How do you recover from fraud losses?

As a lawyer for a company that is a victim of fraud, you have a special role. You need knowledge of criminal law. At the same time, you need experience in civil procedural law, especially in the area of attachment and enforcement law.

Ruben Partner at BASE
Last update 24-01-24

Fraud is an everyday occurrence. You only have to read a newspaper to see that yet another company has faced fraud. I too regularly come across companies that are victims of fraud. In practice, these companies were often overtaken by events (and have therefore lost money). This is because fraud always takes place covertly and is difficult to detect and tackle.

Criminal law or civil law?

As fraud is generally not detected immediately and thus usually takes place over a longer period of time, the amounts of money involved are often considerable. And the question is always in what way the damages suffered can be recovered from whom. Can the damages be recovered only from the perpetrator? Or can other parties, such as the accountant, the company's bank or the fraudulent employee's bank, for example, also be held liable successfully? Should these parties not have discovered the fraud (earlier than they did) and warned the company? In addition, the question arises before which court the victim should file a claim for compensation. Does only civil law offer a solution or does criminal law too?

A company that is a victim of fraud can go to both criminal and civil courts to recover damages. In addition, parties other than the perpetrator(s) may also be liable. I will discuss this in a bit more detail later, focusing mainly on fraud committed within an organisation. I will also briefly discuss the concept of fraud. Also, I will touch on some differences between criminal and civil law remedies. First, I will outline my role as a lawyer in such matters.

Parallel interests

As a lawyer for a company that is a victim of fraud, you have a special role. On the one hand, you need to have some knowledge of criminal law, but on the other hand, you need to be schooled in civil procedural law and, more specifically, attachment and enforcement law. As a lawyer, I was, as they say, broadly trained. I have handled many criminal cases, but also many civil disputes. These often involved the collection of claims, in which I often placed attachments prior to initiating proceedings. That knowledge and experience comes in handy when handling fraud cases. In fraud cases, you stand alongside the public prosecutor and police as the victim's lawyer. The interests are not equal, but run parallel. The prosecutor wants to see the accused convicted and the lawyer does everything possible to limit the damages for the victim.

Valuable information

This means engaging with the officer and/or police at an early stage could be smart. Information available to the officer or police is often very valuable. Think about money flows or information about co-defendants. The sooner it is clear where possible collateral assets are located, the quicker an attachment can be made and thus the more successful you as a lawyer can be for your client (the victim). Even at a more advanced stage, cooperating with the prosecutor is in the victim's interest. For evidence, the victim may depend on the police file, such as interview reports or phone taps. That information often allows the victim and his lawyer to determine which party can be held liable by the victim.

I feel like a fish in water when handling fraud cases due to the combination of expertise and diversity. I know the legal options and pitfalls. And I know how to limit damages.

Often, as a lawyer in fraud cases, you monitor several different processes at the same time. At the beginning of the case, when you are gathering information, and later on when you decide, in consultation with your client, who will be held liable for damages. It is the combination of expertise and diversity that makes me feel like a fish in water when handling fraud cases. I am familiar with the various legal options, I know the pitfalls and I know the ways to limit the damages for the victim.

Fraud is an umbrella term

The term fraud is not defined in the Civil Code. Often, the term fraud is used as a collective term for various ways in which fraudulent abuse of circumstances is made with the aim of gaining (financial) benefit. Common forms of fraud within companies are: forgery, embezzlement, swindling, (fraudulent) bank misappropriation, fencing and money laundering.

In criminal law

These forms of fraud are all conduct listed in the criminal code. Those criminal offences can be reported to the police and/or judiciary, which can lead to prosecution of the accused. If those offences are eventually deemed proven by the criminal court, a punishment can be imposed on the accused. After all, the purpose of criminal law is to punish an offender. But that does not yet see the victim compensated for the damages suffered.

Nevertheless, criminal law also allows a party to recover damages suffered. An party that incurred damages can intervene - as it is called - in the criminal proceedings and thus file a claim for compensation. The criminal court may impose the obligation to pay compensation to the victim on the person convicted of a criminal offence.

This legal route was created with the intention that the victim could get his claim for compensation awarded in a simple and inexpensive way. Practice shows, however, that this criminal route does not always offer a solution. If, in the opinion of the criminal court, dealing with a claim for compensation would "disproportionately burden the criminal proceedings", it can determine that the claim is inadmissible in whole or in part. Especially in larger and more complex fraud cases - in which the extent of damages is often not easy to determine - it should be taken into account that recovering damages via the criminal route will not lead to the desired result for the victim. Occasionally, joinder does lead to success. In a fraud case in which I represented the victim, the court ordered the perpetrators to pay compensation for damages. In two cases, this involved an order to pay substantial sums of compensation (see ECLI:NL:RBOBR:2023:3282 and ECLI:NL:RBOBR:2023:3283).

In civil law

To recover damages, civil proceedings seem to be the preferred route in many cases. The civil law equivalent of the concept of fraud is tort. If an offender has been convicted criminally for committing embezzlement, for example, this means in civil law terms that the offender has acted unlawfully towards the victim and is therefore liable.

Unfortunately, the perpetrators often provide no recourse. The embezzled money is usually either squandered or transferred to a third party that instructed the perpetrator(s) to commit the fraud in the first place. Often, such a third party lives abroad or maintains bank accounts there to frustrate recourse. Especially in such a case, it should be considered to hold the accountant and/or the victim's bank liable for damages.

