In a decision reported by Minister Nancy Andrighi and published on August 27, 2024, the ministers of the 3^rd Chamber of the Superior Court of Justice (‘STJ’) decided by the majority of votes to dismiss the special appeal that attempted to hold a digital bank liable for hosting a scammer’s account. Ministers Ricardo Villas Bôas Cueva and Marco Aurélio Bellizze voted with the rapporteur, overruling Ministers Moura Ribeiro and Humberto Martins.

The purpose of the appeal was to decide whether there was a defect in the service provided by the digital bank where payment was made by a victim of a scam, given the ease with which fraudsters could create an account electronically. A peculiarity of the case is the fact that the appellant was not an account holder of the respondent bank and, therefore, the understanding that the bank should have created mechanisms to prevent banking transactions with signs of illegality and that differ from the profile of its account holders does not apply in this case.

Referencing Central Bank Resolution 4.753/19, the rapporteur indicated that “financial institutions are responsible for verifying and validating the identity and qualifications of account holders, as well as the authenticity of the information provided by the client (…), in addition to adapting their procedures to the provisions relating to the prevention of money laundering and terrorist financing”, but pondered that the resolution “establishes the requirements to be observed by financial institutions when opening, maintaining and closing deposit accounts in the digital environment”, but does not specify what information, procedures and documents are required to open an account, leaving it up to the financial institution to make a judgement on what is necessary to identify and qualify the account holder.

For the rapporteur, “if the financial institution does not demonstrate that it complied with the diligence expected of it, in contravention of the regulations of the competent bodies, a failure in the duty of security is established, but since it has proven that it complied with its duty to verify and validate the identity and qualification of the account holders, as well as the authenticity of the information provided by the client, preventing money laundering, there is no defect in the provision of the banking service that would attract its objective liability”.

The case is relevant because Precedent 479 of the STJ states that financial institutions “are objectively liable for damages generated by fortuitous events relating to fraud and offences committed by third parties in the context of banking operations”.  However, the rapporteur pointed out that the financial institution’s liability can be excluded if it is proven that there was no defect in the provision of the banking service or in the event of the exclusive fault of the consumer or third parties.

The STJ’s decision sets an important precedent on the responsibility of digital banks in fraud prevention, reinforcing the need for rigorous due diligence in verifying clients. The ruling signals that, if they adequately fulfil their regulatory obligations, financial institutions can be exempt from liability in cases of accounts used by fraudsters, which could have a significant impact on future legal disputes involving bank fraud.