Distribution Control Limited v ASB Bank Limited
[2013] NZHC 3168
•2 December 2013
IN THE HIGH COURT OF NEW ZEALAND AUCKLAND REGISTRY
CIV 2012-404-007204 [2013] NZHC 3168
BETWEEN DISTRIBUTION CONTROL LIMITED Plaintiff
ANDASB BANK LIMITED Defendant
Hearing: 30 July 2013 and 20 November 2013
Appearances: M C Black for the Plaintiff
S Dench for the Defendant
Judgment: 2 December 2013
JUDGMENT OF ASSOCIATE JUDGE CHRISTIANSEN
This judgment was delivered by me on
2.12.13 at 4:30pm, pursuant to
Rule 11.5 of the High Court Rules.
Registrar/Deputy Registrar
Date……………
DISTRIBUTION CONTROL LIMITED v ASB BANK LIMITED [2013] NZHC 3168 [2 December 2013]
Background
[1] DCL’s proceeding challenges the integrity of ASB’s “FastNet” banking
system.
[2] DCL had been a customer of ASB since 28 March 2000. ASB had promoted and provided the FastNet product to assist its business/commercial customers in making payment to creditor’s accounts. From an account from which a commercial customer was to receive payment credits, ASB was to arrange at regular intervals, payment of the customers payment obligations in the form of transfers to the clients customers accounts to which ever bank those accounts were payable.
[3] For ASB’s purposes its customer, in this case DCL, provided both the names
of approved payee creditors, and the account details of those creditors.
[4] DCL says that this was an essential requirement to FastNet and ASB’s
banking mandate.
[5] DCL pleads that ASB was required to make payments strictly in accordance with DCL’s instructions i.e. to the named payee and payee account number. Specifically it is claimed that ASB owed a duty to ensure that when it effected a transfer from DCL’s account that it went to that same payee whose name and account details had been authorised by DCL.
[6] Unfortunately in this case DCL’s employee Ms Hurley contrived a scheme by which she gave ASB payee directions which included an account number which was different from that to which DCL had provided a client payee name.
[7] In short, whilst DCL through Ms Hurley had provided direction for a payment to an authorised payee account, Ms Hurley had substituted the payee’s correct account number for one which she contrived and substituted an account number to which she had access and indeed from which she stole funds that had been intended for payment by DCL.
[8] DCL says it was due to failures within ASB’s FastNet system that permitted a payment to an account (created by Ms Hurley) which was not part of that authorisation originally given by DCL to ASB.
[9] A consideration of pleadings and discovery issues between the parties was scheduled for hearing on 30 July 2013. Evidence from the parties provided an explanation of FastNet’s operation and critical commentary regarding its worth.
The FastNet Product and a review of evidence provided to 30 July 2013
[10] Mr Howarth an ASB manager employed as Head of Business Brand Experience for Marketing and Online has sworn an affidavit. He advises FastNet was introduced in 1999 and operated until 2008 when a replacement system, FastNet Business, was offered.
[11] By affidavit dated 6 May 2013 Mr Howarth deposes that FastNet:
[5] Enabled... a customer to view its accounts and to make payments remotely through the internet from a desktop or laptop computer located in the customer’s office... The system required the installation of software on the customer’s computer and differed from more modern systems that are wholly ‘web-based’. The customer needed a unique and self-selected password to access to the system. The customer would also authorise selected staff to use the system. The customer was responsible for ensuring that each person had their own password and that passwords were secure and different levels of access be assigned to different passwords.
[6] From ASB’s perspective the system is automatic and did not require human involvement. Its own computer systems communicated electronically through the internet with the customer systems, and the customers instructions were carried out automatically as authorised with a correct password. In this sense the password was analogous to a customer’s signature on a cheque. Unlike a cheque, however, no human was involved. If the customer used FastNet... to instruct ASB to make a payment, the customer’s account would be debited automatically and, in due course, the recipients account would be credited.
[12] Mr Howarth deposes that Ms Hurley was apparently employed by DCL as its
Office Manager and that DCL allowed her full access to FastNet; that between 13
August 2002 and 28 September 2006 Ms Hurley used the system to pay herself about $258,000 in 69 separate payments.
[13] Mr Howarth comments that the focus of DCL’s claim is that when payments were made through FastNet payment was made to the bank account number entered by the customer in its payment instruction irrespective of the payee name that was entered. He said the system did not check that the name of the bank account corresponded with the name of the payee and he notes that DCL uses this feature as the foundation for a series of allegations.
[14] Mr Howarth explains that when completing a payment instruction in FastNet the customer had to complete a number of entries including the “payee”, the “account” and the “amount”. He said Ms Hurley would insert the name of a seemingly legitimate creditor as the “payee” (such as Telecom) but that she provided her own account number. The payment would then be made to her account although, to anyone looking at a record of the transaction it would appear that Telecom had been paid.
[15] Mr Howarth said the system also included Payee Libraries, so that Ms Hurley could pull down the details of a stored payee (such as Telecom) and then changed the account number to her own. The system would also store new payee entries automatically in a library, but Ms Hurley could have deleted the new payee entry that she had created. The essential point is that she did not use her own name as the “payee” but entered her own account number. He said that Ms Hurley sometimes included payments to herself in batches of apparently legitimate payments to others and that such payments would go through as a single batch and appear in DCL’s bank statements as a single entry for the total batch (rather than broken down into individual payments).
[16] Mr Howarth states that DCL’s accounts were eventually closed in May 2008 and that this did not occur due to any claim by DCL against ASB for breach of contract.
[17] Mr M J Thompson a director of DCL has provided an affidavit dated 18 June
2013 in opposition to the defendant’s application for further particulars, and strikeout, but also in support of DCL’s claim that the ASB has not fully complied with its discovery obligations.
[18] Prior to using ASB’s FastNet banking product, DCL was using a cheque payment system.
[19] Mr Thompson recalls a visit from ASB’s representative Ms Pearton on or about 28 March 2000 when she promoted a sale of the FastNet product to DCL. In discussions that ensued he was encouraged to utilise FastNet as a far more efficient transactional internet based system for making payments electronically. Mr Thompson was given information including a document headed “FastNet Office” which stated FastNet as being “internet banking application with extra functionality ideally suited for medium to large organisations. One of the special features in that document related to ‘security’ which stated:
“Security”
“Standard: State of the Art Security system featuring 128 bit encryption.”
[20] Mr Thompson says having read the information he relied upon it when making his decision to purchase FastNet for DCL.
[21] Mr Thompson recalls ASB assisting in implementing FastNet into his business operation.
