Today I take the liberty of reproducing a court decision in particular detail: The ruling of the Commercial Court of the Canton of Bern of 20 July 2021 not only provides an example of how the bank’s liability is to be assessed in the case of fraudulent withdrawals of money, it also dispels – in refreshingly clear language – some of the arguments usually put forward by the banks. However, it also in no way releases the bank customer from his or her obligation!
Some points to note:
– The bank’s argument that account management is a mass business, which is why the degree of care should be reduced, is briefly and clearly rejected: If it is the bank’s business model to operate a mass business, then it and not the customer must bear the risks resulting from this business model.
– the downright hair-raising negligence of the bank in identifying the client and in monitoring the client relationship was considered by the court to be gross negligence, which eclipsed the client’s own fault.
– it does not exonerate the bank if the “systems” did not generate a warning – such systems must be set up to effectively report the conspicuous transactions.
– the customer must be given sufficient time until he could have taken note of correspondences and protested against transactions not ordered. The court assumes a generous 30 days.
– the usual risk transfer clauses in banking contracts can be set aside by the courts if the application of the clause would lead to a grossly inequitable result. This may be the case in particular if the bank has acted with gross negligence.
– important for the client: Documents delivered via e-banking are also considered to have been legally delivered and trigger the time limit for checking and objecting to unauthorised transactions.
Commercial Court of the Canton of Berne, decision of 20. July 2021
Summary:
In connection with fraudulent cash withdrawals by an unknown perpetrator (UP), the bank lacked the level of attention that could and should have been expected from an average bank in the circumstances.
The bank had sent a debit card including code via a courier service to a foreign country in response to a telephone request by the UP, where the UP intercepted the consignment.
The bank did not notice a repeated large number of cash withdrawals during a very short period of time until the monthly limit was exhausted on a previously inactive account. Their breach of due diligence can be qualified as substantial or grossly negligent.
By not checking and objecting to its bank correspondence within a reasonable period of time, the account owner negligently contributed to the aggravation of the damage that had occurred.
The note on the account statement stating that it is deemed approved without an objetction within 30 days does not constitute an agreement between the bank and the client, but merely a unilateral expression of the bank’s will.
III. Facts of the case
13 Undisputed facts
13.1 The Claimant is a Swiss national who moved his residence to Makati City in Metro Manila in the Philippines as of December 2013. In July 2014, the Claimant opened a private account with D. AG (hereinafter: the defendant).
13.2 From the record before us, it is established that the relevant facts in 2018 occurred substantially as follows:
13.3 An unknown person called the Defendant 21 times between 4 July 2018 and 30 October 2018 (see the overview in KB 25). The Tribunal has recordings of eleven of these calls (KB 19). Since, according to the Defendant’s submissions at the time, the recordings were made for training purposes on a random basis only, there are no corresponding records for the remaining ten calls.
13.4 On 5 July 2018, i.e. immediately after the first call from the unknown person, the Defendant delivered two mailings addressed to the Claimant’s address in the Philippines, one with a new D. Card made out to the Claimant’s private account at issue and one with the corresponding personal identification number (PIN), to the delivery company TNT. The two items (D. Card and corresponding PIN) were delivered on 9 July 2018 to an unknown person who signed for their receipt.
13.5 Between 9 and 10 July 2018, the first 28 withdrawals totalling CHF 19,940.53 were made with the new D. Card at ATMs in the Philippines.
13.6 On the occasion of one (or more) calls made by the unknown person to the Defendant on 11 July 2018, an increase in the card limit was apparently initiated. The Defendant confirmed the card limit increases to CHF 10,000.00 per day and CHF 20,000.00 per month to the Claimant and the Claimant respectively by letter dated 11 July 2018. The confirmation letters were delivered to the Claimant’s correspondence address in Switzerland with Notary G.
13.7 Between 31 July 2018 and 2 August 2018, a further 32 withdrawals totalling CHF 19,910.22 were made using the new D. Card.
13.8 On 1 August 2018, the Defendant sent the Claimant the account statement for the month of July 2018 via e-banking.
13.9 Between 31 August 2018 and 2 September 2018, 16 withdrawals totalling CHF 10,104.68 were again made with the new D. Card.
13.10 On 1 September 2018, the Defendant sent the Claimant the account statement for the month of August 2018 via e-banking.
13.11 On 5 September 2018, a final cash withdrawal in the amount of CHF 22.98 was made with the new D. Card.
13.12 On 1 October 2018, the Defendant sent the Claimant the account statement for the month of September 2018 via e-banking.
13.13 After the Claimant became aware of these cash withdrawals during a visit to a branch of the Defendant in Switzerland on 29 October 2018, he filed a criminal complaint against unknown perpetrators (hereinafter: UP) with the Public Prosecutor’s Office of the Canton of Bern on the following day. On 5 November 2018, the Office of the Public Prosecutor opened the investigation
for fraud (Art. 146 SCC) and fraudulent misuse of a data processing system (Art. 147 SCC), but suspended it on 1 April 2019 as the perpetrator could not be identified. On 10 May 2019, the Claimant was then served with the case files for inspection.
