QCR Spring 2020: Cyber fraud and its potential implications K v A  EWHC 1118
A sold sunflower meal to K. The payment provision stated: "100% Net cash within 2 banking days to Sellers' bank upon presentation of scan / fax copies of the following original documents to [Buyers]. Commercial Invoice."
The contract also incorporated the terms of GAFTA Form 119 which provided by clause 18: "Notices. All notices required to be served on the parties pursuant to this contract shall be communicated rapidly in legible form. A notice to the Brokers or Agent shall be deemed a notice under this contract."
After A loaded the cargo, A sent an email to the intermediary broker attaching an invoice directing payment to be made to Citibank NA, New York branch. However, due to the hacking of email accounts by a fraudster, the email that K received from the broker was one that attached a fraudulent invoice directing payment to a different account at Citibank NA's London branch.
K made payment to the fraudulent account. Although the fraud was subsequently discovered and funds were transferred to A's account, there was a shortfall due to exchange rate fluctuations. A brought arbitration proceedings against K to recover the shortfall. The GAFTA Board of Appeal found in favour of A. K sought to challenge the award.
Save for allowing a remission to the Board to reconsider its reliance on clause 18 of GAFTA 119 with the benefit of submission from the parties, the English Court dismissed K's applications.
The Court disagreed with K's submissions that their obligation was only to pay the price to the seller's bank and this obligation was fulfilled by payment to Citibank NA irrespective of any account details, for the following reasons:
(1) The contractual payment obligation is to pay the price in "net cash" to A's bank within 2 days of presentation of documents. An obligation to pay in cash, against the background of modern banking practice, permits any commercially recognised method of transferring funds, providing it is equivalent to cash, i.e. that it gives the payee the unconditional and unfettered right to the immediate use of the funds.
(2) The words "Sellers' bank" in the payment provision cannot be taken to mean that payment to the bank is all that is required and that it is the bank who in this contract must have unconditional use of the funds, not A. It is commercially impossible to transfer funds to a bank without identifying the beneficiary and the designation account by branch and account name and number.
(3) K's submission that it was the bank alone who needed to have unfettered access to the funds, irrespective of destination account details being correctly given, seemed to lead to the conclusion that if the payer gives account details of a wholly unrelated third party, the payment obligation is fulfilled merely because the accounts are held at the same bank - this is a commercially absurd result.
This case serves as a good reminder to Members that cyber fraud, which continues to be rife, can affect them. As such, Members may consider the following measures to minimise the risks arising from cyber fraud, including but not limited to:
1. Regularly check bank statements for any unusual or potentially fraudulent activity.
2. Specify the account details in the contract, where possible.
3. Verify changes in financial arrangements with organisations directly through transparent and secure communication channels.
4. Check the veracity of an unusual request for payment of funds, by speaking in person with the original sender.
5. In the event payment is made to a fraudulent account, to notify the bank immediately of the suspected fraud.
6. Consider whether it is feasible / desirable to contractually allocate the risks with regard to payment fraud.
The UK P&I Club has issued a number of bulletins on cyber fraud, which may be accessed here. For cyber threats in general, this publication may be accessed here.
You may also be interested in:
It was back in 1958 that the Greek Code of Maritime Law 3816/1958 became national law
On 24 February 2023, the one year anniversary of Russia's invasion of Ukraine, the US Department of State and the US Department of Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions on numerous additional individuals, entities and vessels that the US has determined are engaged in sanctions evasions.
On 25 February 2023, the EU adopted its 10th package of sanctions against Russia
On 8 April 2022 the EU adopted a fifth package of sanctions on Russia, comprising of several Regulations and Decisions