“Stop Money Laundering!” Conference - 26th February 2002, London
MONEY LAUNDERING |
Steven Philippsohn
|
|
|
Philippsohn Crawfords Berwald
|
THIRD PARTY DISCLOSURE AS TO ASSETS AND WHEREABOUTS |
|
Solicitors
|
GET YOUR MONEY BACK/STOP THE CRIME |
Cyber laundering |
Lawson House
|
|
|
294-295 High Holborn
|
|
E-THEFT |
London WC1V 7JG
|
|
CREDIT CARD FRAUD |
Tel: 020 7831 2691
|
|
NETSPIONAGE |
Fax: 020 7405 8629
|
LIABILITY OF ACCESSORIES |
HOW THE VICTIMS CAN BE HELPED |
E-mail: snp@pcbsols.co.uk
|
MUTUAL RECOGNITION OF JUDICIAL DECISIONS ON FRAUD |
|
Web Site: www.pcbsols.com
|
From the point of view of the criminal, it is no use making a large profit out of criminal activity if that profit cannot be put to use…..putting the proceeds to use is not as simple as it may sound. Although a proportion of the proceeds of crime will be kept as capital for further criminal ventures, the sophisticated offender will wish to use the rest for other purposes…..If this is done without running an unacceptable risk of detection, the money which represents the proceeds of the original crime must be "laundered"; put in an estate in which it appears to have an entirely respectable provenance". I summarise below some recent examples.
In September 1998 the UK authorities investigating the Russian Mafia alerted the FBI as to irregularities involving the Bank of New York (BONY) and huge volumes of cash that were being transferred from the International Monetary Fund to Moscow. The UK authorities suspected a link between YBM Magnex, a front company for suspected Russian gangster Semyon Yukovich Mogilevich, and Benex, a company owned by Peter Berlin, the husband of one of the then BONY vice-presidents. The treasury department in the US claimed to have known nothing of these irregularities or the investigations until April 1999.
In August 1999 the New York Times reported that it was suspected around $10 billion had been laundered through the Bank of New York. Two thirds originated from the island of Nauru which had not previously been known as a money centre. Many transactions originated from a Moscow bank chaired by the Yeltsin family financial adviser. The New York Times reported that $4.2bn passed through the bank in more than 10,000 transactions between October 1998 and March 1999. Many of these passed through BONY accounts of Benex. Authorities left the account open after March as they continued their investigation. Three bank employees, Lucy Edwards (former VP of the Bank), Peter Berlin (her husband) and Svetlana Kudryavtsev (who worked for Lucy Edwards) were charged and later entered guilty pleas in connection with the case. Another VP was fired for failing to declare supplemental income from one of the Russian clients and another employee resigned because of the scandal. It was reported that the sums involved were laundered through 4 bank accounts at BONY and one at the Republic National Bank which was also based in New York.
Russia lacks hard currency, therefore the US and western countries provided the liquidity to enable the laundering to carry on. Essentially the money trail followed from the International Monetary fund to through the Bank of New York to Moscow. This was the USA’s largest ever money laundering scandal and investigations extended to Switzerland, London, Russia and New York.
The French company Elf Acquitaine is one of the largest oil companies in the world and its main shareholder is the French government. The company is now privatised although it was previously a nationalised company. According to investigators Elf paid huge bribes both in France and abroad and was used as an instrument of the French State. An investigation was carried out by the London based human rights and environmental organisation Global Witness following an admission by a former senior official of Elf that the company systematically paid bribes to top African politicians and officials over the past 25 years. It revealed that Elf paid the bribes through diversions of oil revenues, defrauding the people of Africa of millions of dollars. The slush funds directed to the African leaders were sent to accounts in Liechtenstein as a means of hiding those transactions. Liechtenstein was then black listed by the G-7 countries for its failure to co-operate with international efforts in the combat against money laundering, financial crime and corruption.
Former Elf executive Le Floque revealed in an interview with the magazine “Die Zeit” that bribes were paid to German politicians (Helmut Kohl’s Christian Democrat Party), union officials and state governments as part of its purchase of factories in eastern Germany. He said that paying of bribes was necessary for Elf Aquitaine to prevail against their competition. The investigation into this allegation has not resulted in any charges. A member of President Mitterand’s cabinet, former French Foreign Minister, Roland Dumas, was jailed for 6 months in May 2001 for accepting thousands of pounds of gifts from his mistress, Christine Deviers-Joncour, all funded by Elf. Other individuals face parallel investigations on allegations that Monsieur Dumas’s mistress had been employed in order to persuade Monsieur Dumas to give government approval for the sale of French frigates to Taiwan. The deal went through in 1991. Former Elf executive Alfred Sirvern is also suspected of giving millions of dollars of Elf funds to influence politicians, provide phantom jobs for political friends and ensure fat contracts for the state owned company. Monsieur Sirvern is in particular thought to have given Deviers Joncour money and gifts to influence Dumas. He was formally charged in February 2001 of attempted extortion in the multi-million dollar frigate sale and for distributing millions of dollars in illegal slush funds allegedly siphoned from Elf. The process is anticipated to last for a further two years.
My firm was retained in another case where the launderer had approached an offshore bank with a detailed business plan in relation to 6 proposed ventures. He told them that the business venture would require financing from various sources, some of which he had already obtained and which he would be depositing with the bank. Those monies were kept in those accounts for six months and were then transferred to an account in New York. The Federal District Court ordered disclosure necessary to trace assets and, at the request of my client, followed established English principles of including a non-disclosure period as follows:
“In accordance with the practice and procedure of the courts of the United Kingdom, as permitted by 28 U.S.C. §1782 (a), [the subpoenaed party] shall not disclose directly or indirectly the existence or the terms of this Order or of the Subpoena to any [defendant in the UK Action] for a period of 21 days after [the subpoenaed party] shall have complied with the Subpoena.”
This Order enabled the monies to be traced to London where a further Order resulted in the monies being found and frozen in Liechtenstein.
The states have a number of features in common with respect to their approach to the regulation and operation of financial institutions which set them apart from the rest of the financial world.
Typically, the non-cooperative state has inadequate or indeed no regulations, supervision or licensing controls of financial institutions as compared to the international standards maintained by co-operative states. These states might have very poor rules relating to the assessment of key staff and indeed may have no measures to prevent criminals and their associates from obtaining management roles in financial institutions with control over substantial investments. Similarly they may have basic or no authorisation and registration regulations with respect to the operation of such institutions.
Recording requirements are likely to be poor or non-existent. There may be no legal or regulatory obligation placed upon financial institutions by supervisory bodies to make and keep records of transactions and the identity of their clients. They may also lack a system for reporting suspicious or unusual transactions and no competent authority to monitor and report such transactions to. Another indicator would be non-existent criminal or administrative sanctions for failure to meet obligations to report.
Legal or practical obstacles can also be signs of a non-cooperative. For example, by preventing the free exchange of information relating to the identity of account holders, the beneficial owners or transactions to the judiciary or administrative authorities. Secrecy rules are an example of this kind of problem, particularly where the rules can be invoked o protect the privacy of an account holder but cannot be lifted in the event that an investigation into money laundering is taking place.
Other signs to look for are states where financial institutions make it difficult to identify the owners of legal or business entities and where this type of information is not available. Compare this to the situation in the UK where company accounts and information must be filed by law and failure to do so will result in the imposition of strict penalties.
A state which permits a financial institution to carry out a transaction where the identity of the beneficial owner is unknown, is another feature which should raise concern.
Obstacles to international co-operation are indicators of a non-cooperating state. Law, administrative practices and rulings may provide strict conditions which must be fulfilled before the exchange of information between international administrative and judicial authorities can take place. States may prevent their own authorities from carrying out investigations on behalf of foreign counterparts. These states may also be unwilling to respond to both administrative and judicial requests for information and assistance, using both delaying tactics and failing to implement any recommendations or measures.
A non-cooperative state will typically have also failed to criminalise money laundering of the proceeds of certain crimes. They may have corrupt or incompetent staff in their judiciary and administrative or supervisory bodies and have no body of similar standing to a financial intelligence unit. Typically, any supervisory body as may exist will be under-resourced and unable to carry out investigations to any real effect.
