Hungarian ruling could make credit institutions increasingly liable for AML breaches

A recent landmark judgment by the Metropolitan Court of Appeal may represent a pivotal shift in the tort liability of credit institutions stemming from violations of anti-money laundering (AML) regulations. According to the court, if a financial institution fails to suspend a suspicious transaction in violation of AML rules and executes a transaction involving funds originating from a criminal act, the financial institution may bear tort liability vis-à-vis the original victim of the fraud.

The following article provides a detailed overview of this appellate court decision, and the implications for AML and KYC-based litigations against financial institutions.

Context of the dispute

The legal dispute arose when the claimant, a foreign company, transferred a significant amount of funds into a Hungarian bank account held by a Hungarian financial institution. The transfer was made based on a fictitious email purportedly sent by the claimant's contractual partner. The email, however, was not sent by the claimant’s actual business partner, but was a fraudulent message designed to mislead and defraud the claimant by impersonating its legitimate contractual partner.

Following the transfer, most of the funds were transferred to other accounts or withdrawn in cash, rendering efforts to recover the funds unsuccessful.

The claimant initiated legal proceedings against the Hungarian bank, arguing that the bank breached its obligations under Hungary’s AML regulations (Section 11. (3) and Section 34. (1) of the Act LIII of 2017 on the Prevention and Combating of Money Laundering and Terrorist Financing. Specifically, the claimant alleged that the defendant bank failed to detect the unusual and suspicious nature of the financial transactions and did not suspend the payments. According to the claimant, compliance with the suspension obligation would have prevented the financial loss.

Grounds for the bank's tort liability

In its final judgment, the appellate court determined that the defendant bank, based on its internal policies and the relevant provisions of the AML regulations, should have identified the unusual and suspicious nature of the transactions linked to the affected account, and should have suspended the transactions rather than executing them. The judgment highlighted the following points:

• The court explicitly referred to Sections 11. (3) and 34. (1) of the Hungarian AML Act, which require financial service providers to continuously monitor their business relationships with clients, including account transactions. These provisions mandate that in the event of detecting a suspicious transaction subject to reporting – and prior to its execution – the financial service provider must take necessary measures (i.e. transaction suspension and immediate reporting to the Financial Intelligence Unit).
• The court also referred to the internal policies of the defendant bank, which were designed to identify and report suspicious transactions. The defendant bank’s internal policies explicitly include the requirements for detecting, analysing, and suspending unusual transactions and transactions conducted without a legitimate economic purpose. The court specifically pointed out that the bank, based on its own internal procedures, should have flagged and intervened in transactions involving the affected account, given their highly unusual nature.
• The transactions were deemed unusual and suspicious by the court due to the following factors:
  • The account had shown no prior activity, effectively qualifying it as a "dormant account".
  • The funds transferred into the account were immediately transferred to other accounts or were withdrawn in cash.
  • The beneficiary’s VAT number was already revoked by the tax authority at the time of the transaction, preventing it from conducting lawful economic activities.

Based on the above, the court concluded that the defendant bank should have immediately suspended the execution of the transactions and submitted a report to the Financial Intelligence Unit, which could have likely prevented the financial loss incurred by the claimant.

The judgment underscores that the relevant provisions of the applicable regulatory decree, which require only retrospective examination of suspicious transactions, do not override the obligation under the AML Act to suspend a transaction immediately upon becoming aware of reportable facts. Such transactions cannot be executed but must be suspended concurrently with the submission of the report. The court stated that "any interpretation to the contrary would nullify the purpose of the suspension mechanism and undermine its safeguard function."

Reasons for the application of loss allocation

The court also pointed out that the claimant also contributed to the occurrence of its own loss and acted negligently by failing to verify the authenticity of the new payment instruction—seemingly sent by its business partner and containing a new account number—using the means reasonably available to it. The court stressed that a professional business entity – such as the claimant – would have been reasonably expected to confirm changes directly with its business partner's representatives before transferring such a significant sum. This failure to take reasonable precautions was deemed a contributing factor to the loss.

As a result, the court allocated liability equally between the parties, requiring both the bank and the claimant to bear 50% of the financial loss.

The court judgment is considered a milestone since it appears to pave the way for the tort liability of financial institutions in cases where unusual financial transactions are not identified in real time and no action is taken to suspend transactions (e.g. transferring funds) that are likely part of a criminal activity. The decision is particularly significant given the substantial increase in cyberfraud-related incidents in recent years. In this context, the number of lawsuits initiated by victims against banks is expected to increase significantly, and AML and KYC regulations are likely to become central to litigation strategies on both sides.

The court, however, appeared to overlook the following important issues:

• The definitions of "unusual transactions" and "reportable transactions" do not necessarily overlap;
• The real-time monitoring and screening of transactions is neither mandated by past nor current sectoral regulations (which will change slightly with the regulatory decree amendment coming into effect on 1 March 2025), and its technical implementation is therefore not evident;
• Excessive caution could lead to an increase in "false positive" cases, potentially hindering the efficient functioning of the economic and business environment that relies on rapid financial transactions;
• Whether there is a causal link between the bank’s alleged omission and the victim's financial loss originally resulting from the fraudster's deception, which occurred prior to the failure to suspend the transaction.

The above open questions are likely to be addressed by the Hungarian Supreme Court at a later stage.

The article was co-authored by Martin Kócsó.

For more information on this ruling and anti-money laundering regulations in Hungary, contact your CMS client partner or these CMS experts: