of regulation in this space on a global level. Current regulatory powers are insufficient to control how crypto asset companies conduct their business and how cryptocurrencies are used in society, providing opportunities for misuse by fraudsters and criminals.
The lack of transparency is also a major concern. Without being subject to either government or central bank control, the US Treasury Secretary Janet Yellen recently detailed the use of cryptocurrencies in both terrorist financing and money laundering. Meanwhile the president of the European Central Bank, Christine Lagarde, said that Bitcoin has been involved in “some interesting and totally reprehensible money laundering activity.” In the UK, there has been some reluctance to regulate crypto-assets in the same way as other jurisdictions (such a Gibraltar, which claimed to be the first jurisdiction to introduce a regulatory framework for DLT). However, the FCA's announcement that from 10 January 2021 all crypto-asset businesses carrying on activity in the UK must be registered indicates that change is coming.
Another principal concern is crypto fraud. Among the most high profile global crypto frauds to date are cryptocurrency Ponzi schemes, for example PlusToken (which defrauded investors out of approximately $2.9 billion via an exit scam) and WoToken (which operated a similar scheme, and netted over $1 billion for the fraudsters). Other forms of crypto fraud include hacking, unregulated or fake brokers and wholesale fraudulent crypto-currency exchange platforms. In 2020 in the UK alone, around £113 million was lost as a result of fraudulent cryptocurrency investments with a further £14.3 million lost in January 2021.
The English courts are seeing an increase in litigation involving cryptocurrencies, and this is a trend that we expect to continue. This requires the courts to deal with some novel legal issues. Usefully, the English courts have a range of interim and enforcement powers at their disposal, which they are deploying to assist claimants in recovering crypto-assets lost to fraud. For example, the High Court has followed the UK Jurisdiction Taskforce's statement that crypto-assets, including cryptocurrencies like Bitcoin, are property, and has granted proprietary injunctions to prevent further dealing whilst proceedings are ongoing (see AA v Persons Unknown [2019] EWHC 3556 (Comm)).
[ymal]
Further, the Commercial Court in London recently heard its first initial coin offering (ICO) fraud case: Ion Science Limited & Duncan Johns v Persons Unknown unreported), 21 December 2020 (Commercial Court) ICO's are essentially the crypto-equivalent of IPOs, and in this case the fraudster induced the applicants to transfer Bitcoin in the belief that they were investing in legitimate crypto-assets. Again, the court held that crypto-assets were property under common law and granted proprietary injunctions in favour of the applicants.
The judgment is significant as the applicants required permission to serve out of the jurisdiction against persons unknown. The court found that the lex situs (i.e. where the property was located) was the place where the person or company owning the crypto-asset is domiciled.
Importantly in Ion Science, the Court also granted permission to serve disclosure orders (Bankers Trust orders) on two cryptocurrency exchanges through which the applicant's stolen Bitcoin had been traced. The decision marked a sea change from earlier authorities, as the exchanges in question were located outside of the jurisdiction of England and Wales. This decision, together with the powers of the court of England and Wales to order proprietary injunctions with respect to crypto-assets, makes the jurisdiction an attractive forum for potential claimants.
Market expectation is that the use of cryptocurrencies and crypto-assets will continue to grow. It is not hard to see that the increased trading and holding of crypto-assets will likely lead to more crypto-related disputes. Looking forward to the next decade, we anticipate that crypto-asset claims will dominate fraud litigation in the English courts.
Encouragingly, the English court is taking a proactive role in the global fight against cyber and cryptocurrency fraud. Its willingness to adapt its traditional weapons for use in this developing area demonstrates that it is an effective forum in which to bring actions involving crypto-assets. As ICO and crypto-related disputes continue to increase, so too will the use of interim injunctions to further factual investigations and to protect assets underpinning the litigation. The AA v Persons Unknown and Ion Science judgments are likely to act as a blueprint for future claims and, in a similar vein, we should expect to see more innovative use of weapons in the Court's toolkit against fraud.
Elliott Fellowes is a commercial and financial services litigation associate at Signature Litigation, specialising in fin-tech and crypto related litigation.