Out of all the recent surveys, perhaps two statistics are of greater significance than others:
The features of the Internet that make it ideal for commerce also make it ideal for money laundering:
As a result cyber-launderers benefit for the following reasons:
Money laundering involves three stages to turn dirty money into clean money:
1. Electronic money
Electronic money (or e-money) is money that is represented digitally and can be exchanged by means of smart card from one party to another without the need for an intermediary. It is anticipated that e-money will work just like paper money. One of its potential key features is anonymity.
The proceeds of crime that are in the form of e-money could therefore be used, for example, to buy foreign currency and high value goods to be resold. E-money may therefore be used to place dirty money without having to smuggle cash or conduct face to face transactions.
2. Layering
Once the dirty money has been placed, the money launderer works it through a complex series of transactions to separate it from its illegal origins. This process is known as layering. It may involve the transfer of money through a series of offshore companies or the purchase of goods for re-sale. The launderer may try to legitimise the money by laundering it through a solicitor’s client account or by paying tax on it as purported income from a business!
It is the layering stage where the use of the Internet is most likely to facilitate money laundering. If the procedures for opening an Internet bank account are permitted to take place without face to face contact or without a link to a pre-existing traditional bank account, where the customer has to produce documentary evidence of identity, a money launderer may find it easier to set up accounts in false names that cannot be traced back to him.
The money launderer can control transactions from his PC. He can transfer money virtually instantaneously and thereby build up an extensive audit trail in a short space of time. The transfers can be made through many jurisdictions making it harder for prosecutors from one jurisdiction to follow the audit trail.
With the Internet there is the added jurisdictional issue of where the transaction takes place. Does it take place where the launderer is located, where the server is located or where the accounts are held? A joint report last year by the Bank of France and the French Banking Commission suggested that the last of these three locations is where the transaction takes place.
Layering may also become easier if the money can be transferred between banks that deal with e-money. Then the anonymity features of some types of e-money may make the source virtually untraceable.
3. Integration
Finally the money needs to be used by the owner, ensuring that the owner’s consequent wealth appears legitimate. This process is known as integration. A common traditional technique is to raise false invoices for goods and services.
The owner could use a company that provides Internet services to make it appear that services are being provided in return for the payment of monies that have passed through the layering process. For example, the laundered money may be in a bank account held in the name of a fictitious person or shell company. Payment would be made from that account to the Internet service company, as purported payment for a service. The service may be an Internet casino or betting facility. However the service would never be delivered – there would be no (net) winnings paid back to the account. The payment would appear as profit in the books of the Internet service company. Thus the wealth of the owner would appear to be legitimate – the profit of his Internet company.
This has greater scope than the traditional provision of goods and services where to legitimise the false invoicing may involve extensive paperwork such as documents evidencing delivery of goods and purchase of raw materials. Services may also be restricted to a particular geographical area. It may therefore be harder to justify a substantial turnover. It may also raise suspicions if money is being transferred from overseas banks or substantial amounts are being transferred through a few banks in the vicinity of the company’s operation.
On the other hand, Internet services tend to have lower overheads that needed to be accounted for and need not be limited geographically.
The advantage to criminals of “cyber-laundering” money goes beyond the elimination or reduction of the audit trail. Intermediaries may, depending on the regulatory requirements of the jurisdiction in question, have duties to report suspicious transactions. These reports may result in an investigation and eventual prosecution of a money launderer. If the money launderer can reduce the risk of a suspicious transaction report being made, he can reduce his chances of being caught and that is exactly what the Internet is likely to help him do.
One of the attractions of the Internet to banks and other companies is the ability to reduce overheads. On-line banks and other e-commerce companies may therefore handle a much higher volume of transactions per account manager than by traditional methods. This makes monitoring for suspicious transactions that much more difficult, even with the aid of monitoring software.
The transactions themselves take place without human intervention, cutting out another potential source of reporting.
The anonymity of on-line transactions also reduces the risk of transactions being reported. In theory, greater suspicion should be aroused if large sums of money are being deposited into an overseas account by members of the family of a head of state than by an anonymous cyber-customer. Indeed many reasons for reporting a transaction as suspicious is to do with the geographical origin of the funds. If the origin of the transaction can be kept anonymous, one key indicator of potential money laundering could be removed.
1. On-Line Banks
On-line banks are a prime target for money launderers. The lack of reports of on-line banks being used to facilitate money laundering is not viewed by experts of the Financial Action Task Force (FATF) of the OECD as an indication that it is not going on. Some believe that adequate means of detection have not yet been fully developed. The ways in which on-line banks can be used to facilitate laundering have already been considered.
2. Internet Gambling
Internet Gambling has been identified as a potentially ideal web-based service through which to launder money. In the real world casinos can be used for placement and layering of dirty money. The launderer buys chips with which to gamble. Inevitably the launderer will lose a percentage of the funds but this is a price that he is willing to pay to clean the money. At the end of the evening the launderer cashes in his remaining chips and takes payment by means of a draft, which can be paid into the launderer’s account. The payment will appear to come from a legitimate source – the casino.
Casinos tend to be highly regulated with gamblers having to produce suitable identification. However Internet gambling sites may not be regulated, increasing the opportunities for money launderers to move money from one credit card account to another bank account through the site. In addition many of the Internet gambling sites are based offshore and any records they may have needed as evidence for any prosecution will be that much harder to obtain.
The International element
Anti-money laundering regulations in the UK are set to become more stringent with the introduction of the FSA’s new rules and the Proceeds of Crime Bill going through Parliament. However cyber-laundering is a supra-national problem. The Internet is no respecter of national borders. As with any regulation of the Internet, international co-operation is essential.
In terms of law-making, governments have been working together for a number of years. The two main international agreements addressing money laundering are the 1988 UN Vienna Convention and the 1990 Council of Europe Convention. However money laundering is still rife. The use of technology is only likely to make worse the jurisdictional difficulties faced by prosecuting authorities.
In terms of law enforcement, greater co-operation is required between agencies of different jurisdictions to share information and carry out investigations quickly before the audit trail becomes cold.
The FATF is the main international body devoted to combating money laundering. It has made 40 comprehensive recommendations covering areas such as customer identification, minimum standards of record-keeping, co-operation between banks and supervisory and law enforcement agencies and suspicious transaction reporting.
One recommendation is that international organisations such as Interpol be given responsibility for gathering and disseminating information to national authorities about the latest developments in money laundering. Another recommendation is that, whilst safeguarding privacy and data protection, improvements should be made in respect of spontaneous or “upon request” international information exchange.
The Technological element
Legislation also needs to take account of the use of new technology. The Courts in England can interpret legislation with a view to remedying the mischief for which the Court considers the legislation was designed. It is therefore possible that such statutory interpretation can be used to adapt the existing legislation to the new technology.
However the Courts may not always be able to interpret legislation to cover all situations that may be posed by technology. In particular, the Human Rights Act requires Courts, as public bodies, to interpret legislation in a way that is compatible with human rights such as the right to respect for private life. The Courts may therefore have to bear that in mind when balancing the competing interests of the individual’s privacy rights and the State’s need for third parties to disclose suspicious transactions in order to combat crime.
One example of legislative action being taken to reduce money laundering through the Internet is a bill introduced in Canada last year to ban the use of virtually any kind of bank instrument for the use of gambling over the Internet, for fear that virtual casinos are ripe for money laundering.
Internet Service Providers
One area that has been identified as a potential counter-measure to cyber-laundering is monitoring using Internet Service Providers (ISPs). The FATF has reported the following suggestions:
Privacy Issues
Many of the suggestions regarding ISPs have already been mooted by legislators in the UK. However, such proposals have come under attack from privacy groups as being an unjustified invasion of privacy. Such measures will have to comply with the Human Rights Act. Under the Act, the state has to respect the rights of individuals to private life. Therefore any legislation introduced must respect that right. There are exceptions when the right can be infringed, the most relevant in this context being that of necessity to prevent crime.
The word “necessity” prevents Parliament from having carte blanche to introduce whatever measures it wants to combat money laundering. Careful consideration must therefore be given to the regulatory framework to be put in place.