[22] Mr Thompson has attached to his affidavit copies of documents including “FastNet Office Standard Administrator Option – Terms and Conditions”, and ASB’s “Business Banking Terms and Conditions”.
[23] Mr Thompson confirms Ms Hurley worked as DCL’s office manager and that she used the FastNet product as an ‘administrator’. Ms Hurley died after the fraud was discovered and sometime after she was confronted with the frauds.
[24] Mr Thompson states that Ms Hurley effected the frauds by using FastNet and by wrongfully substituting the payees account numbers with her own personal account numbers also with ASB; that the payments were thereby wrongfully misdirected to her accounts with ASB.
[25] Mr Thompson explains that in managing and processing the payments, FastNet required that both the payees’ names and account numbers be specified and inserted. He says the account number of the named payee was also required to be identified on FastNet for making the payment to the particular creditor/payee. He states that the requirement of FastNet for both details was considered necessary and was an important aspect of his instructions to ASB.
[26] Regarding DCL’s receipt of ASB’s bank statements confirming that payments were made he notes that in addition to there being a record of batch payments there was reference to payee’s paid other than in a batch payment wherein the name of the payee alone would be identified on the bank statement; that those statements did not disclose the payee’s account number and that an account number was disclosed on bank statements only where there was a payment between accounts of DCLs.
[27] Mr Thompson did not learn of Ms Hurley’s fraud until May 2011 when he was telephoned by a representative of DCL’s new banker, ANZ. ANZ advised there had been some “irregular payments” which had gone into Ms Hurley’s personal account from ASB.
[28] Mr Thompson says he then instructed ASB to check its records for the relevant period to determine if there were payments that could be identified as having been “paid” to Ms Hurley. He says that following this instruction ASB were readily able to provide him with “transaction reports” which identified all of the payments that had been fraudulently made by Ms Hurley to her personal accounts with ASB. Mr Thompson notes from the information provided by ASB that in many instances the amounts received by Ms Hurley were applied in reduction of her indebtedness to ASB.
[29] Mr Thompson also notes that the majority of the fraudulent payments to named payees were often included in batch payments which included a payment to a named payee which had been fraudulently diverted to Ms Hurley’s personal account with the ASB; that it appears ASB only relied on the payee’s account number (and not the payee’s name).
[30] DCL no longer retains copies of historical bank statements. It believes copies of those are also not available from ASB but nevertheless ASB has been able to provide the “transaction reports” for all the fraudulent payments. He believes ASB’s bank statements conceal the fraud because they mistakenly ‘confirm’ payments having been made to payees either within a batch or to individual payees, when clearly this is not correct. What the statements obviously do not identify is that the payments were in fact made to Ms Hurley’s personal account with ASB. He notes the ASB’s bank statements do not mention or disclose any payee account numbers and record only the name of the payees or in particular batches the name of those payees stated to have been correctly paid.
[31] Mr Thompson believes ASB should provide additional discovery by way of internal reports, email traffic and any other correspondence that would have addressed the “security and payment” issues referred to in those. He identifies particular documents by name which he says ought to assist. They include a schedule marked “Security Investigations – following Tech. Meeting 21 January 04 v1.1 and a FastNet Office “Limitations” document dated November 2004.
[32] Mr Thompson states that whilst using FastNet DCL never received any notification or indication from ASB, of any of the security or payment “risks” that are referred to in those documents he has identified.
[33] DCL has also provided evidence by an affidavit dated 15 May 2013 from Mr M E Spence, a digital forensic specialist. Mr Spence says he is an internationally certified information systems security professional who has carried out more than
500 digital forensic investigations in New Zealand, Australia and the Pacific Islands.
[34] Mr Spence has read Mr Howarth’s affidavit, the FastNet desk manual and he has read a document called FastNet Office Limitations dated November 2004 which provided an overview of customer perceived limitations of FastNet.
[35] Mr Spence is aware that client based banking software products that utilise the internet transmit data had been steadily replaced over recent years by Web
Browser based systems which are considered to be more secure. He commented that
ASB followed this trend when it replaced FastNet with FastNet business in 2008. [36] Mr Spence observed:
(a) That in using the FastNet system the completion of two payee identifier fields was mandatory, payee name and payee account number.
(b)Both these fields were transmitted to ASB as part of the payment instruction.
(c) ASB however processed the payment based solely on the account number and it made no attempt to match (validate) the account name and number.
(d)He has seen no documentation produced by ASB warning clients utilising the FastNet product that the account name will not be utilised when a payment is processed.
(e) In the absence of any documentation or knowledge to the contrary that it would have been reasonable for any user to assume that as the account name was a mandatory requirement in the payments process, that this would have been used for the purpose of processing the payment and that any reasonable user would have seen no other reason for the information to be collected.
(f) It would have been a simple matter for ASB to have included a warning message with the FastNet system that would have alerted a user when completing the payee name that this information would not be used or validated when the payment was processed.
[37] Mr Spence believes Ms Hurley was able to perpetrate her fraud in a manner she did using the FastNet system when she would not have been able to do this if the system had been based on cheque payments.
[38] Regarding Mr Howarth’s claim that Ms Hurley could have pulled down the details of a stored payee (such as Telecom) and then have changed the account number to her own, he says it is a security failure in the system that payee names and account numbers can be edited by one person; that if dual authorisation had been implemented with FastNet then Ms Hurley would not have been able to conduct the fraud in the manner that she did.
[39] Mr Spence observed that in this respect the FastNet system fails to meet the criteria set out by Ernst Young for electronic banking systems to meet “good practice”.
[40] Referring to ASB’s document entitled ‘an overview of customer-perceived limitations of [FastNet]’ dated November 2004 Mr Spence says ASB was aware that FastNet could enable payments to be made outside of mandate requirements and further was aware of this flaw in the FastNet system as at November 2004 yet allowed DCL to continue using FastNet into 2006.
[41] Mr Spence says it would be standard industry practice on identifying the security flaw in a software product to notify the customers of the flaw.
[42] Mr Spence concluded:
(a) Ms Hurley was able to commit the fraud because neither ASB nor
FastNet validated the account name and the account number.
(b)That as the collection of the account name was mandatory it was reasonable for DCL managers and users to conclude the account name and account number were being validated.
(c) That Ms Hurley could not have conducted the fraud in a manner she did if ASB had implemented the recommendations of the Ernst Young report regarding dual authorisation.
(d)That ASB had identified a significant security flaw in their FastNet product yet they failed to inform FastNet product users whilst awaiting the release of a subsequent product several years later.
[43] In response Mr Ball swore an affidavit dated 15 July 2013 on behalf of ASB. Mr Ball is employed by ASB as Head of Customer Insights in which capacity he deals with ASB’s customer complaints process.
