In an era of rapid digital transactions, banks increasingly rely on automated systems to process payments. But what duty of care do they owe to non-customers when fraud occurs? The Mauritian Supreme Court’s recent ruling in EOS Mascarenes Ltd v MCB provides critical insights for legal practitioners navigating negligence claims in banking.

Case Snapshot

The Fraud: A rogue employee at the plaintiff’s parent company falsified beneficiary details, diverting MUR 1.9 million to a fraudulent account.

The Bank’s Role: MCB processed the payments via its Straight-Through-Processing (STP) system, which verified account numbers but not beneficiary names.

The Claim: The plaintiff (a non-customer of MCB) sued for negligence, arguing the bank failed to cross-check names and account numbers.

Outcome: The court dismissed the claim, holding that MCB owed no duty of care to non-customers absent an “anomalie apparente” (apparent anomaly).

Duty of Care in Banking

The duty of care in banking is traditionally understood as the obligation of banks to act with reasonable skills and diligence in handling their customers' accounts and transactions. This duty is often framed within two primary legal relationships:

• The contractual duty between the bank and its customer.
• The tortious duty of care, which may extend to third parties under certain circumstances.

Legal Analysis

The court reaffirmed that a bank’s duty of care is primarily contractual and limited to its customers (Juggoo S v MCB [2017 SCJ 48]). For third parties like EOS Mascarenes, liability in tort requires proof of a “special relationship” or the bank’s actual knowledge of fraud (Royal Bank of Scotland v JP SPC 4 [2022] UKPC 18). The judgment emphasized that the Quincecare duty—a bank’s obligation to safeguard customers from fraudulent instructions—does not extend to non-customers, even if they are beneficial owners of funds.

Key to this reasoning was the absence of an “anomalie apparente” that should have alerted MCB to the fraud. Unlike Hervey v MCB [1893 MR 19], where unusual transaction details (e.g., atypical beneficiaries) triggered liability, the court found no such “anomalie” in the payment instructions here. The automated STP system, which processes thousands of daily transactions, was deemed a reasonable trade-off between speed and risk mitigation.

Critically, the court rejected arguments that MCB should have implemented stricter controls under Section 54 of Mauritius’ Banking Act. The court drew parallels between Mauritius’ STP system and the UK’s CHAPS (Tidal Energy Ltd v Bank of Scotland [2014] EWCA Civ 1107), which prioritizes account numbers to ensure rapid processing. Citing evidence from the Bank of Mauritius, the judgment noted that name verification would be economically unfeasible given transaction volumes. This aligns with global trends favoring efficiency in high-value payment systems, even where such systems carry inherent fraud risks. 

Extent of the Bank’s responsibility to conduct Due Diligence

The judgment reinforces that banks are not obligated to investigate every transaction beyond the standard industry practice unless there are clear signs of fraud. The decision reflects a balance between the need for due diligence and the operational efficiency of financial institutions. While some past cases, such as Ramphul v Mauritius Co-Operative Central Bank Ltd [1985 MR 185], imposed liability on banks for failing to prevent fraudulent transactions, these cases involved direct relationships between the bank and its customer.

Conclusion

This judgment provides a clear affirmation of the limited scope of a bank’s duty of care to non-customers.  It illustrates the judiciary’s reluctance to expand banks’ duties to non-customers in the absence of glaring anomalies. While the decision safeguards banks from impractical verification burdens, it leaves third parties exposed to risks inherent in automated systems. For corporate groups, the judgment underscores the need for robust internal controls to mitigate fraud, as legal recourse against banks remains limited.

This case serves as a valuable precedent in defining the boundaries of banking liability and this decision aligns with international banking practices, emphasizing that liability does not arise merely because a payment was misdirected unless there was an obvious anomaly or fraudulent intent known to the bank.