Looking for signs of Cyber-laundering
In October 1999, the US Office of the Comptroller of the Currency issued a handbook on Internet Banking. It recommends that banks set up a control system to identify unusual or suspicious activities including monitoring procedures for on-line transactions. The following types of Internet activity were highlighted as matters that should raise the suspicions of the bank:
A number of concerns pervade the impending changeover from legacy currencies to the Euro. Amongst these is the great potential for organised crime to profiteer through money laundering and counterfeiting. There will be many opportunities for these organisations to launder vast quantities of cash with little prospect of detection during the biggest currency changeover since the introduction of the US dollar.
The value of the largest Euro note is such that it will allow greater sums to be transferred across borders without detection by the more traditional methods. The 500 Euro bill, which is the largest denomination of the Euro, will be worth around £300. This is nearly 17 times the value of the largest denomination note in Greece (10,000 drachma note).
Europol have warned that the average brief case will be able to hold the equivalent of £4.4 million in Euro notes compared to £670,000 in sterling. This will clearly make placement of ‘dirty’ cash a far easier task for money launderers. Indeed the Portuguese have refused to issue the 500 Euro note for fear of the ease with which large sums of illegally gained cash could be moved around.
Europol also have information to indicate that because of the ease with which the Euro can be moved around and the accessibility it provides to other areas of Europe, organised criminals are intending to use the Euro in favour of the US dollar.
Large sums of ‘dirty’ cash currently hoarded by criminal organisations will be exchanged for ‘clean’ Euro notes. Banks will be so overwhelmed with the volume of business that these types of transactions may well go unnoticed, further it is suggested that even if suspicious transactions are noticed authorities will not have the resources to follow them up.
The Federal Finance Ministry in Germany have warned that the police and customs have information to the effect that large amounts of cash resulting from criminal activities has been gathered in Europe with the intention of using the changeover day for laundering these sums.
There will be a large number of transactions which will involve customer accounts being changed from legacy currencies to Euros. This will again provide an opportunity for illegal transactions to go undetected. There will be thousands of large transactions of this nature providing the perfect cover for money launderers and fraudsters. Maria Jose Morgado, Deputy Director of the Economic and Financial Crime Unit in Portugal stated that the changeover would make it more difficult to trace suspect transactions. Ms Jose Morgado also commented that the trans-national nature of the Euro means that in the future large sums of money will be moved around Europe with no need for conversion. This will make it easier for launderers to hide the origin of ‘dirty’ cash. For example, although Euro coins will show the face of each head of state depending on the country, there will be no such marking on Euro notes.
The Secretary- General of the European Banking Federation commented that where bank staff are dealing with one transaction per minute “you cannot preclude that somebody who in a normal period you would spot slips through the net.”
Layering may also become easier if the money can be exchanged through on-line banks. The anonymity features of this type of transaction may make the source virtually untraceable.
The fact that anyone can change money into Euros in any bank, whether they hold an account or not, adds another anonymity feature to the process and another method which can and will be exploited by organised crime. Europol thinks that the Mafia, Latin American drug cartels and Asian criminal groups will all be active during the changeover
Among some of the major sources of funding are:
The methods used by terrorist groups are similar to those used by organised crime. There has been some debate as to whether the funding may not have been a criminal activity (for example if the funds were derived from contributions or donations) and the jurisdiction concerned might not be able to assist the investigation or target the funds using anti money laundering laws. However, the events of September 11th have led to a number of countries passing legislation to ensure that the appropriate prohibitions were in place.
The growth of computer systems and the Internet has enabled criminals to hack into the banking system and transfer monies to unauthorised accounts which they could then access. Most major banks do offer web services, but limit their usage. In the United States there are a vast number of fraudulent banking sites.
A few years ago, Citibank was subjected to over 40 electronic thefts by a former Russian employee of a St Petersburg software house. He found a way of accessing the system by which the banks own customers could give instructions as to the transfer of their funds to other banks. Together, with a number of accomplices, he managed to transfer approximately $7.5 million to Finland, California, Israel, Germany, Holland & Switzerland. He was caught by Citibank’s own security system which, together with the FBI and the telecommunications company in Russia, traced the illegal transfers which enabled the bank not only to recover practically all the stolen money but also identify the criminal. He was arrested in England and extradited to the United States. No customer of Citibank lost any money.
In a recent case, a net bank, X.co. Corp allowed customers to transfer funds without verifying bank a/c numbers. X. Co allowed withdrawals by entering only account and bank routing numbers. But one customer claimed that online thieves tried to withdraw $50,000 from his account. Another customer discovered a deficit of $21,000 from his account to pay for Gucci merchandise.
In China twin brothers were sentenced to death for hacking into a bank and stealing the equivalent of $86,700.
In England, allegations have been made that there have been frauds from the Egg online account and there is currently considerable discussion as to the possibility of the customer having to bear these losses under the Bank’s terms and conditions. However, in the recent decision of Director General of Fair Trading v First National Bank Plc [2000] 1 WLR 98, it was suggested that such conditions might not be enforceable.
Mr Theodore Swaggen had been employed by a major US Midwest bank for 8 years. Together with others, he had planned to steal $232 million from the accounts with the bank of a number of companies. On Friday, 13 May 2000 the co-conspirators called other wire-room employees in the bank to request that electronic funds transfers (EFT's or more commonly called wire transfers) be processed from the corporations to designated fraudulent bank accounts. The wire-room employees processed the transactions to Mr Swaggen who was responsible for the bank's call-back procedures. But instead of calling the indicated corporations, Swaggen called his co-conspirators outside the bank at predetermined telephone numbers. These individuals then apparently pretended to make the telephone conversations sound like they were EFT confirmations. Once they falsely obtained approvals for these transactions, the transfers were initiated. The scheme collapsed when one of the corporations being used in the scheme did not have sufficient funds in its bank account to cover the EFT transaction. The bank then reversed all the "irregular" EFT transactions.
In February 2001, New York City Police arrested Abraham Abdallah, 32, a high school drop out with a history of credit card fraud, alleging he impersonated such personalities as Steven Spielberg, George Lucas and Oprah Winfrey in order to steal funds and purchase goods with their credit cards, according to reports in the New York Post.
Abdallah allegedly carried out a complex campaign of fraud in which he tricked credit agencies such as Experian into sending him the credit card details of wealthy individuals, then using the detailed information to gain access to their accounts. Abdallah apparently used a copy of Fortune's "400 Richest People in America" as a starting point to target his victims.
He allegedly used various methods of carrying out fraud and concealing his identity, including forgoing corporate stationary and sending delivery couriers on circuitous routes to throw the police off the track.
Police say Abdallah used a Yahoo! email account to forge communications regarding transfers of funds and shares. One such transmission, made to Merrill Lynch in December, asked for the transfer of $10 m (about £7m) from an account belonging to Thomas Siebel, founder of Siebel Systems, but aroused suspicion because it would have put the account into the red.
The case was handed over to the police, who traced the email transmission back to the addresses "LT265&yahoo.com and "RS264@yahoo.com", according to the Post report.
On 23 February the police finally arrested Abdallah in New York City after intercepting a package of $25,000 worth of credit card manufacturing equipment he had allegedly ordered.
According to a report published by IDC in March 2001, almost half of European users of the Internet do not buy goods on line because they either do not trust the web vendors or fear their credit card details will not be secure. Credit card fraud rose to $4 billion last year (i.e. $2 for every card issued). The FBI believes hackers have stolen more than 1 million credit card numbers from e-commerce sites. Visa recently surveyed 15 Banks from 12 EU countries. It found that online credit card payments account for nearly half of all complaints, more than 1 in 5 of which came from people billed for online transactions who had not even shopped on the Internet.
A recent study published by the Information Technology Association of America (ITAA) found that more than 80% of Americans are concerned about potential fraudulent usage of personal information currently stored on computers. Meridien Research released a report in January 2001 predicting an increase in online payment fraud from $1.6 billion worldwide in 2000 to $15.5 billion on 2005. Out of the current figures, $230 million is estimated to result in Europe from online transactions. Mastercard reported a 33.7% increase in worldwide fraud from 1998 to 1999. During the first quarter of 2000, fraud losses increased 35% over the last quarter in 1999. Visa reports similar trends. It is estimated that fraud losses for online transactions may exceed $500 million in 2001 in Europe.