14 Main points of view of the parties
14.1 The Claimant is of the opinion that in the summer of 2018, UP arranged by telephone for the Defendant to send it a D. Card and the associated PIN for the account in question without the Defendant carrying out a sufficient identity check. The two items had never reached the Claimant. Since the signature on the acknowledgement of receipt obviously did not come from the Claimant, both items must have been intercepted by UP on the delivery route. UP then used this card to withdraw around CHF 50,000.00 in the following weeks, which was debited to the Claimant. In addition, the defendant had granted an increase in the account limits for the D. Card without carrying out a sufficient identity check.
14.2 The Defendant is of the opinion that the UP should be sought in the vicinity of the Claimant. In addition, the Claimant did not keep its documents on the business relationship carefully, so that the UP was given access to the bank documents which had to be kept secret. Therefore, one or more unknown third parties could have answered the security questions asked on the phone and thus ordered a D. Card and the corresponding PIN. The two items had not been stolen by delivery, but had been delivered to the correct address of the Claimant in the Philippines and had thus come into the Claimant’s sphere of access, influence or power.
16 Party submissions
16.1 The Claimant demands the proper performance of its contract with the Defendant, namely the payment of CHF 82,670.70. The Claimant submits that the Defendant failed to properly fulfil its duties of care in various respects in connection with the cash withdrawals by the UP. Therefore, the Claimant’s claim for repayment of the amount paid out to UP in the amount of CHF 50,438.40 remained. The defendant could not pass this loss on to the Claimant.
16.2 The Defendant acknowledges that the Claimant is entitled to reimbursement from the Defendant in the amount of CHF 32,232.29, i.e. account balance as at 30 September 2018. As regards the amount exceeding CHF 32,232.29, she takes the position,
(1) that it did not breach its contractual obligations, namely its duties of care, in the verification of identity;
(2) that the Claimant did not keep its records relating to the business relationship carefully and did not take appropriate measures to prevent the risk of unauthorised access or fraud;
(3) that the damage arising from the duty of care should be passed on in full to the Claimant on the basis of Clause 2 oldGTC;
(4) that the defendant was entitled to claim damages against the Claimant to the extent of the amount withdrawn in August 2018 and September 2018, as the Claimant had breached its duty to mitigate damages;
and
(5) that the Claimant had authorised the cash withdrawals of July 2018 and August 2018 in the absence of any objection to the relevant account statements within one month.
17 Contractual qualification
17.1 In the present case, the parties entered into a business relationship in the context of the opening of the private account in question, the basis of which is the basic contract dated 4 July 2014 By signing the basic contract, the parties accepted the General Terms and Conditions of Business of the defendant (GTC) to be an integral part thereof. The basic contract concluded between the parties is an account contract. A more precise qualification of the contract can be dispensed with in the present case.
18. The client’s claim to performance and burden of proof
18.1 If a client transfers money to his account opened with a bank, this becomes the property of the bank. However, the client has a claim for restitution in this respect, which is why the bank is obliged to pay out the existing credit balance to the client at his request in accordance with the contract (BGE 146 III 326 E. 5.1; BGE 146 III 121 E. 3.1).
18.2 If the bank transfers money from this account to a third party on the client’s instructions (i.e. with a corresponding order), it acquires a claim for restitution against the client (Art. 402 CO). The bank may therefore offset the client’s claim for restitution against the claim for repayment (BGE 146 III 326 E. 5.1; BGE 146 III 121 E. 3.1.1).
18.3 However, if the bank transfers money from this account to a third party without an instruction (i.e. without a corresponding order), it does not acquire a claim for reimbursement against which it could set off the client’s claim for reimbursement. In this case, therefore, the client is in principle entitled to reclaim his credit balance in accordance with the account balance prior to the orderless entry, and the bank is obliged under the general principles of the law of obligations (Art. 68 et seq. CO) to pay the client the corresponding amount, i.e. to make a payment for the second time (BGE 146 III 326 E. 5.1; BGE 146 III 121 E. 3.1.2; BGE 132 III 449 E. 2; BGE 112 II 450 E. 3a).
18.4 It is undisputed in the present case that the Claimant paid in a total amount of CHF 83,471.00 when opening her private account with the defendant. It is also undisputed that the disputed bank withdrawals between 9 July 2018 and 5 September 2018 were fraudulently made by a UP and that the defendant paid an amount of CHF 50,438.40 to a third party without a corresponding order from the Claimant. It must therefore be noted that the Claimant’s claim for performance continues to exist in principle to the extent of the account balance as at the end of June 2018 in the amount of CHF 82,670.70.
