In a landmark ruling, the Commercial Division of the High Court has ordered Stanbic Bank to refund at least UGX 339,556,644 to a customer who erroneously paid over UGX 2 billion through the bank’s online system.
In her decision, Judge Cornelia Kakooza Sabiiti found that Stanbic Bank had failed to implement robust fraud detection and prevention measures to safeguard its system and customers.
The ruling followed a successful suit filed by Mukono-based drug manufacturer Abacus Parenteral Drugs Limited.
The company asked the High Court to declare that Stanbic Bank was negligent and breached its statutory obligations, leading to a loss of UGX 2.203 billion after the bank allowed the funds to be paid into erroneous accounts.
The drug company told the court that in a bid to ease its daily financial reconciliations and for salary payments for its staff, on May 12th, 2010, it applied and obtained from Stanbic Bank online banking services in respect of the account it held there.
The company authorized two people to utilise the online service on its behalf.
However, upon an audit on the account transactions, it was discovered that between November 2015 and March 2018, Stanbic Bank had honored several payments that the drug company didn’t know of or even authorized.
The accounts to which this money was sent were also held in Stanbic Bank.
However, in its defence, Stanbic Bank denied any liability, instead arguing that the drug company had been; in writing, told of the risks associated with online banking.
The bank also said that online banking services are a straight-through process (STP) where the authority to initiate, verify, confirm, and authorize a transaction on the customer’s account lies squarely with the account holder.
In determining the matter, Judge Sabiti held that Stanbic Bank had all the banking information of the customer on which over UGX1.6 billion was paid erroneously over some time.
“The bank did not show that the online payment system had sufficient security features to safeguard against incorrect payments in accordance with its contractual obligations.
The bank had a duty to put in place robust fraud detection and prevention solutions to protect their system and the customer.
At the bare minimum, the online banking system should have flagged the repeated use of the same account numbers in the names of different beneficiaries,” the judge held.
However, the judge also found that Abacus Parenteral Drugs Limited was also negligent in its actions as it allowed the sharing of passwords among its officials who had been allowed to transact on its behalf.
“The merging of the initiator and authoriser role in a financial payment system was a significant and foreseeable risk which the plaintiff ought to have known.
I therefore find that the plaintiff was grossly negligent. This issue is answered in the affirmative that the plaintiff’s actions and omissions were negligent and contributed to the financial loss,” the judge held.
Consequently, she declined to force Stanbic Bank to repay all the money lost to fraud in the online transactions.
“Since both parties are in breach of their contractual obligations and were negligent with regard to their duty of care, the court is inclined to apportion the loss according to their comparative fault.
The failure by the plaintiff to exercise basic financial internal controls exposed the plaintiff to the fraud and greatly contributed to the fraudster’s success.
The plaintiff in this case was in the best position to prevent the fraud. Therefore, it is my considered opinion that the plaintiff is more to blame for the loss to the extent of 80%.
The defendant bank is 20% to blame for not having robust security features in its online banking system to ensure that the beneficiary account details of the beneficiaries within its internal banking system correspond before the payments are affected,” the judge said.
She therefore ordered Stanbic Bank to pay UGX339.5 million with an 18 percent interest per annum until full payment to Abacus Parenteral Drugs Limited.
She also declined to award damages to Abacus. She also ordered that each party meets its own cost of the suit.
Community News Updates, Adverts, Opinions, Profiles-WhatsApp- +256-753-209-437
English 