In recent years, criminals have launched cyberattacks on the international banking system through the worldwide bank messaging system known as SWIFT — the Society for Worldwide Interbank Financial Telecommunication. The most highly publicized heist involved $81 million in fraudulent transfers from the Bangladesh Central Bank in February 2016 from its account at the Federal Reserve Bank of New York to accounts in Sri Lanka and the Philippines. There have been reports of several other cases of fraudulent transfers involving SWIFT.
Sal Scanio’s recent article, Interbank Liability for Fraudulent Transfers via SWIFT: Banco del Austro, S.A. v. Wells Fargo Bank, N.A., 36 BANKING & FIN. SERVICES POL’Y REP. 8 (DEC. 2017), analyzes one such case of fraudulent transfers via SWIFT to illustrate the framework for allocating liability between banks. In Banco Del Austro, S.A. v. Wells Fargo Bank, N.A., No. 1:16-CV-00628 (S.D.N.Y. filed Jan. 20, 2016), an Ecuadorian bank’s computer system was infiltrated by cybercriminals who were able to steal the login credentials of a bank employee, logon to the bank’s SWIFT terminal, and cause at least 13 unauthorized transfers via SWIFT by re-issuing cancelled or rejected transactions that remained in the bank’s SWIFT outbox and altering the amounts, beneficiary, beneficiary bank, and destination. Between January 12 and January 21, 2015, a dozen SWIFT messages were sent from Banco Del Austro to its correspondent bank in New York, Wells Fargo Bank, N.A. that enabled fraudulent transfers totaling $12,172,762. Banco Del Austro alleged that these transfers were unusual, suspect, or anomalous because they were inconsistent with the bank’s normal activity in its correspondent account at Wells Fargo. Banco Del Austro brought suit against Wells Fargo, asserting causes of action for violations of Uniform Commercial Code (UCC) Article 4A and common law claims of negligence and breach of contract. The article discusses the development of this litigation and analyzes the legal theories of liability as applied to this case of SWIFT cybercrime.
For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605.