As we observed in our Offshore Litigation Blog post on the Logix Aero decision, a breach that merely provides the setting for a third-party fraud will not ground a claim in damages.

Online fraud is not going away. For any defrauded party considering seeking damages from a contractual counterparty, the key lessons from Logix Aero  are clear: secure the right protections before signing and ensure internal protocols and conduct match those commitments.

As Phillips LJ confirmed in Logix Aero, a confidentiality clause protecting commercial information from competitors will not support a damages claim where loss is caused by payment fraud. The clause must target the risk.

To obtain protection against payment fraud, parties may wish to consider the following contractual protections:

1. Payment verification protocols: A clause requiring each party to verify bank account details and payment timing through a separate, pre-agreed channel (eg telephone confirmation to a known number) before making any payment. The clause should also stipulate that no change to bank details will be effective unless confirmed in writing by an authorised signatory and verified by call. These simple mechanisms would have prevented Logix Aero’s loss entirely.
2. Indemnity for fraud losses: A mutual indemnity providing that, if one party’s failure to comply with agreed security protocols results in the other suffering loss through third-party fraud, the non-compliant party will indemnify. A well-drafted indemnity sidesteps causation difficulties by creating a primary payment obligation.
3. Liability cap carve-out: Where a contract contains a limitation of liability, ensure losses arising from failure to comply with anti-fraud obligations are carved out from any cap if you want all losses to be recoverable.
4. IT security obligations: An express obligation to maintain reasonable IT security measures (such as multi-factor authentication and encrypted communications) to prevent unauthorised interception.
5. Notification obligations: A requirement to notify the other party immediately upon becoming aware of suspicious communications or a potential security breach, and to cooperate in any investigation or recovery efforts.

Securing robust contractual protections is only half the battle. Logix Aero  makes it clear that a company whose team fails to follow reasonable anti-fraud protocols may find any claim against a counterparty undermined. Logix Aero’s automated email system flagged the unfamiliar sender address with a warning, but the subtle change went unnoticed, and Logix Aero paid without independently verifying the bank details. Phillips LJ observed that, had the matter proceeded to trial, Siam Aero might have raised a defence of circuity of action, given that Logix Aero was itself in breach of the confidentiality clause (committing the first breach). As Heather Williams J observed at first instance, “both parties unwittingly enabled the fraud to take place”.

Companies must ensure their internal procedures at least match their contractual commitments, and should do their utmost to ensure their staff are aware of, and know how to protect against, the latest operational risks:

1. Act on system warnings: If your email platform flags an unfamiliar sender or domain change, investigate before proceeding.
2. Verify bank details independently: Particularly if a contractual requirement, confirm account details through a separate channel before making any significant payment.
3. Train staff regularly: Ensure employees understand email interception risks, mitigation strategies and any specific contractual requirements.
4. Document compliance: Keep records showing verification protocols have been followed. Contemporaneous evidence can strengthen a claim or defend against one.
5. Review protocols regularly: Fraud techniques evolve rapidly. Periodically audit internal procedures to ensure they remain fit for purpose.

Logix Aero  is a cautionary tale: standard boilerplate clauses will not protect you against sophisticated fraud, and failing to follow your own verification procedures may leave you without remedy. Bespoke contractual protections and rigorous internal compliance are essential.

For parties using offshore vehicles or offshore-law governed contracts, our experienced teams can assist with contract negotiation, internal controls and, if the worst happens, loss recovery.

Note: Harneys does not practise the laws of England and Wales. English decisions, particularly those relating to contractual interpretation, are – absent contrary legislative provision – highly persuasive in the common law courts of key International Financial Centres, and are therefore relevant when considering the interpretation and enforceability of contractual provisions governed by common law jurisdictions, including the BVI, the Cayman Islands and Bermuda.