Identities are stolen from the net when hackers break into web sites and obtain personal information on customers. They then open new credit and bank accounts using that identity. Goods often do not arrive. In one case a Russian fraudster ordered goods using a stolen credit card, then sold them on an online auction at a low price to United States citizens, and the auction then wired money to an untraceable Latvian bank.
One of the best known cases is that of CD Universe, an Internet retailer, who refused to pay $100,000 to someone believed to be a Russian hacker, known as “Maxim” who stole 300,000 Credit Card numbers from their web site. As a result, the hacker posted some 25,000 credit card details on the web, for all to see. Most of the cards have since been replaced. It was reported in early June 2000 that the possibility of prosecution had been virtually eliminated by a failure to properly catalogue the electronic evidence.
On 31 October 2000 the Consumer Protection (Distance Selling) Regulations 2000 came into force which required card issuers to refund any money made from fraudulent or dishonest use of credit and debit cards. Consumers are no longer liable for the first ?50 of any fraudulent transaction. However, it is still worth paying by credit card in preference to debit card because if goods do not turn up or the firm is unable to pay, the credit card companies are “jointly and severally” liable with the retailer for purchases of ?100 or more. There is, however, no protection for non delivery of goods for payments made with debit cards. However, the new regulations do not prevent a Bank or card issuer enforcing a time limit in which they must be informed of fraudulent or dishonest use.
In June, it was reported that a computer hacker in the UK breached the security of a pioneering Internet service provider to obtain the names, addresses, passwords and credit card details of more than 24,000 people. The victims apparently included scientists at the top secret Defence Evaluation & Research Agency, senior officials in the government, BBC bosses and executives at companies such as Shell, Barclaycard and Halifax. The hacker, an information technology consultant, said that he targeted the Kent based Internet service provider so as to expose security lapses.
Credit card criminals have apparently found a new strategy in laundering money from stolen cards: small charges, a few dollars at a time. MSNBC.com research has revealed that for at least the last six months of 2000, hundreds and perhaps thousands of consumers have found charges of between $5 and $25 billed to their credit cards.
It was recently reported that a fraudster is making ?500,000 a year from stealing details on the credit card by a means known as “skimming” Skimming doubled in the UK in the past year with resulting thefts of up to ?300m. The steps taken:
Their first step is to recruit an unscrupulous bartender, waiter or shop assistant to steal information from customers credit or debit cards. They will then give their new recruit a pocket size device with a scanning slot, which looks like a pager and can even be worn on a belt.
They will then instruct them surreptitiously to swipe customers cards through this device on the way to the till. This copies the information held on the magnetic strip - a process which takes just seconds to carry out.
Those details will be downloaded to a machine. Then they will be copied on to a counterfeit card, complete with security hologram markings, probably shipped in from the Far East.
Then they use the credit card extensively like the thieves who stole the card details from shadow home secretary, Ann Widdecombe. Police were tipped off by her credit card company, who were curious as to why Miss Widdecombe had apparently used the card nine times in one day at a pub. The cardholder remains completely unaware that their card has been cloned until they notice strange things on their statement, or until their credit card company queries any unusual spending patterns.
A covert Police investigation has apparently uncovered a vast Russian-run counterfeit credit card factory, believed to be the largest and most sophisticated fraud of its kind in Europe. Alexander Tanov and Vladimir Stoguine produced such foolproof imitations that they were capable of overriding every security measure currently in place. The two Russians had already defrauded unsuspecting card holders out of ?200,000 through a network of illegal swipe machines. Using state of the art machines, including a hologram stamp imported from Russia, the gang were able to produce near perfect replicas of Visa, Amex and Master Card. Their versions of the interlocking globes and flying dove marks used by Master Card and Visa were said to be of such high quality that they were almost impossible to detect. They would then sell them for ?300 anticipating a month’s leeway before the cardholder noticed and reported the fraud.
The gang, which includes at least two other people still at large, would also use the cards to go on extravagant Saturday afternoon spending sprees in the West End. They would buy designer clothes and electrical goods which could then be sold on the black market. In order to access account holders information, Tanov and Stroguine employed waiters and bar staff from East Europe who placed illegal swipe machines in restaurants, hotels and wine bars across the capital. The waiters would carry a swipe machine often on their belts, which they would use to reswipe credit cards after they had been used to pay the original bill. When the swipe box was full, they would be met as they came off a shift by Stroguine, and given another. In exchange they would often provide them with forged EU passports allowing them to work in Britain. Tanov had two Norwegian and one Dutch passport, all under different names. The data in the black boxes was then downloaded through a computer at the factory in Streatham, South London. In January Stoguine and Tanov admitted conspiracy to commit fraud at Southwark Crown Court.
According to a UK newspaper, a Mr Rajinder Singh is another individual using the cloning system. Apparently he admitted to their reporter “I have been doing this for 7 years. I make between ?30,000 and ?40,000 a month cloning. Now I make the machines as well”.
Unscrupulous companies have always been delighted to take advantage of new opportunities to sabotage or steal from a dangerous competitor. The development of information networks and vulnerable points of attack merely emphasises this and increases the opportunities.
Netspionage is where confidential information is stolen by hackers, to sell to a competitor or for the use of individuals business exploits. Espionage was originally limited to governments, but with the information age, the rise of corporate espionage has been rapid. One tool used to steal secrets is TEMPEST (Transient Electromagnetic Pulse Emanation Surveillance Technology), that allows a scanner to read the output from a computer up to a kilometre away. It is non-invasive and virtually undetectable.
According to recent surveys, worldwide losses suffered through misappropriation of computerised intellectual property cost copyright owners close to $20 billion last year.
One of the most recent and publicised cases is where hackers broke into Microsoft’s computer system and allegedly had access to source codes behind Microsoft’s software for some considerable time and could have stolen blue prints of the firm’s window and office products. Microsoft commented that “this is a deplorable act of industrial espionage”.
In a recent case involving two major stockbrokers and a large European Bank, one of the brokers decided to set up a system dealing in government bonds and began building a network across Europe, which meant placing servers in all of the major banks to transfer information to the dealing rooms. The network manager was known to many of the banks because he had once worked for a rival, and he was given access to top-security computer rooms. In one of the banks, the space allocated for the server was next to one of its rivals, which already had a government bond operation. After a quiet chat with his boss, the network manager was given a discreet nod and told to lose ?10,000 on expenses to place a connection from the rival’s server to his company’s server. Because of his time at the rival he was able to decipher the code, and thus gave his company real time access to its rival’s buy and sell prices, allowing it to undercut and make a killing.
In China, the government is so concerned with the threat of the Internet as a vehicle for Netspionage that it shut down 127 net cafes, to curb the spread of online information, and to halt the spread of state secrets.
In California, a Court has awarded a preliminary injunction to the Internet auctioneer eBay against Bidder’s Edge, an auction aggregator. The injunction restrained Bidder’s Edge from extracting bid information from eBay’s web site.
The problem was highlighted by one e-entrepreneur, who gave out CD’s demonstrating his idea for a property web site, virtualagent.co.uk, at an e–entrepreneur’s meeting recently. The very following week, 2 very similar web sites were launched.
Another example of Netspionage is that of William Gaede, a sub-contractor at Intel. It was alleged that the downloaded details about the Pentium Micro Processor at his home computer which he then promptly videotaped to sell to foreign governments. Newspaper reports at the time claimed that the value of the information was between $10million-$20million.
In China an alleged hacker is under arrest for theft of business information from his employer and selling it to rival companies for the equivalent of $83,000. The company is reported to have lost 100 times that figure per month in sales.
Two federal class actions filed in November 2000 claimed that online ad companies violate federal laws by tracking consumers’ browsing habits without their permission. Filed in Denver against Excite@Home subsidiary MatchLogic and in Redmond, Washington against the online advertiser Avenue A, the suites complain that the two companies planted cookies on consumers’ hard drives to track their web habits for commercial purposes, thereby violating the Electronic Communications Privacy Act, passed by Congress to deter wiretapping, and the Computer and Abuse Act.
