Knowledge Hub
Join the Conversation!
Impartial and independent, ThoughtLeaders4 HNW Divorce Knowledge Hub hosts cutting edge industry content and insight.
Email maddi@thoughtleaders4.com to submit content.
Extending APP Fraud Principles to the Crypto Industry: A Critical Analysis
Date: 31/07/2024 Type: Articles Topic: Disputes | Shareholder Diputes | Digital Dispute Resolution | Libor | In-House | Crypto | International Arbitration | Litigation Funding | Future of Dispute Resolution | Witness Familiarisation | ESG |Introduction
The legal landscape around Authorised Push Payment (“APP”) fraud has seen significant developments, particularly through landmark cases such as IFT SAL Offshore v Barclays Bank plc [2020] EWHC 3125 (Comm), Tecnimont Arabia Limited v National Westminster Bank plc [2022] EWHC 1172 (Comm), Terna Energy Trading DOO v Revolut Ltd [2024] EWHC 1419 (Comm), Larsson v Revolut Ltd [2024] EWHC 1287 (Ch), and CCP Graduate School Ltd v National Westminster Bank Plc [2024] EWHC 581 (KB). These cases illustrate the courts' evolving approach to the responsibilities of recipient banks to recover funds received in the course of fraud. This article critically examines how these principles, particularly the proposed retrieval duty, can be applied to crypto exchanges. Consideration will be given to the position of Tether, given its unique technical capabilities to freeze and re-mint its stablecoin, USDT.
Legal Context and APP Fraud Litigation
In Tecnimont, the High Court ruled that NatWest had not been unjustly enriched, nor had it knowingly received property subject to a trust, thus limiting victims' ability to claim against recipient banks in tort or equity. However, recent cases such as Larsson and CCP Graduate School have challenged the value of Tecnimont as a precedent and have (respectively) suggested that banks may owe actionable duties either not to facilitate fraud or to take reasonable steps to retrieve fraudulently transferred funds.
Terna Energy Trading DOO v Revolut Ltd [2024] EWHC 1419 (Comm)
In this landmark case, Terna Energy Trading DOO ("Terna") fell victim to an APP fraud, resulting in a €700,000 transfer to a Revolut account controlled by fraudsters. Revolut argued that it had not been enriched by the transaction and attempted to strike out the claim made by the victim that the bank owed a duty to recover the funds. However, HHJ Matthews dismissed Revolut’s application, emphasizing that despite the complexities of modern banking mechanisms, the recipient bank could still be considered enriched. This decision was based on several key considerations:
- Historical Precedents: HHJ Matthews referenced older authorities, including decisions by the Court of Appeal and the House of Lords, in which banks had been held liable for mistaken payments credited to third-party accounts. These precedents established that banks could be enriched by credits received, regardless of subsequent debits or transfers.
- Obiter Dicta in Prior Cases: The court noted that in Jeremy D Stone Consultants Ltd v National Westminster Bank plc [2013] EWHC 208 (Ch), Sales J’s observations were not binding and lacked consideration of historical authorities. Thus, HHJ Matthews gave greater weight to earlier, binding precedents.
- Modern Banking Complexity: The judge acknowledged that while banking transactions often involve reciprocal credits and debits, the enrichment question should not be obscured by these complexities. Instead, the court should focus on whether the bank had control or benefit from the funds, even if momentarily.
Larsson v Revolut Ltd [2024] EWHC 1287 (Ch)
In Larsson, the court further explored the enrichment concept in the context of modern banking. Mr. Larsson, a customer of Revolut, was induced to transfer £411,136.88 into fraudster-controlled accounts. Revolut’s defence mirrored arguments in Terna, but the court highlighted that the enrichment occurred upon crediting the fraudulent accounts. Zacaroli J emphasized that unjust enrichment principles apply regardless of the transient nature of the funds in the banking system.
CCP Graduate School Ltd v National Westminster Bank Plc [2024] EWHC 581 (KB)
This case is the first reported example of the retrieval duty being advanced since Philipp v Barclays Bank UK Plc [2023] UKSC 25. CCP Graduate School fell victim to an APP fraud and sought recovery from NatWest (the remitting bank) and Santander (the recipient bank). Master Brown’s decision to allow the claim against Santander to proceed was pivotal, recognizing that banks may owe a duty to take reasonable steps to recover fraudulently transferred funds. The court reasoned that:
- Customer Trust and Reliance: Banks are entrusted with customers' funds, creating an implicit duty to act when fraudulent activity is reported. Failure to take action could be seen as negligence, especially when banks possess mechanisms to intercept or reverse fraudulent transactions.