18.5 Since the Defendant acknowledges that the Claimant has a compulsory claim against it in respect of the credit balance as at 30 September 2018 in the amount of CHF 32,232.29, it will only be necessary to examine below whether the Claimant’s claim for performance to the extent of the remaining CHF 50,438.40 is offset by corresponding claims of the Defendant.
19 Passing on the risk to the client and burden of proof
19.1 A bank may pass on to the client the risk normally borne by it or the loss resulting from defects in identity, provided that a corresponding agreement has been reached between the parties (so-called risk transfer clause).
19.2 The admissibility of such a risk transfer clause is, however, limited by the Federal Supreme Court in two respects: On the one hand, Art. 100 para. 1 CO, which regulates the exemption from liability for non-performance or defective performance of the contract, is applicable to such clauses by analogy. Passing on damages in the case of intent or gross negligence was therefore excluded. On the other hand, even in the case of slight negligence, the passing on of damages could be qualified as void at the discretion of the court on the basis of Art. 100 para. 2 CO (BGE 132 III 449 E. 2; BGE 112 II 450 E. 3.a; BGE 146 III 326, E. 6.1). While gross negligence exists if elementary rules of due diligence are violated, namely if a bank ignores suspicious facts that should have been obvious to any diligent banker, slight negligence is affirmed if a person does not exercise all the care that could have been expected of him (BGer 4A_379/2016 of 15 June 2017, E. 3.3.2).
19.3 The defendant is of the opinion that it can transfer to the Claimant the risk it bears in principle as a result of identity deficiencies on the basis of section 2 oldGTC. Under the heading “Identity and signature verification”, this provision stipulates the following duties of care of the parties:
“The client has the duty to keep his documents relating to the business relationship with D. carefully and to take all precautionary measures to reduce the risk of unauthorised access or fraud. Any damage attributable to a breach of this duty of care shall be borne by the client. D. shall check the identity of the client or his representative as well as their signatures with due care and shall take appropriate measures to detect and prevent fraud. If D. fails to exercise due diligence in this respect, it shall assume responsibility for the loss incurred. Signatures shall be authenticated at the request of D.”.
19.4 This provision cannot be understood as a risk transfer clause in the sense that the entire risk is passed on to the client as a result of a lack of identity. Rather, the provision specifies the scope and the degree of diligence that the parties may require from each other. The provision therefore repeats what is already provided for by law.
19.5 In the present case, the defendant has the burden of proving, pursuant to Art. 8 CC,
(1) that it has fulfilled its duty of care, namely that it
(a) verified the identity of the ordering person in connection with the order for the new D. Card and the associated PIN,
(b) verified the identity of the requesting person in connection with the increase of the card limits and
(c) included the signature of the receiving person on the acknowledgement of receipt of the two consignments (new D. Card and the corresponding PIN) with due diligence and that
(d) it had taken appropriate measures to detect and prevent fraud.
The Defendant also has to prove
(2) that the Claimant failed to comply with its contractual duty of care, namely that the Claimant
(a) failed to keep its records relating to the business relationship with the Defendant carefully and
(b) failed to take all precautions to reduce the risk of unauthorised access or fraud, whereby the Claimant has a duty to cooperate with respect to (2).
20 The Claimant’s Duty of Care
20.1 Position of the Defendant
20.1.1 The Defendant disputes that the Claimant has complied with his duty of care under Clause 2 oldGTC of the Defendant. According to the defendant, the UP must have had access to the bank documents of the Claimant which were to be kept secret, otherwise it cannot be explained that one or more unknown persons were able to answer the security questions asked during the telephone identification.
20.1.2 Regardless of how and where the Claimant had kept the documents, the UP would not have needed access to these documents in order to successfully carry out its fraud. In particular, the Claimant used the insecure communication channel of e-mail to communicate about its banking relationship. Then, in the letters of 29 October 2014 and 11 March 2015 (written by computer), the Claimant had written down extensive information about the business relationship. The UP could have easily accessed these electronically created documents in order to learn of this confidential information. Furthermore, in addition to the recipient, all persons to be found in the same domicile were entitled to receive mailings.
20.2 Position of the Claimant
20.2.1 For its part, the Claimant points out that the defendant cannot prove the extent to which the Claimant is keeping the documents relating to the business relationship carelessly and which documents and relevant information are supposed to have been obtained by UP. This was due to the fact that the Claimant carefully kept all documents.
In particular, the Applicant kept its documents, including its account cards and the corresponding PIN, in a safe in Manila.
Furthermore, clause 2 oldGTC required a causal connection between the careless storage and the damage that occurred, which the defendant also failed to demonstrate. Passing on the damage on the basis of this provision was therefore excluded.