Kate Gee is a commercial litigation senior associate at Signature Litigation, with a special focus on civil fraud, asset-tracing and cryptocurrency litigation.
Niall Hearty of financial crime specialists Rahman Ravelli considers the new report and its criticisms of the SFO's response to complaints.
The recently-published HMCPSI (HM Crown Prosecution Service Inspectorate) report on the Serious Fraud Office (SFO) found that the agency was not quick enough in responding to complaints about cases and was not keeping adequate records of disputes. The SFO was, according to the report, taking up to 10 days to acknowledge emails or letters regarding complaints, and often such acknowledgements did not contain enough information. It was critical of the time taken by the SFO to resolve complaints and the levels of communication it offered regarding them.
While the report did go on to say that the general standard of investigation was good, it will arguably have done little to change the minds of those who see the SFO as an organisation that seems to create problems for itself. Its publication was sandwiched between the conviction and sentence of Paul Bond, the last of four men to be jailed over the use of bribery to secure huge oil contracts in Iraq.
This fourth conviction was secured by the SFO in a re-trial and came after the agency’s lengthy and high-profile Unaoil investigation, which uncovered the payment of over $17 million in bribes to secure contracts worth $1.7 billion. But while the conviction and sentencing will have buoyed the mood of the SFO – after what had been a fraught investigation - any celebrations regarding this must have been at least slightly dampened by this report’s criticisms.
The report paints a picture of an agency that is seeking to deliver justice to the victims of serious and complex financial crime and is intent on identifying and punishing those responsible for such wrongdoing. Yet its complaints procedures seem to be falling short – and this is something that does need to be addressed.
[ymal]
Such a shortcoming goes beyond the issue of what marks out of 10 the SFO would receive in a customer satisfaction survey. A failure to handle complaints adequately damages not just the reputation of the SFO but the wider criminal justice system. At a time when it is having to deal with a backlog of Crown Court trials and criticisms over the implementation of the Nightingale courts, any inability to respond to problems as they are highlighted can only make a tricky situation worse.
Two years ago, the HMCPSI reported that the SFO’s sharp focus on case work delivery had led to a culture where a neglectful approach to management was tolerated. A previous HMCPSI report had raised the issue of SFO cases being slow to progress. The SFO responded to the 2019 report by announcing a raft of measures to tackle the problems that had been highlighted. The years since the slow pace of investigations was reported on have seen the SFO closing a number of long-running investigations, as its Director Lisa Osofsky has made clear her intention to speed up the agency’s activities.
It now remains to be seen if the SFO can and will pull out all the stops to address the problems this most recent report has detailed. There may be some who regard the issues raised by HMCPSI as relatively minor in the big scheme of things. But the SFO is an organisation that relies on information gathering. Communication plays a large role in achieving that. A failure to communicate in a timely, organised and appropriate way with those it needs to be in touch with can only hamper its efforts to achieve the goals it sets itself.
The Financial Conduct Authority (FCA) has launched criminal proceedings against NatWest bank over its alleged breaching of money laundering regulations.
In a statement on Tuesday, the FCA said the case was sparked by the detection of “increasingly large cash deposits” being made into a UK account, which it alleged that NatWest’s systems failed to adequately scrutinise. Around £368 million was paid into the account, including £264 million in cash.
This case marks the first prosecution to be brought under the UK’s Money Laundering Regulations 2007 and the first against a bank. Charges are being brought under regulation 45 of the regulations, which requires firms to maintain adequate anti-money laundering controls and to take “all reasonable steps to prevent their use for money laundering purposes”.
The allegations date back to between 2011 and 2016, with the FCA having begun its investigation in 2017. The bank has been aware of their probe since then.
“NatWest Group has been co-operating with the FCA's investigation to date,” a spokesperson for the bank said in a statement. “NatWest Group takes extremely seriously its responsibility to seek to prevent money laundering by third parties and accordingly has made significant, multi-year investments in its financial crime systems and controls."