My firm is frequently retained on cases where employees leave, taking with them confidential information that was accumulated on their computer. In one such case, the employee sought to destroy the documentation by placing it in the recycle bin but he did not know that he had to empty the recycle bin as well. When confronted, he said that he did this as part of an overall “housekeeping” exercise.
1. ensure that you have and maintain effective information protection
2. vet your new and existing employees, contractors etc
3. be sceptical and if you have a problem, tackle it using speed, surprise and strategy
4. don’t confront the perpetrator until you have all that is needed
Money is transferable by one brief telephone call/e-mail or fax. It is therefore vital that not only is any investigation/analysis conducted in utmost secrecy but action is taken before the launderer has an inkling that he is being investigated.
Accordingly, at the very earliest opportunity, an analysis should be carried out to assess whether there has been any fraud and if so, the extent.
Once the problem has been assessed, decisions need to be taken as to whether it is commercially sensible to pursue the launderer and if so, to what extent. No victim, however large or small, should fail to assess the significance of publicity, given the fact that it has been the victim of fraud which is often caused by inadequate security measures or lack of judgment.
On the other hand, Directors are now facing increasing responsibilities to safeguard and preserve companies assets.
The Turnbull Report describes the ability of a company to respond appropriately to significant business risks to ensure its effective and efficient operation as an element of a sound internal control system. This includes safeguarding assets from inappropriate use or from loss and fraud and ensuring that liabilities are identified and managed.
The internal control system should be capable of responding quickly to evolving risks to the business arising from factors within the company and should include procedures for reporting immediately to appropriate levels of management any significant control failings or weaknesses.
The recommendations of the Turnbull Report do not have the force of statute. A company that does not implement those recommendations will not necessarily be liable to its shareholders for losses that may result from a failure to deal with risks. The Turnbull Report states that responsibility for implementing the guidelines lies with the board of directors and although they can delegate the task, they can’t delegate the responsibility.
However, the directors of the company owe it duties of trust and to act in its best interests. If a director fails to take reasonable steps to fulfil those duties, then he may be liable to the company for any resulting losses. The director of a company may also assume this kind of liability by virtue of his service contract with the company.
The Turnbull guidelines may therefore in the future provide guidelines for what constitute reasonable steps for a director of a company to take. If the board fails to follow the guidelines, it may be said that the directors have acted negligently. They may therefore be personally liable to reimburse the company for any resulting loss.
Under current law, if a director fails to prevent or report a fraud he has breached his duty to exercise care and skill. This duty is owed to the company. The director owes the company the same standard of care which a reasonable person would exercise on his own behalf. The test is objective.
The standard of skill required from a director is that which could be reasonably expected from a director with his degree of knowledge and experience. This is a subjective test. In this sense the director may well be negligent in failing to take steps to prevent fraudulent activities.
This is a clear example of how a director may be held liable to the company for failure to take reasonable steps to prevent loss to the company. There is no reason why the same argument could not be applied to the director who fails to implement internal control procedures to prevent misappropriation of company proprietary information by a computer hacker through failure to implement security measures.
From a litigator’s point of view, the number one priority is to get back for the victim what he has lost as opposed to tracing the whereabouts of the criminal and passing the matter on to the appropriate authorities.
This will involve considering whether lawyers, forensic accountants or enquiry agents should be instructed. Having regard to the legislation and in particular, the Data Protection Act 1998 and the Human Rights Act 1998, it is essential that legitimate means are used in the investigation and if unusual steps are being taken, to obtain the Courts sanction in advance.
My firm recently acted on behalf of a Defendant who had a number of Orders made against him, including a Freezing Order. That injunction was dropped as were two substantial elements of the Claimant’s case on the basis that unlawful means were used both to try to establish the fraud and the whereabouts of my client’s assets. The Courts will be sympathetic to a Claimant where unusual steps have to be taken because there is no realistic alternative. Last year, my firm acted for a Claimant where proceedings were brought in Gibraltar. Before doing so, we advised the Court of our intention to invite the Defendant who was living in southern Spain to Gibraltar under the pretext of a business meeting. This was done so to enable us to serve the proceedings on him in Gibraltar thereby giving their Courts the jurisdiction to hear the matter. The Court sanctioned our conduct and when the Defendant then raised vociferous complaints, he was told by the Court that it had approved the way we had acted.
The English Civil Courts have the power to grant Orders requiring third parties to disclose what they know about the launderer before any proceedings are commenced. This is a remedy available to victims of civil wrongs irrespective of whether they have been committed electronically or in the physical world. In cases involving the internet the most natural target of such an Order is the internet service provider. In February 2001, Mr Justice Owen granted an Order on the application of Totalise Plc that Motley Fool Ltd and Interactive Investor disclose details of an anonymous party who had used their discussion boards to post defamatory remarks about Totalise. In his Judgment Mr Justice Owen unusually awarded costs against Motley Fool and Interactive Investor stating that “there is considerable force in [the] argument that those who operate web sites containing discussion boards do so at their own risk. If it transpires that those boards are used for defamatory purposes by individuals hiding behind a cloak of anonymity then in justice a claimant seeking to establish the identity of the individuals making such defamatory contents ought to be entitled to their costs.” A few months ago, it was reported that Scoot.com had obtained an Order for disclosure of the identities of previously anonymous users of Interactive Investor’s bulletin boards. Those users had allegedly posted critical remarks about Scoot. In December of 2000, the Court of Appeal in the case of Ashworth Hospital Authority v MGN Ltd [2001] 1 AER 991 ordered the disclosure of the identity of an intermediary who provided medical information on a prisoner, obtained from a source of the claimant hospital in whose custody the prisoner was detained. The information came from the hospital database.
In Alberta, Canada, a jurisdiction which draws on English law, a series of discovery Orders were made in the case of ATB v Leahy 2000 AQBQ 575. The Orders were made without notice to the Defendant against banks for disclosure of information that provided strong evidence that the Defendant may have been receiving substantial bribes. The disclosure sought and obtained was unusual in that it included disclosure of the source of monies when such disclosure is usually granted to determine to where the money is transferred in order to trace it to its eventual destination and freeze it. Disclosure of the source may be justifiable in identifying other wrong-doers i.e. the bribers. That was indeed the approach taken by the Alberta Court. The case is currently under appeal.
Another example of such an Order is what is called a Bankers Book Order. It requires that banks with whom the Defendant has or is believed to have an account to disclose all information relating to his account or accounts. This includes not only bank statements but also banker’s drafts, telegraphic transfers, loan facilities, credit card details and any investment portfolios they may manage. In re Howglen Ltd [2001] 1 AER 376 it was held that the provisions of the Bankers Book Act did not oblige the bank to disclose records of meetings. However, it was held that under CPR 31.17, the Court would make an order for disclosure of such documents providing it was satisfied (1) that there were documents falling within the specified classes and (2) that those documents were - not might be - documents whose disclosure would support the case of the applicant or adversely affect the case of another party to the proceedings.
Consideration should also be given as to the possibility of obtaining, via a Witness Summons, documents held by such authorities as the FSA, Inland Revenue, Customs & Excise and the SFO.
Such Orders for disclosure can be combined with what is called a “gagging” Order which prevents the party giving disclosure from notifying the criminal. Breach of such an Order will amount to a contempt of Court which is punishable by prison.
If the disclosure given as a result of these third party Orders results in other assets being revealed whether inside or outside the jurisdiction of the English Courts, the Court will normally extend the time in which to serve the Freezing Order to give the Claimant sufficient time to freeze those assets in the different jurisdictions identified provided they do so quickly.
The fact that criminals can be caught in this way is shown by reference to two examples. The first involves the alleged creator of the Melissa virus, David Smith, who was identified by the Computer Crimes Taskforce of New Jersey after they had traced the virus to the specific telephone number which has spawned it. Whilst this was done during the course of the criminal investigation, there should be no reason why using the Civil Courts would not achieve the same result.
