In the context of companies that are victims of embezzlement committed by their own employees, French banking law rests on a complex balance between the protection of third parties and the freedom of circulation of funds.
A recent decision of the Court of Cassation (Cass. com., 14 January 2026, No. 24-19.102, Published in the Bulletin) clarifies the limits of what companies can demand from their bank.
CA Toulouse, 2e ch., 18 juin 2024, n° 21-04745
Cass. com., 14 janv. 2026, n° 24-19.102, Publié au bulletin
I. The Duty of Vigilance: A Fundamental Principle at the Service of Transaction Security
Under French law, the bank is bound by a duty of vigilance (devoir de vigilance) and a duty of non-interference (devoir de non-ingérence). These two obligations coexist and sometimes conflict:
- The duty of vigilance requires the bank to detect material anomalies (e.g. a formal irregularity on a cheque) and intellectual anomalies (e.g. a transaction that is manifestly inconsistent with the usual functioning of an account).
- The duty of non-interference prohibits the bank from interfering in the client’s affairs, particularly regarding the economic merit of the transactions carried out.
The question raised by the Heppner case was: to what extent must a bank detect irregular transactions carried out by a company’s own employee, using duly signed instruments?
II. Embezzlement by an Employee: A Recurring but Legally Complex Scenario
In the case at hand, the company Heppner, a freight transport and logistics group, discovered that one of its employees had been embezzling funds by issuing cheques on the company’s account for her personal benefit over several years.
The critical issue was the nature of the anomaly:
- The cheques bore genuine signatures of authorised persons.
- The amounts, while significant, did not individually appear extraordinary for a company of this size.
- The beneficiary was a natural person (the employee herself or accomplices), which could have raised questions for certain transactions.
III. The Court of Cassation’s Decision: The Strict Limits of the Duty of Vigilance
The Court of Cassation upheld the Court of Appeal of Toulouse’s decision dismissing Heppner’s claims against its bank. The Supreme Court’s reasoning rests on several key principles:
- Regularity of form takes precedence: When a cheque bears the genuine signature of an authorised person and presents no material anomaly (no alteration, no forgery), the bank is not required to verify the underlying purpose of the payment.
- The intellectual anomaly must be manifest: The Court recalls that an intellectual anomaly only triggers the duty of vigilance when the transaction is “manifestly inconsistent” with the account’s usual operation. In this case, the individual amounts of the cheques were not disproportionate to the company’s normal activity.
- The company’s own failings: The Court noted that Heppner itself failed to implement adequate internal controls. The employee had been able to operate for years without detection, suggesting a deficiency in the company’s own supervisory mechanisms.
Concrete Illustration: The Fraud Scheme in the Heppner Case
The fraudulent scheme typically involved the issuance of cheques drawn on the company’s account, signed by authorised persons who were unaware of the fraudulent purpose, with the proceeds being deposited into accounts controlled by the employee or her accomplices. This classic modus operandi exploits the gap between the formal validity of payment instruments and the actual legitimacy of the underlying transactions.
IV. Significance of the Decision: The Balance Between Vigilance and Non-Interference
This ruling serves as a reminder that:
- Banks are not insurers against internal fraud: The duty of vigilance does not extend to detecting all forms of internal embezzlement within a client company.
- Companies bear primary responsibility for implementing internal controls capable of detecting and preventing embezzlement by their employees.
- The threshold for bank liability remains high: Only truly manifest anomalies — gross material irregularities or transactions that are strikingly inconsistent with the account’s normal patterns — will engage the bank’s liability.
- The duty of non-interference protects the bank: So long as payment instruments are formally regular, the bank is not required to question the business purpose behind client transactions.
For companies, this decision underscores the critical importance of robust internal audit procedures and segregation of duties. Relying on the bank as a last line of defence against employee fraud is a strategy that this ruling firmly discourages.