NatWest is a subsidiary of the NatWest Group and is 62% taxpayer-owned following its government bailout in the 2008 financial crisis. Its shares were down 1% in early trading following the news of the FCA’s legal action.
[ymal]
The FCA also said that it was conducting separate investigations into other firms under the Money Laundering Regulations 2007. No organisations have yet been named as the subjects of these probes.
NatWest is scheduled to appear at Westminster Magistrates’ Court on 14 April. No individuals are being charged as part of the proceedings.
Rahn+Bodmer, the oldest private bank in Zurich, will pay $22 million to settle US criminal charges that it helped American taxpayers to defraud the International Revenue Service (IRS) by hiding hundreds of millions of dollars in offshore bank accounts.
The US Department of Justice (DOJ) said on Thursday that the bank had entered a three-year deferred prosecution agreement after being accused of conspiring to help clients file false tax returns and evade US taxes, and had admitted wrongdoing that included helping clients to defraud the IRS.
The bank will cooperate with the DOJ’s crackdown on offshore tax evasion, acting Deputy Assistant Attorney General Stuart M Goldberg said.
“With the April 15 tax filing date fast approaching, there is a clear message for those intending not to pay their fair share – nothing remains hidden forever,” Goldberg continued.
Rahn-Bodmer admitted to having held undeclared accounts on behalf of roughly 340 US taxpayers who, between 2004 and 2012, evaded about $16.4 million in US taxes. It also allegedly opened accounts under pseudonyms or the names of “sham” foundations in Panama and Lichtenstein, and for clients who were exiting other Swiss banks such as UBS Group AG.
The bank agreed to pay a $7.4 million fine, make $4.9 million of restitution, and forfeit $9.7 million of fees.
[ymal]
“Today’s admission and agreement provide a clear path to recovery of funds owed to the U.S. government, and sends a strong signal that offshore accounts are not beyond the reach of special agents with IRS CI,” said IRS-CI Chief James C Lee.
Rahn+Bodmer was founded in Zurich in 1750 and last year had 13.6 billion Swiss francs – the equivalent of $14.71 billion USD – of client assets under management.
Syed Rahman, partner at financial crime specialists Rahman Ravelli, outlines why he expects more investigations into wrongdoing relating to COVID-19 loans – and the responsibilities facing businesses.
COVID-19 has now been the main news item for a solid year. So it was perhaps inevitable that the arrest of three financiers as part of an investigation into fraudulent coronavirus loans totalling £6 million would generate its own headlines.
Officers from the National Crime Agency’s (NCA’s) Complex Financial Crime Team apprehended the three men, then released them after searches and interviews and enquiries are continuing. While nothing has yet been proved, the NCA is believed to be looking into allegations relating to the use of false data and documents and trying to determine who – and how many – were actually involved in what went on.
At the time of writing, nobody has been charged with any offence in relation to the allegations. Decisions on whether to charge anybody will depend on how the NCA investigation progresses. But while we wait to see how this most newsworthy of NCA cases is concluded, it would be a huge surprise if we do not see many other similar ones commenced.
Even a senior NCA officer who was involved in the arrest of the three men has warned that the emergency COVID-19 schemes are being subjected to an “eye-watering” level of fraud. Coming from someone who is familiar with financial crime on a large scale, that is quite a comment. But even the briefest of glances at the statistics tends to back up the possibility that the assessment may be worryingly accurate.
Lending under the Bounce Back Loan (BBL) Scheme for small businesses rose to £44.74 billion as of January 24, from £43.54 billion in mid-December. Those who have had the time and opportunity to assess the movements of money involved have predicted that up to £26 billion could be lost, due to either defaults on the loans or through fraud.
[ymal]
Introduced in May 2020, the government’s loan scheme was devised to give small and medium-sized firms swift access to low-interest finance:
The conditions of a BBL scheme application are:
Given the immense sums of money involved, there will be many who saw the potential to make fraudulent gains, just as there is now an appetite among the authorities to investigate potential abuses of the scheme. It is a set of circumstances that makes it extremely likely that we will be reading about more arrests. The situation that has prompted the large-scale government lending is certainly unique. But the offences that those suspected of coronavirus loan fraud could be charged with were on the statute books long before any of us had ever heard of COVID-19. The Fraud Act 2006 contains a number of offences that may be relevant in relation to fraudulent applications for BBL. Section 2, which creates an offence of making false representations, and section 3, which creates an offence of fraud by abuse of position, are the most likely contenders.