The second example is by way of reference to the way intellectual property infringers are identified and located using the Civil Courts. The first a company may know of the fact that its intellectual property rights are being infringed is when the offending product appears in the market place being sold by a shop or street trader. They are highly unlikely to be the source of the infringing product and one of the Orders obtained against them is to identify their supplier on an anti tip-off basis. Similar Orders are then obtained against that supplier and thereafter up the chain until the producer of the infringing product in the UK or its importer into the UK is identified.
As both search and freezing Orders are applied for without notice, the following practical principles must be borne in mind:-
(a) Any Claimant for such an Order must act in the utmost good faith and disclose to the Court all matters which are material to be taken into account by the Court in deciding whether or not to grant relief without notice and if so, on what terms. Failure to do so can lead to any Order being set aside and the Claimant being faced with what could be a substantial damages claim. In The Gadget Shop Ltd v The Bug Com Ltd & Ors, the English Courts held on 14 June 2000 that a search Order would be set aside because the Claimant ought to have informed the Judge making the Order that:-
i) There was a possibility that the search may have had to be carried out at the home of an unaccompanied woman.
ii) That the supervising solicitors were not Partners of the Claimant’s firm.
iii) That there was no undertaking by the Claimant not to inform anyone else of the proceedings.
iv) That the supervising solicitors did not have any material recent experience of the execution of search Orders and;
v) That a set of confidential documents were going to be used by the search team.
(b) If an application is made by the Defendant to discharge the injunction that was obtained after material non disclosure, the Court will consider whether that application should be heard, together with the Claimant’s application to continue the injunction on the merits Network Multimedia Television Ltd v Jobserve Ltd [The Times - 15 December 2000].
(c) The Court invariably requires the applicant for such a freezing Order to give an undertaking to abide by any Order for damages which may be made if the Defendant suffers loss as a result of such Orders being obtained and the Court is of the opinion that the Claimant should compensate him. The law relating to such undertakings and enquiries as to damages was reviewed by the Court of Appeal in Yukong Line Ltd v Rendsburg Investments Corporation & Ors in December 2000 where the Court on that occasion considered that the Defendant could not establish that he had suffered any losses. The undertaking is given to the Court and not to the Defendant and any breach would be in contempt of Court. The Court can, if it considers it appropriate, secure such an undertaking by way of a bond.
(d) The Claimant must have a good arguable case.
(e) There must be a real risk that judgment may go unsatisfied.
Some factors in establishing whether there is such a risk include:-
(i) That nature of the assets which are to be the subject of the proposed injunction and ease or difficulty with which they could be disposed of or dissipated.
(ii) The nature and financial standing of the Defendant’s business.
(iii) The length of time the Defendant has been in business.
(iv) The domicile or residence of the Defendant.
(v) If the Defendant is a foreign entity, the availability or non availability of any machinery for reciprocal enforcement of English judgments.
(vi) The Defendant’s past or existing credit records.
(vii) Any intention expressed by the Defendant about future dealings with his English assets, or assets outside the jurisdiction.
(viii) Connection between the Defendant company and other companies which have defaulted.
(viiii) The Defendant’s behaviour and response to the Claimant’s claim.
(f) Freezing injunctions may be granted against assets in the name of or claimed by a third party.
Once as many assets as possible are identified, it is time to serve the Freezing Order. The position concerning Search Orders is slightly different as the basis upon which they are granted is that there must be a real risk that evidence will be tampered with or destroyed and they therefore are normally obtained and served on an urgent basis.
In the case of Freezing Orders, they need to be served personally on the criminal if the client is to be able to obtain the sanction of prison in the event that the Order is breached. However, service need not necessarily be in England or Wales. The criminal can be served out of the jurisdiction in accordance with the requirements of local law. There are also conventions which allow for service through government offices but these can take several months and are far too slow in cases of this type.
As already mentioned, it may be possible to bring the Defendant into the jurisdiction where the sanction of the Court has been obtained before and, in one case, we served a Defendant whilst he was transferring terminals at Heathrow airport.
In the case of Search Orders, these are normally executed at premises in England but Orders can be made for service elsewhere. The Defendant does not need to be present as they can be served on the person having control of them at the time.
A Search Order enables not only the Claimant’s legal representatives to search a Defendant’s premises to secure evidence but also other individuals. Apart from the supervising solicitor whose duty is to ensure that the search is properly executed, the Claimant’s team is likely to include any enquiry agents instructed in the search for assets and data recovery experts who will search the Defendant’s computer and its storage systems. The Defendant is under an obligation to supply any passwords necessary to access his computer. If he fails to do so, an application can be made to the Court whilst the search is being carried out for an Order to remove the computer system in its entirety. Normally, Search Orders now provide that the computer data expert should take a complete image of the computer which will included deleted files and free space. That image is then examined in the presence of both the Claimant’s and Defendant’s solicitors as well as the supervising solicitor to determine whether it falls within the scope of the Order. A recent search my firm carried out revealed that the Defendant was at least interested if not involved in carrying out internet banking.
It is unusual for a Freezing Order simply to freeze assets. Normally, they contain a number of Ancillary Orders designed to ensure that the Claimant is given full disclosure of the launderer’s assets and the whereabouts of the stolen money. A standard Order will therefore contain a requirement that the Defendant disclose in an affidavit the whereabouts of his assets and their value. If there are grounds for believing that disclosure is incomplete, one can apply for an Order that the Defendant be immediately cross examined on the information he has provided. The Defendant however may claim that he has the right to refuse to make such disclosure on the grounds of privilege against incrimination (Memory Corporation Plc v Sidhu & Anor ChD (Arden J) [2000] 1 All ER 434). He cannot, however, refuse to make disclosure on the grounds that he is challenging the jurisdiction of the Court.
Orders can also be made:-
(a) Requiring the Defendant to remain in the jurisdiction and to deliver up his passports where there is a danger that he will attempt to leave it without giving full disclosure of his assets.
(b) To deliver certain of his assets into the custody of the Claimant’s solicitors.
(c) To sign a document directing his bank to disclose information to the Claimant.
The Court can order a solicitor who has acted for persons who have intervened in proceedings but who have not become parties to disclose the names and addresses of those for whom he had acted.
The force behind all the Orders is the threat of contempt proceedings if there is a breach of the terms with the ultimate sanction of imprisonment.
It is important to appreciate that the person who has committed the fraud may not be the only person against whom a remedy can be obtained. There may be other people involved in committing the crime.
By way of example, it may be more realistic and cost effective to commence proceedings against any broker or dealer involved in an advanced fee scam.
In the future, it may include certification authorities. Many countries and, notably, the European Union are looking to Certification authorities to verify the identity of e-traders by issuing digital certificates. There therefore may be scope for a claim against a Certification Authority that issues a certificate to a launderer.
Lawyers and accountants who have been involved in setting up any scheme may also be legitimate targets. My firm recently acted for the Claimants in an advanced fee fraud where the Defendants were a British Virgin Islands shell company operated by a Swedish national whom it appears was in jail in Norway for fraud and a UK shell Plc that was run by businessmen based in Pakistan and Birmingham. Neither was an attractive Defendant. However, the case of my clients was that they relied on statements made by the solicitor instructed by the UK shell Plc that their money would be safe. The solicitor’s insurers settled out of Court rather that establish whether or not a duty of care existed to my clients in those circumstances.
More controversially, it may also include computer hardware and software companies who have left back doors in their systems which are then accessed by hackers or alternatively where a flaw in their product allows a virus to spread. Indeed, that allegation has specifically been made in respect of the recent Code Red virus. Whilst this is an untested area of the law it does seem that a victim of fraud may have a claim where it is known that launderers can short circuit a computer’s security systems simply by accessing these back doors.
However, internet service providers are unlikely to be liable for electronic crimes committed through the services they offer unless they have actual knowledge of the crime. This is the gist behind the European proposals for an electronic commerce directive which also imposes no obligation on them to monitor information transmitted or stored on their network or to actively seek facts or circumstances indicating illegal activity.