[44] Mr Ball deposes that the New Zealand Bankers Association produced the first Code of Banking Practice in 1992; that it was a voluntary code of practice that began as and remains a set of standards against which banks conduct is assessed under the banking ombudsman scheme.
[45] Mr Ball provides copies of two additions of the Code of Banking Practice in force during the period 13 August 2002 and 28 September 2006 and notes that neither addition covered internet banking.
Applications for consideration
[46] The Court scheduled a one day fixture on 30 July 2013 upon ASB’s applications to amend the statement of claim, for further particulars, and for striking out of four of seven causes of action which it was claimed were statute barred or alternatively were plainly untenable. Also for hearing was DCL’s application for further discovery.
The strike out/further particulars applications of ASB
[47] Essentially ASB says that claims relating to an alleged breach of contract, or of an alleged breach of duty of care in tort, or insofar as it related to any claim for breach of s 25 of the Personal Property Securities Act 1999, or insofar as it related to a claim for breach or remedies under the Contractual Remedies Act 1979, that those claims should be struck out on the basis that each of those was barred by the Limitation Act 1950, or by analogy. Alternatively ASB claims that the pleadings
failed to disclose reasonably arguable causes of action and are likely to cause prejudice and delay and therefore are an abuse of process.
The further discovery application of DCL
[48] DCL says that ASB has not complied with its discovery obligations for there is good reason to believe it has other documents concerning the FastNet security and payment systems.
The hearing
[49] The hearing was not concluded on 30 July 2013 and the applications were adjourned until 20 November 2013 for conclusion.
[50] ASB’s strike out/further particulars applications were an initial response to DCL’s original statement of claim. DCL responded by filing an amended statement of claim. ASB did not consider the amended statement of claim adequately responded to pleading concerns, nor addressed statute limitation considerations. To an extent the 30 July 2013 hearing focussed on the pleading changes made by the first amended statement of claim.
[51] The 30 July 2013 hearing considered ASB’s pleading concerns to identify the source of claims that it had breached its banking mandate to DCL. Mr Dench’s careful analysis of the pleaded causes of action for breach of contract and for breach of an alleged duty of care in tort highlighted some fundamental pleading concerns and properly so because the different causes of action reflected distinct time limitation consequences.
[52] The Court considers Mr Dench took a pragmatic approach. Also and properly his submissions focussed on a need for precision.
[53] On the other hand it was clear that every attempt was being made on behalf of DCL to identify the sources of information that it considered would explain on a broad basis how ASB assumed liability for the losses caused by Ms Hurley – losses which DCL says were ASB’s responsibility due to the failures of its FastNet system.
[54] In his written submissions provided for the 30 July 2013 hearing Mr Dench concluded that whilst the discovery application was opposed ASB proposed dealing with the application pragmatically and filing a further affidavit to explain the documentation it had provided and which was referred to in Mr Thompson’s affidavit.
[55] Therein there was a hint that further argument would not be required on
DCL’s further discovery application.
[56] The Court anticipated the primary focus of a resumed hearing would be upon pleadings issued and to consider whether sufficient was available from which the extent of the claims against ASB could adequately be described and for the purpose of understanding and accepting an adequate basis from which causes of action were identified. Then consideration could be given to whether or not those causes of action were time barred or plainly untenable. ASB had conceded that some of the causes of action were not time barred.
Evidence provided since 30 July 2013
[57] Since 30 July 2013 there have been developments which have changed the focus of matters for consideration. The first of those changes concerns the evidence of Mr Bird who is employed by ASB as Digital Delivery Manager in Technology and Innovation.
[58] In the period of the Court’s adjournment of the hearing ASB has availed itself of an opportunity to investigate and to provide evidence by way of comment upon Mr Spence’s evidence.
[59] Mr Bird deposed he was asked to help search for documents when ASB was required to provide discovery earlier. He had been asked to search for documents that possibly fell within the description of:
Any reviews or changes implemented by the bank in relation to account numbers and payee names being checked or matched, in connection with the operation of [FastNet].
[60] In the result he located those documents which were provided to DCL and were annexed in the affidavit of its Mr Thompson.
[61] Mr Bird deposes he has not since found any documents relating to account numbers and payee names being checked or matched against each other in the FastNet system. In particular he says he has not found any documents showing that FastNet did not match the account number and payee name or check them against each other or the fact that payment was made to the account number only and that the payee name only acted as a reference in payment records, or that the customers were not specifically told about this. Further he found no documents that someone (such as Ms Hurley) might use FastNet to make a payment to his or her own account number and disguise this fact with a mismatched payee name.
[62] He said that as far as he was aware other banks were not doing anything different from ASB, and he noted that electronic matching of account numbers and payee names is fraught with potential problems due to the unreliability of the payee name as an identifier.
[63] In practice [FastNet] worked as expected. Over time additional functions were added and improvements made, as happened with any computer system.
[64] Addressing suggestions that the documents which had been supplied to DCL and which were exhibited in Mr Thompson’s affidavit indicated the existence of other documents which addressed security issues of the kind exploited by Ms Hurley, Mr Bird states that none of those documents relates to the matters with which Ms Hurley’s actions were connected and specifically none of them mention or relate to the matching or checking of account numbers against payees.
[65] Mr Bird examined the three documents attached to Mr Thompson’s affidavit, in detail. The Court is satisfied with his explanation that none of those identifies security issues of the type related to Ms Hurley’s fraudulent use of FastNet.
[66] It was Mr Bird who wrote the November 2004 review document. None of the issues identified in that document were relevant to events with Ms Hurley or
related to the matching or checking of account numbers against payees or anything similar.
[67] Mr Bird said, regarding criticism of ASB for not notifying customers immediately, that there had been no reported fraud using this method and there is always a balance between informing customers of a way the system might be misused and the risk that a dishonest staff member would take advantage of the information if there is no existing solution.
[68] In response to Mr Bird’s affidavit a second affidavit from Mr Spence was filed on 31 October 2013. He comments that Mr Bird provided no emails, user documentation, training scripts or anything else which disclosed to the customer that the FastNet system did not match account names and account numbers. Further he says Mr Bird failed to address reports and statements from ASB which DCL management relied on for their audit checks.
[69] Mr Spence states there has been a recent change with ASB FastNet payment systems which directly addresses the main computer systems issue in dispute in DCL’s proceeding.
[70] Mr Spence then quoted from an ASB document dated 21 January 2004 which noted:
If the business is willing to accept that users may manipulate the Statement Manager database and warn them appropriately then the current (lack of) security in this application if fine with IS security.
...