Yet even if fraud was not the intention of businesses that have made a genuine mistake in making an incorrect claim, they may still face investigation. The UK government introduced the Finance Act 2020 in a bid to define the schemes and the support available to businesses during the pandemic. Schedule 16 of this act imposes a burden on businesses to notify HM Revenue and Customs (HMRC) of any awards that have been wrongly claimed. It is important to note that these wrongly-awarded sums do not have to be fraudulent. Any business, therefore, that may have made a claim for a BBL in error could still face the full force of the law if HMRC is not notified of the wrongly-made claim.
The offences that those suspected of coronavirus loan fraud could be charged with were on the statute books long before any of us had ever heard of COVID-19.
It is vitally important that all businesses understand that if they have made applications under any of the schemes then there is the strong possibility that they could come under an unprecedented amount of scrutiny. Businesses have to review all their applications and ensure that any mistakes are rectified. If concerns are raised as a result of such reviews – or an investigation is commenced - those involved have to seek immediate legal advice from those with the relevant expertise.
Aman Johal, Lawyer and Director of Your Lawyers, looks back at the most significant data breaches of 2020 and their fallout.
The past year has profoundly accelerated the growth in digital dependence. Recurring lockdowns have pushed employees to work from home, students to learn online, and consumers to turn to eCommerce.
Global internet bandwidth surged 35%, the largest one-year increase since 2013, and with this online migration came a correlating increase in cyber threats. Cyberattacks have increased by 400% since the beginning of the pandemic, and the National Cyber Security Centre (NCSC) revealed that 25% of all cyberattacks in 2020 were linked to the pandemic.
The threat has reached a critical level, with the NCSC launching its Cyber Aware campaign to inform businesses and consumers about cybersecurity risks and how to prepare for cyberattacks should they occur.
One cyberattack can create a domino effect of risks for victims. Stolen personal information can be used by hackers in a number of ways, including to access bank accounts, open new accounts and take out loans in the victims’ names. They could also make fraudulent purchases, transfer money from compromised accounts, or use the data to contact victims and dupe them into handing over access to accounts or money directly.
In mid-January, it was revealed that Marriott International had experienced its second substantial data breach, just two years after the huge previous one was revealed. The incident is understood to have affected 5.2 million guests when hackers procured the login credentials of two staff members and used the credentials to access guest details, including names, dates of birth, phone numbers, and loyalty account numbers.
One cyberattack can create a domino effect of risks for victims.
easyJet suffered a monumental data breach that was revealed in the springtime. In what was described as a “highly sophisticated cyber-attack”, the personal details of some 9 million customers were exposed, with the card details of 2,208 individuals reportedly compromised. Affected individuals were notified in May.
Following its surge in popularity as the world entered into lockdowns, users of the video platform Zoom also experienced cyberattacks. It is understood that some 500,000 compromised passwords were put up for sale on the dark web at a time when the app had reached 300 million active monthly users. Hackers were able to carry out the cyberattacks by collecting databases of usernames and passwords from crime forums, which themselves had been obtained in data breaches reportedly dating back to 2013. It was not a case of information being stolen from Zoom databases directly, but a case of data harvested from other breaches being used to target Zoom users.
The targeting of Zoom users is a stark reminder of the long-term repercussions of cyber theft, and why it is important to avoid using the same login credentials across multiple platforms, to employ strong passwords, and to respond to data breaches proactively.
More recently, Google suffered a significant cyberattack in December. It is an impressive feat to be able to hack Google, and the quantity of data which may have been compromised remains unknown at this time. Specialists believe that it is highly likely that a State actor is behind the attack. With increasingly sophisticated attacks and increasingly high stakes, it is clear that 2021 needs to be a turning point with regard to cybersecurity.