The High Court has also held that an internet service provider could be liable for defamatory material posted by a third party on one of its news groups. A Mr Godfrey told Demon Internet Ltd about alleged defamatory remarks about him contained in a posting on a news group posted by the service provider. The posting was made by an unknown person in the US who was not a demon customer. Mr Godfrey asked for the posting to be removed as it was defamatory and a forgery but despite that, it remained on site for a month. The High Court ruled that internet service providers are liable for publishing comments which users post on their news groups but the providers would be able to successfully defend proceedings if they can show that they took “reasonable care” when publishing the statement and “did not know” that it was contributing to a defamatory publication. As Demon had known that the statement might be defamatory, but had not removed it for over a month after that knowledge, it was this factor that may have persuaded them to agree to pay ?250,000 (in addition to their own costs) to settle this case.
In November 2000 the French High Court gave Yahoo! 3 months to block access by French citizens to those parts of its US sites that offers the nazi memorabilia. If it fails to do this, and cannot mount a successful appeal, Yahoo! will face punitive fines. It is reported that as a result, Yahoo have now banned trading on its site of items from the Nazi era and of all other material deemed to promote anti-Semitism and violence. It has announced that as from January 2001, it would instigate new procedures designed to keep all such items from its commerce sites. More recently in June of 2001, the International Action for Justice was asking for an injunction to block access to a neo nazi US web portal. For some time now there has been great concern as to how it is possible to deal with the borderless nature of increasing international unlawful activity. This case is the most recent example of the growing tendency of Courts taking effective measures to limit or prevent wrongdoing.
However, in January 2001, the Superior Court in San Diego dismissed a class action suit against online auction company eBay for $10 million brought as a result of the sale of bogus memorabilia through its site. Judge Linda B Quinn said that eBay did not vouch for the authenticity of items but allowed the vendors to describe them.
The English Courts have recently given significant judgments concerning the liability of accountants who fail to detect or report signs of fraud. In Law Society v KPMG Peat Marwick (sued as KPMG Peat Marwick McLintock) and others, [2000] 4 All ER 540, the Court of Appeal held that a reporting accountant owed a duty of care to the Law Society. Section 34 of the Solicitors Act 1974 requires solicitors to provide an annual report signed by an accountant, one of the main purposes of which is to alert the Law Society to the possibility of improprieties in the conduct of a solicitor’s practice. If the report fails to detect the possibility of fraud, the Law Society may now look to recover damages from the reporting accountants for compensation paid to the victims of the fraud. In Sasea Finance Ltd (in Liquidation) v KPMG (formerly KPMG Peat Marwick McLintock (a firm)) (2000) 1 All ER 676, the Court of Appeal held that where a company’s auditors discovered that a senior employee had been defrauding the company on a massive scale, and that employee was in a position to continue doing so, the auditors would normally have a duty to report the discovery to the management immediately and not at the time they render their report. This duty may in appropriate circumstances of the case extend to reporting the discovery to regulatory bodies. In December 2000, it was announced that the Florida Department was suing KPMG for $47 Million, charging that its audits failed to uncover financial irregularities at SunStar Health Plan Inc. The lawsuit alleges that KPMG did not report that SunStar was shifting a disproportionate amount of its expenses to a parent company, SunStar Healthcare Inc. More recently, it was reported that a UK Company, Duke Street Capital which faced a ?35 million loss after investing in an Austrian firm hit by fraud allegations, is considering legal action against PriceWaterhouse Coopers on the basis that during the course of three separate rounds of due diligence, it failed to expose allegedly bogus accounting practices that have now come to light.
Liability may rest with the organisations that helped set up and maintain the system, the security of which has been breached. Invariably, they will look to the small print of their agreement which they will argue could avoid or limit their liability. It is therefore very important that this be checked. On the other hand, there is increasing legislation which seeks to protect the consumer against having their claim successfully challenged on such exclusion clauses. The main criteria in this legislation is whether such a term would be unreasonable or unfair. Indeed in the recent case of Director General of Fair Trading v First National Bank Plc (2000) 1 WLR 98, it was held that the term, whilst not inherently unfair, could still constitute a breach of the requirement of good faith if it unfairly deprived consumers of the benefit or advantage which they might reasonably expect to receive.
In May of this year, in the case of Foskett v McKeown [The Times 24 May 2000], the House of Lords had to decide which of two innocent parties should benefit from the activities of a launderer. In this case, the launderer stole money from a Trust Fund and used ?20,000 to pay some premiums on a pre-existing life insurance policy. On his death, his insurers paid more than ?1 million to his children who were the surviving beneficiaries. The House of Lords held that as the ?20,000 had been applied to make payment of 40% of the premiums, the victims were entitled to 40% of the policy monies - more than ?400,000. The Court accepted the argument that the victims were entitled to trace their money through the policy into the amount paid out by the insurers after the launderer’s death and to claim a proportionate share of it from his children.
The English Court of Appeal has recently held, in the case of Bank of Credit & Commerce International (Overseas) Ltd & Anor v Akindele, that to establish liability it had to be proved that the recipients state of knowledge was such as to make it unconscionable for him to retain the benefit of the receipt. In the context of a restitutionary claim based upon "knowing receipt", the Court was entitled to pierce the corporate veil and recognise receipt by a company as that of the individual(s) in control of it if the company was used as a device or facade to conceal the true facts, thereby avoiding or concealing any liability to those individuals (Trustor AB v Smallbone & Ors [The Times 30 March 2001]).
In the recent case of Governor & Company of the Bank of Scotland v A Ltd, B & C (TLR 6/2/2001), the Court of Appeal has recently considered the potential dilemma of a constructive trustee.
In the case, large sums of money were transferred into an account opened by A Ltd at the Bank. Following the receipt of due diligence material, the Bank became concerned that it might be regarded as a constructive trustee of the funds which may have been obtained through fraud. It therefore reported its concerns to the police, ICC Commercial Crime Bureau and the British Bankers Association. As a result, the Bank became aware that investigations were being conducted into the activities of A Ltd.
The Bank faced an apparent dilemma: Pay out the monies and it believed it would be liable as a constructive trustee. Refuse to pay out the monies and face an action by A Ltd against which the bank could not defend itself as the police objected to the Bank revealing what it had been told. Under section 93D of the Criminal Justice Act 1988, a person is guilty of an offence if he discloses to any other person information or any other matter which is likely to prejudice a police investigation into money laundering.
The Bank applied to the Court for directions as to what it should do. Mr Justice Lightman suggested he should grant an injunction against the Bank restraining it from making any payment. The Bank accepted the suggestion and the injunction was granted. However the terms of the Order were that A Ltd was not to see anything put before Mr Justice Lightman or the Order or even be informed of its existence!
Not surprisingly A Ltd was concerned about the Bank’s refusal to pay and applied for an order that sums held by the Bank be paid out to it. The Bank eventually paid out the monies.
The Court of Appeal then considered the matter in detail. It concluded that the Bank should have attempted to resolve with the Serious Fraud Office what matters the Bank could disclose. If they could not resolve matters, then the Court could be asked to determine the outstanding issues.
The Bank could then have considered its best course of action in the light of the material available for it to disclose. It could have made payment to A Ltd and risked being held liable as a constructive trustee or it could have refused to make payment. However, whichever option it took, the Bank would now have the advantage of knowing what material it could rely on to defend proceedings by A Ltd.
If the material was substantial, the Bank may have chosen to refuse payment to A Ltd, in the knowledge it had prospects of defending any application, or at least delaying the determination of the application until the investigation was made known to A Ltd, and the restriction on full disclosure could be lifted.
If the material was insubstantial, the Bank could make payment to A Ltd and attempt to resist the claims of the primary victim on the basis that the Bank acted as any honest person would have done and should therefore not be liable as a constructive trustee.
As the Court of Appeal themselves said:-
"The use of the court's power to grant interim declarations in proceedings involving the SFO will protect a bank from criminal proceedings but it will not automatically provide protection for the bank against actions by customers or third party. However it seems almost inconceivable that a bank which takes the initiative in seeking the court's guidance should subsequently be held to have acted dishonestly so as to incur accessory liability. The involvement of the court should however enable, in the great majority of cases, a practical solution to be determined which protects the interests of the public but allows the interests of a bank to be safeguarded."
