Ecuador bank’s suit against Wells Fargo over cyber heist can go forward: ruling

Posted by Fatima Kurth on

By Nathan Layne

 

A lawsuit by an Ecuadorean bank alleging that Wells Fargo & Co (WFC.N) is liable for authorizing the transfer of $12 million stolen in a 2015 cyber heist can go forward, a U.S. judge ruled on Tuesday.

 

The decision by U.S. District Judge Lewis Kaplan in Manhattan was in response to Wells Fargo’s motion to dismiss the lawsuit by Banco del Austro, which sought to hold the U.S. bank responsible for failing to halt the transfers made via the SWIFT network.

 

The 2016 lawsuit took on new importance in the wake of this year’s heist at the Bangladesh central bank, in which cyber thieves used the SWIFT global messaging system to swipe $81 million from an account at the Federal Reserve Bank of New York.

 

In addition to highlighting potential security risks inherent to such interbank transfers, Banco del Austro’s lawsuit was also seen by legal experts as a key test of whether a so-called correspondent bank – in this case Wells Fargo – could be held liable for authorizing authenticated SWIFT transfer messages.

 

In Tuesday’s ruling Kaplan threw out breach of contract and negligence claims against Wells Fargo but denied the U.S. bank’s bid to dismiss alleged violations of the New York Uniform Commercial Code, which governs whether fund transfer security procedures are “commercially reasonable.”

 

Kaplan said the court could not “rule as a matter of law that use of the SWIFT system, with nothing more, constituted a commercially reasonable security procedure in the context of this particular customer-bank relationship.”

 

Wells Fargo, which has previously maintained that it properly processed the wire instructions via authenticated SWIFT messages, could not be immediately reached for comment on Tuesday’s ruling.

 

Banco del Austro could also not be reached for comment.

 

The $12 million was stolen in January 2015 when unidentified hackers secured a Banco del Austro employee’s SWIFT logon credentials, Wells Fargo said in a February court filing.

 

Court filings and judicial rulings show that the cyber thieves routed most of the stolen funds through 23 companies registered in Hong Kong, some of them with no apparent business activity, Reuters reported in May.

 

Banco del Austro submitted criminal reports to police in both Hong Kong and Ecuador about the transfers, according to Hong Kong court filings. It is not clear if any progress has been made by the authorities in finding the stolen funds.

 

(Reporting by Nathan Layne; Editing by Bill Rigby)