Real estate firms may be on the hook for wire fraud losses: CertifID


With the number of instances of wire fraud continuing to rise, many victims are turning to court to seek damages after a large portion of their life savings or business liquidity was stolen by scammers.

According to a report published Thursday by wire fraud prevention firm CertifID, real estate agents, brokers and title companies are increasingly being held accountable if a consumer loses money.

In an analysis of more than 100 real estate wire fraud cases, CertifID found that the most common wire fraud-related legal liability issues for real estate firms are negligence, breach of contract, deceptive business practices and breach of fiduciary duty.

“Even though it’s criminals who are orchestrating the business email compromise scams, recent court decisions suggest that the professionals involved in a real estate transaction are required to do more to protect consumers from wire fraud scams or face a potential court judgment for damages,” the report stated.

“Over the last four years, fraudsters have become even more brazen in their attacks, prompting the courts to piece together more definitive standards of liability by looking outside of real estate fraud cases to draw upon well-established theories of duty and liability.”

Through its analysis, CertifID found that based on the court cases analyzed, there is “no practical way to hold a bank responsible for wire fraud losses if the account holder or authorized representative initiated the transfer.”

Additionally, unless there is “specific insurance coverage for stolen funds and all requirements to coverage in an insuring contract are satisfied, a claim for damages will be denied.”

CertifID said this is due to the court’s deference to Uniform Commercial Code Article 4A, which governs the rights and responsibilities of parties involved in electronic funds transfers. Despite governing this issue, the code does not include a mandate for account matching. It also does not establish the duty of a bank to vet new account openings, nor is there a requirement for financial institutions to identify, monitor or report suspicious account activity.

But CertifID notes that a bank could possibly be held liable “if the person requesting the transfer is a bad actor and the movement of money can be traced back to flawed verification measures or a security failure that allowed hackers into the bank’s system —though we have not seen any such cases come to light.

“A bank may also be held liable if they have actual ’knowledge’ of a mismatch between the beneficiary’s name and account number and still process the transaction,“ the report added.

With it being difficult to hold banks accountable, CertifID found that recent court cases show that the real estate firms involved in transactions were often held responsible instead.

“If you’re entrusted with sharing wire instructions and collecting funds for a real estate closing, recent court cases suggest that you could be on the hook for some (or all) of the loss if funds are diverted into a fraudulent account — even if you were not responsible for the transfer of funds,” the report stated.

In one of the cases cited by CertifID (Otto v. Catrow Law LLC), the plaintiff, who was a victim of wire fraud, “relied on the expert opinion of a lawyer whose disclaimer precluded him from assessing the standard of care in West Virginia.

“The circuit court also found that alleged insurance bulletins warning against fake wiring instructions were ineffective at proving a breach of duty,” the report stated.

While eliminating the risk of potential wire fraud or a lawsuit that may arise from an attack is challenging, CertifID recommends that firms focus on educating consumers and their transaction partners on the risks of wire fraud, as well as steps to take to protect themselves and their clients.

“One of the easiest ways to protect your business from liability is to thoroughly train employees to check spelling and email addresses — and to verify instructions through another method rather than by email alone,” the report stated. ”Practicing ‘good digital hygiene’ means limiting the amount of personal information that is publicly available, like email addresses, phone numbers, and account information, and therefore limiting the amount of data that can be hijacked by fraudsters.

“As a custodian of funds, you are in a position of trust and knowledge. You hold a legal responsibility to not only train employees to spot red flags and follow proper protocols, but to counsel consumers on the risks they may face in light of the increase in scams as well.”

Additionally, CertifID recommends establishing companywide standard operating procedures, an incident response plan that is tested and first-party insurance policies to protect a firm from a loss.

Sandstone Group