Swiss Federal Supreme Court Decision of 13 September 2022, No. 4A_407/2021 (published as BGE 149 III 105)

Date: 25. September 2023

The critical legal issue in this decision was whether a customer who fell victim to the criminal misconduct of a bank employee had a claim against the bank for contractual performance or for damages based on the bank's legal liability.

On the facts, the Federal Tribunal found that the bank's employee – a relationship manager who worked for the bank's Turkish Desk – had carried out twelve unauthorized transactions (including transfers to third parties without a counterparty, share transfers and purchases, as well as forex transactions) between 2006 and 2009. All but one of those transactions had resulted in a loss for the customer.

In February 2010, the bank employee left for Turkey and did not return. He was later dismissed by the bank with immediate effect. After contacting the bank and becoming aware of the discrepancies on his account, the customer specified for which transactions he had in fact given instructions and which transactions he disputed. The bank's internal audit established improper activities such as the use of customer funds for the personal purposes of the bank employee and even fraud which had taken place at the Turkish Desk, resulting in losses for various customers and the bank in excess of CHF 14.5 million.

The Federal Tribunal held that where the case concerns the misappropriation of the customer's assets by an employee of the bank, i.e., transactions are carried out without the customer's instructions or consent, the customer suffers a loss for which the bank is liable pursuant to Articles 398 para. 2 and Art. 97 Swiss Code of Obligations (CO). In such situations, the bank's vicarious liability for the tortious acts of the employee is triggered (pursuant to Articles 101 CO and 41 CO). In that regard, the Federal Tribunal further noted as follows:

"These cases of tortious acts resulting in the contractual liability of the bank must be strictly distinguished from the cases in which the bank executes payments or transfers from the customer's account to a third party because it did not recognize the lack of authorization of the principal or a forgery. Indeed, according to the case law, the lack of authorization as well as unrecognized forgeries belong to the inherent risks of the banking business in the same way as the customer's inability to pay (...) In these two cases, the bank bears the damage, since it is its risk, and therefore it may have to pay the amount a second time to the customer, who has an action for performance (...) These are exceptions to the general rule of contractual liability pursuant to Art. 398 para. 2 and Art. 97 et seq. CO. [...]."

In summary:

• In cases where the bank carries out unauthorised transactions in situations that could be characterised as “external fraud”, the bank is obligated to reverse the debits to the affected customer account. The Bank sustains an own loss; the customer's claim against the bank is for contract fulfilment.
• In contrast, where an employee of the bank diverts funds or carries out unauthorised investments (i.e., “internal fraud”), the customer has a claim for damages arising out of the bank's legal liability. It should be noted that in this scenario, the bank has the right to assert that the customer's negligence contributed to the loss, if for instance, the customer failed to review his or her (held) account statements.

This decision has arguably not only brought about a paradigm shift in the Swiss jurisprudence on a bank's liability towards its customer in execution-only relationships, but could also have a (likely unintended or unwanted) impact on a bank's insurance claim under crime and professional indemnity policies.

In considering which type of insurance policy responds in such situations, practitioners will look to the Zurich Commercial Courts landmark decision of 24 January 2006 (ZR 105/2006 p. 120), in which the court held that a bank's professional indemnity policy does not respond in cases where the customer has a claim for contractual performance against the bank.

If, however, the customer suffers losses from unauthorized transactions and transfers at the hand of a delinquent bank employee in the context of an execution-only banking relationship, the customer – according to the Federal Tribunal's recent decision – has a liability claim against the bank for damages, which is arguably not a direct loss covered under a crime policy. Consequently, any such resultant customer claims against the bank – at least in principle – ought to be allocated to liability covers as opposed to crime/BBB covers, always subject however to the scope of insurance coverage of the policy in question.