The frequency of data breaches, exemplified above, suggests the advent of corporate “breach fatigue”, where leadership understands the cybersecurity risks at hand, but passively accept that an incident is inevitable. Marriott, as a two-time offender of serious data breaches, perhaps highlights this apparent nonchalance.
[ymal]
However, an activist watchdog may encourage companies to step up to their duties of data protection. The ICO has faced criticism over its dispensing of fines, as exemplified by Marriott’s 2018 incident, for which it was fined just £18.4 million instead of the original intention of a £99 million fine. The British Airways fine is another case in point: they were issued with a £20 million fine in October instead of the original intention to fine in the sum of £183 million. Both represent significant reductions, and the concern is that these huge climb-downs could prevent fines from having the dissuasive effect that they are designed to produce.
Beyond the fines, organisations that breach the GDPR may also face significant compensation pay-outs. BA alone could be facing pay-outs that total up to £3 billion on the basis of a £6,000 average claim for each of the circa 500,000 victims.
Data breach compensation amounts should reflect the significant impact on victims, and can account for financial, emotional and psychological damage. Action Fraud, the UK’s National Fraud and Cybercrime Reporting Centre, reported that cyber scams in 2020 resulted in losses of £16.6 million during the first lockdown alone. It is important for all interest groups that the serious cybersecurity lapses of 2020 are not replicated in the future.
Public confidence in cyber resilience needs to be improved after 2020 being yet another year of significant data breaches. It is critical that businesses and consumers focus on high standards of cybersecurity over the course of the year to come.
Karen D. Fultz-Robinson, Esq. and Johanna Sheehe, Esq. of Sheehe & Associates, P.A., give Lawyer Monthly an analysis of the state of AOB legislation in Florida.
Assignment of benefits agreements has been the bane of the property insurance industry’s existence because of perceived fraud, overcharges, and resulting litigation leading to increases in insureds’ premiums and disgruntled homeowners. Recognising these abuses, state legislatures and governors across the country are taking action to protect insureds from unscrupulous practices and slow the flood of lawsuits related to these assignments. The National Association of Mutual Insurance Companies sets forth its support of legislation which prevents abusive assignment of benefits practices here.
In the State of Florida, the crux of the discontent surrounding litigation involving assignment of benefits (“AOB”) claims is Florida Statutes, Section 627.428(1), a one-way attorney fee statute which awards attorneys’ fees to an insured, or their assignee, when they prevail against an insurance company. In 2019, the Florida Legislature passed Florida Statutes, Section 627.7152, which attempts to protect insureds and curb perceived abusive tactics and exploitation of the attorney fee statute by limiting an assignee’s ability to recover attorneys’ fees. In the wake of its enactment, litigation has swirled around the question of when the new statute applies.
In the homeowners insurance industry, assignment of benefits agreements arise when subsequent to a loss, an insured signs an agreement with a contractor wherein the contractor agrees to perform certain work and the insured agrees, among other things, to assign the right to receive his or her insurance proceeds (the benefits) to the contractor. In other words, the insurance company will be directed to pay any insurance proceeds directly to the contractor, instead of the insured, for work performed or to be performed at the insured’s premises.
In the wake of its enactment, litigation has swirled around the question of when the new statute applies.
Disputes arises when the contractor demands payment from the carrier, but the amount billed is considered excessive because, for example, the work was not performed by the contractor, the work is deficient (according to the insured), or the insured elects to not retain the contractor to perform the work originally estimated. Some insurance companies take steps to combat and prevent perceived injustice to its insureds, such as adding the insureds’ names to the payment check to ensure the insured is aware of when payments were issued to the contractor, denying payment if the contractor failed to produce proof of workmanship, or conducting line item deletions if billing statements included inappropriate charges such as mortgage processing fees or supervisory costs that were not justified or are contrary to the coverages made available by the applicable policy. In response to the insurance companies’ activism, contractors have initiated litigation throughout the state of Florida against insurance carriers to collect purportedly outstanding expenses and invoices.