Following workshop held 22/01 – this is an acceptable risk for the Business.
[71] Mr Spence then complained that he had seen no document disclosed to show when, how, and the manner in which ASB addressed and mitigated the “acceptable risk”. He questions whether customers were warned and if so how. He asks if customers were advised or notified that a FastNet user could manipulate the statements produced by the FastNet system and hence cover up an ongoing fraud.
[72] Mr Spence stated that he believed ASB will and ought to have further documentation including:
(a) Identification and quantification of the risk. (b) Analysis and potential solutions.
(c) Strategy for risk mitigation.
(d) Implementation of risk mitigation strategy. [73] Mr Spence concluded:
In the information technology industry the concerns identified by ASB... are significant. They represent a known risk identified with the [FastNet] system by ASB’s information security team as such from an IT Industry perspective, non disclosure, or not to address this type of flaw, and a payments system will be unusual and in my opinion contrary to accepted practices in the IT industry.
It is also my opinion that there are considerable parallels in the identification of the security risk by ASB, with the apparent approach taken by the ASB to the issue of non-matching of account names and account numbers.
[74] On 15 November 2013 Mr Bird swore an affidavit in response. Mr Bird stated that contrary to Mr Spence’s suggestions of a recent change with the FastNet system that Mr Spence is mistaken if he says that change affects the FastNet system under consideration in this proceeding. Mr Bird says ASB has not removed a payee name field and that it follows that there is no documentation which exists in relation to it.
[75] In overview of this new evidence it is clear ASB has made significant enquiries for the existence of documents relating to or reporting upon security risks of the kind identified by Mr Hurley’s actions, and has found none.
[76] It remains the position of DCL that such documents must exist, at least in relation to risk issues of a kind different than those highlighted by Ms Hurley’s actions. Moreover the evidence of Mr Spence has inspired a view by DCL that ASB was complicit in the fraud of Ms Hurley to the extent it did nothing about the
shortcomings of a system it knew to be at risk at that very time when Ms Hurley was exploiting it to her own advantage.
[77] Unsurprisingly just two days before this hearing resumed on 20 November, a second amended statement of claim was filed.
Original statement of claim
[78] DCL pleaded [para 5] that in using FastNet ASB required DCL to provide both the approved names and account details of its creditor/payees and that “This was an essential requirement to FastNet and the banking mandate”.
[79] Further in [para 7] it was pleaded that in operating and using ASB’s FastNet product “and in performance of the customer’s banking mandate [ASB] was liable to make payments strictly in accordance with [DCL’s] instructions.
[80] Paragraph 7 pleaded the obligations of ASB in this regard, namely:
(a) That FastNet would securely make and manage payments and direct debits.
(b)That following a payment through FastNet ASB would notify DCL in writing of the payment having been made to the named payee and account number.
(c) That ASB would exercise all reasonable care and skill in the execution of DCL’s requirement and mandate to securely and accurately make payments to the designated payees and to the corresponding accounts.
(d)Through FastNet ASB owed a duty to exercise reasonable care and skill when exercising the plaintiff’s authority and payment orders pursuant to the banking mandate.
(e) This included that ASB would ensure and check that the payee’s identity correctly matched the payee’s account details to which the payments were transferred.
(f) ASB had a primary duty as the paying bank to ensure that DCL’s
instructions for payment were securely and correctly made.
(g)This included ensuring that the payee’s name was consistent with and matched the correct account number belonging to that payee, particularly when ASB was also the receiving or collecting bank.
(h)When ASB was both the paying and collecting bank it owed a contractual obligation to DCL to ensure and verify the payments were securely transferred including to the actual account belonging to the named payee not to an account which belonged to a different person or entity from that that it had been specified by DCL.
(i)In processing and transferring the payments ASB had a contractual obligation to ensure and cross check that the designated names and account numbers were both correct.
(j)When transferring and collecting the payments ASB was required to safely, securely and accurately identify and cross-check the named payee’s correctly.
(k)In the event the designated name and payee’s account did not match or were incorrect, then ASB should have notified or advised DCL of the discrepancy and/or returned the misdirected payments.
(l)ASB had an obligation to ensure that DCL’s instructions and mandate were strictly observed that its payments were correctly and securely made and transferred to the named payee’s account and corresponding numbers belonging to the named payee.
(m)When transferring payments on behalf of DCL, ASB also had the relationship of principal and agent and was thereby bound to exercise reasonable care and skill in carrying out the payment instructions of DCL.
(n)FastNet was collateral to other lending and security agreements with DCL and as a consequence under s 25 of the PPSA 1999 ASB also had an obligation of good faith and to conduct itself with reasonable standards of commercial practice.
[81] It was pleaded [para 9] that Mrs Hurley used FastNet to fraudulently transfer
69 payments from DCL’s ASB account to her ASB account or to other accounts belonging to her. The amounts involved were detailed in a schedule attached to the statement of claim.
[82] In paragraph 11 of the statement of claim DCL pleaded details about how Ms
Hurley contrived to effect payment to those ASB accounts of hers; namely:
(a) She would change or replace the correct account number of a named payee to her own ASB account number.
(b)The payee name and corresponding account numbers did not match, and were entirely different from the correct account number given for the designated and named payee instructed to be paid.
(c) The payments were made and collected by ASB ‘intra-bank’, it being
both the paying, collecting and receiving bank.
(d)The transfers and payments were processed by ASB through its FastNet product (intra-bank) and were fraudulently made to account numbers different from the named payee’s correct account numbers.
(e) The account details, to which monies were wrongfully paid and received, were not in fact those designated as belonging to the named payees.
(f) Ms Hurley would then typically change the account details back to
the named payee’s correct account number.
[83] DCL pleads that as a consequence of ASB’s FastNet product it was defrauded of $257,969.49 [para 12]. In paras 16 – 18 of the statement of claim DCL pleaded particulars of its first cause of action under the heading ‘Breach of the Customer’s Mandate: Contractual Remedies Act CRA 1979’.
[84] In essence it is pleaded that ASB breached its mandate and its contractual duties by:
(a) Not securely transferring payments to the accounts of correct payees.
(b) By effecting payments to Ms Hurley’s account which was different
from the accounts belonging to named payees.
(c) By wrongly notifying or informing DCL that payments had been made to the named payee when ASB never verified, checked or reconciled the payee’s name against the account number.
(d)Because the misdirected payments were transacted intra-bank ASB had or ought to have had the means to verify and cross check that the payments were made to the correct account number of the named payee.
(e) As the transfers in question were intra-bank, ASB had the information of the correct names and account numbers for both payer and payees.
(f) In transferring payments to Ms Hurley’s ASB accounts ASB’s
systems ignored the payee names belonging to those accounts.
