The EFT Code and mistaken payments

Alan L Tyree1

Background

In (Tyree 2003), I discussed the problem of mistaken payments in the Internet Banking system. Consumers made payments to the “wrong” person by entering incorrect account details. Banks and other financial institutions took the view that such payments were not recoverable.

The main points in the article were:

The Australian Securities and Investments Commission (ASIC) administers the Electronic Funds Transfer Code of Conduct (the Code). The Code itself requires that it be periodically reviewed.2 As part of the current review, ASIC released a consultation paper, Reviewing the EFT Code in January 2007. Question 41 in that paper asked:

To what extent, and how, should the Code address the issue of mistaken payments? Discuss the usefulness, practicality and cost of implementing some or all of the measures outlined, as well as any other measures you consider appropriate.

In October 2008, ASIC released Consultation Paper 90 (CP90) which sets out its proposals for changes to the EFT Code of Conduct. Proposal E3 of that paper is that the Code deal with the issue of mistaken payments.

ASIC says that one of its objectives is to:3

implement systems changes that minimise the possibility of consumers making a mistake when they key in an account number

This will be difficult. The Internet third party payment system is a consumer system implemented on top of a commercial direct entry system. The direct entry system was originally designed to enable interbank payments. The system relies only on account numbers, suitable for a commercial system, but error prone for a consumer system. It would probably be extremely expensive to change the system so that it cross-references with account names, yet that seems to be the only realistic way to change the system to reduce customer errors.4

ASIC makes reference to the legal action of recovery of payments made under a mistake of fact or law:5

It is also worth noting that there is a cause of action that allows people to recover payments made under a mistake of fact. Arguably, this would apply at least where a consumer makes a mistaken payment because of a keying error. It is not clear whether it would apply where they are given the wrong information by a third party.

ASIC also acknowledges that, in practice, recovery is very difficult for consumers.6

I understand that ASIC has convened Roundtable discussions with some “stakeholders”, but the results of these discussions are not public.

Nature of mistake

ASIC notes that mistakes arise from two separate causes:7

ASIC seems to have accepted an argument that the second type of mistake might not be recoverable. At para 186 of CP90, ASIC notes that “It is not clear whether it [the action for recovery] would apply where they are given the wrong information by a third party.”

The High Court in David Securities v Commonwealth Bank of Australia8 considered the nature of a mistake which could found recovery. The majority quoted with approval from (Winfield 1943):9

Mistake not only signifies a positive belief in the existence of something which does not exist but also may include “sheer ignorance of something relevant to the transaction in hand”.

The High Court majority decision then went on to consider mistake as a basis for recovery. The basic proposition is that a mistake of fact or law gives rise to a prima facie right to recovery.10

The Court considered and rejected two additional formulations. First, it has been argued that the person making the mistake must have supposed that he or she was legally liable to make the payment. The Court noted that this formulation had been implicitly rejected in Australia and New Zealand Banking Group Ltd v Westpac Banking Corp.11

The second additional requirement, a suggestion that dates back at least to Aiken v Short,12 is that the mistake should be “fundamental” as well as causative. The Court, in rejecting the formulation, noted that the notion of “fundamental” is extremely vague and that it adds little or nothing to the requirement that the mistake caused the payment.

David Securities established beyond all doubt that the plaintiff need only prove that he or she was acting under a mistake of fact or law that caused the payment. Upon doing so, the payer is prima facie entitled to recover the payment. It is over to the payee to establish some defence.

As applied to the case where the payer is given the wrong account number, it is difficult to see where doubt arises. The payer certainly would not have made the payment had he or she known that the account number was wrong. It is a mistake in the sense of “sheer ignorance of something relevant to the transaction in hand”. As such, it is a mistake that gives rise to a right of recovery.

Defences

As noted in (Tyree 2003), the receiving bank receives the funds as agent for its principal, the mistken payee. As agent, it has the defence of “accounting to its principal” if the payee has withdrawn the funds before the receiving bank has notice of the mistaken payment. This is probably now best considered as a special case of changing position in reliance upon the payment. As such, it is a bar to recovery under Australian law: see David Securities and ANZ v Westpac.

The notion of “withdrawing funds” was discussed in (Tyree 2003) where it was considered that, in the absence of special circumstances, the rule in Clayton’s case13 probably provides the best guide as to whether the funds have been withdrawn.