The cost of protracted and voluminous litigation financially impacted the insurance industry which trickled down to its customers by way of an increase in premiums (this report details the exponential growth of AOB litigation leading to legislative reform). In an effort to obtain relief, the insurance companies turned to the legislature for help. After years of lobbying on both sides of the political aisles, in July 2019, Florida enacted Florida Statutes, Section 627.7152 which was the first time in years when the AOB saga was reeled in and an attempt was made to take control of the runaway train in the real property insurance arena.
In terms of application, subsection 13 of the statute states that it applies to “an assignment agreement executed on or after July 1, 2019.” However, the Governor expedited the enactment of a portion of the statute, subsection 10, making that subsection effective on May 24, 2019 through House Bill 337. This subsection is specifically related to the entitlement to and recovery of attorney fees and provided the sole method for an assignee’s recovery of attorney fees, in place of Florida Statutes, Section 627.428. Section 627.7152(10) states, “[n]otwithstanding any other provision of law, in a suit related to an assignment agreement for post-loss claims arising under a residential or commercial property insurance policy, attorney fees and costs may be recovered by an assignee only under s. 57.105 and this subsection.”
[ymal]
In the spring of 2019, AOB lawsuits skyrocketed in anticipation of the enforcement date of the new statute. One of many questions that remain hotly contested is whether assignees are entitled to an award of their attorney fees in accordance with Florida Statutes, Section 627.428 for suits filed after May 24, 2019. There is a fundamental disagreement as to when the new statute applies. Some insurance carriers maintain that any suit filed after May 24, 2019 is subject to the new statutory fee provisions set forth in subsection 10, which became effective on that date through HB 337. Assignees disagree and argue that pursuant to subsection 13, the statute cannot apply retroactively to assignments executed before July 1, 2019. The tension between subsection 10 and subsection 13 of the statute is currently playing out in courtrooms across the state.
Adding to the inquiry regarding retroactivity, several courts have echoed constitutional due process concerns raised in Menendez v. Progressive Express Ins. Co., 35 So. 3d 873, 878-79 (Fla. 2010) and determined that the operative date is not the date the suit was filed or the assignment was executed, but the date that the insurance policy was issued. These courts have concluded that the award of attorneys’ fees will be considered pursuant to the new statute (627.7152) only in cases involving insurance policies that were issued and/or in effect on or after July 1, 2019. See, e.g., Procraft Exteriors, Inc v. Metro. Cas. Ins. Co., No. 219CV883FTM38MRM, 2020 WL 5943845, at *3 (M.D. Fla. May 13, 2020), JPJ Companies, LLC v. Hartford Ins. Co. of the Midwest, 9:19-CV-81696, 2020 WL 264673, at *1 (S.D. Fla. Jan. 17, 2020), reconsideration denied, 9:19-CV-81696, 2020 WL 1043798 (S.D. Fla. Mar. 4, 2020); Apex Roofing and Restoration v. United Prop. & Cas. Ins. Co., No. 19-CA-3760 (Fla. Lee County Cir. Ct. Oct. 15, 2019).
The legal landscape related to AOB litigation remains in a quandary despite the Florida Governor’s direct intent to accelerate the attorney fee section of the new statute. This issue will be closely followed as litigation regarding insurance policies and AOB agreements pre-dating May 24, 2019 and July 1, 2019 continue to work through the courts.
Abdulali Jiwaji, Partner at Signature Litigation, takes a look at recent lawsuits involving the Quincecare duty and the body of case law that is gradually building up.
In scenarios of financial distress, particularly with a fraud and insolvency overlay, actions to recover money are often targeted at third parties. The most attractive targets are those with deep pockets, such as banks.
Barclays Bank plc v Quincecare Ltd [1992] 4 All ER 363 set down that a bank must use reasonable care and skill in executing payment instructions on behalf of customers. So, a bank must refrain from executing a payment instruction if the bank has been put on inquiry, i.e. it has reasonable grounds for believing that the instruction is an attempt to misappropriate the customer's funds. This was not intended to be a high standard, and the court recognised that a banker is normally entitled to assume that a director of a corporate customer is not attempting to defraud the company.