20.3 Interim assessment
20.3.1 On the basis of the files at hand, it is not possible to conclusively assess whether the Claimant has fulfilled its duty of care. It is also questionable in this context whether the Claimant has sufficiently fulfilled its duty to cooperate in this regard. However, both questions can be left open, since – as will be shown below – the defendant cannot prove that it has fulfilled its duty of care and therefore cannot pass on the risk to the Claimant on the basis of section 2 oldGTC, irrespective of any breach of the duty of care by the Claimant.
21 The defendant’s duty of care
21.1 Position of the Claimant
21.1.1 The Claimant is of the opinion that the Defendant waived all customary due diligence by not asking UP sufficient security questions before sending the D. Card and the associated PIN and before increasing the account limits. On the one hand, the defendant no longer had the records of the first calls made by UP with which it had ordered the D. Card and the associated PIN and obtained an increase in the account limits. It could therefore not prove from the outset that it had carried out a sufficient identity check.
21.1.2 Secondly, it was generally apparent from the records of the defendant and the public prosecutor’s office of the Canton of Bern that the defendant had not exercised the slightest care in checking the identity of the caller and had therefore acted with gross negligence. In particular, it was not clear from this that the defendant had asked any sufficient security questions to check the identity, nor how these should have been answered.
Rather, the defendant had refrained from taking the usual business care in checking identity and had systematically ignored all signs, some of which were obvious, that the UP could not be the alleged caller, Mr. A. Furthermore, the caller had either not answered some of the security questions at all, only evasively or simply incomprehensibly, and in some cases the defendant’s employees had even answered the security questions themselves. Based on this, it had to be assumed that the defendant had also failed to exercise the due diligence required of it in the first, unrecorded calls in which the two consignments and the increase in the card limits were initiated, and had also provided UP with sensitive data in these calls so that it could answer the security questions in later calls.
21.1.3 In addition, there were a large number of (further) anomalies which should have led to an intervention on the part of the defendant.
In particular, the large number of calls within a short period of time, after only a few client contacts in previous years, was conspicuous. Likewise, the defendant should have noticed that the caller repeatedly urged to increase the limit for card withdrawals, although not a single cash withdrawal had been made from the Claimant’s account for years. Likewise, the defendant should have easily realised that the high number of cash withdrawals within a very short time did not make the slightest economic sense. Finally, the high number of attempts to withdraw cash beyond the various limits, as well as the fact that within minutes after the daily or monthly limit was reset, new withdrawals were immediately made, were conspicuous. The defendant should also have noticed that the items were sent to an address other than the Claimant’s correspondence address. It would have been up to the defendant to recognise and prevent these anomalies, but it failed to do so.
21.1.4 Contrary to the Claimant’s clear written instructions, the Defendant finally sent the D. Card and the associated PIN to the Philippines. Since the two items never reached the Applicant and the acknowledgements of receipt, on the other hand, were obviously not signed by the Applicant, these items must have been intercepted by UP on the delivery route. The fact that the defendant had sent the consignments to the Philippines contrary to the Claimant’s express instructions was within its sphere of risk.
21.2 Position of the defendant
21.2.1 The Defendant denies that it breached its duty of care.
21.2.2 It first denies that one or more unknown third parties had ordered a D. Card and the associated PIN for the account.
21.2.3 It further denies the Claimant’s allegation that the Defendant insufficiently verified the identity of the caller by failing to ask sufficient security questions or otherwise breached its duty of care in this context.
In this regard, the Defendant argues that the Claimant shows a clear hindsight bias, not taking into account that payment transactions are a mass business and that bank employees cannot analyse the entire client relationship and the client behaviour of the past years before each client order.
21.2.4 Clarifications regarding individual clients would be made if an IT-protected system generated an anomaly with a client. In connection with the business relationship under discussion, no anomaly had been triggered, as the transactions had remained within the scope of the comparable business relationship. Therefore, no clarifications had been made.
21.2.5 With regard to the Claimant’s allegation that the defendant had sent mail to the Philippines in violation of instructions, the defendant replied that the Claimant, as a former member of the diplomatic service, was well aware that there was a risk of mail being stolen in the Philippines, but that the defendant was not.
In addition, the defendant had already sent the Claimant a letter to the Claimant’s residence address in Manila in another context, which the Claimant had not complained about. It was also plausible and understandable that someone who lived in the Philippines and wanted to make cash withdrawals there would want a new D. Card to be sent to this address. Finally, the two items had not been sent to a new address adapted by UP, but to the correct address provided by the claimant.
21.3 Interim assessment
21.3.1 First question to be dealt with is what degree of attention could and should have been expected from the defendant in the present matter. Then it must be examined whether the defendant has complied with the attention required of it.
21.3.2 Under Article 3(2) of the Civil Code, the defendant is obliged to pay such attention as is required by the circumstances. Since the attention required is determined “according to the circumstances”, a case-by-case assessment must always be made. The concrete circumstances determine in each case whether and to what extent clarifications and enquiries are to be made or consultations are to be held with the client. The standard is what clarifications an average bank would have made in the same situation to check whether a transaction is authorised by the client or not.
