In a context of increasing financial fraud, particularly “CEO fraud” (fraude au president) attempts, the delineation of banks’ liability remains a major issue for businesses. The ruling handed down by the Court of Appeal of Montpellier on 11 September 2025 (No. 24/00820), confirming the decision of the Tribunal judiciaire de Perpignan of 25 January 2024, provides an interesting illustration of the banker’s duty of vigilance (devoir de vigilance), in the case of a single abnormal wire transfer.
The facts: a fraud of nearly 200,000 EUR
The case involved SAS France Feuillard against SA CIC (successor in rights to CIC Iberbanco). SAS France Feuillard, a company engaged in the import and export of packaging products, was the victim of a fraudulent wire transfer on 18 October 2021, in the amount of 198,741.23 EUR. This transfer was intended for a company based in Hungary.
The payment order had been initiated by the company’s secretary-accountant. The bank, SA CIC, argued that this employee had authorization to carry out all wire transfer operations without any amount limit through the “Filbanque Entreprise” and “Safetrans” services (a reinforced authentication process).
The Tribunal judiciaire de Perpignan had initially ordered the bank to reimburse the full amount. SA CIC appealed, arguing that the transaction was authorized and that its liability could not be engaged.
The applicable liability regime: authorized transaction and ordinary law liability
The central question was to determine the applicable liability regime.
1. Classification of the transaction
The Court recognized that the disputed wire transfer was indeed an authorized transaction (operation autorisee) within the meaning of the Code monetaire et financier (CMF). SA CIC thus maintained that only the provisions of Article L.133-21 of the CMF were applicable, excluding the strict liability regime provided for unauthorized transactions (Article L.133-18 of the CMF).
2. Application of ordinary law liability
The Court of Appeal of Montpellier ruled in favor of ordinary law liability (responsabilite de droit commun). It was held that, when the transaction is authorized, the bank’s liability cannot be sought solely on the basis of Article L.133-21 of the CMF, but rather on the basis of ordinary law liability.
This liability regime allows for the reintroduction of the concept of the banker’s fault (faute), particularly through a breach of the duty of vigilance.
The banker’s duty of vigilance regarding apparent anomalies
The principle is well-established: the prohibition against the banker interfering in the client’s affairs yields to the duty of vigilance (devoir de vigilance) when the banker is required to detect apparent anomalies (anomalies apparentes).
In the case of SAS France Feuillard, the Court identified several characteristics that constituted, for the financial institution, an apparent anomaly:
- The Exorbitant Amount: The payment order was for an “exorbitant” amount of nearly 200,000 EUR. The Court compared this amount with the company’s transaction history: the majority of wire transfers did not exceed 20,000 EUR, those approaching 100,000 EUR were rare, and the highest (max 121,000 EUR) concerned recurring beneficiaries. The particularity of this case lies in the fact that only a single wire transfer was abnormal.
- The New Beneficiary: The transfer was intended for a new beneficiary.
- The Foreign Destination: Although France Feuillard’s business included import/export, the beneficiary was foreign (located in Hungary, within the European Union).
These three combined elements should have alerted the bank to a risk of fraud.
The Court of Appeal further emphasized that “the disputed payment order for an exorbitant amount of nearly 200,000 EUR intended for a new beneficiary, foreign moreover, even if located within the European Union, exhibited the characteristics of an apparent anomaly suggesting fraud that should have led the bank, in a context of increasing so-called ‘CEO fraud’, to have this payment order validated by the company’s directors before executing it, the mere general call to all its clients for prudence printed on account statements not being sufficient to establish the bank’s performance of its duty of vigilance with respect to the company France Feuillard“.
Consequences
The Court of Appeal held that this apparent anomaly should have led the bank to take additional security measures, in particular to have the payment order validated by the company’s directors before executing it. The mere fact of having called its clients to prudence on account statements was not sufficient to establish the performance of the duty of vigilance.
Consequently, the Court of Appeal of Montpellier upheld the first instance judgment in all its provisions. The loss suffered by SAS France Feuillard was considered as resulting from the sole fault of SA CIC.
SA CIC was ordered to pay SAS France Feuillard the sum of 198,741.23 EUR, together with statutory interest, thereby confirming its liability and the necessity of full reimbursement. This decision underscores the importance for financial institutions to implement sophisticated alert systems capable of detecting transactions exhibiting unusual characteristics compared to their clients’ payment habits.