1 If assets within the jurisdiction would not be sufficient to meet the claim, the English Courts will consider granting extraterritorial relief. In addition to matters listed in 5.1 above, the Court has to be satisfied that there are insufficient assets within the jurisdiction to satisfy the claim and that there is strong evidence to show that the Defendants have foreign assets and the Defendants have demonstrated their ability to render assets untraceable and a determination not to reveal them. The Claimant will have to give undertakings to the Court not to, without leave of the Court in any other jurisdiction:-
(a) Begin proceedings against the Defendant or;
(b) Seek an Order of a similar nature (including Orders conferring a Charge or other security against the Defendant or the Defendant's assets) or;
(c) Seek to enforce injunction.
These undertakings are given to give the English Court general control over the conduct of the litigation.
2 The English Courts also have power to make a world wide disclosure Order in support of substantive proceedings elsewhere. The factors that are likely to be important in considering whether such an Order would be granted include:-
(a) Would the Order hamper the case management by the Court hearing the substantive proceedings?
(b) Would the Order give rise to conflicting or overlapping Orders in other Courts?
(c) Would the primary Court have granted such relief but declined to do so?
(d) Is the Defendant resident or domiciled in England and so liable to effective enforcement of an Order made?
3 In the context of such claims, the Courts have appointed a Receiver over assets abroad “to see that the stable door is locked before the horse has gone”.
4 The English Court also has jurisdiction to grant such search Orders against a Defendant to require him to permit entry overseas. However:-
(a) The Court may decide that any such Order may be granted by a local Court.
(b) It may be granted on terms that it be suspended to give a foreign Defendant the opportunity to challenge the jurisdiction of the Court who entertain proceedings.
5 Orders may be granted under Section 25 of the Civil Jurisdiction and Judgments Act 1982 (as extended) in English proceedings brought for the sole purpose of seeking interim relief in relation to proceedings anywhere in the world. Not only can freezing and search Orders be made under this Statute but also Orders which will secure and preserve evidence.
6 The circumstances in which such a freezing Order may be granted were considered by Mr Justice Neuberger in his judgment in Ryan and Another v Friction Dynamics Limited (The Times 14 June 2000) Such an Order should be made unless it is inexpedient to do so. The Courts may consider it “inexpedient” if:-
(a) The Order would obstruct or hamper case management by the Court seised with the substantive proceedings “the Primary Court”
(b) The relief granted could give rise to overlapping, inconsistent or conflicting Orders with those of other Courts. Overlapping Orders (eg freezing Orders granted in the UK after foreign Courts have made world-wide freezing Orders) are undesirable because of increased costs, the risk of double jeopardy for Defendants and the opportunity for forum shopping by Claimants. The latter two risks can be reduced by inclusion of a provision as to which Court would have the primary role in enforcing the overlapping jurisdiction. Overlapping Orders may be granted, but the Court should expect to be provided with cogent reasons to justify it. It is generally desirable that if an overlapping Order is made it should track precisely the terms of the Order made by the foreign Court. However there may be good reason why it should be in different terms
(c) The Primary Court has jurisdiction to grant the relief and has declined to do so. Although the High Court may still consider it appropriate to grant the Order.
(d) Any judgment obtained in the foreign Court would not be valid and enforceable in England.
7 Winding-up proceedings may be successfully brought in England against
a foreign company under part V of the Insolvency Act 1986. This is so when
there are assets within the jurisdiction belonging to the company or when
such company does not have assets within the jurisdiction, providing that
the affairs of the company in question have a sufficient connection with
England, and there is a reasonable possibility of benefit for the creditors
from the winding-up. It is the practice of the Companies Court to dismiss
Petitions to wind-up based on a disputed debt. However, the Court may decide
to allow the Petition to proceed, notwithstanding this, where the effect
of dismissing the Petition would be to deprive the Petitioner of a remedy
which he ought to have or where the dismissal would cause injustice e.g.
allowing the company to spirit away its assets.
8 Freezing and search Orders can also be granted in proceedings taken in England to enforce a foreign judgment in England or to enforce an arbitration award. Where a Claimant has obtained a foreign judgment, time is taken in complying with the relevant procedure to register that judgment in England and therefore pending that registration, there is nothing to stop such a Claimant obtaining such Orders.
9 The Courts have been willing to allow the use of proceedings abroad to assist the party in obtaining the evidence required to support its case. In South Carolina Insurance Co v Assurantie Maatschappij ‘de Zeven Provincien’ [1987] 1 AC 24 the Defendants to a reinsurance action pending before the English Courts applied to a District Court in the United States for an Order that certain of the Claimants, associates and agents in the US should provide pre-trial discovery of documents relevant to the issues in the English action. The application had been precipitated by the fact that a request for discovery of those documents from the Claimants in England had been refused. The Court of Appeal granted an injunction preventing the Defendant from taking the US proceedings any further on the grounds that there was a need for the English Court to retain control of its own process. However that decision was reversed by the House of Lords on the grounds that although the Court had jurisdiction to grant such an injunction, it should only do so if it could be shown that the foreign proceedings invaded or threatened to invade the rights of the other party to the action or where it amounted to unconscionable behaviour. It would appear that there is no reason why the Court should not adopt this accommodating stance with regard to foreign discovery in aid of an application for a freezing Order in this country.
10 Where a Court requires the assistance of a foreign Court in obtaining evidence for use in its proceedings, the Hague Convention provides that it should send a request to the Central Authority established for this purpose by the foreign country concerned. The request should provide details of the proceedings and of the evidence to be obtained and in particular, of those documents that are to be inspected.
11 European Heads of Government agreed measures recently in Tampere to try and tackle cross border fraud and other crimes. The core of the plan is the mutual recognition of judicial decisions throughout the EU – this would apply to pre-trial Orders that would effectively allow authorities to secure evidence and seize assets in other countries. The creation of a “European area of justice” would allow litigants to bring actions in the Courts of any of the 15 member states would lead eventually to the abolition of extradition procedures within the Union.
12 Following the recent terrorism in the USA, the EU have pushed through new measures permitting EU wide search and arrest warrants.
Thirty-seven new measures have been proposed by the European Commission and were passed by emergency summit on 21 September 2001. The measures need to be ratified by parliament and are therefore not likely to become law before 2002.
The measures include the following:
· Creation of an anti-terrorist department within Europol
· Closures of financial loopholes currently exploited by terrorists
· New border controls
· A new EU wide definition of terrorism
These new measures may well have a direct application to cyber terrorism and may well assist the National High-Tech crime Squad in pursuing international cyber terrorists.
The financial measures will hopefully assist in the detection and prevention of money laundering by organised crime syndicates who launder money in order to fund illegal activities such as terrorism.
The measures will also encourage greater international co-operation between Europol and the US intelligence services which may prove to be a huge step forward in the international fight against money laundering. It is only with international co-operation that we can really prevent money laundering, particularly where money laundering is carried out online.
13 An agreement was reached at the EU summit in Fera in Portugal in June whereby further EU countries had dropped their objections to providing information on non resident savings accounts in return for their not having to scrap their banking secrecy laws.
14 The European Commission has now formally tabled a further measure, the creation of a European Prosecutor who would have authority to launch investigations into frauds committed against the institutions of the European Union. In a statement, the Commission said “The new Prosecutor would be in charge of investigations into cases affecting the EU Community’s interests and prosecutions in the national courts. So he would not be taking the place of the national courts, least of all in terms of delivering a verdict. But he would make their task easier by presenting evidence obtained across the entire Union, helping them to overcome the obstacles posed by the fragmentation of jurisdiction among 15, (and soon more), member states, each with their own rules and procedures.
15 A regulation granted by the European Council in November 2000 brings into force the so called country of destination principle under which consumers can sue an e-tailer under the laws of the country in which they live. It is designed to protect consumers who may be reluctant to make purchases from other EU countries if it means giving up the legal protection they receive in their home nation. For example, the regulation allows a German consumer making a purchase from a UK site to sue under German law. Consumer rights advocates say such reassurance is essential for the uptake of ecommerce. But opponents argue it would damage ecommerce in Europe, forcing small businesses to sell only to consumers in their own nation if they want to avoid the cost of knowing what is legal and what is not in different countries.