55logo mikael le bot avocat

Falsified IBAN and Duty of Vigilance – Court of Appeal of Besancon, 16 September 2025 (No. 24/01218)

  • Banking Law

In a financial environment increasingly exposed to fraud, the question of Payment Service Providers’ (PSPs) liability in the event of a misdirected wire transfer is crucial. The ruling by the Court of Appeal of Besancon on 16 September 2025 (No. 24/01218) offers a detailed analysis of the duty of vigilance incumbent upon banks when faced with documentary anomalies, even when the payment order originates from the client.

In a financial environment increasingly exposed to fraud, the question of the liability of Payment Service Providers (PSPs) in the event of a misdirected wire transfer is crucial. While the Code monetaire et financier (CMF) establishes a strict regime for unauthorized payments, case law clarifies the limits of ordinary contractual liability for transactions considered “authorized.”

The ruling handed down by the Court of Appeal of Besancon on 16 September 2025 (No. 24/01218) offers a didactic and detailed analysis of the duty of vigilance (obligation de vigilance) incumbent upon banks when faced with documentary anomalies, even when the payment order originates from the client.

I. The factual context: a wire transfer fraud in the context of real estate financing

The case involved Mr. [K] [J] against SA Caisse d’Epargne et de Prevoyance de Bourgogne Franche-Comte, a payment service provider. Mr. [J] had taken out a loan from Caisse d’Epargne to finance the acquisition of a property under a contract for sale in a future state of completion (VEFA).

The procedure provided that payments for work progress invoices to the builder would be made by the bank upon presentation of:

  1. The work progress invoice signed by the contractor.
  2. A bank identity statement (RIB) corresponding to the identifiers of the receiving bank.

Mr. [J] had already executed three successive payment orders following this procedure. The dispute concerned a fourth payment order dated 15 April 2022, in the amount of 49,750 euros, to which the work order and a RIB were attached. This fourth transfer was never received by the contractor, although it was debited from Mr. [J]’s account.

The Tribunal judiciaire de Belfort had initially ordered the bank to reimburse the remaining sum of 31,473.56 euros, finding a breach of the bank’s duty of vigilance in respect of the material anomalies in the last RIB. Caisse d’Epargne appealed this judgment.

II. Classification of the transaction: authorized payment and ordinary law liability

To determine the applicable liability regime, the Court of Appeal first had to classify the transaction, i.e., establish whether the transfer was authorized or unauthorized.

1. Distinction between the regimes

  • Unauthorized Payment: Defined as one where a modification not originating from the payer intervened in the process. If the transaction is deemed unauthorized, Article L. 133-24 of the CMF obliges the PSP to reimburse immediately and restore the account to its previous state.
  • Authorized Payment: Initiated by the payer and requiring their consent. If the malfeasance (falsification of documents) is prior to the payment order received by the bank, the payment must be considered validly authorized.

2. Exclusion of the unauthorized payments regime

In this case, the Court noted that it did not emerge from the case documents that the RIB had been falsified during the phase of the transaction subsequent to the payment order. Consequently, it could not be held indubitably that the PSP’s liability was engaged under an unauthorized payment.

The Court therefore concluded that the dispute must be resolved on the basis of ordinary contractual liability (Articles 1231 et seq. of the Civil Code), requiring the payer (Mr. [J]) to prove fault, damage, and a causal link against the PSP.

III. Breach of the duty of vigilance: material anomalies

Even under ordinary law, the application of the principle of non-interference (principe de non-immixtion) (the banker must not interfere in the client’s affairs) is tempered by the duty of vigilance (obligation de vigilance).

According to the Court of Appeal of Besancon, this duty manifests through the PSP’s diligence in checking whether the submitted documents contain material irregularities that could generate suspicion as to the purpose of the transaction. The core of the dispute lay in Caisse d’Epargne’s failure to carry out this formal regularity check of the RIB provided for the fourth transfer.

The Court identified and retained three material anomalies that should have alerted the PSP:

  1. Discrepancy in Form: The fourth bank identity statement was “different in form” from the three previous ones that the payer had sent.
  2. Change of Domiciliation: The domiciliation address of the receiving account indicated an address in [Localite 7], whereas previous transfers had been made to an account located in [Localite 5].
  3. Unusual BIC Code: The BIC code corresponded to that of an online bank rarely used by professionals.