(g)ASB omitted to make appropriate and proper internal enquiries in failing to cross-check that the payee’s name corresponded to the account number DCL had provided ASB.
(h)FastNet thereby allowed payments to be manipulated and FastNet was not secure nor designed to provide the required or necessary level of security in matching account names and account numbers.
(i) Thereby the essential security and performance of ASB’s banking
product was undermined.
(j)ASB failed to advise DCL that the name of every payee provided was disregarded through the use of FastNet.
(k) The FastNet product and ASB’s systems did not match, crosscheck or
reconcile names and account numbers.
(l)[Generally] That FastNet and ASB failed to have sufficient checks and balances in place to alert itself or DCL of the potential for failure of the product or of the fraud that occurred.
[85] The second cause of action was pleaded under s 9 of the Fair Trading Act
1986 wherein reference was made to representations given concerning the FastNet product including that it was a “state of the art security system featuring 128-bit encryption”.
[86] Under a third cause of action entitled ‘Estoppel by Conduct and Representation’ it was pleaded that ASB’s conduct and written confirmations to DCL of payment of the named payees, encouraged or created an expectation or belief that payments had been duly and correctly made to the named payees.
[87] In a fourth cause of action entitled ‘Mistake and Restitution Relief’ it is pleaded that DCL’s account was wrongfully debited by ASB and that the designated named payee’s accounts were not correctly credited and received by ASB.
[88] In a fifth cause of action entitled ‘Monies had and Received’ it is pleaded that monies belonging to DCL were wrongly debited and transferred from DCL’s account and which were wrongly transferred to the ASB as the receiving and
collecting bank; and therefore DCL claims the money had and received by ASB
being that money which it had wrongly received and collected.
[89] In a sixth cause of action entitled ‘Tortious Breach of Duty of Care’ it is pleaded ASB owed a duty of care as a banker ‘pursuant to the mandate’ and in processing bank transactions using FastNet. It pleads this duty was breached in those various ways already pleaded which permitted DCL’s funds to be fraudulently transferred, by processes which insufficiently monitored the correctness of those payments.
[90] In a seventh and concluding cause of action entitled ‘Conversion of Plaintiff’s Funds’ it is pleaded that ASB’s FastNet product and internal systems wrongfully converted and debited monies belonging to DCL.
[91] In correspondence between counsel acting for the respective parties Mr Dench wrote on 17 April 2013 to Mr Black identifying concerns by ASB with the sufficiency of particulars provided by DCL’s statement of claim. In that letter Mr Dench identified claims of deficiencies provided by the statement of claim and subsequently in Mr Black’s response to a request for further particulars. Mr Dench notes that the statement of claim and the particulars provided refer extensively to the “mandate” which the bank is alleged to have breached. Mr Dench said the bank required a clear statement of:
(a) The precise terms of the mandate relied on.
(b) Whether those terms were express or implied.
(c) If expressed, whether the terms were written or oral.
(d)Where written, the documents relied on and the wording of each document.
(e) Where oral, the statements relied on and the circumstances in which each statement was made.
(f) If implied, the facts and matters relied on as giving rise to the implication.
[92] Mr Dench complained that the particulars given were vague and inadequate, and that there was no attempt to state the actual terms of the mandate on which DCL relied. Mr Dench rejected the claims of an explanation that the mandate was a “requirement and consequence” of the business banking relationship without more when they did not identify what wording/parts of those documents were relied on.
[93] Mr Dench stated that paragraph 7 of the statement of claim was confusing wherein there was pleaded a series of alleged duties and whilst the terms of those duties appeared clear enough the source of each duty was not. He said ASB was entitled to know where the duties on which DCL relied were said to have come from, and the precise terms of the duties needed to be made clear. He referred to the fact that paragraph 7 appeared to mix or mingle claims of contractual duty with claims of a breach of duty of care; that whilst pleadings of representation were clear enough, the source of those representations was not.
[94] Mr Dench asserted that ASB was entitled to know exactly how each representation was made and the circumstances in which it was made. That, in connection with the Fair Trading Act claim there was an allegation of representations but there was also reference to other forms of conduct. He wanted to know how each item of other conduct was misleading or deceptive or likely to mislead or deceive.
[95] Noting that DCL had pleaded numerous causes of action Mr Dench commented that many appeared untenable and should be struck out. He expressed the view that all claims for damages for breach of contract and for breach of a tortuous duty of care appeared to be statute barred; that the most recent fraudulent transaction occurred on 28 December 2006 being six years and two months before the proceedings were commenced.
[96] Referring to the s 25 PPSA pleaded cause of action Mr Dench commented that s 25 related to rights, duties or obligations under a security agreement; that ASB
did not exercise or purport to exercise any rights, duties or obligations under such an agreement.
[97] Referring to the Contractual Remedies Act pleading under ss 6 – 10 Mr Dench noted that ss 7 and 8 relate to or are predicated on cancellation of the contract between ASB and DCL which neither occurred nor would now be possible, and that s 10 is a saving provision rather than a source of relief.
[98] Mr Dench stated that the estoppel cause of action would be statute barred by analogy as likewise would be the related contractual and tortuous claims. Further that the pleaded cause of action and mistake and restitution relief should more properly be a claim against Ms Hurley to whom the money was paid – that again any such claims would be statute barred.
[99] Regarding the pleaded cause of action for money had and received, tortious duty of care, and conversion Mr Dench commented that on the basis of the authority in Kembla New Zealand Limited v ANZ Banking Group (NZ) Limited1, that such a claim would be unavailable, but also would be statute barred.
[100] ASB filed its application for an amended statement of claim to be filed, for particulars and for strike out on about 6 May 2013.
[101] DCL responded with a notice of opposition, an application for further and better discovery from ASB and with the filing of an amended statement of claim.
The amended statement of claim
[102] The first seven paragraphs which are earlier referred to were largely a repeat of the original statement of claim. In the amended statement of claim and prior to reference being made to the particulars of the alleged fraud and misappropriation by Ms Hurley there is contained two new paragraphs under the heading ‘The New
Zealand Code of Banking Practice and Principles’.
1 [2001] 2 NZLR 298.
[103] Thereunder it is pleaded that ASB was a signatory to the ‘New Zealand Code of Banking Practice and thereby agreed and accepted that certain principles applied to DCL’s banking relationship’ and the mandate. These are identified as follows inter alia:
(a) ‘Internet Banking’ is defined in the Code as ‘... use of a computer or device to connect you to our electronic banking channels via the internet and to carry out a range of transactions and obtain information about your account.’
