55logo mikael le bot avocat

The Banker’s Duty of Vigilance: An Essential Shield Against CEO Fraud, Still Relevant (Cass. com., June 12, 2025, No. 24-10.168 and No. 24-13.697)

  • Banking Law

Two recent decisions by the French Court of Cassation reaffirm that the duty of vigilance of banks remains fully relevant and recall the interplay between this general law regime and the special regime provided by the French Monetary and Financial Code.

The general law duty of vigilance regains its full relevance when the special regime governing payment transactions does not allow the bank’s liability to be engaged.

These essential decisions put an end to uncertainties regarding the possibility for a fraud victim to rely on the banker’s duty of vigilance if the transactions were considered “authorized” or “improperly executed,” which had arisen following the ruling of March 27, 2024 (Cass. com., March 27, 2024, No. 22-21.200, Published in the bulletin).

Cass. com., June 12, 2025, No. 24-10.168

Cass. com., June 12, 2025, No. 24-13.697

What Is the Banker’s Duty of Vigilance? An Exception to the Principle of Non-Interference

In an ever-evolving digital landscape, where cybercriminals deploy remarkable ingenuity, protecting the assets of our businesses and individuals is a major concern. Beyond the strict legal obligations governing payment transactions, French case law, particularly from the Court of Cassation, continues to reaffirm and refine this fundamental principle known as the banker’s duty of vigilance.

Traditionally, the banker is subject to a principle of non-interference (or non-intervention) in the client’s affairs. This means that, in principle, the banker must not interfere with, investigate, or demand justifications regarding the advisability or regularity of the client’s payment transactions, provided they appear regular.

However, this principle is not absolute. It finds an essential limitation in the credit institution’s duty of vigilance, which is triggered when a transaction presents an apparent anomaly. This anomaly may be:

  • Material: for example, an obvious falsification of a document.
  • Intellectual: a wire transfer order that is unusual relative to the client’s habits, business activity, or the very nature of the transaction.

When faced with such anomalies, the bank is held to a heightened duty of monitoring and vigilance. It must then take all appropriate precautions, particularly by alerting its client so that verifications can be carried out.

It is important to emphasize that this duty of vigilance is grounded in the general law of contractual liability (now Article 1231-1 of the French Civil Code, formerly Article 1147). It should not be confused with the specific obligations relating to anti-money laundering and counter-terrorism financing (Articles L. 561-1 et seq. of the French Monetary and Financial Code), whose purpose is to protect the general interest and cannot be invoked by a fraud victim to obtain compensation.

The Duty of Vigilance: Alive and Clarified by the Latest Decisions

The question of the interplay between the special liability regime for payment service providers (derived from the Payment Services Directive and Articles L. 133-1 et seq. of the French Monetary and Financial Code) and the general law duty of vigilance is complex and has been the subject of intense debate. However, the very latest decisions of the Court of Cassation, dated June 12, 2025 (Cass. com., June 12, 2025, No. 24-10.168; Cass. com., June 12, 2025, No. 24-13.697), confirm that the duty of vigilance has not been extinguished and remains a basis for action for fraud victims, even when transactions are considered “authorized” under the special regime.

Let us examine two landmark cases, considered simultaneously by the Court of Cassation, which perfectly illustrate this vitality and its nuances:

The Ouest Acro Case (Angers Court of Appeal, Jan. 23, 2024, No. 22/01008; Cass. com., June 12, 2025, No. 24-13.697)

