Upsher-Smith Laboratories got tricked and lost about $37 million in an internet scam. Some foreign evil-doer(s) posed as the company’s CEO and sent orders to a now former Upsher-Smith employee to wire money for bogus foreign exchange trades.
Upsher-Smith’s bank, Fifth Third, received the wiring instructions and acted upon them.
This kind of scam is more common than most people believe and a typical reaction among victims is to try to place blame or responsibility on one’s bank.
It comes down to who is “the least cost avoider“? Or, to put that into clearer English, who is in the best position to minimize the identified risk (here, financial fraud) at the lowest cost?
In most but not all cases, the answer is the financial fraud victim rather than the bank. When a client gives a bank wiring instructions and tells the bank to wire the money for a specified account (which banks do many times every day, of course), do we really want banks to have to vet the legitimacy of the underlying transaction? Isn’t the bank customer, whose money it is, in a better position to implement internal policies and procedures to prevent these scams (requiring verbal confirmation, requiring double-signatures, requiring supervisory approval for transactions over a certain $$ threshold)?