The defence of “good consideration” was not discussed in the previous article. If the mistaken payment has discharged a debt owed to the payee, then recovery by the payer is barred. This is likely to be a very unusual since it will be seldom that the mistaken payment could also go to a payee that could establish that consideration has been given for it, but it can happen: see, for example, Ovidio Carrideo Nominees Pty Ltd v The Dog Depot Pty Ltd.14

The clearest exposition of the “good consideration” defence is given by Goff J in Barclays Bank Ltd v W J Simms Son and Cooke (Southern) Ltd:15

  1. If a person pays money to another under a mistake of fact which causes him to make the payment, he is prima facie entitled to recover it as money paid under a mistake of fact. (2) His claim may however fail if (a) the payer intends that the payee shall have the money at all events, whether the fact be true or false, or is deemed in law so to intend; or (b) the payment is made for good consideration, in particular if the money is paid to discharge, and does discharge, a debt owed to the payee (or a principal on whose behalf he is authorised to receive the payment) by the payer or by a third party by whom he is authorised to discharge the debt; or (c) the payee has changed his position in good faith, or is deemed in law to have done so.

In our context, the receiving bank is the agent who is authorised to receive payment to discharge the debt owed to the bank’s customer. The authorisation may be inferred from the fact that the payer was given the account details to make the payment: see (Goode 1983).

Some red herrings

Submissions to ASIC raised several “concerns” about dealing with mistaken payments in the EFT Code. Most of these are red herrings.

Clearing house rules

The rules of the direct entry system preclude recovery of payments. More precisely, the rules prohibit the principal (consumer/payer) from withdrawing authority to pay from the paying bank. There is no such thing as a “stop payment” order.

There is nothing particularly objectionable about this rule. There is no particular reason why an electronic direct credit system should provide any analogue to the right to stop payment on a cheque.

However, the rules have nothing to do with recovery of a payment already made. It is only because payment is complete and irrecoverable that there has been a payment under a mistake of fact. Recovery does not require that repayment be made by the same mechanism as the original payment.

A slightly different problem arises when the clearing house rules provide for recovery of the payment. Submissions from BPay have emphasised the role of the scheme rules in providing for recovery of a mistaken payment. In submissions to both the original and the recent consultation papers, BPay has called for a “carve out” to cater for its particular scheme rules.

The relationship between a customer and the clearing house rules is not a simple one. The clearing house rules are usually a multi-lateral contract by deed between the participating financial institutions. The customer is not a party to the clearing house rules and so is not, strictly speaking, bound by them.

On the other hand, the customer is entitled to demand that his or her financial institution take advantage of any clearing house rules that would advance the interests of the customer. This is simply because the financial institution is acting as agent for the customer in the payment transactions: see Riedell v Commercial Bank of Australia Ltd.16

It might be possible to bind the customer to the clearing house rules through the terms and conditions of the service. This approach faces several severe difficulties. If the result would be to deprive the customer of some of the common law rights, then the terms and conditions must “sheet home” to the customer the dangers that the changes might entail.17 In addition, such a term might breach consumer protection legislation such as the Contracts Review Act 1980 (NSW) or the forthcoming Unfair Contracts provisions.

These difficulties make it unwise to make special provisions for the clearing house rules of BPay or any other payment system. Indeed, the “carve out” is not necessary if the Code only provides procedures for implementing the normal common law rules. As argued below, that is the preferred choice for dealing with mistaken payments in the EFT Code.

Privacy

Payment has been made to the wrong person, and the payer who made the mistake probably does not know the identity of the mistaken payee. The receiving bank’s duty of secrecy, it is said, precludes them from disclosing the identity of the mistaken payee and, therefore, they cannot assist in recovery.

It is true that the duty of confidentiality clearly enunciated in Tournier v National Provincial & Union Bank of England18 prevents the bank from disclosing information about its customers except under the conditions itemised in Tournier itself. Similarly, the Information Privacy Principles (IPPs) of the Privacy Act 1988 (Cth) may prohibit the receiving bank from disclosing information.

The argument overlooks the fact that the identity of the mistaken payee is, generally, of no concern whatsoever to the payer. The paying bank acts as agent of the payer. The funds are paid to the receiving bank who receives the funds as agent of the payee: see (Goode 1983); Royal Products Ltd v Midland Bank Ltd.19

Since the funds are paid to the receiving bank, it is prima facie obliged to return the funds upon the payer establishing that payment was made under a mistake of fact: David Securities v Commonwealth Bank of Australia.20 The receiving bank may establish a defence if it can show that it has accounted to its principal, the mistaken payee, or show that it has in some other way changed its position in reliance on the payment. It cannot establish that merely by showing that it credited the account. It must show that the funds have been withdrawn by the mistaken payee, probably using the rule in Clayton’s case:21 see (Tyree 2003).

The payer need prove nothing more than that the mistake was made. It is then over to the receiving bank to either return the funds or to establish a defence. Both Tournier and the IPPs provide mechanisms for the receiving bank to disclose information sufficient to establish a defence if one exists.

Abuse/fraud

According to the Consultation paper (at para 192):

There is also a concern that depending on the approach taken, dealing with mistaken payments in the EFT Code could make the system more open to abuse and fraud by account holders who collude with each other, or where a single person opens two accounts using false identities.