  1. The facts: SAS Ouest Acro was the victim of “CEO fraud” orchestrated by an accounting employee. Between February 10 and March 9, 2020, 11 fraudulent wire transfers, totaling nearly 1.3 million euros, were made to accounts in Romania, Hungary, and Poland. The fraud was discovered thanks to an alert from another bank of the client. Ouest Acro sued its bank, Credit Mutuel, for breach of its duty of vigilance.
  1. The Angers Court of Appeal decision: The court largely upheld the first instance decision, even increasing the amount of damages owed by the bank. It held that Credit Mutuel had breached its duty of vigilance due to several apparent anomalies:
    • The high number and large value of the transfers (between 81,345.72 euros and 191,418.63 euros each) made over a very short period (less than one month).
    • The destination of the funds to Eastern European countries (Romania, Hungary, Poland) to which the company had no habitual dealings, despite the bank’s knowledge that the company’s business was almost exclusively domestic.
    • The exceeding of the authorized ceiling for certain transfers and the request for an exceptional overdraft to execute them.
    • The failure to verify with the company’s director (Mr. [U]) or the financial director, unlike another bank.
  1. The apportionment of liability: Despite the bank’s fault, the Court of Appeal maintained a 50% apportionment of liability between the bank and Ouest Acro. The company’s serious negligence was noted: the lack of monitoring and internal controls over the accountant’s transactions, the fact that a considerable sum could be embezzled over nearly a month without the managers noticing, and a deficient management of delegations that allowed the accountant to operate without sufficient hierarchical oversight.
  1. The contribution of the Court of Cassation (June 12, 2025): In its ruling No. 24-13.697, the Court of Cassation quashed and annulled the Angers Court of Appeal decision. Not on the principle of the duty of vigilance, but on its application. The Court of Cassation faulted the Court of Appeal for not having investigated whether the bank, despite the presence of apparent anomalies, had not satisfied its duty of vigilance by obtaining confirmation from an authorized person (Mr. [U] in this case), before executing the orders. This ruling is crucial: it confirms that the duty of vigilance is indeed in place, but that it can be satisfied by an effective verification process with the client or their authorized representative.

The X Medical Picture Case (Paris Court of Appeal, Nov. 8, 2023, No. 21/20107; Cass. com., June 12, 2025, No. 24-10.168)

  1. The facts: Similarly to Ouest Acro, an accountant at X Medical Picture was the victim of “CEO fraud,” making four wire transfers totaling 384,625.41 euros to Hungary.
  1. The Paris Court of Appeal decision: The court upheld the first instance judgment dismissing the company’s claims, holding that the bank had not breached its duty of vigilance. It based its decision on the following findings:
    • The transfer amounts, although high (over 90,000 euros each), remained within the contractually agreed daily limits.
    • The transactions were amply covered by the account’s credit balance.
    • The destination of the transfers (a licensed Hungarian bank within the European Union) did not “particularly attract attention in terms of security,” even though it was unusual for the client.
    • The length of the banking relationship or the client’s prior habits are not, by themselves, sufficient to require the bank to interfere in the client’s affairs.
  1. The contribution of the Court of Cassation (June 12, 2025): In its ruling No. 24-10.168, the Court of Cassation dismissed the appeal by X Medical Picture, thereby upholding the Paris Court of Appeal decision. It held that the Court of Appeal, exercising its “sovereign discretion,” was able to conclude that the transactions did not present anomalies that should have alerted the bank. This ruling demonstrates that while the duty of vigilance exists, it is not unlimited and does not lead to systematic bank liability in the absence of sufficiently characterized anomalies.

The Duty of Vigilance and the Special Regime of the Payment Services Directive: The Long-Awaited Clarification

An essential clarification was provided by the Court of Cassation regarding the interplay between the general law duty of vigilance and the special regime governing payment services. For a time, there was uncertainty as to whether a fraud victim could rely on the banker’s duty of vigilance if the transactions were considered “authorized” or “improperly executed” under Articles L. 133-1 et seq. of the French Monetary and Financial Code.

The Court of Cassation, particularly in a ruling of March 27, 2024 (Cass. com., March 27, 2024, No. 22-21.200, Published in the bulletin), had stated that the special regime is exclusively applicable in cases of unauthorized or improperly executed transactions. This had led some litigants and legal scholars to consider that this meant the bank’s liability could not be pursued on general law grounds for breach of its duty of vigilance if the special regime was applicable. This position was notably based on the full harmonization of the European directive.

However, the rulings of June 12, 2025 (Cass. com., June 12, 2025, No. 24-10.168; Cass. com., June 12, 2025, No. 24-13.697) provide a fundamental nuance. The Court of Cassation, while acknowledging that the claim based on Articles L. 133-18 and L. 133-23 of the French Monetary and Financial Code could not succeed (as the transactions were considered authorized), expressly held that it remained to be determined whether the bank had not, nevertheless, breached its duty of vigilance given the circumstances. This means that the general law duty of vigilance regains its full relevance when the special regime governing payment transactions does not allow the bank’s liability to be engaged (for example, if the payment is deemed “authorized” but there are apparent anomalies). This is confirmation that this duty is very much alive and acts as a legal safety valve for clients.