(b)‘General Principles’ include a requirement that appropriate measures be taken to ensure the bank’s internet banking systems and technology are secure and are regularly reviewed and updated.
(c) That ASB would exercise reasonable care and skill in providing DCL
with internet banking services.
(d)That if DCL incurred a direct loss due to a security breach of the internet banking system as a result of ASB’s failure to take reasonable care which is not caused or contributed to by DCL then ASB would reimburse for any losses.
(e) That ASB had an obligation to conform to internationally accepted standards for methods of (inter alia) storage, terminal security and security for customer protection.
(f) That banks will continue the practice of reimbursing customers that are genuine victims of internet banking fraud.
(g)That a bank’s customer will not be held responsible for any loss that occurred as a result of unauthorised access being given to the internet banking process unless the customer acted fraudulently or negligently or contributed to such disclosure of unauthorised access.
(h)Banks will endeavour to ensure that their customer information is accurate and are to undertake to act responsibly in the use of direct marketing having regard to the customer and the nature of the marketing material: that banks must explain to customers any market risks in purchasing their products and services.
(i)A customer is not liable for any loss caused by faults or systems used unless such were obvious or advised by message or notice on display.
(j)Banks will not avoid liability to the customer for direct losses caused by any electronic funds transfer transaction.
(k)Statements issued by a bank will show the type of transaction including in respect of direct debits and payments, the name of the person making or receiving the payment and that sufficient records are generated to enable transactions to or from accounts to be traced, checked and verified.
[104] DCL has now also pleaded that the Banking Code of Practice (General
Principles) apply. DCL claims those principles include:
(a) Implied warranties or terms to the banking mandate with DCL.
(b)Promises contained in a contract which confer a benefit on DCL as a person.
(c) That the banking principles in a code are enforceable by a customer pursuant to s 4 of the Contracts (Privity) Act 1982.
(d) Any additional terms and conditions must not be inconsistent with
ASB’s FastNet terms and conditions.
[105] In the balance of the amended statement of claim those same seven causes of action have been pleaded that were pleaded in the original statement of claim.
However, in respect of some of those causes of action there have been additional pleadings. These are noted as follows:
Breach of a Customer’s Mandate: Contractual Remedies Act 1979
[106] It is pleaded in addition that by 31 May 2013 ASB provided further discovery including (inter alia):
(a) An undated one page schedule in three columns headed Report
Section, E&Y [Ernst and Young] Comment, and ASB Comment.
(b) An undated FastNet Office Internal Proposal.
(c) An Institutional Banking Survey Summary Report on Electronic
Banking dated June 2002.
(d)An ASB FastNet Office Survey which included an extract concerning credit payments and in particular a comment concerning “Insert Payees”.
(e) An ASB Bank Administration System “Message Details”.
(f) Communication concerning ongoing security and monitoring mechanisms dated 12 July 2006.
(g) A Schedule marked “Security Investigations – following Tech.
Meeting 21 January 04 v1.1”.
(h) FastNet Office Limitations document dated November 2004.
[107] It is then pleaded that the discovered information identified security issues, and defects or flaws involving payees account numbers and amounts which were able to be fraudulently altered. It is claimed the additional information was not disclosed, notified or advised to DCL.
[108] DCL pleads particulars of further consequences occurring as a result, including:
(a) ASB failed to implement or upgrade its security systems to enable it to check ‘the mandate’ and make payments strictly in accordance with it.
(b)ASB failed to notify DCL about the security risks including the risk that payees account numbers could be fraudulently changed or altered.
(c) ASB failed to upgrade or improve FastNet to reduce the security risks it had identified.
(d)ASB failed to disclose any terms and conditions which identified or notified that he did not rely upon the payee’s name, or that the defendant did not reconcile or verify that name with the account number.
(e) ASB failed to identify there were security issues when marketing its
FastNet product.
Section 9 Fair Trading Act 1986
[109] In addition to the representations identified in the original statement of claim it is pleaded that in its FastNet Terms and Conditions ASB failed to disclose that it only relied upon the payee account number and not payee’s names for the purpose of effecting payments. Therefore and contrary to ASB claims that its FastNet banking product was a state of the art security system, by its failure to address security defects ASB represented by its bank statements to DCL that the payments had been correctly made to the named payees when this was not in fact correct; that DCL relied upon representations and FastNet product terms in purchasing and using ASB’s product and services.
[110] DCL pleads that by ASB’s representation and conduct and trade ASB’s
misled DCL or its conduct was likely to do so.
Estoppel by conduct and representation
[111] In the amended statement of claim this cause of action is pleaded as it was in the original statement of claim.
Mistake and Restitutionary relief
[112] Only minor and inconsequential changes were made in the amended pleadings.
Tortuous breach of duty of care
[113] Only two changes of consequence were noted by the amended statement of claim:
(a) That as the paying and collecting bank ASB also owed a duty of care to ensure that the correct payee payments were accurately transferred to the named payee (and to the actual account belonging to that payee); and not to a different named payee or account.
(b) That ASB was also in breach of its duties under the Banking Code of
Practice principles.
Conversion of plaintiff’s funds
[114] The amended statement of claim provides no change to the original statement of claim.
An added cause of action
[115] The amended statement of claim adds an eighth cause of action entitled ‘Sale of Goods Act 1908’.
[116] DCL pleads the FastNet product involved the sale of goods and were subject to the provisions of the Sale of Goods Act 1908. Further in selling, describing and using FastNet:
(a) There was the sale of the product by description which implied a condition that the goods (FastNet) corresponded with the description given it.
(b)That the description concerned the security and functionality of the product and contained an implied condition that FastNet would safely ensure payments were made to the correct person (or payee).
(c) There was an implied condition that the product was of merchantable quality and fit for the purpose of a secure and reliable electronic payment system including that payments to named payees would be made to the correct person and for the correct amount, and that the customer would not be responsible for payee’s payments which he did not specify or order, and that the product was free from any defects or security flaws or other risks which may affect payments to named payees.
[117] DCL pleads that ASB breached those implied conditions as to sale by description, quality and fitness for purpose pursuant to ss 15 and 16 of the Sale of Goods Act 1908.
The second amended statement of claim
[118] On 18 November 2013 DCL submitted in a second amended statement of claim for filing. It could not be accepted at the time submitted because a filing fee was not paid.
[119] Time was not available prior to the call of the applications on 20 November to read that second amended statement of claim or to compare it with its
predecessors. A cursory view indicated the same eight causes of action detailed in the first amended statement of claim, remain intact.
[120] Supplementary submissions on behalf of DCL were also filed on 18
November 2013.
