A recent case in the Eastern District of Pennsylvania (O’Neill, Bragg & Staffin PC v Bank of America Corp) showed that customers and bankers need to have sound procedures in place, or suffer the consequences.
The internet is full of landmines and scams. In this situation, a hacker obtained the email of the O’Neill Bragg’s president, and sent an email to the vice president in charge of banking, to wire $580,000 to Bank of China. The VP didn’t question the email, and completed the required wire transfer procedures for Bank of America, O’Neill Bragg’s bank. The Bank wired the funds thereafter.
About an hour after the wire was sent and confirmed, it was discovered by O’Neill Bragg that the president’s email was fraudulent. The firm requested a stop order of the payment, but it was too late.
Subsequently, the firm sued Bank of America. US District Judge Harvey Bartle dismissed the lawsuit with the finding that the Bank did not breach its agreement or violate any laws. While the loss was unfortunate, the real culprit was not the bank. He found that the O’Neill Bragg must bear the loss.
So what can we learn from this? Firstly, bank customers need to stay on top of their accounts. Accounts need to be reconciled and reviewed. Procedures need to be in place to require multiple people for banking procedures. A bank account procedure may be initiated by one person, but another person needs to review the procedure and sign off on it. Paper approval procedures may be more appropriate than emails.
From the banker’s point of view, it is important to have sound documents, and likewise to follow procedures. A telephone call to the customer to confirm wires over a certain amount would be a sound procedure and might have prompted the vice president to rethink the fake email he received from the president.
For small firms, multiple approvals, paper signatures and telephone confirmations might save you from a nightmare.