In conclusion

The banker’s duty of vigilance is a dynamic concept, constantly refined by case law. Far from being obsolete, it is an essential pillar for the protection of clients against the increasing sophistication of fraud. The latest decisions of the Court of Cassation confirm that even if payment transactions may be formally “authorized,” the bank remains subject to a duty to alert and verify in the presence of apparent anomalies.

This liability is, however, not absolute and must be assessed in light of the specific circumstances of each case and the existence or absence of negligence on the part of the client. In this complex area, the guidance of a lawyer specializing in banking law is essential to evaluate the chances of success of a claim and navigate the subtleties of this field.

FAQ: The Duty of Vigilance of Banks in Fraud Cases

This FAQ aims to shed light on the complex facets of this obligation, detailing the delicate interplay between general liability law and the special regime governing payment services derived from European law as clarified by recent case law of the Court of Cassation.

1. What is the banker’s duty of vigilance?

The duty of vigilance is the care that the banker must exercise over transactions processed through their institution. It requires the banker to examine the apparent regularity of transactions before executing them. This duty is contractual in nature, arising from general contract law, and aims to protect the client’s interest. It must be distinguished from statutory duties of vigilance (for example, anti-money laundering obligations), which are designed to protect the general interest and cannot be invoked by the victim for private compensation purposes.

2. When is a bank’s liability engaged for breach of its duty of vigilance?

A bank’s liability may be engaged if it breaches its duty of vigilance in the presence of apparent anomalies in wire transfer transactions. In such circumstances, the bank is held to a heightened duty of monitoring and vigilance and must take all appropriate precautions, particularly by alerting its client so that verifications can be carried out.

This is particularly true for payment transactions that have been authorized by the user (for example, by a duly authorized employee) but that are tainted by internal fraud. In such cases, the special regime for unauthorized payment transactions (Articles L. 133-18 et seq. of the French Monetary and Financial Code) does not directly apply, and the bank’s liability may be pursued on the basis of its general law duty of vigilance.

3. Is the bank’s principle of non-interference absolute?

No, the principle of non-interference (or non-intervention), according to which the banker must not interfere in the client’s affairs, is not absolute. It finds its limit in the credit institution’s duty of vigilance. The bank is not required to investigate the origin or amount of funds if the transactions appear regular. However, if a transaction presents an apparent anomaly (material or intellectual), the bank must inquire and potentially alert its client.

4. What is the interplay between the duty of vigilance (general law) and the special regime governing payment services derived from European law?

The interplay between these two regimes is a central question and has been clarified by recent case law:

  • For unauthorized or improperly executed payment transactions: Articles L. 133-18 et seq. of the French Monetary and Financial Code, which transpose the European Payment Services Directive, establish a special and exclusive liability regime. In such cases (for example, a forged check, an unconsented wire transfer), the bank is required to reimburse the payer, and the banker’s liability cannot be pursued on the basis of general contractual liability law for breach of the duty of vigilance. This regime is exclusively applicable because the European directive provides for “full harmonization” in this area.
  • For authorized payment transactions: If a payment transaction is considered “authorized” (for example, a wire transfer made by a duly authorized employee of the company, even if acting fraudulently), the special regime under Articles L. 133-18 et seq. of the French Monetary and Financial Code does not apply. In this situation, the bank’s liability may be pursued on the basis of its general law duty of vigilance, if apparent anomalies were not detected or if the bank failed to carry out the necessary verifications with the client.

The Court of Cassation, in the case opposing Credit Mutuel and Ouest Acro, confirmed that the bank’s liability could be pursued for breach of its duty of vigilance, even though the payments had been authorized.

5. What is an “apparent anomaly”? What examples are relevant?

An apparent anomaly is an irregularity that should attract the bank’s attention, whether through the documents provided, the nature of the transaction itself, or the operation of the account.

