An employee embezzles more than 260,000 euros from her employer over 13 months through 58 successive wire transfers to her personal accounts. Should the receiving banks have reacted? In a decision published in the bulletin on January 14, 2026, the Commercial Chamber of the Court of Cassation firmly answers: no, not in the absence of any indication of forgery. A ruling that once again redraws the boundaries of the banker's duty of vigilance -- in an increasingly favorable direction for credit institutions, at the very moment when their detection capabilities have never been more powerful.
Cass. com., January 14, 2026, No. 24-19.102, Published in the Bulletin
The Facts: A Well-Rehearsed Scheme
The case begins between 2015 and 2016. Ms. T., employed since 1999 by Heppner, a freight transport company, was responsible for managing customs duty advances to the State on behalf of her employer’s clients. In this role, she held a strategic position in the payment chain.
Her scheme was simple yet effective. She provided two of Heppner’s client companies — Magetec and Tec Loisirs — with falsified bank account details bearing her employer’s name but actually containing the IBANs of her personal accounts, one opened at BNP Paribas and the other at the Caisse Regionale de Credit Agricole Mutuel Toulouse 31. She went even further: to reinforce the appearance of legitimacy of these bank details, she fabricated a fake letter purportedly from Heppner’s finance director and customs manager, validating this supposed change of account.
The client companies, deceived in good faith, then paid directly into Ms. T.’s personal accounts the sums they owed to Heppner. To conceal the entire scheme, the employee created fictitious credits, issued false invoices in the name of other client companies, and thus disguised the accounting records for many months.
The toll was heavy: 166,701 euros embezzled through Magetec transfers, 93,509 euros through Tec Loisirs transfers, plus an additional 9,504 euros misappropriated from the works council of which she was treasurer. In total, 260,210 euros passed through her personal accounts in barely 13 months, through 58 wire transfers ranging from 773 to 20,163 euros.
Definitively convicted on October 9, 2018 by the Toulouse Criminal Court for fraud, forgery and use of forged documents, Ms. T. explained her actions by the need to repay the combined installments of approximately twenty personal loans, amounting to roughly 6,500 euros per month, while her net salary was only 1,910 euros.
The Court of Appeal’s Position: “Entirely Obvious” Irregularities
In a judgment dated June 18, 2024, the Toulouse Court of Appeal had upheld the first instance judgment by finding the two receiving banks — BNP Paribas and Credit Agricole — liable for breach of their duty of vigilance.
Heppner, the victim of the embezzlement, had sued the banks on the basis of general tort liability (Article 1240 of the Civil Code), rather than under the special regime of the Monetary and Financial Code. This choice was strategic: as a third party to the banking relationship between Ms. T. and her banks, Heppner could not invoke the provisions of Article L. 133-21 of the Monetary and Financial Code, which are reserved solely for the bank’s customer. It therefore had to demonstrate the existence of an ordinary fault.
And that is precisely what the Court of Appeal had accepted. According to the Toulouse judges, Ms. T.’s accounts exhibited “significant and entirely obvious irregularities.” Their reasoning was based on a body of converging evidence: the accounts of an employee earning 1,910 euros net per month, already regularly debited for substantial loan repayments, had received 260,210 euros from legal entities with no prior connection to her, through 58 wire transfers over 13 months. The court deduced that by failing to carry out “any additional verification” and by not requesting “any explanation” from Ms. T., each bank had committed a fault that contributed to the damage.
BNP Paribas was thus ordered to pay 188,178 euros to Heppner, and Credit Agricole 72,032 euros, each bank being liable for the sums received in accounts held on its books.
The Cassation: The Principle of Non-Interference Above All
BNP Paribas filed an appeal in cassation. The Court of Cassation ruled in its favor and partially quashed the appeal judgment, in a statement of principle destined to mark the case law:
“The bank, bound by an obligation of non-interference in its client’s affairs, is not required to conduct investigations into the origin and magnitude of funds deposited into its accounts, nor even to question the client about the existence of large-scale transactions, provided that these operations appear regular and no indication of forgery can be detected.”
In other words, the Court of Cassation faulted the Court of Appeal for failing to identify genuine “easily detectable apparent irregularities” affecting the wire transfers executed. The grounds relied upon by the lower court judges — the large amounts involved, the multiplication of transfers, their origin from legal entities, the discrepancy with the beneficiary’s income — were, according to the Supreme Court, “insufficient” to justify an obligation of verification on the part of the bank.
The case is referred back to the Toulouse Court of Appeal, with a differently composed bench.
