In a landmark ruling, the commercial division of the High court has ordered Stanbic bank to refund at least Shs 339,556,644 to a customer who erroneously paid over Shs 2 billion through the bank’s online system.
In her decision, lady justice Cornelia Kakooza Sabiiti found that Stanbic bank had failed to implement robust fraud detection and prevention measures to safeguard its system and customers.
The ruling followed a successful suit filed by Mukono-based drug manufacturer Abacus Parenteral Drugs Limited. The company asked the High court to declare that Stanbic Bank was negligent and breached its statutory obligations, leading to a loss of Shs 2.203 billion after the bank allowed the funds to be paid into erroneous accounts.
The drug company told the court that in a bid to ease its daily financial reconciliations and for salary payments for its staff, on May 12, 2010, it applied and obtained from Stanbic online banking services in respect of the account it held there. The company authorized two people to utilise the online service on its behalf.
However, upon an audit of the account transactions, it was discovered that between November 2015 and March 2018, Stanbic bank had honoured several payments that the drug company didn’t know of or even authorised.
The accounts to which this money was sent were also held in Stanbic bank. However, in its defence, Stanbic denied any liability, instead arguing that the drug company had been, in writing, told of the risks associated with online banking.
The bank also said that online banking services are a straight-through process (STP) where the authority to initiate, verify, confirm, and authorise a transaction on the customer’s account lies squarely with the account holder.
In determining the matter, justice Sabiiti held that Stanbic had all the banking information of the customer on which over Shs 1.6 billion was paid erroneously over some time.
“The bank did not show that the online payment system had sufficient security features to safeguard against incorrect payments in accordance with its contractual obligations. The bank had a duty to put in place robust fraud detection and prevention solutions to protect their system and the customer. At the bare minimum, the online banking system should have flagged the repeated use of the same account numbers in the names of different beneficiaries,” the judge held.
However, the judge also found that Abacus Parenteral Drugs Limited was also negligent in its actions as it allowed the sharing of passwords among its officials who had been allowed to transact on its behalf.
“The merging of the initiator and authoriser role in a financial payment system was a significant and foreseeable risk which the plaintiff ought to have known. I therefore find that the plaintiff was grossly negligent. This issue is answered in the affirmative that the plaintiff’s actions and omissions were negligent and contributed to the financial loss,” the judge held.
Consequently, she declined to force Stanbic bank to repay all the money lost to fraud in the online transactions.
“Since both parties are in breach of their contractual obligations and were negligent with regard to their duty of care, the court is inclined to apportion the loss according to their comparative fault. The failure by the plaintiff to exercise basic financial internal controls exposed the plaintiff to the fraud and greatly contributed to the fraudster’s success. The plaintiff in this case was in the best position to prevent the fraud. Therefore, it is my considered opinion that the plaintiff is more to blame for the loss to the extent of 80%. The defendant bank is 20% to blame for not having robust security features in its online banking system to ensure that the beneficiary account details of the beneficiaries within its internal banking system correspond before the payments are effected,” the judge said.
She therefore ordered Stanbic bank to pay Shs 339.5 million with an 18 per cent interest per annum until full payment to Abacus Parenteral Drugs Limited. She also declined to award damages to Abacus. She also ordered that each party meets its own costs of the suit.
The judge here is being human, to me that pretty fair but my whole blame goes to the account holder, because you have full authority to your account and don’t hold the bank responsible for your mess, if you come to think of it that the bank stops the company transaction, they are the one to complain
Stanbic Bank Uganda is very irresponsible, they don’t have customer service my mobile banking account was locked but they did help me out