Portuguese 
English 
Spanish 
5 min of reading 
0 comments 
STJ Decision Defines Under Which Circumstances Banks May Be Held Responsible for Monitoring Failures in Accounts Used by Scammers and Sets Unprecedented Parameters for Actions Against Cyber Frauds in the Country.
The 3rd Panel of the Superior Court of Justice (STJ) ruled that financial institutions can be held liable for damages resulting from virtual scams when it is proven that they failed to monitor and did not act to prevent suspicious transactions in current accounts repeatedly used by criminals.
The understanding was unanimously established in a ruling made on October 7, and although there was no condemnation in the specific case, the decision defines under which circumstances the bank may be held accountable.
This deliberation marks an important step in defining the responsibility of institutions in digital frauds.
-
China alone accounts for 70% of trade within the BRICS, while Brazil establishes itself as an essential supplier of food and minerals: understand how the group, which already represents nearly 40% of the world’s GDP, is changing the game.
-
Starting in May, those who do not have registered biometrics will not be able to apply for Bolsa Família, sickness benefits, or unemployment insurance: understand the new rule that changes access to benefits for millions of Brazilians.
-
A new law being voted on in Brazil proposes a minimum fare of R$ 10 per trip and R$ 2.50 per kilometer for Uber and 99 drivers, and promises to ensure they earn as well as taxi drivers did during the golden age of taxis in the country.
-
Bauer Group collapses after failed judicial recovery: 25 years, 800 vehicles, and a network of gas stations leave a debt of R$ 50 million and 100 layoffs, exposing costs, tight margins, and expensive credit in Brazil.
According to the STJ, the mere fact that an account is used by scammers does not imply automatic liability for the bank.
Responsibility occurs only when it is demonstrated that the bank failed to take the necessary precautions to prevent irregularities.
Criteria Established by the STJ
According to the rapporteur, Minister Ricardo Villas Bôas Cueva, the bank’s conduct will be assessed according to how the account was opened and subsequently used.
If there is evidence that the institution allowed the registration with false or lost documents, without the true holder’s knowledge, the failure may be considered business risk, and the bank may be held liable for damages.
The minister highlighted in his vote that “even though the opening of accounts electronically, without the physical presence of their holders or representatives, is regularly accepted, it should be viewed as an operational and marketing strategy adopted at the banks’ free choice, which must bear the risks arising from it.”
The panel also defined that the lack of due diligence will be established when there is evidence that the institution, in a reasonable time, did not monitor and did not prevent suspicious transactions in a current account used for illegal purposes.
This monitoring can be evidenced, for example, through the analysis of statements and transaction histories.
Opening and Monitoring Procedures
The decision reinforces the need for strict verification in account openings, especially when done through digital channels.
The adoption of authentication mechanisms and transaction behavior analysis is considered part of the financial institutions’ duty of care.
The collegiate emphasized that the use of electronic identification tools does not exempt the bank from the responsibility of checking the authenticity of the data presented.
When there is a failure in this process, the risk of liability increases, as it deals with an essential activity for the safety of the banking system.
Situations Where There Is No Liability
The STJ also established limits.
In cases where the so-called “account rental” occurs, in which third parties lend their accounts for illegal transactions, the bank’s liability tends to be dismissed.
In these incidents, the account was opened regularly, and the misuse arises from acts of third parties, without any direct fault of the institution.
Even in these situations, the court reiterated that the bank must maintain monitoring systems for atypical transactions.
Total absence of oversight may be interpreted as omission if it is demonstrated that the account has been repeatedly used in similar scams.
The Case of the False Auction
The judged case originated from a virtual auction scam.
The victim accessed a site that simulated a legitimate auction platform and transferred R$ 32.4 thousand to the scammers’ account.
However, the bank was not condemned, as previous instances understood that there was no evidence of failure in service provision.
The plaintiff claimed that the bank did not adopt adequate monitoring and security measures, but did not present documents proving the repeated use of the account in frauds.
The plaintiff also did not request the reversal of the burden of proof, which would require the institution to demonstrate the control measures applied.
The rapporteur concluded that “since the plaintiff failed to prove the existence of a service failure, nor insisted on the request for reversal of the burden of proof, the only option left is to confirm the dismissal of the requested claim.”
Procedural Aspects and Legal Repercussions
The ruling clarifies that to establish liability, concrete evidence of omission by the bank is necessary.
In similar actions, the consumer may request the reversal of the burden of proof, especially when they do not have access to internal information regarding the functioning of the institution’s security systems.
In the absence of this measure, it is up to the plaintiff to demonstrate, through documents or reports, that the beneficiary account had already been used in other frauds.
If this pattern is identified and the bank has not taken action, liability may be recognized.
The definition of the criteria by the STJ is considered a technical parameter for future cases, as it objectively delineates the situations in which the bank must respond and those in which liability cannot be presumed.
This understanding may also serve as a basis for cases involving digital accounts and financial intermediaries, increasingly used in electronic transactions.
Repercussions in the Financial Sector
The precedent reinforces the importance of continuous monitoring of suspicious transactions and updating security protocols in the banking system.
Institutions must maintain mechanisms to identify movements incompatible with clients’ profiles and take immediate blocking or reporting measures to the authorities.
The decision occurs in a context where draft laws in the National Congress discuss measures to tighten control over accounts used by scammers and improve the tracking of amounts obtained through frauds.
By delimiting responsibilities, the STJ seeks to standardize the application of law and reduce legal uncertainty in actions involving online scams.
The understanding could guide future judgments regarding fraud in virtual auctions, electronic transfers, and social engineering schemes.
In light of this decision, what measures should financial institutions prioritize to avoid liability in similar cases?
-
Uma pessoa reagiu a isso.