The past 12 months have seen a flurry of cases involving claims of breach of the Quincecare duty. A number of interesting points have emerged from these recent cases.
The FRN was seeking to recover $875 million held in an account with JPM which JPM had transferred to third party entities. The FRN alleged that JPM had been put on inquiry as to whether those transfers were part of a corrupt scheme. Critically, JPM had filed six suspicious activity reports with the National Crime Agency in respect of the instructions, and had received consent from the NCA to make the payments.
The Court of Appeal decided that the case should go to trial. The Court said that it would be possible in theory for an entire agreement clause to exclude the Quincecare duty, but that would have to be very explicitly drafted. In this case, the entire agreement clause in the relevant depository agreement did not prevent the Quincecare duty from arising. Neither did related exclusion clauses assist JPM.
In scenarios of financial distress, particularly with a fraud and insolvency overlay, actions to recover money are often targeted at third parties.
The Court was not attracted to an argument that JPM should be allowed to rely on an indemnity requiring the customer to indemnify the bank against third party claims. It would be extraordinary if a contract could be interpreted to have the effect that a customer, being the victim of fraud, should compensate the bank that had facilitated the fraud's perpetration.
Daiwa made payments of around $200 million from a Singularis account to various entities on the instructions of AS, who was the sole shareholder of Singularis. When Singularis went into liquidation, the liquidators made claims against Daiwa to recover those payments. The High Court found that Daiwa had acted in breach of its Quincecare duty because of obvious signs that the payments were fraudulent and for the benefit of AS.
On appeal, one of the key arguments relied on by Daiwa was that Singularis was a one man company, such that the fraud of AS should be attributed to Singularis itself. The Supreme Court held that Singularis was not a one man company, as it had a number of directors. The Court emphasised that the purpose of the Quincecare duty is to protect the customer against this type of fraud, and that it would denude any practical value of the duty if it was disapplied in cases where it was most needed. It was also not open to Daiwa to plead illegality on the part of Singularis because that would undermine the policy of requiring banks to play a role in combating money laundering.
The liquidators of SIB were asserting claims against HSBC for its role in making substantial payments out of various SIB accounts (in excess of £100 million). HSBC was seeking to have the claims dismissed at an early stage.
[ymal]
The court held that there was a valid distinction to be made in cases where the claimant is insolvent. In the case of a solvent claimant, if a bank pays money out and that results in a genuine discharge of debts owed by the company, that makes no difference to the company's net asset position. However, in the case of an insolvent company, paying out significant monies depletes the funds which may have been available for liquidators to pursue claims. The court refused to strike out the claims.
Here, an allegation of breach of Quincecare duty was made against WF, a payment services provider. Following a fraud, the claimants transferred £140,000 into M's account with WF, which was misappropriated. The claimants were looking to bring a derivative action on behalf of M against WF, including on the basis that WF was in breach of its Quincecare duty. The court dismissed WF's application for summary judgment on a number of grounds. On the application of the Quincecare duty, the court was willing to accept that the Quincecare duty could be said to apply to a payment services provider. It also followed the approach taken in Singularis, that knowledge held by the fraudsters should not be attributed to M, and that the issue of attribution should be considered in the full context at trial.
In these cases, there will be real focus on the steps taken by banks in respect of money laundering flags and suspicious transaction reports, and how they have dealt with any tensions between that process and their Quincecare duties owed to customers. Banks also need to be alive to the risk that allowing payments may help to perpetuate a long running fraud, such as a Ponzi scheme. We now have a significant body of case law emerging.
The further decisions in the pipeline for next year will inform the extent to which claims against banks will be viable in cases of fraud and insolvency. In the current climate, this is going to be very important in framing the remedies available to stakeholders, such as shareholders and liquidators, when dealing with the aftermath of fraud.
Immigration law firm Fragomen, Del Rey, Bernsen & Loewy confirmed a data breach that allowed an unauthorised third party to access a file containing personal information related to a “limited number” of employees at Google, one of its clients.
The firm filed a notice disclosing the data breach to the California attorney general’s office on Friday, saying that it had been found last month while the company was investigating suspicious activity within its network.