Lessons from the Decision
This judgment, published in the bulletin, is rich with lessons. It forms part of a recent case law movement that is progressively redefining the boundaries of the apparent irregularity in banking law.
The Primacy of the Duty of Non-Interference
The decision first forcefully reaffirms that the duty of non-interference remains the guiding principle of the relationship between the banker and the client. This principle is fundamental: the bank must not transform itself into a controller of its clients’ finances. It is not required to scrutinize the origin of funds, to question the consistency between declared income and amounts received, nor to request justifications for every unusual transaction.
The duty of vigilance, for its part, is merely an exception to this principle. And like any exception, it must be strictly circumscribed. This is precisely what the Court of Cassation achieves here with remarkable clarity.
The Amount and Frequency of Transactions Are No Longer Sufficient
One of the major contributions of this decision lies in the fact that neither the magnitude of the sums transferred relative to the beneficiary’s income, nor the fact that the ordering party had never previously made payments to the account, nor the multiplication of transactions over a short period, constitute in themselves apparent irregularities requiring the receiving banker to suspend the crediting of funds.
This reasoning is, moreover, not entirely new. In three judgments of November 19, 2025, the Court of Cassation had already initiated this refocusing by clarifying the criteria for apparent irregularity in the context of atypical investments (Cass. com., Nov. 19, 2025, No. 24-18.534) and CEO fraud (Cass. com., Nov. 19, 2025, No. 24-17.780 and No. 24-17.056). The decision of January 14, 2026 confirms and extends this interpretation, this time applying it to the specific case of embezzlement committed by an employee.
With this case law, it becomes clear that the Court of Cassation no longer wishes to see convictions based on mere “intellectual irregularities” — that is, on the retrospective reasoning that goes: “given this client’s profile, these transfers should have alerted the bank.” This type of reasoning, however logical it may appear in hindsight, is no longer sufficient to engage the banker’s liability.
The Emergence of the “Indication of Forgery” Criterion
This is perhaps the most innovative contribution of the decision. By requiring that a bank can only be held at fault when an “indication of forgery” is detectable, the Court of Cassation introduces a concrete and material criterion, distinct from mere financial disproportion.
What constitutes an indication of forgery? The Court does not yet define it precisely, and therein lies the entire stake of future case law developments. One can, however, reasonably consider that it could involve objectively verifiable elements, such as bank details containing visible material inconsistencies (for example, a beneficiary name not matching the account holder), a manifestly forged signature, a banking document showing detectable alterations, or inconsistent technical data in the transfer order.
In contrast, the abnormal functioning of an account relative to its holder’s profile — which falls under intellectual irregularity — no longer appears capable of being classified as an indication of forgery within the meaning of this case law.
This distinction is crucial. It concretely means that to engage the liability of the receiving bank, it will no longer suffice to demonstrate that the transactions were “suspicious” by virtue of their scale or frequency. It will be necessary to prove that the wire transfers themselves, or the documents accompanying them, bore a tangible sign of forgery that the bank should have detected.
A Case Law Trend at Odds with Technological and Regulatory Reality
While the decision is perfectly coherent from the standpoint of classical banking law principles, it nevertheless calls for critical scrutiny. For the Court of Cassation’s reasoning rests, implicitly, on a conception of the banker that may have little to do with today’s reality.
Unprecedented Detection Capabilities
When the duty of non-interference was forged by case law, banks operated with rudimentary means: paper statements, physical counters, and necessarily limited human verification. Requiring them to scrutinize every transaction effectively imposed a disproportionate burden and an unjustifiable interference in their clients’ affairs.
But that era is over. In 2026, banking institutions have technological tools of considerable power at their disposal. Automated transaction monitoring systems, artificial intelligence-based anomaly detection algorithms, real-time behavioral scoring, client profiling systems and their spending habits: all of this enables banks to instantly detect atypical transaction patterns without a human eye ever needing to review the operation.
The case of Ms. T. is particularly telling in this regard. An employee earning a net salary of 1,910 euros per month, whose account is regularly debited for loan repayments, suddenly receives recurring transfers of several thousand euros from legal entities with which she has never had any connection. Any modern transaction monitoring system would have been capable of flagging this anomaly automatically from the very first transfers. It is difficult to conceive that the algorithms of BNP Paribas, one of the largest banking groups in Europe, were unable to detect such a pattern.
To assert, in this context, that the bank had nothing to verify because no “indication of forgery” was detectable amounts, in practice, to ignoring what the bank knew — or, more precisely, what it could not have failed to know.
Increasingly Stringent Regulatory Obligations
The disconnect is all the more striking given that, alongside this rise in technological capability, the regulatory framework has continuously strengthened the surveillance obligations of banking institutions.
