Liability of Banks and Service Providers
According to the Financial Contracts Act ("FCA") section 3-49 (1), service providers are held liable for any economic loss resulting from their failure to fulfil its obligations. The general obligations of service providers are outlined in FCA section 3-1 (1). To establish liability, the loss incurred must fall within the provider's reasonable foreseeability. Additionally, the service provider is responsible for losses caused by subcontractors.
The question of whether the service provider's duties have been breached is based on traditional assessments of negligence. The norm of conduct depends on an interpretation of the first paragraph of section 3-1, which must be supplemented and clarified by other sources in accordance with practice and theory of professional responsibility. There is a breach of the norm of action if the service provider has acted in breach of provisions in agreements, legislation or regulations; Section 10. The provision provides for liability for damages both in and out of contract.
As indicated above, the regulation in the contract with the bank will be the starting point for the assessment. The company should familiarize itself with the regulation in all contracts with its banking partners and seek to include detailed regulations of the bank' s obligations and control mechanisms when executing transfer of assets.
In addition, the bank may be liable on the basis of negligence. In determining the standard of care, it is essential whether the bank has acted within the relevant applicable codes of conduct in the area at the time of the transactions. It is also relevant to emphasize whether the bank has complied with the obligations in the contract with the customer. Furthermore, causal factors and ommisions on the injured party's part are important both for the expectations that should be set for the bank's conduct and when weighing up who is closest to bearing the loss.
External Accountants' Liability
An accountant is legally obligated under section 5-4(1) of the Norwegian Accountants Act (Nw: Regnskapsførerloven) to fulfil their obligations in accordance with the rules and regulations outlined in the Norwegian Bookkeeping Act (Nw: Bokførerloven) ("BKA") and the Norwegian Accounting Act (Nw: Regnskapsloven) ("ACA"). Furthermore, their accounting practices must align with recognized standards of good accounting practice. This includes the responsibility to assess and inform client companies if their current transaction and investment procedures are inadequate to withstand hacking and fraud.
It is important to note that neither of the mentioned legislations specifically regulate liability for damages. The law stipulates that a written contract must be established between the accountant and the client company. The preparatory works emphasize that the accountant's liability should be determined based on generally accepted contractual principles.
The company must carefully consider the contracts with accountants and familiarize itself with any regulations limiting the accountant's liability or responsibility. In addition, robust guidelines for approval and conducting payments should be established, as well as clear obligations for following agreed approval regimes.
Cyber insurance has emerged as a vital insurance solution in response to the growing risks associated with data breaches and fraud. This specialized insurance provides coverage for a company's liability in the event of a data breach involving sensitive customer information.
Certain cyber insurance schemes go beyond liability coverage and offer valuable assistance to mitigate the impact of breaches. These services may include timely customer notification in the event of a breach, restoration of personal identities for affected customers or employees, recovery of compromised data, and remediation of damages to technical systems, such as email. Recognizing that breaches and fraud can lead to operational downtime due to technical disruptions, some schemes also provide compensation for loss during business interruptions.
It is important to note that not all cyber insurance schemes extend coverage for losses resulting from CEO fraud. Additionally, some schemes may include disclaimers regarding reduced coverage due to the client company's own negligence or insecure procedures.
The limited coverage options available underscore the critical importance of maintaining a proactive stance toward education on emerging breach and fraud methods. It is crucial to enforce stringent and secure routines for transactions and the handling of sensitive information. By prioritizing these measures, companies can significantly reduce their vulnerability and exposure to potential losses.