21.3.3 Insofar as the Defendant claims that it asked sufficient security questions to establish the identity of the caller before sending the new D. Card and the associated PIN and before increasing the account limits, it fails to provide direct evidence in this regard, as the relevant calls were not recorded. Nor does it explain which security questions would generally be asked if a client ordered a new D. Card and the corresponding PIN by telephone or requested an increase in the account limit by telephone. It remains unclear what precautions the defendant takes to prevent precisely such cases in which an unknown third party poses as a supposed client and fraudulently orders a new D. Card or obtains a card limit increase. Instead, it confines itself to denying in general terms that it had not complied with its duty of care and that it had not known that an unknown person had ordered the D. Card and the associated PIN. However, since the burden of proof in this regard is on her, it would have been up to her to substantiate her claim with substantiated arguments and evidence.
21.3.4 Furthermore, the defendant cannot derive anything for itself from the recorded telephone calls. On the contrary, it can be seen from these recordings that the employees of the defendant only asked the caller rather general security questions in order to establish his identity, such as the question about the name and date of birth, any co-owners, the existence of standing orders, the current account balance or the use of e-banking. It is also noticeable that the employees were sometimes very quickly satisfied with an answer that was not correct or not completely correct, or that the employee himself had revealed the correct answer – for example, the current account balance. In this respect, it must be taken into account that no concrete orders were received and executed by the unknown caller during the recorded telephone calls and that the requirements for the security questions could therefore be set lower.
It must also be taken into account that the assessment was made retrospectively and already with the knowledge that the caller was a UP. It is also reasonable to carry out in-depth clarifications for each call. In the present case, however, it seems to the court that the calls were sufficiently unusual and that the indications of fraud were sufficiently present that the defendant’s employees could have been required to exercise a greater degree of care in establishing the identity of the caller than was the case. In particular, it is striking that it was not a matter of individual cases in which the required degree of care in establishing the identity had not been observed, but in almost every one of the recorded calls. This could lead to the conclusion that the defendant’s employees had also failed to observe the level of care required of them in the relevant calls. However, to draw a conclusion a minore ad maius in this case does not seem justified and would also be obsolete, since – as already explained (para. 21.3.3) – the defendant failed to prove that it had sufficiently fulfilled its duty of care in the identity check anyway.
21.3.5 The defendant has not only breached its obligation of due diligence only in connection with the identity check alone. Rather, it must be noted that in the summer of 2018 in question, there were a large number of anomalies which the defendant could and should have discovered and prevented through further clarifications and/or investigations.
21.3.6 Looking at the business relationship between the parties, it should be noted that from the opening of the account on 14 July 2014 until the first call from UP on 4 July 2018, no cash withdrawals or other transactions were made by the Claimant, nor did the Claimant seek regular contact. On the contrary, it can be inferred from the files that contacting the defendant had just proved to be very difficult. Against this background, it is particularly striking that the Claimant suddenly sought regular contact with the defendant and had regularly received higher sums of money. Secondly, the mere fact that cash withdrawals were sometimes made up to 16 times a day is striking. The fact that these cash withdrawals each involved significant amounts makes this process all the more conspicuous and should in itself have led to an intervention by the defendant. In addition, it is conspicuous that the account limit was to be increased after a large number of cash withdrawals had already been made. The fact that cash was withdrawn again immediately after the account limit was reset should also have come to the attention of the defendant. Furthermore, the defendant’s system should have noticed that the signature on the receipt did not match that of the Claimant. The fact that the defendant did not raise suspicion despite all these conspicuous features is considered a massive breach of due diligence. A bank should be expected to recognise anomalies such as these and to take appropriate measures to shed light on them.
In any case, the bank did not fulfil its duty of care in the way that a client could have expected.
21.3.7 The defendant’s argument that payment transactions are a mass business and that a bank employee cannot therefore analyse the entire client relationship and client behaviour in recent years before each client order cannot be accepted. The mass business is their business model and therefore also their risk.
21.3.8 Furthermore, the Defendant cannot escape liability by claiming that its system did not generate any anomalies. It is its responsibility to take reasonable measures to detect and prevent frauds such as the present one. If the defendant sets up a system for this purpose, which should generate anomalies, it is also up to it to ensure that this system detects anomalies that need to be detected.
What precautions the defendant had taken in addition to the implementation of this system, it does not submit. The defendant therefore also fails to prove that it had taken adequate measures to detect and prevent fraud of the kind that occurred in the present case.
21.4 In summary, it must be stated that the defendant, in connection with the fraudulent acts of UP, lacked the degree of attention that the circumstances would have required of it and that could have been expected of an average bank. Her breach of duty of care can be qualified as substantial or grossly negligent. A passing on of the damage or risk to the Claimant is therefore excluded.