Accountant's duty of care

The most important aspect of the accountant's civil liability is his duty of care. This means that the auditor must act as a competent external auditor reasonably would. This duty of care is elaborated on in laws and regulations, literature and case law.

The essentials of the statutory company audit are: the financial statements must comply with the requirements in the law, the management report must be compatible with the financial statements and must not contain any significant inaccuracies, the required other information must be included and the financial statements must provide the insight required by law.

When fraud has occurred over an extended period of time and if it has been processed in the company's accounts, it is relevant to examine whether the auditor complied with the applicable regulations in the work performed. If the auditor did not notice the fraud processed in the accounts, then it may be the case that the audit was conducted with insufficient depth, for example, because the auditor ignored fraud signals. This may then mean that the accountant breached his duty of care and is liable for damages suffered by the victim.

There are several routes to establishing accountant liability. However, a claim for damages can only be brought before the civil courts.

The banking duty of care

The bank also has a duty of care. This duty of care arises not only from the General Banking Conditions, but also from the law (the principle of reasonableness and fairness and good commissionership). The banking duty of care qualifies as an "overriding principle", meaning that nothing can impair this (contractual) obligation. Article 2 of BNG's General Banking Conditions also clearly articulates the "overriding" nature of the banking duty of care:

"(...) This important rule always applies. Other rules in the GBC [General Banking Conditions] or in the agreements applicable to products or services and the special conditions attached thereto cannot change this (...)"

The bank's duty of care is partly inspired by its social function. Linked to this is the fact that banks play a central role in payment, securities and related services, are experts in these areas and have information that others lack.

The special duty of care encompasses a range of more specific obligations to display a certain type of behaviour in certain cases or under certain circumstances, such as investigating something, informing or warning someone, or even refusing to execute an order. In certain cases, banks - given their role in society, their expertise in the financial field and their statutory duty to combat financial and economic crime - can be expected to exercise a special degree of caution.

The banking duty of care in any case means that when a bank is aware of or has serious indications of irregularities in - for instance - a payment account, the bank can be expected to investigate and take adequate measures. It must be assumed that the bank, given its specific position and expertise, is also aware in such a case of the danger associated with the irregularities for e.g. the account holder or third parties.

Also relevant is that the scope of the bank's duty of care also depends on the applicable public law rules. Pursuant to these, the bank is obliged, among other things, to have procedures and measures in place to detect, for example, anomalous transaction patterns and systems and procedures so that unusual procedures can be noticed.

What can be expected from banks in this regard was clearly formulated by De Nederlandse Bank in its guidance on "Post-event transaction monitoring process at banks" dated 30 August 2017. There, De Nederlandse Bank states, among other things, that a bank should have a transaction monitoring system and that with the help of this system and use of specific and intelligently designed software, the bank should analyse transaction data in order to detect unusual transactions.

Actual knowledge

In any case, the bank of the aggrieved party is liable for the damages of its customer (the aggrieved party) when there is actual knowledge (when the bank knows that irregularities occur on its customer's account), but fails to intervene. When there is no actual knowledge, the bank usually is not liable. However, the bank cannot always hide behind the argument that it has no actual knowledge. A bank can only do so if it has set up a transaction monitoring system that complies with applicable regulations and this system has nevertheless failed to detect any unusual transactions. However, the bank will have to explain why the system did not give an 'alert'. In other words, the bank has - as I like to call it - a preventive duty of care.

Fraudster's bank

Although the aggrieved party has no contactual relationship with the fraudster's bank, it can also sue that bank. Since 1998, it has been established in case law of the Supreme Court that "the social function of banks also entails a special duty of care towards third parties, whose interests they have to take into account on the basis of what is decent in social intercourse according to unwritten law". The scope of this duty of care depends on the circumstances of the case. The Supreme Court added in 2015 that banks play a central role in payment and securities transactions and the provision of services in this regard, are eminently expert in these areas and have information in this regard that others lack. That role justifies that their duty of care includes protection against levity and lack of skill, and that role justifies that their duty of care is not limited to care towards persons who are in a contractual relationship with the bank as customers.

In a case I am dealing with, the Amsterdam court recently ruled that banks that failed to take sufficient (precautionary) measures to prevent or limit fraud damages from third parties risked liability towards those third parties (see ECLI:NL:RBAMS:2023:2986). The court followed the aggrieved party's view that the bank had breached its preventive duty of care. Thus, the court ruled that banks also have an obligation towards third parties to manage integrity risks. This includes managing risks of fraud committed through a bank account. Therefore, the bank must carry out customer due diligence and transaction monitoring. Banks have a special and unique position in this context because of the volume of payment traffic that takes place through bank accounts held with them. Banks also have a special position because of the expertise and capacity they (must) have to detect unusual transactions. The court ruled that the bank's special duty of care towards the aggrieved party also extends to the prevention of damages as suffered by the aggrieved party.

In the case cited above, the court blamed the bank for failing to adequately comply with transaction monitoring with the result that fraud could be committed through an account held with the bank over an extended period of time. Therefore, the court ruled that the bank was liable for the damages suffered by the aggrieved party (i.e. a third party).


The starting point is that it is the company's own responsibility to prevent fraud from being committed. This means, for example, that the company must have its administrative organisation and internal control processes in order. To the extent that those processes were not in order, the company will have to bear a larger share of the losses itself. If a company does fall victim to fraud, adequate operations are of paramount importance. As soon as possible, it should be identified who can be held liable for the damages, where the collateral assets are located and whether they can be seized. Once the assets have been secured, the victim and his lawyer can consider which party to take legal action against in what way. Some experience in handling fraud cases is indispensable there.