It will depend upon the “approach taken”, but if the Code implements the rules similar to those of the existing common law then there will be relatively little scope for fraud. If the funds are still in the mistaken payee’s account, then the receiving bank merely debits the account. If the funds have been withdrawn, then the receiving bank has the defence of accounting to its principal and the payer bears the loss.

It will usually be obvious whether the payer has made a mistake. Most payments are made for the provision of goods and/or services. The payer will have an invoice or other document with the payee’s account details. It is easy to make the comparison between the invoice details and the details of the actual payment. In most cases, the mistaken payment is likely to be as simple as a transposition: the intended account is 12345 but the customer has entered 12435.

Similarly, the payee will usually have information about a justifiable payment. When the payment is for goods or services, the payee can provide details showing that the payment was for good consideration, a complete defence to the action for recovery of mistaken payment: see the explanation by Goff J in Barclays Bank Ltd v W J Simms Son and Cooke (Southern) Ltd22 and accepted by the High Court in David Securities v Commonwealth Bank of Australia;23 see also Australia and New Zealand Banking Group Ltd v Westpac Banking Corp.24 Where the mistake is overpayment, the court may order restitution of the surplus amount: see York Air Conditioning and Refrigeration (A/asia) Pty.Ltd. v. The Commonwealth.25

Of course, in a fraudulent operation these documents could be faked, but there is little to gain if the Code accepts that the receiving bank has the “accounted to principal” defence.

EFT Code

The above analysis suggests a shape for the EFT Code provisions dealing with the problem of mistaken payments. The Code should implement procedures which facilitate recovery in accordance with the legal rules of recovery. Departure from these rules raises several problems.

If the changed rules adversely affect the legal rights of the payer or mistaken payee, then the rules may be subject to a legal challenge. The customers of the institutions have not agreed except in the “Godfather” sense to be bound by the rules of the EFT Code. They are certainly free to challenge them as unfair contractual terms, a challenge that would have a very good chance of success if common law rights of recovery or defence are diminished.

If the changed rules gave the payer or the mistaken payee greater rights, then some additional losses must be absorbed by the financial institutions. Apart from the difficulty of obtaining agreement to such a change, the danger of fraud arising from collusion between payer and payee will be difficult to control.

There is a further advantage to adopting the normal legal rules. Under the terms of reference of the Financial Ombudsman Service, the Ombudsman is required to take into account the law, any applicable industry code or guideline, good industry practice and fairness in all the circumstances.26 Coordinating the Code of Conduct with the law would save conflict in cases before the FOS.

If it is accepted that the provisions of the Code should be aimed at facilitating recovery based on the legal principles, then basic provisions would include:

  1. The paying bank must investigate any claim of mistaken payment;

  2. upon determining that a mistake has induced a payment, the paying bank must notify the receiving bank and request a return of the funds;

  3. the receiving bank must return the funds unless:

    1. the funds have been withdrawn from the account of the mistaken payee; or

    2. upon investigation, the receiving bank determines that the payment was made for good consideration or that the payee has changed his or her position in reliance on the payment;

  4. upon returning the funds to the paying bank, the receiving bank may debit the account of the mistaken payee for the amount of the payment.

The Code should set guidelines as to what constitutes “mistaken payment”. In particular, it should specify that a payment is mistaken if the customer is given incorrect account information by a third party.

Several issues remain:

There are also problems here for the Financial Ombudsman Service (FOS). The FOS normally only deals with disputes between a customer and his or her financial institution. A dispute over mistaken payments is ultimately a dispute between the payer and the payee, but it will appear initially as a dispute betwen the payer and the receiving bank.

The problem for the FOS is that the receiving bank does not provide a financial service to the payer. Either the terms of reference for the FOS must be changed or the EFT Code must put the obligation directly on the paying bank.

Conclusions

Mistaken payments may pose complex problems, but the law is not as unsettled as some of the submissions to ASIC would pretend. The mistakes which lead to errors in the Internet banking payment system are simple. It will generally be simple to determine that a mistake has been made, and equally as simple to determine if the payment was made for good consideration.

The simplest and most satisfactory way for the Code to deal with mistaken payments is to put in place procedures that allow the payer to recover according to the rules of the general law.

As noted above, there are still a few issues to work through, but the round table discussions conducted by ASIC should be able to come to reasonable agreement on solutions.

Bibliography

Goode, Roy. 1983. Payment Obligations in Commercial and Financial Transactions. London: Sweet; Maxwell.
Tyree, Alan L. 2003. “Mistaken Internet Payments.” JBFLP 14 (2): 113–17.
Winfield, Percy. 1943. “Mistake of Law.” Law Quarterly Review 59: 327.