UK banks have no duty to safeguard the funds that customers deposit with them. This could explain why those customers have £37m stolen from their accounts every year.
This revelation came as a surprise, even to me. I was naive enough to believe that the fundamental part of the bank/customer relationship is this: if the customer agrees to comply with the bank’s security instructions, then the bank will take reasonable steps to keep criminals away from the cash.
I was wrong. The banks can put as much, or as little, effort into keeping your money safe as they see fit. You have no right to an opinion on how well your bank is doing. Neither does the Financial Ombudsman.
For example, if a bank becomes aware of a new fraud that specifically targets its customers, it has no need to warn them. It has no need to change its security procedures in any way. This is the opinion of the banks, and the Ombudsman supports them in this view.
The banks argue that they have to balance the security of their customers’ funds against the right of those customers to have free access to their money. The banks’ primary duty is to carry out their customers’ instructions. This is the opinion of the banks, and the Ombudsman supports them in this view.
Of course, if HSBC has a liquidity problem, it can deny its customers the right to withdraw more than £5000. Their inviolable duty to act on their customers’ instructions can be brushed away like an annoying insect. This is the opinion of the banks, and the Ombudsman supports them in this view.
I admit fault here. I should not have been surprised. This morality is entirely in keeping with pressuring their customers into taking on interest rate swaps, or buying insurance that they don’t want and will never be able to make a claim against.
This is the position in the UK. In the US, the situation is slightly different. The banks there have the same contemptuous attitude towards their customers, but the authorities are not so sycophantically compliant.
Courts in the US have ruled that when a bank becomes aware of a new fraud, it has an obligation to alter its systems in an attempt to prevent it. In case banks are unable to see how this could possibly be done, the courts have spelled it out for them.
They have said that banks must take into account a customer’s previous transfer behaviour when deciding whether to allow an online funds transfer. They must consider: the size of the transfer, the time taken to initiate the request, the identity of the receiving account, and whether the customer has ever transferred to that account before.
If you thought that banks already did all of this, that’s understandable, because they tell you that they do. Unfortunately, most of them don’t.
You can be sure that the banks won’t take this lying down. They have billions of dollars to spend on litigation so that they can avoid being dictated to by such upstarts. These rulings may well be overturned soon, but at least the courts had the courage to make them in the first place. Courts and regulators over here are far more timorous.
Imagine if UK banks could be compelled to spend an hour in re-coding their software to avoid thefts of £37m a year. This is far, far too much to ask of our poor beleaguered banks. The pillars of our civilisation could crumble and fall. These are scary and subversive ideas.
All of this leaves me with an unanswered question: why are we in the UK prepared to accept a level of incompetence from our banks that our cousins across the water will not tolerate?
- Second Major Banking Crash Imminent : HSBC Bank (b4inmain.wordpress.com)
- HSBC tightens cash withdrawal rules (bbc.co.uk)
- Court favors EMI in fraud suit (bankinfosecurity.co.uk)
- Patco Construction Company inc. v People’s United Bank (case.findlaw.com)