"While our investigation is ongoing, we discovered that an unauthorized third party gained access to a single file containing personal information relating to I-9 employment verification services," Fragomen wrote in its notice to persons affected by the breach. These persons were “a discrete number of Googlers” and former Google employees.
“While we have no evidence of any further misuse, we have taken steps to remediate the incident and have verified it was an isolated incident that did not involve our general client data systems," the firm continued, adding that the incident was not indicative of its “robust” cybersecurity guidelines and practices.
All companies operating in the US are required to maintain a Form I-9 file on each of its employees to ensure that they are legally allowed to work in the country and are not subject to restrictive immigration rules. These files can contain sensitive information, including passports, driver’s licenses, ID cards and other identifiable data, potentially exposing their owners to identity fraud.
Fragomen declined to clarify how many Google employees were affected by the breach and what kind of information was accessed. When more than 500 California-based employees are affected by a data breach, their employer is required to submit a notice of the incident with the attorney general’s office.
[ymal]
Cyberattacks have grown in scope and frequency since the beginning of the year, with law firms and the sensitive information they hold making tempting targets for fraudsters. Earlier this month, Chicago-based Am Law 100 firm Seyfarth Shaw experienced a ransomware attack that shut down several of its systems, and in May the London-based firm Grubman Shire Meiselas & Sacks was the victim of an attack that saw a trove of information on its celebrity clients seized.
Pudue Pharma has agreed to plead guilty to criminal charges as part of an $8.3 billion settlement to resolve a probe into its role in furthering opioid addiction crisis in America, the US Department of Justice announced on Wednesday.
The company will plead guilty to three counts outlined in a criminal complaint filed in federal court on Wednesday in New Jersey. The charges include conspiracy to defraud the United States and violation of federal anti-kickback laws in distributing its addictive painkiller OxyContin.
Under the terms of the settlement, Purdue will admit to making payments to healthcare companies and doctors, encouraging them to prescribe patients with the company’s opioids and for influencing the prescription of pain medication using electronic health records software. Purdue will also admit to impeding the DEA by falsifying an effective drug diversion programme by reporting misleading information to the agency in an effort to boost its manufacturing quotas.
Purdue will pay $2 billion criminal forfeiture, which will include a $225 million direct payment to the government. In addition to this, Purdue will pay $2.8 billion in damages to resolve its civil liability. It also faces a $3.54 billion criminal fine, though this money will likely not be collected in full, as it will be taken through a bankruptcy that includes numerous other creditors. Purdue’s owners, the Sackler family, have also agreed to pay $225 million and forfeit their ownership of the company.
While the plea deal addresses some of the most serious charges levelled against the firm, Purdue Pharma still faces around 3,000 cases brought against it by states and families. The deal also does not release the Sackler family from liability.
As Purdue does not have $8 billion in liquid assets available to pay the fines, it has agreed to transform into a public benefit company run by a trust. The Sackler family will not be involved, and the new company will continue to produce OxyContin alongside other drugs intended to treat addiction.
[ymal]
"Purdue deeply regrets and accepts responsibility for the misconduct detailed by the Department of Justice," said Purdue Chairman Steve Miller, who joined the company’s board in July 2018 shortly before the company filed for bankruptcy.
Before the announcement of the plea deal, it faced resistance from lawmakers and state attorneys general, who voice concerns that it let the company and the Sackler family off too lightly. 38 Democratic members of Congress wrote in a statement that the only real consequence of the plea deal “is that a handful of billionaires are made slightly less rich”.
“DoJ failed,” Massachusetts attorney general Maura Healey wrote in a tweet. “Justice in this case requires exposing the truth and holding the perpetrators accountable, not rushing a settlement to beat an election. I am not done with Purdue and the Sacklers, and I will never sell out the families who have been calling for justice for so long.”
The opioid addiction and overdose crisis has been linked to more than 470,000 deaths in the US since 2000. Purdue Pharma’s settlement marks the most high-profile step yet taken by the federal government in seeking to hold drugmakers accountable.