21.5 It should be noted that in the event that a risk transfer clause in the true sense had been agreed between the parties, which did not occur in the present case, a passing on of the damage on the basis of Art. 100 para. 1 CO would still have been excluded because the defendant is to be charged with gross negligence.
21.6 Finally, it can be left open whether section 2 oldGTC would be inadmissible with regard to Art. 8 UCA.
22. claim for damages
22.1 If the client has negligently contributed to the occurrence or aggravation of the damage through a breach of his own obligations, it must be examined whether the bank can offset its client’s claim for restitution against a claim for damages (pursuant to Art. 97 para. 1 CO). According to the practice of the Federal Supreme Court, the client contributes to the aggravation of the bank’s damage in particular if he does not dispute the unauthorised or unfounded entries, which he could or should have discovered by inspecting the account statements received, within the agreed period of time, or by not checking his mail stored at the bank (BGer 4A_119/2018 E. 6.2). If, however, the bank is at fault or contributorily at fault, its claim for compensation is again to be reduced at the discretion of the court (Art. 44 para. 1 in conjunction with Art. 99 para. 3 CO). Recently, the Federal Supreme Court has also held that the client can be fully released from liability if the bank’s own fault is so serious that it makes the client’s breach of contract contributing to the damage appear remote and legally insignificant (Federal Supreme Court 4A_178/2019 of 6 August 2020, E. 6.4).
22.2 In the present case, the defendant must prove the breach of contract, the damage and the causal connection in accordance with the general rules of contract law. The Claimant’s fault is then presumed (Federal Supreme Court 4A_586/2017 of 16 April 2018). However, it is open to the latter to prove that it was not at fault for causing and aggravating the damage that occurred. Finally, the defendant must also prove that it was not at fault or contributory negligence for the damage that occurred.
22.3 According to the defendant, the damage amounts in principle to CHF 50,438.41. However, the defendant waives the fees for the cash withdrawals abroad of the disputed transactions in the total amount of CHF 390.00, which reduces the damage by this amount to CHF 50,076.35.
22.4 According to the defendant, the Claimant had violated Clause 7 oldGTC, which contains the following provision under the heading “Duty to examine and complain”:
“The client is obliged to check the statements and notices immediately. Complaints by the client arising from the execution of orders must be made within one month of the corresponding notification. Complaints by the client which are not made in good time may lead to a breach of the duty to mitigate loss. The client shall be liable for any resulting damage.”
22.5 The Claimant failed to check and object to the account statements and the notification regarding the increase in the account limit, contrary to its obligation under Clause 7 oldGTC.
22.6 Since the Claimant itself does not dispute that it did not take note of the account statements for the months of July and August 2018 and the notification regarding the increase in the account limit within the one-month period, let alone object to them, it is undisputed that it failed to comply with its duty to examine and object under Clause 7 oldGTC.
22.7 The defendant alleges that the fraudulent cash withdrawals in August and September 2018 could have been avoided if the Claimant had checked the bank documents immediately and raised a complaint without delay. In contrast, the Claimant denies that the Defendant is entitled to pass on the loss to the Claimant. Even if he had had to make a complaint after the new card limits were announced on 11 July 2018, he would have had until 12 August 2018 to do so. By this date, however, cash withdrawals of around CHF 40,000.00 had already been made, so that even if the Claimant had complained, only a loss of around CHF 10,000.00 could have been prevented.
22.8 In order to answer the question of whether the Claimant could have prevented or minimised the damage that occurred if he had checked and objected to the notification of the account limit increase and the account statements sent via e-banking in good time, the chronology of events must be discussed in greater detail.
22.9 The first series of cash withdrawals (28 withdrawals totalling CHF 19,940.53) by the UP took place on 9 and 10 July 2018. At that time, the Claimant had neither the notifications of the account limit increase nor any of the relevant account statements. The relevant letters were demonstrably only sent to the claimant after 10 July 2018, so that a corresponding examination and complaint would not have been possible in the first place. It can therefore be stated that the Claimant could not have prevented the damage as a result of the first series of cash withdrawals for lack of evidence in this regard. The defendant does not claim this.
22.10 The second series of cash withdrawals (32 withdrawals totalling CHF 19,910.22) by UP took place between 31 July 2018 and 2 August 2018. It is undisputed that the notification of the increase in the account limits had already been sent to the Claimant’s correspondence address at Notary G. at that time. The letters are dated 11 July 2018 and were sent by A Mail, which means that it can be assumed that they were delivered on 16 July 2018 at the latest. The Claimant would therefore have had approximately two weeks from the date of delivery to review and, if necessary, object to the notices until the second series of cash withdrawals had commenced. If the Claimant had promptly taken note of the letter of 11 July 2018, he would have been able to notice that something could not be right, as he had not itself ordered the relevant account limit increase. Subsequently, the Claimant could have either made enquiries herself, asked the defendant why the account limit had been increased or objected to the account limit increase. According to the Claimant’s statement of 29 June 2021, however, he neither collected the letter of 11 July 2018 from the notary nor had it opened by her. Since he had therefore not even taken note of the notification of the account limit increase, the Claimant had in fact not had the opportunity to object to it or to react in any other way.
