Victims of cyber fraud have been using vesting orders – a means of direct recovery for victims of fraud – to recover stolen funds from fraudsters and subsequent recipients. Often applied concurrently with a default judgment, vesting order is thought to be a convenient alternative to garnishee proceedings.
In the past year, the Courts’ jurisdiction to grant vesting orders in cyber fraud cases has been reassessed. There are now conflicting first-instance judgments on this issue coming out of the High Court and the District Court, resulting from divergent interpretations of the Trustee Ordinance (Cap. 29) – with some High Court rulings dismissing the application of vesting orders in a cyber fraud context. But the debate remains dynamic at both levels of the Courts.
Decisions have diverged, and so the legal debate surrounding vesting orders is far from settled. As the Court remarked in a recent judgment, the significant degree of uncertainty presented by the existing first instance cases would very much benefit from appellate guidance.
Before the legal uncertainties are resolved by a higher court, victims should reassess their options when pursuing a recovery in cyber fraud cases. As things stand, garnishee proceedings are likely to provide more certainty to victims enforcing judgments against the fraudsters.
Fraudsters rely and operate on the law of large numbers, which makes it likely that fraudulent proceeds of different victims may end up in the same bank account. To prevail against potential competing victims in the race to the money and maximise recovery, efficient enforcement is key. It is therefore vital for victims to choose the right route of enforcement to avoid delays in the process (such as having a vesting order application dismissed).
In more detail
In a typical cyber fraud case, the victim will commence civil action against the fraudsters and/or the subsequent recipients of funds. The defendants often may not defend the action and the victim may apply for a default judgment from the Court.
Once judgment is obtained, the victim may apply for a garnishee order against the bank which holds the proceeds of the fraud, in order to attach the judgment debt to this sum which is due to the judgment debtor from the bank. The order compels the bank to pay the attached sum in the fraudster’s bank account back to the victim.
In the past, Courts in Hong Kong have also routinely granted vesting orders in favour of victims of cyber fraud. The effect of a vesting order is that it grants the victim the right to call upon the bank to directly transfer the fraudulent proceeds from the bank account of the fraudster (or subsequent recipient) back to the victim.
The legal basis for these vesting orders has been said to be section 52(1)(e) of the Trustee Ordinance (Cap. 29), which provides that where a thing in action (such as debts owing by a bank to an accountholder) is “vested in a trustee whether by way of mortgage or otherwise” and it appears to the Court to be expedient, the Court may make an order vesting the right to recover the thing in action in a person appointed by the Court.
The applicability of vesting orders has recently been reassessed by the Courts in Hong Kong. In one line of cases, the Court held that section 52(1)(e) is not applicable to cyber fraud cases and refused to grant vesting order. The Court reasoned that it was not apt to say that a thing in action (being the right to call for repayment from the bank) was vested in the defendants by virtue of default judgments declaring that the sums were held on constructive trust by the defendants for the plaintiff, where the defendants were the absolute owners of the right to call for repayment prior to the declaration. The Court also observed that constructive trustees in the cyber fraud context are in any event not “true” trustees, as they never assumed and never intended to assume the status of a trustee, but have exposed themselves to equitable remedies by virtue of their participation in the fraud.
In a contradictory line of cases, the Court found that vesting orders can be made, on the basis that the phrases “trustee” and “or otherwise” in section 52(1)(e) are wide enough to cover constructive trusts arising in respect of proceeds of fraud. The Court also observed that in a cyber fraud context, the constructive trust comes into existence the moment the fraudster receives the victim’s money (and thereby vests legal title in the fraudster); and that the Court’s subsequent declaration in this respect merely affirms the legal position.
Implications on victims of cyber frauds
Until this legal uncertainty is settled, it may be prudent for victims to make use of the tried-and-tested garnishee order instead to have the bank release the attached sum in the fraudster’s account to satisfy the victim’s judgment debt. Efficient enforcement is key to maximising recovery. Any delay in the process may increase the victim’s risk of being met with potential competing claims, so choosing the right avenue of enforcement is vital.