Commission Delegated Regulation (EU) 2018/389 of November 27, 2017, supplementing Directive (EU) 2015/2366 (PSD2) with regulatory technical standards relating to strong customer authentication (known as the “SCA RTS”), perfectly illustrates this evolution. Its Article 2 requires payment service providers to implement transaction monitoring mechanisms capable of detecting unauthorized or fraudulent payment operations. More specifically, these mechanisms must rely on the analysis of parameters such as compromised data lists, the amount of each transaction, known fraud scenarios, and signs of malware infection.
Article 2, paragraph 3, of the same regulation goes even further: it requires these monitoring mechanisms to take into account, “at a minimum,” a list of risk factors including the user’s usual spending profile, the abnormal amount of the transaction relative to that profile, and unusual transactional patterns.
Now, what do we observe in the Heppner case? Precisely this type of pattern: transactions whose amount and frequency were radically incompatible with the usual profile of the account holder. In other words, the elements that the Toulouse Court of Appeal had identified as constituting apparent irregularities correspond, almost word for word, to the risk factors that European law requires banks to monitor.
A Paradox Difficult to Justify
There is therefore a striking paradox in the current situation. On one hand, European law requires banks to implement sophisticated detection systems capable of identifying unusual transactions in real time. On the other hand, the Court of Cassation considers that these same unusual transactions do not constitute apparent irregularities justifying a verification obligation.
The result is, to say the least, peculiar: banks are required by regulation to possess tools that enable them to see. But the case law authorizes them not to look.
This disconnect between European positive law and the case law of the Court of Cassation deserves to be questioned. It amounts, in practice, to relieving banks of all liability as long as the wire transfer presents no apparent material defect (forged bank details, counterfeit signature, altered document), even when all behavioral indicators should have triggered an alert. It is to act as if an apparent irregularity can only be material, never intellectual — which, beyond legal logic, offends common sense.
Who Benefits from This Interpretation?
It is difficult not to notice that this case law trend, which has been taking shape since the judgments of November 19, 2025, is remarkably favorable to banking institutions. By raising the threshold of apparent irregularity to the point of admitting practically only indications of material forgery, the Court of Cassation is making it increasingly difficult for victims of embezzlement to obtain compensation from receiving banks.
It must be stated clearly: in a case like this one, where 260,210 euros passed through the personal accounts of an employee earning less than 2,000 euros per month over 13 months, originating from companies with no connection to her whatsoever, to hold that the bank had no reason to inquire is a legal fiction. It is a fiction useful to the banking system, certainly, but it is a fiction.
The victims of these schemes — often businesses, sometimes small ones — thus find themselves facing a wall: the perpetrator of the embezzlement is most often insolvent, and the bank, the sole solvent debtor in the chain of liability, is protected by a duty of non-interference whose interpretation is becoming ever more restrictive.
Outlook: Toward What Balance?
Through small touches, the law takes shape before us — but the direction it is heading raises questions. The challenge for the years ahead will be to determine whether this restrictive reading of apparent irregularity is sustainably tenable in the face of evolving regulatory obligations and the technological capabilities of banks.
Several avenues would merit exploration by legal scholars and lower courts alike. The first would consist of incorporating, within the very notion of apparent irregularity, the alerts that banking monitoring systems are regulatorily required to generate. If a bank is obligated by European law to detect abnormal transactions, can it still claim not to have seen them? The second avenue would involve a more refined articulation between the civil law duty of non-interference and the prudential obligations arising from European law, by considering that regulatory technical standards participate in defining the standard of conduct of a normally diligent banker.
In the meantime, practitioners will need to adapt to this new landscape. For embezzlement victims, this means that arguments must henceforth focus not on the account holder’s profile or the disproportionate nature of the transactions, but on demonstrating concrete and material indications of forgery — or, perhaps, on regulatory grounds, by directly invoking the surveillance obligations arising from European law in an attempt to establish banking fault.
A field that remains, for now, largely unexplored before French civil courts.
References:
Cass. com., Jan. 14, 2026, No. 24-19.102, Published in the Bulletin
CA Toulouse, 2nd Ch., June 18, 2024, No. 21/04745
Cass. com., Nov. 19, 2025, No. 24-18.534 (atypical investments)
Cass. com., Nov. 19, 2025, No. 24-17.780 and No. 24-17.056 (CEO fraud)
Commission Delegated Regulation (EU) 2018/389 of November 27, 2017 (SCA RTS), Art. 2
Directive (EU) 2015/2366 of November 25, 2015 (PSD2)
