Bank liability for theft of funds from a bank account.
Nowadays it is necessary to own a personal bank account in order to function properly on a daily basis. A bank account is a multifunctional tool to manage finances and its main task is to safely store cash in a non-cash form. Using a bank account, we can also confirm our identity in electronic administration systems or sign a document with a trusted signature. The increase in the popularity of personal accounts, as well as the constantly advancing digitization significantly facilitate our everyday life.
The development of e-banking not only brings a number of benefits but numerous risks as well. There is a growing number of cyber-attacks leading to, among other things, file destruction, blocking access to devices, data phishing, and theft of funds from accounts. According to the information provided by the Financial Ombudsman, in 2020 there were almost 1200 requests for intervention in a dispute concerning an unauthorized bank transaction, which is almost twice as many as in the previous year.
In case of anunauthorized bank transaction, it is important to remember that, as a customer of a financial institution, we have certain legal tools at our disposal to enable the recovery of lost funds. Based on the provisions of the Banking Law of 29 August 1997 (“Prawo bankowe” Dz.U. z 2020 r. poz. 1896) (hereinafter also referred to as the “Banking Law”) and the Payment Services Act of 19 August 2011 (“Ustawa o usługach płatniczych” Dz.U. z 2020 r. poz. 794) (hereinafter also referred to as the “Payment Services Act”), the bank is obliged to exercise due diligence to secure the funds held in it. It is obliged to take risk mitigation measures and introduce control mechanisms to manage operational and security breach risks in the provision of payment services.
In addition, banks are also required to take measures to prevent money laundering, the financing of terrorism, and the prevention of crimes using banking instruments. For this purpose, financial institutions have been entrusted with a wide range of powers and instruments, ranging from the ability to verify and identify their beneficiaries, through the implementation of control and security systems, up to the ability to exercise authority. If the safeguards provided by law are not sufficient and an unauthorized transaction occurs, the bank account user will have a claim against the bank for immediate reimbursement of the amount of funds transferred.
It should be noted that if the transaction was made via e-banking, the bank is obliged to restore the account to the state from before the transfer. The liability of the financial institution is waived only if the unauthorized transaction was caused by the customer intentionally or by a willful or grossly negligent breach of duty. The amount transferred from the account must be returned immediately, but no later than by the end of the working day following the day on which the unauthorized transaction was identified or the day on which the relevant notification was received.
In view of the above, we cannot forget that the bank account user is obliged to use the payment instrument in accordance with the framework contract and to immediately notify the financial institution of any loss, theft, misappropriation, or unauthorized use of or access to the payment instrument discovered by him. The user should also immediately notify the bank of any unauthorized, non-executed or improperly executed payment transactions discovered.
Attention should be drawn to the current judicial practice. The Regional Court in Warsaw in its judgment of 19 December 2016. (case number I C 229/15) indicates that: “The risk of making a withdrawal from a bank account into the hands of an unauthorized person and making a monetary settlement on the basis of an instruction issued by an unauthorized person is borne by the bank, also in a situation where the account agreement is covered by internet banking.” However, according to the thesis of the Judgment of the Court of Appeal in Warsaw of 19 July 2018 (ref. I ACa 348/17) it should be noted that: “A payment transaction is considered authorized only if the payer has consented to its execution, whereby a payment order cannot be revoked from the moment it is received by the bank. The burden of proving that a payment transaction was authorized by the user or that it was executed correctly lies with the provider, i.e., the bank. (…)” Additionally, following the Judgment of the Court of Appeal in Warsaw of 24 May 2018 (ref: VI ACa 217/17) I point out that: “If transactions have been carried out without the payer’s consent and in circumstances for which the payer is not responsible, and the payer has subsequently reported the occurrence of unauthorized transactions, it is the provider’s responsibility to refund the unauthorized amounts.”
Author: Oskar Kozikowski