- Technological Capabilities: Banks’ advanced fraud detection systems and ability to freeze accounts align with the expectations that they will actively prevent and rectify fraudulent transfers.
- Regulatory Environment: The evolving regulatory framework emphasizes customer protection, urging banks to adopt proactive measures against fraud.
Applying Banking Principles to the Crypto Industry
In principle, there is no reason why the duties that apply to banks apply uniquely to those institutions. In Hamblin v World First [2020] EWHC 2383 (Comm), the Court accepted that an e-money institution providing international payment services could in principle owe the same Quincecare duty to customers as it would if it were a bank. A crypto exchange providing a similar service to a payment service might find itself owing the same duties as a payment service. The Court has already shown itself willing to require an exchange to transfer its customer’s tokens to the victim of a fraud: Tai Mo Shan Ltd v Persons Unknown [2024] EWHC 1514 (Comm).
In addition to the exchanges, the issuers of certain crypto tokens might also find themselves subject to arguably novel duties. Tether is a notable example because it has the ability to freeze and re-mint its stablecoin. Tether has demonstrated its capability to intervene in the blockchain, freeze assets, and reissue tokens to new addresses, as seen in well publicised instances such as where Tether froze $300,000 in USDT after a security breach and blacklisted 39 Ethereum addresses holding over $46 million to prevent misuse of its platform. These actions reflect Tether's centralized control and suggest that Tether could bear similar responsibilities in safeguarding users' assets.
Technical Mechanisms: Freezing and Re-minting
The technical process of freezing (also referred to as ‘burning’) and re-minting USDT involves Tether's centralized authority controlling the movement of its tokens on the blockchain. When Tether freezes an address, the tokens within that address become non-transferable, effectively removing them from circulation and rendering them of nil value. This action is typically taken in response to regulatory directives or security breaches. Subsequently, Tether can re-mint an equivalent amount of USDT and transfer it to a new, secure address, thus restoring the value to the rightful owner while nullifying the fraudulent transaction.
If banks can be required to take reasonable steps to recover funds transferred by fraud, despite their more limited technical capacity, it might well be argued that Tether should be subject to similar duties given that Tether's intervention mechanisms ensure that stolen or fraudulently obtained tokens can be immobilized and replaced, thereby protecting users' assets.
Legal Implications and Responsibilities
There is a good argument that Tether should owe some form of duty to victims of APP (and other) frauds by analogy with the position of banks. This squarely engages with the question of whether a person with a special ability to protect a third party should be under an obligation to do so. The argument against extending liability would be that the law is slow to require a mere bystander to take action, and that Tether (unlike banks or even crypto exchanges) does not provide a payment service which is the service which the fraudsters seek to make use of.
However, the development of the law can be seen in the emergence of a retrieval duty in banking law and the increased attention on the circumstances in which financial and other similar institutions owe a duty either to prevent fraud or to take proactive measures to secure and restore stolen assets. The preparedness of judges to take principled steps to extend the scope of these duties in the right case can be seen in the Court of Appeal’s decision in Philipp [2022] EWCA Civ 318 (reversed on appeal). That is additionally just one example of where judges have taken different views on the same principled question, with other examples alluded to above.
In these circumstances, a victim of fraud may well look to the crypto industry – whether exchanges or issuers of tokens – for their recovery action. It is far from fanciful that such entities may owe an obligation to assist in the recovery of fraudulently transferred funds. As legal principles continue to develop, the accountability and responsibilities of the crypto industry may increasingly align with those of traditional financial institutions, ensuring greater protection for users in the digital financial landscape.
References:
- IFT SAL Offshore v Barclays Bank plc [2020] EWHC 3125 (Comm)
- Tecnimont Arabia Limited v National Westminster Bank plc [2022] EWHC 1172 (Comm)
- Terna Energy Trading DOO v Revolut Ltd [2024] EWHC 1419 (Comm)
- Larsson v Revolut Ltd [2024] EWHC 1287 (Ch)
- CCP Graduate School Ltd v National Westminster Bank Plc [2024] EWHC 581 (KB)
- Tai Mo Shan Ltd v Persons Unknown [2024] EWHC 1514 (Comm)
- Philipp v Barclays Bank UK Plc [2023] UKSC 25
- Philipp v Barclays Bank UK Plc [2022] EWCA Civ 318
- CoinDesk and CoinTelegraph articles on Tether's freezing and blacklisting actions​ (CoinDesk)​.