For the Tech Nerds
The story from this angle is how we used innovative service methods to reduce the paperwork burden and speed up the asset tracing.
Mountains of documents
There are at least three aspects inherent to a sophisticated international payments fraud that make managing the document side the bane of a solicitor’s life:
1. Stolen money tends to “fan out” to increasing numbers of destination accounts until the money is laundered. The means a lot of accounts, a lot of banks, and a lot of parties to the litigation.
By the beginning of trial, we had 29 Defendants (having settled against two) and 51 NCADs.
2. It’s easier for fraudsters to send money overseas than it is for the victim of fraud to keep up with it. The more the money fans out, the more jurisdictions tend to be involved.
By trial, the money had been traced to 25 different jurisdictions and the parties to the litigation hailed from 14 jurisdictions.
3. Similarly, the pace of both the payments as they fan out and also the victim’s investigations tends to be much quicker than the ability to communicate with parties by traditional means.
Frequently, we would find that by the time we had served a party with a letter by post or by courier, events had overtaken our letters, sometimes significantly.
We started off with just 11 parties on the other side of the proceedings – Persons Unknown, and the NCAD banks.
Serving Overseas Banks
But although we only had 11 parties, we had to make sure our WFO was effective. We didn’t expect our fraudsters to heed the WFO out of their own good nature, so the priority was to get our ex parte WFO and DOs served on our NCADs ASAP (we had a lot of acronyms, too). Each of the initial 10 NCADs was located outside the jurisdiction, with a near even split between EU and non-EU. Most of these banks did not have an English-speaking ‘shop window’ and many of them did not exactly advertise how to report a fraud. To maximise the chances of someone seeing and acting on our WFOs, we also served on any English branches of the same bank (and although the response was universally that the account in question wasn’t located at the English branch (true) and couldn’t be frozen that way (debatable), it did at least get attention within the NCADs).
Serving Persons Unknown
There was another problem posed by suing Persons Unknown. How do you serve a fraudster whose identity you don’t know? On the ‘sending side’, we only had two fake email addresses set up by the hacker to perpetrate the initial fraud – but both of these had been taken down by the time we tried to use them for service. The only other way we could do it – at least, until we learned more information about the fraudsters – was to serve Persons Unknown on the ‘receiving side’ at their account banks. While it might seem like an artificiality (particularly if there are AML ‘tipping off’ offences in those jurisdictions), we wanted an enforceable judgment, and we needed to be able to show the Court that we had served the Defendants.
Alternative Service vs. The Service Regulation
Although we had the right to sue and serve the EU-based NCADs out of the jurisdiction without the permission of the Court under CPR 6.33 and Article 7(2) of Brussels Recast,1 and CPR rr. 6.40 and 6.41 and the Service Regulation,2 the means by which you can do so are not all that compatible with an urgent cross-border asset-tracing exercise: documents must be translated (and occasionally apostilled), and the Foreign Process Section at the RCJ must be involved.
We therefore obtained orders for alternative service under CPR 6.15 which allowed us to serve the NCADs by email where we had been able to find a suitable email address, and failing that, by international courier to both the branch and head office. This allowed us to start firing off Court orders around the globe without having to wait for translations. As far as the English Court was concerned, those banks had been served. Inbox size limits, however, meant that this was hardly a panacea.
Although this simplified things in one respect, it complicated in another. Our experience was that no amount of explaining alternative service would persuade the sophisticated recipient of an emailed WFO or DO that we had actually given good service. We therefore found ourselves, at least as EU parties were concerned, doing “double service” – once by whatever means the English Court said we could do, and a second time satisfying the requirements of the Service Regulation.
Service by Data Room
This meant that, almost immediately, we were slowing down under the weight of paperwork. Adding to the complexity was a Court-ordered confidentiality ring which put the personal details of the recipient account holders into confidentiality silos until we (and the Court) could be sure that they were fraudsters.
In order to make the WFO and the asset tracing effective, it was clear we needed to make a change. What we did was to seek the Court’s permission to serve by web-based data room (the service we chose is called Tresorit, an EU-based provider similar to Dropbox).
Once the service was up and running, we were able to upload everything to a folder structure that mirrored our growing set of real lifereal-lifehearing bundles. It made complying with our confidentiality ring easier, too.
We had to put evidence before the Court detailing several rounds of expensive, painful service, in order to persuade the Court why we should try something better. Bad news for anyone looking to do something similar: before you can tell the Court how an army of associates and paralegals spent their past few weekends, they’ll need to live those weekends.
There were a few other crucial elements to our data room strategy that we explained to the Court. The first was the security of the platform and its compliance with data protection rules. The second was that this service wouldn’t give us access to any information we wouldn’t have with traditional methods of service, such as whether the documents had been accessed and what had been read. Finally, we also had to satisfy the Court that the recipients were likely to know how to use it. Fortunately, there wasn’t much doubt about this with banks and hackers.
The data room was revolutionary and transformative for our management of the case. It meant we were able to spend vastly less time stuffing bundles and more time hunting down fraudsters. It did not resolve everything: we still had to do a second round of service that satisfied the Service Regulation, and some banks had their IT infrastructure locked down which meant we either had to work with them to find a solution, or, in a couple of instances, revert to doing things the traditional way.
One final important point is to make sure your order includes a date of deemed service. The CPR does require it, but it is easily overlooked.
1 Regulation (EU) No. 1215/2012 of the European Parliament and of the Council of 12 December 2012 on jurisdiction and the recognition and enforcement of judgments in civil and commercial matters (recast)
2 Regulation (EC) No. 1393/2007 of the European Parliament and of the Council of 13 November 2007 on the service in the Member States of judicial and extrajudicial documents in civil or commercial matters (service of documents)