[121] Those further submissions referred to the affidavits of Mr Bird and Mr Spence filed since the 31 July hearing. Mr Black submitted those further affidavits identified continuing important features about FastNet security systems; that it was capable of manipulation including the substitution of the payee’s account number from that which was initially offered for the named payee. Importantly, Mr Black submitted ASB knew of this defect or frailty concerning the security features of FastNet from 24 January 2004 – if indeed not earlier; that ASB made a conscious decision to assume the risk of manipulation and that fraud could eventuate from the security feature.
[122] Mr Black noted that at the hearing on 31 July, it was conceded on behalf of ASB that some of the causes of action could not be struck out, including that for breach of a duty of care. Mr Black submitted that an important ingredient of that cause of action also applies to the cause of action in contract.
[123] Mr Black recalled that ASB accepted that no limitation issue arose in relation to the mistake or restitution claims resulting from the contract.
[124] Mr Black submitted there remained outstanding discovery issues that would need to be evaluated; that such could only resolved at a trial with a benefit of full cross examination and by reference to DCL’s claims about documents it says exist or ought to exist.
[125] In Mr Black’s submission the current position between the parties identifies that ASB may be culpable of conduct which constitutes equitable fraud and wilful non-disclosure. Further that this would provide an exception to the limitation defences (whether in contract, tort or otherwise) under s 4 of the Limitation Act.
[126] It is for this reason DCL has provided the second amended statement of claim which incorporates these allegations.
[127] Mr Black submitted that the matters repleaded result from:
(a) The late (and non) discovery by ASB after the 30 July 2013 hearing;
and because
(b)Mr Bird had deposed that no more documents were available even though Mr Dench mentioned in paragraph 90 of his original submissions that further discovery would be provided.
[128] Mr Black submitted the new affidavits raised further questions or issues concerning FastNet which require exploration at a trial. He notes the new pleading identifies issues concerning the FastNet product which were allegedly “concealed”, withheld and not constructively addressed by the ASB from at least January 2004. Further that there were indications of “security features” of the FastNet product which confirmed it was capable of manipulation of the account number and fraud, and that this was known to ASB but not divulged to DCL.
Discussion
[129] The pleading approach in the various statements of claim is prefaced by a description of the FastNet product as it was promoted by the ASB. Under the title “Mandate and Obligations” DCL has pleaded details of the system of operation by which DCL’s mandate for access to its bank account was, according to ASB’s requirement, prescribed. It is in that frame of things that DCL has pleaded those representations it claims were made for the safe and secure operation of the FastNet product; and as well DCL has taken the opportunity to describe how the banking process should have operated and offered suggestions for reasons why there was the potential for its failure to operate securely.
[130] The next part of the statements of claim describe how Ms Hurley was able to commit fraud and in that process how she adapted the mandate process to effect her purpose without the knowledge of the ASB or her employer DCL.
[131] The balance of the statements of claim were utilised in formulating various causes of action for the purpose of attributing blame to ASB, and for detailing the losses that followed.
[132] The applications of ASB for further particular/strike out reflect ASB’s concerns about the availability of proof or consequence to achieve DCL’s outcomes. DCL’s application for further discovery reflects its suspicion and concerns about ASB’s willingness to provide the evidence that DCL says is available to prove ASB’s culpability.
[133] ASB’s applications are supported by the very thorough and well researched submissions of Mr Dench and endorse the Court’s concerns regarding a degree of confusion and query concerning the manner in which DCL’s claim has been formulated. An overriding concern of ASB is the fact that the proceeding of DCL was filed more than six years after that date when Ms Hurley utilised the FastNet process to steal from DCL.
[134] Mr Dench’s submissions correctly focus upon the nature of the respective causes of action for the purpose of assessing time limitation factors. Unquestionably the proceeding was issued more than six years after the last/most recent payment connected to Ms Hurley’s fraud.
[135] All three versions of the statement of claim have pleaded, routinely, breaches of contract and of duty of care in tort. In respect of a claim of contract breach a cause of action accrues on the date the contract is breached and in this case that would be the last day upon which Ms Hurley effected her fraud which was more than six years before the proceeding was filed. In respect of the cause of action for breach of a duty of care in tort the cause of action would accrue on the date on which DCL first sustained its loss attributable to their breach. Therefore the six year
limitation period would run from the date the damage was first sustained. Again this
was more than six years before DCL’s proceeding was filed.
[136] DCL’s position is that the limitation period should run from the date upon which it was reasonably able to discover the fraudulent breaches. It says this did not occur until May 2011 and therefore, because the fraud was not reasonably discoverable earlier, time should not run until then.
[137] The question of whether or not the fraud was reasonably discoverable earlier focuses upon ASB’s claim that DCL should have uncovered Ms Hurley’s fraud earlier than it did.
[138] ASB’s position is that the principle of reasonable discoverability does not apply in this case – that no general exception of same is recognised by the Limitation Act 1950, except in respect of latent building defects and personal injury.
[139] It appears clear that claims of reasonable discoverability have not been extended to cases involving allegations of banking fraud.
[140] An exception is provided by s 28 of the Limitation Act 1950 whereby it is recognised that the period of limitation shall not run until a plaintiff has discovered that fraud or a mistake in a case where an action is based on the fraud of a defendant or his agent [the bank or its officer] or of any person through whom [the bank] claims or [its officer], or... “the action is for relief from the consequences of a mistake...”
[141] Mr Dench submits s 28 has no application in this case because if any claim is to succeed then any fraud must be the fraud of the bank or the bank’s agent. Mr Dench submits clearly the case involves not the fraud of the bank but of DCL’s agent. Further and in this case DCL’s pleading has not pleaded actual or equitable fraud against ASB. Clearly such could not credibly be pleaded. The fraudster was Ms Hurley, DCL’s employee and agent.
[142] ASB argues therefore that the limitation exception provided by s 28 has no application. Further, equitable fraud can only exist when there was a duty of disclosure combined with a failure to disclose. In any case the concealment must be wilful and in this case ASB must have known all of the facts that constitute the cause of action including the fact of the breach and the existence of a duty to disclose. By contrast there is no allegation in this proceeding that ASB dishonestly concealed anything. In this case the parties’ relationship was an ordinary commercial banking relationship. Arguably this did not give rise to fiduciary duty of the disclosure of a breach of the parties’ banking contract.
[143] Obviously ASB was not aware of the breach. Therefore it could not wilfully have concealed something of which it was unaware and clearly it did not know that Ms Hurley was making fraudulent payments. Nor, ASB contends was any element of mistake involved in Ms Hurley’s actions to effect the payments to accounts in the control of herself.
