International credit transfers are commonplace in a globalised world, but they expose users and banks to increased risks, particularly in terms of fraud and money laundering. Given these challenges, banks are subject to specific obligations of vigilance, reinforced by a strict legal and regulatory framework. Understanding the extent of these obligations is essential for customers, so that they know what to expect from their payment service provider and how to react in the event of a problem. This article details the main due diligence obligations incumbent on banks when processing international credit transfers.
Context of international transfers
An international transfer is defined as a transfer of funds from one bank account to another in a different country, or in a foreign currency. These transactions pass through complex interbank communication and settlement systems, such as SWIFT (Society for Worldwide Interbank Financial Telecommunication) for the majority of global transactions, or SEPA (Single Euro Payments Area) for transfers in euros within Europe. Visit legal framework for bank transfers has been largely harmonised at European level by the Payment Services Directives (PSD1 and PSD2), which have been transposed into French law, notably in the Monetary and Financial Code.
The aim of these regulations is to make transactions more secure, increase transparency and protect users. At the heart of these operations, the International Bank Account Number (IBAN) and the Bank Identifier Code (BIC or SWIFT code) play a central role in the correct routing of funds. While the bank is in principle entitled to rely on the unique identifier provided by the originator, this does not absolve it of all vigilance, especially if other elements of the transfer order are clearly inconsistent. The technical nature of these transactions and the many potential participants (originator's bank, correspondent bank, beneficiary's bank) make monitoring and traceability more complex, justifying increased vigilance requirements.
Anti-money laundering due diligence
One of the fundamental obligations of banks when processing international transfers is to participate actively in the fight against money laundering and the financing of terrorism (AML/CFT). This duty of vigilance is governed by strict national and European provisions, requiring financial institutions to know their customers ('Know Your Customer' - KYC) and the origin of funds.
In practical terms, before executing an international transfer, the bank must ascertain the identity of the originator and, as far as possible, that of the beneficial owner. It must also assess the risk of money laundering associated with the transaction on the basis of various criteria: amount, country of destination or origin of the funds, customer profile and nature of the underlying economic activity. If there is any suspicion, the bank is obliged to carry out an enhanced examination and, if doubt persists, to report the suspicious transaction to the competent authority, in France TRACFIN (Traitement du Renseignement et Action contre les Circuits Financiers clandestins).
This duty of vigilance is all the more important for international transfers because of the potential difficulties in identifying all the parties and the actual source of the funds when several jurisdictions are involved.
Crim. 19 June 2024, no. 22-81.808
A recent illustration of the scope of this obligation is provided by a decision of the Criminal Division of the Court of Cassation dated 19 June 2024. In this case, it was recalled that the mere provision of a bank account and the execution of transfer orders for sums held in it to foreign accounts are likely to characterise the bank's participation in money laundering operations if it fails to comply with its due diligence obligations. The ruling also emphasises that joint and several liability between individuals convicted of the same offence may apply to entities (including the bank) convicted of related offences, without the degree or nature of their personal involvement necessarily allowing the court to limit the effects of this joint and several liability. This means that a bank that is found to be complicit, even passively, through a blatant failure to exercise due diligence in relation to suspicious international flows, may face substantial penalties.
Apparent anomalies and exemption
In addition to LCB-FT, the bank has a general duty of verification when it receives a transfer order, whether domestic or international. It must ensure that the order comes from the account holder or his duly authorised representative, and that there are no apparent anomalies, either formal (for example, an obviously different signature on a paper order if this method is used, missing information) or intellectual.
An intellectual anomaly may lie in the unusual nature of the transaction in relation to the customer's commercial practices or financial habits: an exceptionally large amount, a geographical destination unrelated to the customer's known activities, a sudden frequency of transfers to a new beneficiary abroad, or transfer instructions received under suspicious conditions (for example, via an unusual communication channel or with crude language suggesting identity theft). The detection of such anomalies should lead the bank to exercise increased vigilance and, if necessary, to request clarification or confirmation from the customer before executing the order.
This duty of due diligence must, however, be balanced against the principle of non-interference by the bank in its customer's affairs. It is not the bank's role to judge the appropriateness of its customer's transactions. Its role is not to take the place of the customer in managing his finances. However, there is a limit to this non-interference when there are clear indications of irregularities or potential fraud. The the bank's liability for a fraudulent transfer may be incurred if it fails to react to these signals.
Cass. Com. 2 May 2024, no. 22-17.233
A ruling by the Commercial Chamber of the French Supreme Court on 2 May 2024 clarified the concept of apparent anomaly. In this specific case, it was ruled that the vulnerability of a customer (company director) who orders transfers from his company's account to his personal account does not in itself constitute an apparent anomaly. If the orders are formally regular and emanate from the authorised person, the banker, bound by his duty of non-interference, is not required to carry out specific checks solely on the basis of the destination of the funds to the director's personal account, even if the director is known to be vulnerable. Although this ruling was handed down in a national context, it sheds light on the difficulty of assessing what constitutes an anomaly that is sufficiently 'apparent' to justify the bank's intervention, particularly when the order comes from the legal representative.
