QCR Spring 2020: Cyber fraud and its potential implications K v A  EWHC 1118
A sold sunflower meal to K. The payment provision stated: “100% Net cash within 2 banking days to Sellers’ bank upon presentation of scan / fax copies of the following original documents to [Buyers]. Commercial Invoice…”
The contract also incorporated the terms of GAFTA Form 119 which provided by clause 18: “Notices. All notices required to be served on the parties pursuant to this contract shall be communicated rapidly in legible form… A notice to the Brokers or Agent shall be deemed a notice under this contract.”
After A loaded the cargo, A sent an email to the intermediary broker attaching an invoice directing payment to be made to Citibank NA, New York branch. However, due to the hacking of email accounts by a fraudster, the email that K received from the broker was one that attached a fraudulent invoice directing payment to a different account at Citibank NA’s London branch.
K made payment to the fraudulent account. Although the fraud was subsequently discovered and funds were transferred to A’s account, there was a shortfall due to exchange rate fluctuations. A brought arbitration proceedings against K to recover the shortfall. The GAFTA Board of Appeal found in favour of A. K sought to challenge the award.
Save for allowing a remission to the Board to reconsider its reliance on clause 18 of GAFTA 119 with the benefit of submission from the parties, the English Court dismissed K’s applications.
The Court disagreed with K’s submissions that their obligation was only to pay the price to the seller’s bank and this obligation was fulfilled by payment to Citibank NA irrespective of any account details, for the following reasons:
(1) The contractual payment obligation is to pay the price in “net cash” to A’s bank within 2 days of presentation of documents. An obligation to pay in cash, against the background of modern banking practice, permits any commercially recognised method of transferring funds, providing it is equivalent to cash, i.e. that it gives the payee the unconditional and unfettered right to the immediate use of the funds.
(2) The words “Sellers’ bank” in the payment provision cannot be taken to mean that payment to the bank is all that is required and that it is the bank who in this contract must have unconditional use of the funds, not A. It is commercially impossible to transfer funds to a bank without identifying the beneficiary and the designation account by branch and account name and number.
(3) K’s submission that it was the bank alone who needed to have unfettered access to the funds, irrespective of destination account details being correctly given, seemed to lead to the conclusion that if the payer gives account details of a wholly unrelated third party, the payment obligation is fulfilled merely because the accounts are held at the same bank - this is a commercially absurd result.
This case serves as a good reminder to Members that cyber fraud, which continues to be rife, can affect them. As such, Members may consider the following measures to minimise the risks arising from cyber fraud, including but not limited to:
1. Regularly check bank statements for any unusual or potentially fraudulent activity.
2. Specify the account details in the contract, where possible.
3. Verify changes in financial arrangements with organisations directly through transparent and secure communication channels.
4. Check the veracity of an unusual request for payment of funds, by speaking in person with the original sender.
5. In the event payment is made to a fraudulent account, to notify the bank immediately of the suspected fraud.
6. Consider whether it is feasible / desirable to contractually allocate the risks with regard to payment fraud.
The UK P&I Club has issued a number of bulletins on cyber fraud, which may be accessed here. For cyber threats in general, this publication may be accessed here.
You may also be interested in:
Cyber attack- take action!
Last week saw the UK Parliament hit by a ‘sustained’ cyber-attack, which centred on identifying weak passwords and exploiting them. This in addition to the recent ransomware attack on several NHS trusts, causing problems in many hospitals in England, highlights how easily seemingly secure systems can be hacked.
The International Maritime Organization (IMO) adopted Resolution MSC.428(98) Maritime Cyber Risk Management in Safety Management Systems on 16 June, 2017.
QCR Winter 2018: Sale of goods - Letter of indemnity signed by seller and by seller’s bank – Measure of damages for breach of contract by reference to a sub-sale
Euro-Asian Oil SA entered into four transactions with Abilo where Abilo purchased ultra-low sulphur diesel, sold it on to Euro-Asian CIF Constanza, who further sold it on to Real Oil. This dispute related to the fourth transaction where Euro-Asian had agreed to buy, and Abilo agreed to sell 20,000 mt ultra-low sulphur diesel (ULSD).