22.11 The basic question is whether a client is obliged to check the correspondence with the bank and, if so, within what period of time the client can be expected to carry out this check and make any objections.
22.12 The court is of the opinion that a bank can in principle expect its clients to open their mail occasionally, check it and make any objections. Furthermore, it can assume that a client who has not requested an increase in his account limit will make enquiries himself or inform the bank accordingly as soon as he has received a corresponding notification. In the present case, it should be noted that the Claimant was in the diplomatic service of the Swiss Confederation, was, among other things, a consul general and former chargé d’affaires of the Confederation, and is thus not completely unfamiliar with the industry. Especially from a person with a career like that of the Claimant, a bank can expect that he would pay appropriate attention to the bank correspondence. It should also be noted that the oldGTC explicitly provide for an obligation to check and object. As an interim conclusion, it can therefore be stated that the defendant could and should have expected the Claimant to check its bank correspondence and, if necessary, to object to it.
22.13 It is questionable, however, within what period of time a check and objection should have been made. While the defendant is of the opinion that the Claimant would have been obliged to make a complaint immediately, the Claimant takes the view that it would have had one month to do so – if there was any obligation to make a complaint at all – in accordance with Clause 7 oldGTC.
22.14 As the Claimant correctly argues, the defendant’s new GTC (newGTC) were supplemented in Clause 7 (“Duty to examine and complain”) by the addition that the client was obliged to raise complaints in connection with the business relationship “without delay”. In contrast, the oldGTC only stipulated that the client had to carry out an inspection immediately. Complaints, on the other hand, were to be made within one month. The Claimant further points out that the defendant would certainly not have changed the wording if the client had already been obliged under the oldGTC to make the complaints immediately. In its information letter on the amendment of the GTC as of 2020, the defendant also expressly states that the complaints “must now be made as quickly as possible”. Under these circumstances, it must be denied that Clause 7 oldGTC could imply an obligation to raise objections immediately.
22.15 However, the defendant’s argument that a distinction must be made between the duty to complain and the duty to mitigate damages must be accepted. The client’s duty to mitigate damages exists irrespective of whether or not such a duty has been agreed between the bank and the client. According to the court, the duty to mitigate damages in the present case requires the Claimant to object immediately as soon as he had become aware or should have become aware of the unauthorised cash withdrawals or other orders. If he had demonstrably become aware of the fraudulent cash withdrawals but waited until the one-month period had expired before making a complaint, this would be in breach of his duty to mitigate damages.
22.16 On the other hand, requiring a client to check and complain about his mail immediately seems neither reasonable nor realistic.
In the present case, the Claimant would have had about two weeks to check the notification and, if necessary, to object. The court considers a period of two weeks – even taking into account possible holiday absences – to be very short and therefore not reasonable to demand an objection within this time. It can be noted that the claimant could not have been expected to check his bank correspondence within two weeks of receiving the notification of the account limit increase and to object to it if necessary.
22.17 The account statement for the month of July 2018 was sent to the Claimant via e-banking on 1 August 2018. In line with the above, the Applicant could not be expected to promptly review and complain in this regard either.
22.18 In summary, had the Claimant been aware of the letter of 11 July 2018, it could have prevented the damage caused by the second series of cash withdrawals, but it did not have to. Consequently, the Defendant cannot pass this damage on to the Claimants either.
22.19 The third series of cash withdrawals (17 withdrawals totalling CHF 10,127.66) by the UP took place between 31 August 2018 and 5 September 2018.
22.20 By this time, approximately six weeks had passed since the notifications of the account limit increase were sent. Expecting a client to review and object to bank correspondence within a period of six weeks is considered reasonable and appropriate in this case.
22.21 In addition to the letters of 11 July 2018, the Claimant had also had the account statement for the month of July 2018 for around four weeks at that time, which it could in principle have viewed via e-banking from the Philippines. A bank can also require the client to check his correspondence with the bank within four weeks and to make complaints if something is wrong.
22.22 In the present case, the Claimant would therefore have had two letters which it would have been possible and reasonable for it to review and object to by the start of the third series of cash withdrawals. With regard to the third series, the Claimant could and should have noticed that something was wrong and reacted accordingly. However, the Claimant failed to do so and thus contributed to the fact that this damage occurred at the bank. The defendant could therefore in principle claim compensation for the entire loss that occurred in connection with the last series of cash withdrawals.