With regard to the exemption, Article L. 133-21 of the French Monetary and Financial Code provides that if a payment order is executed in accordance with the unique identifier (IBAN for SEPA credit transfers) provided by the user, the payment service provider is deemed to have correctly executed the payment transaction with regard to the beneficiary designated by the unique identifier. The payment service provider shall not be liable if the unique identifier provided by the user is inaccurate. However, it must make every effort to recover the funds involved. This provision protects the bank, but does not fully exonerate it if the identifier error is accompanied by other flagrant anomalies that the bank should have detected as part of its general due diligence.
Non-liability clauses and inexcusable fault
The account or payment services agreements offered by banks frequently contain clauses designed to limit or exclude their liability in the event of a problem during the execution of a transfer. However, the validity and scope of such clauses are subject to restrictions.
As a general rule, these clauses cannot exonerate the bank from liability in the event of gross negligence or fraud. Gross negligence is negligence of an extremely serious nature, bordering on fraud and showing the inability of the debtor of the obligation to fulfil his obligations. the task it has accepted. In the context of an international transfer, this could be the case if the bank executes an order despite obvious and multiple fraud alerts, without carrying out the slightest additional verification.
Furthermore, with regard to consumers (natural persons acting for non-professional purposes), many clauses limiting liability are considered unfair and therefore deemed unwritten, in accordance with the Consumer Code and European case law. The liability regime set out in the French Monetary and Financial Code for unauthorised or incorrectly executed payment transactions is a matter of public policy for consumers, which means that it cannot be derogated from by contract to the detriment of the customer.
The banker's inexcusable fault is a concept that may be invoked to exclude the application of certain legal or contractual limitations of liability. It is assessed by the courts on a case-by-case basis. For example, executing an international transfer for a very large amount on the basis of instructions received via an unsecured email, without any strong authentication procedure or direct confirmation with the customer, could be qualified as inexcusable misconduct if there were indications of fraud.
Customer actions
When a customer encounters a problem with an international transfer - whether it's an unauthorised or incorrectly executed transaction, or a transfer not executed or delayed - a number of steps can be taken and remedies sought.
Firstly, in the event of an unauthorised payment transaction (for example, a fraudulent transfer initiated by a third party who has assumed the customer's identity), the customer must report it to his or her bank "without delay" after becoming aware of it. For individuals, this reporting period is a maximum of 13 months from the date of debit, as stipulated in article L. 133-24 of the French Monetary and Financial Code. Once this report has been made, article L. 133-18 of the same code stipulates that the payer's payment service provider must reimburse the payer for the amount of the unauthorised transaction immediately after becoming aware of the transaction or after being informed of it.
The burden of proof that a transaction has been authenticated, duly recorded and accounted for, and that it has not been affected by a technical or other deficiency, lies with the service provider. payment services. Even if the use of the payment instrument (e.g. online banking access codes) is recorded, this is not sufficient to prove that the transaction was authorised by the payer or that the payer acted fraudulently or with gross negligence. However, if the bank proves that the customer was grossly negligent (for example, voluntarily disclosing his or her secret codes in response to a crude phishing email), the customer could bear all or part of the losses. The bank's failure to implement a strong customer authentication procedure to validate the international transfer may weigh heavily in the assessment of its liability. Customers may also exercise their right tostopping or disputing a bank transfer in accordance with established procedures.
If the transfer has been incorrectly executed (for example, sent to the wrong recipient despite correct instructions, or for the wrong amount), the payer's bank may be liable. It must then endeavour to recover the funds and compensate its customer for the loss suffered.
In the event of a persistent disagreement with the bank, the customer may refer the matter to the Banking Mediator, a free, amicable means of redress. If mediation is unsuccessful, legal action may be taken to assert rights and obtain compensation for damages. The assistance of a lawyer with expertise in banking law may prove decisive in these proceedings.
Given the complexity of international transfers and the obligations of banks, it is essential to know your rights. If you have been the victim of a problematic international transfer, or if you suspect that your bank has failed to meet its due diligence obligations, our firm can help you analyse your situation and defend your interests. For an in-depth analysis and tailor-made assistance from a banking and finance lawyercontact our team.
Sources
- Monetary and Financial Code (in particular articles L. 133-1 et seq., L. 314-1 et seq., L. 561-1 et seq.)
- Directive (EU) 2015/2366 of the European Parliament and of the Council of 25 November 2015 on payment services in the internal market (PSD2).
- Case law cited (in particular Crim. 19 June 2024, no. 22-81.808; Cass. Com. 2 May 2024, no. 22-17.233).
EN 
FR