Examples of apparent anomalies that engaged the bank’s liability (Ouest Acro case):

  • The high number and large value of the transfers (amounts ranging from 81,345.72 euros to 191,418.63 euros) over a very short period (less than one month).
  • The destination of the funds to Eastern European countries (Romania, Hungary, Poland) to which the client company had previously had no dealings.
  • The exceeding of the authorized ceiling and the request for an authorized overdraft (400,000 euros) in an unusual manner.

Examples of situations held insufficient to characterize an apparent anomaly (X Medical Picture case):

  • The transfer amounts remaining within the contractually agreed daily limits.
  • The amounts remaining amply covered by the account’s credit balance.
  • The destination of the transfers to an account held at a bank licensed in an EU member state that did not particularly attract attention in terms of security (Hungary).
  • The length of the banking relationship or the client’s prior habits are not sufficient on their own to require the bank to interfere.

6. Can the victim’s negligence reduce the bank’s liability?

Yes, the victim’s negligence may reduce the bank’s liability, as it is considered to have contributed to the occurrence and persistence of the fraud.

In the Ouest Acro case, the victim company was found guilty of serious negligence that facilitated the fraud:

  • The high level of authorization granted to the accountant without adequate supervision or controls.
  • The failure to monitor the company’s accounts, allowing considerable sums to be embezzled over nearly a month without detection.
  • A deficient management of delegations granted to the accountant, enabling them to carry out any transaction via the telematic service despite having no internal decision-making authority.

As a result, liability was apportioned at 50% between Ouest Acro and the bank at both first instance and on appeal. However, the Court of Cassation annulled the appeal decision, directing the Poitiers Court of Appeal to re-examine whether the bank had satisfied its duty of vigilance by obtaining confirmation from an authorized person, even in the presence of the victim’s negligence.

7. What types of damages can be compensated in case of breach of the duty of vigilance?

Compensable damages may include:

  • The loss of transferred funds that were not recovered.
  • Ancillary financial costs, such as expenses related to taking out an emergency bank loan to offset the cash shortfall.
  • Additional economic loss, such as that resulting from the need to reorganize the business, sell assets, or carry out capital increases to strengthen equity, affecting the company’s investment capacity or ability to bid for contracts.
  • Moral and reputational damage may also be claimed, although it must be specifically demonstrated and was not awarded in the Ouest Acro case.

For unauthorized transactions falling under the special regime (L. 133-18 CMF), the bank must immediately reimburse the amount and restore the account. National law may provide for additional compensation.

8. Does the “Safetrans” system or other authentication mechanisms affect liability?

In the Ouest Acro case, the wire transfers were made via the bank’s telematic service, using the Safetrans procedure, after authentication of the accountant with their personal card. The Court held that these transactions, although carried out via a personalized security device and technically “authorized,” do not exempt the bank from its duty of vigilance if apparent anomalies should have alerted it.

Indeed, the fact that a transaction is formally regular and processed through a secure system does not relieve the bank of heightened vigilance in the face of manifestly unusual circumstances. The Court of Cassation further emphasized that the judge must verify whether the bank did obtain confirmation from an authorized person, even if the wire transfers were made through a secure system.

1521 2281 max

Besoin de conseils juridiques personnalisés ?

Ne restez pas seul face à vos questions. Un avocat peut vous rappeler gratuitement pour faire le point sur votre situation.

Être recontacté par un avocat

Besoin de conseils juridiques personnalisés ?

RGPD :

Articles similaires

comment annuler une caution solidaire sur un prêt professionnel : démarches et conditions

How to Cancel a Joint and Several Guarantee on a Business Loan: Steps and Conditions

A joint and several guarantee (cautionnement solidaire) is a significant financial commitment for a business executive seeking a professional loan. On the other hand, certain ...

Advisory Opinion of the Cour de cassation on Acceleration Clauses – Cass. 1st Civ., 8 Oct. 2025, No. 25-70.016, Published in the Bulletin

The Cour de cassation recently issued an important advisory opinion on 8 October 2025 (reference: Cass. 1re civ., 8 oct. 2025, n° 25-70.016, Publié au ...

Need a Lawyer for Your Consumer Credit? Legal Advice and Defense of Your Rights

When facing difficulties related to consumer credit, it is essential to know your rights and understand how to enforce them. A lawyer specializing in banking ...