Nothing in fraud victim’s transactions raised any warning signs

Common scams targeting bank customers,
Anne was looking for a better return on money she had inherited which she had recently put in a fixed term deposit with her bank. In April 2023, she found a website that compared term deposit interest rates and completed an expression of interest form. A person claiming to be from an overseas bank called and then emailed her offering a favourable rate, and she agreed to transfer $350,000 via a “holding account” in her name at another bank. Anne broke her term deposit and over three days transferred three payments of $100,000 each to the holding account through internet banking. She made a fourth payment of $50,000 two weeks later. Five days after that, the holding account bank advised her bank she had probably been caught up in a scam. The bank was able to recover only $50,000.
June 2024

Anne complained her bank should have been suspicious about the payments because the Financial Markets Authority had issued a warning about a term deposit scam impersonating the overseas bank. She also said she had entered the name of the overseas bank in the reference field of the first payment. This entry, she said, should have prompted the bank to inquire further about the payment and subsequent payments. She also said the bank should have checked that the recipient’s account name and number matched. And lastly, she said the receiving bank was also at fault because it should have detected that one of its customers was acting as a mule for the fraudster. Had it been vigilant, she said, it would have prevented the fraud.

Our investigation

We considered whether anything about the transactions should have alerted the bank to the possibility that Anne was being defrauded. If a bank detects such a “red flag”, it is obliged to make inquiries about the transaction and, if warranted, warn the customer. A failure to do so may make the bank liable for the loss. However, we could find no such warning signs.

The bank was generally aware of the scam Anne fell victim to, but it was required to warn a customer or make inquiries only if it was on notice of a real possibility that its customer was being scammed or defrauded. It had no such suspicions or knowledge in Anne’s case. All four of her payments were electronic transactions, and the bank did not monitor – and was not required to monitor – the reference fields of electronic transactions. In the absence of any legislative or regulatory framework, or obligation to monitor transactions to detect scams, we cannot compel banks to have certain scam detection systems – such as monitoring for certain words in reference fields.

Anne had called the bank in the days before the transfers to break her term deposit, explaining that she had found a better interest rate elsewhere. She did not say where she was transferring the money and she did not mention she was planning to transfer funds to the overseas bank.

As for Anne’s complaint that the bank should have checked that the recipient’s name and account number matched, banks in New Zealand are not obliged to carry out such a check. The terms of Anne’s accounts explicitly warned customers to check themselves before confirming an electronic payment, pointing out that its electronic payments were mostly automated and did not contain this step.

Anne’s final complaint, that the receiving bank should have detected the mule account, was not one that we could look at because our rules say we can consider complaints only about a bank from whom the complainant received a financial service. In Anne’s case, the receiving bank provided no direct service to her.


We did not uphold Anne’s complaint.

Print this page