According to the judges, the mere discrepancy in presentation and the lack of correspondence between the last statement and the previous ones “should have prompted the PSP to greater vigilance”. The PSP should have, “in any event, requested confirmation from the payer for the execution of the payment transaction in order to make them aware of the risk involved.”

IV. Sanction for breach of the duty of vigilance

By finding this breach of the duty of vigilance, the Court of Appeal upheld the Belfort tribunal’s judgment in all its provisions.

The PSP (Caisse d’Epargne) was held liable for the loss suffered by Mr. [J], who found himself deprived of the funds intended for the financing of his construction project.

Caisse d’Epargne was ordered to pay:

  • The costs of the appeal.
  • The sum of 2,000 euros to Mr. [K] [J] pursuant to Article 700 of the Code of Civil Procedure.

This ruling serves as a strong reminder that, even in the absence of a classification as an unauthorized payment, the PSP cannot be content with a mechanical execution of the order if it is confronted with manifest material indications of irregularity.

Frequently Asked Questions (FAQ)

What is the PSP’s duty of vigilance under ordinary law?

The duty of vigilance is a contractual obligation of the PSP that tempers the principle of non-interference of the banker in the client’s affairs. It requires the PSP to check whether the documents submitted for its review contain material irregularities that could give rise to suspicion of fraud concerning the transaction.

Why is the Court of Appeal of Besancon ruling of 16 September 2025 important?

This ruling confirms that in the event of wire transfer fraud deemed to have occurred prior to the order (and therefore classified as an authorized payment), the bank’s liability can be engaged on the basis of ordinary contractual liability. The bank is held liable if it breaches its duty of vigilance by ignoring clear material anomalies in the documents provided.

What specific anomalies did the Court of Appeal find against Caisse d’Epargne?

The Court noted that the RIB used for the fraudulent transfer presented three main anomalies: a discrepancy in form compared to previous RIBs, a change in the domiciliation address of the receiving account ([Localite 7] instead of [Localite 5]), and the use of a BIC code corresponding to an online bank rarely used by professionals.

What should a PSP do when it detects such anomalies?

According to the Court, these discrepancies should have prompted the PSP to greater vigilance and, above all, to request confirmation of the payment order from the client payer, in order to make them aware of the risk involved.

Did Article L133-21 of the CMF on the unique identifier apply in this case?

Article L133-21 of the CMF states that if the user provides an incorrect unique identifier, the PSP is not liable for the misdirected execution. However, in the Besancon case, the dispute concerned the breach of the duty of vigilance in respect of documentary anomalies (form of the RIB, addresses), and not solely the conforming execution of an incorrect unique identifier. The Court set aside the strict CMF regime for unauthorized payments, applying the ordinary law regime based on the banker’s fault.

What happens if the payer’s PSP fails to recover the funds after a misdirected transfer due to an incorrect identifier?

Even if the PSP is not liable where the unique identifier is incorrect, it must make reasonable efforts to recover the funds. If it fails, it must make available to the payer, upon request, the information it holds to support the payer’s legal action to recover the funds. Recovery costs may be charged to the user if provided for in the contract.

1521 2281 max

Need Personalized Legal Advice?

Don’t face your questions alone. A lawyer can call you back for free to review your situation.

Be Contacted by a Lawyer

Need Personalized Legal Advice?

GDPR:

Similar Articles

résolution et contrat de crédit immobilier

Termination of the Mortgage Credit Agreement: Scope of Contractual Interdependence (Civ. 1ere, 2 April 2025, 23-19.513, Unpublished)

The mortgage credit agreement is, by its very nature, linked to the transaction it finances, most often the acquisition of real property. This contractual interdependence ...

avocat expert en droit bancaire pour litiges avec les banques

Acceleration Clauses in Mortgage Loans: How to Prevent Property Seizure? Legal Analysis and Practical Consequences

Cass. 1re civ., 29 May 2024, No. 23-12904 Cass. 1re civ., 4 April 2024, No. 21-12274 Cass. 2e civ., 3 Oct. 2024, F-B, No. 21-25.823 ...

usurpation identite 2

Phone Spoofing and Client Liability: Enhanced Protection for Banking Customers

Cass. com., 23 Oct. 2024, no. 23-16.267 Introduction The security of electronic payments is a major concern for both consumers and banks. Phone spoofing, where ...