22.23 As already established (para. 21.4), however, the defendant is to be accused of gross negligence with regard to the fraud that occurred in the present case. In this case, its claim for compensation under Art. 44 para. 1 in conjunction with Art. 99 para. Art. 99 para. 3 CO must be reduced at the discretion of the court. The court does not consider a full exemption of the Claimant’s liability to be justified, since the negligent conduct of the Claimant itself with regard to the examination and objection of the bank correspondence also contributed to the damage of the defendant and cannot be qualified as so insignificant that an exemption from liability would appear to be appropriate. It seems to the court that a 50/50 split of the loss of the last series of cash withdrawals is appropriate in the circumstances.
22.24 It would have been for the Claimant to prove that it was not at fault. However, the Claimant has not provided this evidence. Rather, the Claimant concedes that it simply failed to check its bank correspondence. Since it does not even attempt to prove exculpation, it cannot succeed in doing so.
22.25 As an interim conclusion, it is held that the defendant is entitled to damages in the amount of half of the loss it suffered in the third series against the Claimant, since the latter negligently contributed to the aggravation of the loss.
23. Fictitious approval
23.1 The Defendant further argues that the Claimant approved the disputed cash withdrawals in July 2018 in the amount of CHF 19,965.53 and in August 2018 in the amount of CHF 19,935.22 by remaining silent, in each case by failing to make a complaint within the one-month period. In this regard, the defendant relies on Clause 7 oldGTC, according to which complaints by the client arising from the execution of orders must be made within one month of the corresponding notification. A corresponding note was also on the respective account statement: “Please check the account statement. Without your counter-report within 30 days, it shall be deemed approved”.
23.2 The Claimant, on the other hand, takes the view that the defendant – in contrast to many banks – has not included a fictitious approval in its GTC. Moreover, the reference on the respective account statements had never become part of the contract.
23.3 As far as the burden of proof is concerned, it is up to the defendant to prove that there was an agreement between the parties according to which the account statements sent by the defendant to the Claimant were deemed to have been approved after the expiry of a period of one month and that the Claimant had not made a corresponding complaint within the agreed period.
23.4 Clause 7 oldGTC first mentions that an order was executed by the defendant. Such execution took place in the delivery of the new D. Card and the associated PIN, the increase of the card limits and the issue of cash withdrawals. The Claimant’s argument that no orders were given in the first place cannot therefore be accepted. The provision further requires that any objections to these executed orders must be made within one month of the corresponding notification. In the event that the Claimant fails to file a complaint in due time, the provision stipulates as a legal consequence that this may result in a breach of the duty to mitigate damages. On the other hand, the provision does not provide for the orders executed to be deemed approved in the absence of a complaint. Contrary to the defendant’s view, the clause does not contain an implicit fiction of approval. An agreement on a fictitious approval can therefore not be inferred from Clause 7 oldGTC.
23.5 As far as the reference on the respective account statements is concerned, according to which these are deemed to be approved without a counter report within 30 days, it must be stated – in accordance with the Claimant’s comments – that this is initially a unilateral expression of intent. In order for this reference to have become part of the contract, there would have had to be a corresponding acceptance by the Claimant, which, however, did not occur in the present case and, according to the Claimant’s submissions, would never have occurred. However, the defendant argues that the Federal Supreme Court confirmed in BGE 127 III 147 that the account statements would be deemed approved if there was no corresponding reaction. However, in contrast to the present case, the ruling was based on the fact that the GTC already contained a provision according to which account or custody account statements had to be objected to within one month, otherwise the corresponding statements were deemed to be approved.
The Federal Supreme Court’s comments in this regard cannot therefore be applied unquestioningly to the present dispute. It should also be added that the Federal Supreme Court assumed a reversal of the burden of proof in the event that the balance was accepted, so that in a subsequent dispute it would no longer be the bank as the account holder that had to prove the correctness of the invoice, but the client that it was incorrect (BGE 127 III 147, E. 2b).
23.6 Even if it were assumed that a fictitious approval had been agreed between the parties, according to the case law of the Federal Supreme Court, the court may exceptionally assume that it is not binding if, under the circumstances of the case, this would lead to an inequitable result that would offend the sense of justice (Federal Supreme Court 4C.81/2002, E. 4.3).
In the present case, there was no intentional harm to the Claimant by the defendant. Nevertheless, the fault of the defendant – as already explained (para. 21.4) – is to be classified as substantial or gross. It would therefore be incompatible with a sense of justice if the defendant, having breached its duty of care to such an extent, could nevertheless escape its contractual liability on the basis of a fictitious approval.
23.7 In summary, it can therefore be stated that the parties had not agreed on a fictitious approval and even if they had agreed on such an approval, it would not be binding for the parties in the present constellation due to the extent of the defendant’s breach of its duty of care. The Claimant therefore did not approve the account statements despite the lack of a (timely) complaint.
Swiss Investor Protection Law 