[144] ASB does not claim that the Fair Trading Act claim is affected by Limitation Act considerations. It is acknowledged that since 2001 reasonably discoverability has been a test of when a limitation period begins to run. It acknowledges that for the purposes of the Fair Trading Act claim discoverability did not occur until 2011.
[145] In this case ASB’s primary focus is upon the first cause of action which alleges a breach by ASB of DCL’s payment mandate, and in consequence of which relief is claimed pursuant to the Contractual Remedies Act 1979.
[146] As Mr Dench submits the first cause of action appears to be a claim for breach of contract. He questions whether on closer examination it is as clear as this; that a claim of mandate in essence concerns an allegation of a debt due whilst on the other hand a claim of breach of contractual duties focuses upon a breach of a contract. Then, the pleading is linked to the Code of Banking Practice which involves separate considerations again. Also whilst DCL claims loss in damages to the amount of fraudulent payments, a claim is made for damages under ss 6 – 10 of the Contractual Remedies Act. That damage claim focuses upon an entitlement to
damages having been caused by an inducement (representation) made to enter into a contract.
[147] Mr Dench submits the first cause of action in contract appears to include a mixture of claims. The Court agrees. The Court accepts r 5.17 requires distinct causes of action to be stated separately and clearly. Mr Dench submits that non compliance in this case is not just a technicality. He submits that the contractual aspect of the claims under the first cause of action need to be separated out for those are out of time and should be struck out whilst, to the extent the cause of action is for repayment of a debt, it would none the less survive because an obligation to repay a debt does not arise until the demand for repayment is made.
[148] Much of Mr Dench’s focus is upon paragraph 7 of the original and first amended statement of claim. In that paragraph the pleading focuses upon the mandate provided to ASB for payment of sums from the account of DCL, and of ASB’s obligations in that regard. Mr Dench’s submissions focus upon deficiencies in the manner in which those aspects of ASB’s obligations have been pleaded. He complains that as pleaded those obligations are expressed more in the nature of a general contractual or tortious obligation whereas they should be precisely defined and should show where the factual and legal source of each obligation is identified including how if at all DCL distinguishes the “mandate” from the general terms of the banking contract.
[149] Precision of pleadings assumes importance in this case for ASB because it needs to identify the criteria, the foundation, and the availability of documents to identify reasons for the allegations that it has not done its job properly, according to its banking mandate, or according to its customers’ instructions for operation of the customer’s account.
[150] ASB recommended the FastNet product because it appeared suitable for DCL’s needs. Its evidence is that no breach of protocols, mandate or security issues arose in the manner and by the process that Ms Hurley contrived to exploit. It was not, ASB says its fraud but that of DCL’s own senior employee.
[151] The Court accepts ASB’s evidence of best endeavours to discover any documentation at all that it might possess in connection with that system which Ms Hurley was able to exploit. Also that in this case and because of its particular circumstances, that shall not provide an opportunity for DCL to pursue enquiries into other issues of dissimilar kind that may or may not have arisen. Plainly those are not relevant in this case. Also it would be extremely difficult to define the scope of any enquiry beyond matters of relevance associated with the system that Ms Hurley abused.
[152] The Court is satisfied ASB has discovered as much as it can for our present purposes. There will be no order requiring further discovery from ASB.
[153] Remaining for consideration are ASB’s particular/strike out applications.
[154] This case is really a very simple claim. The Court accepts that Mr Dench’s focus on technical matters of pleading, are proper because of a need to identify case issues and because ASB needs to know what it has to defend. If it is claimed ASB has breached its mandate then the bank ought to know precisely what the mandate comprised and what the relevant components of it were.
[155] Mr Dench argues that there is too much information of a scattered kind in the form of the various pleadings and in the compound of the allegations comprised in para 7 of the statements of claim. ASB’s purpose also concerns its need to identify limitation considerations. But, as this judgment has just noted this is a simple claim involving relatively straightforward facts. In the background of those is the claim that ASB recommended a product to serve a certain purpose but by which its systems appear to have enabled a fraud to have occurred.
[156] This apparent failure has occurred in that banking development period of a crossover between a cheque based system to a web based system. It is a system which arguably enabled a client’s employee to commit fraud. One inference to be taken from ASB’s evidence is that it was a matter of risk assessment. However, at the foundation of DCL’s claim is the proposition that a payment made to a payee’s account was in clear breach of a mandate and, if that occurs ASB may be liable to
make up any shortfall. In this case ASB’s requirement to require payee name and account numbers enabled the systems exploitation when it did not cross reference those details provided by its customer.
[157] The Code of Banking Practice and the efforts of banking and financial services during the last 10 years has endeavoured to come to grips with the demands of a non cheque based system for payment of creditors.
[158] In this case and supporting DCL’s position the Court has evidence of an expert. ASB’s evidence is from employees. The evidence of the expert suggests ASB accepted the risk of failure of its system. In latest attempts to refine its pleading, supported by the claims of Mr Spence, DCL has suggested a connection between ASB’s risk preparedness and its stratagem to ignore the potential consequences. DCL pleads equitable fraud, conversion by ASB and even unjust enrichment as possible consequences. Although there is not a lot of evidence to support claims of those consequences there is a need for an enquiry into the system’s apparent failure which clearly concealed the result of Ms Hurley’s fraud for more than six years after it occurred. The fraud offers an option to avoid the strictness of time limitation matters based on the date on which a breach occurred. Claims of fraud or mistake enable an examination of considerations of reasonable discoverability.
[159] This fraud of Ms Hurley has occurred in a period of transition of banking systems engaged to service business customer’s needs. Undoubtedly there is an element of novelty arising in this case, by its facts and the application of legal principles to those.
[160] It was earlier noted that this case had a somewhat straightforward and simple factual base. Every effort has been made to plead details of circumstances which might affect ASB’s obligations. Computer operations and the involvement of new systems were involved. Those have now, seemingly, been replaced. Although DCL’s claims, involving as they do allegations of equitable fraud, may be far reaching, nonetheless this is a matter the Court believes should be sent to trial. Only
in that event could there be a proper examination of the full extent of any possible
liability of ASB of Ms Hurley’s fraud.
Conclusion
[161] The Court is satisfied there are sufficient particulars available, albeit from a somewhat scattered and generalised base, from which to assess the dimensions of ASB’s mandate for the operation of its FastNet system. After a consideration of evidence at trial it should be a relatively straightforward process to consider ramifications for the particular causes pleaded, including any consequences for limitation considerations.
[162] The Court is satisfied that DCL has provided particulars as best as it is able.
In the Court’s view that is sufficient.
Result
[163] All applications fail.
[164] In the circumstances costs are directed to lie where they fall.
Associate Judge Christiansen
0
0
1