Current Trends In Banking Litigation: Risks, Red Flags, And Practical Takeaways

One of our responsibilities as outside counsel to community banks is to be aware of trends and risks faced by such banks as well as opportunities presented to them. When I was a young lawyer, updates from litigation called “Advance Sheets” were received on a weekly basis, if then. Those days are long gone, and with electronic news breaks coming out in real time, a significant amount of time is spent daily reviewing litigation notices, regulatory changes, and other events affecting the banking industry on the national front. Lately, there is much more litigation involving elder fraud, data breach litigation and insurance coverage, and wire fraud.

Elder Fraud

With respect to elder fraud, there appears to be an uptick in cases where the elder actively participated in the fraud action but then sued the financial institution for ignoring red flags and not stopping the transaction. In one case, a complaint was filed against a bank and a coin dealer alleging negligence in allowing an “obvious” elder exploitation. In this case, the plaintiff received a phishing email in 2024 informing him that he had made an antivirus software purchase for $700. The plaintiff called the number provided — thinking it was customer service — to obtain a refund, but he was told that a $300,000 deposit had been mistakenly made to his bank account. He alleges he received a picture of a false bank statement showing the deposit and was told he must return the money in gold coins purchased from listed dealers. He contacted a coin dealer and received wire transfer instructions from the store. He then went to his bank branch to fund the wire. He further alleges the banker did not inquire as to why he was moving a large percentage of his funds from the bank. Interestingly, the plaintiff also alleges he was on a phone call with the scammers during the wire transaction, which the banker did not question. However, the complaint also states that when the banker took the wire instructions from the plaintiff, the banker acknowledged that gold was a good investment. The plaintiff then picked up the coins at the coin dealer. The plaintiff alleges that the gold dealer did not question why he was physically picking up $300,000 in gold coins. After he arrived home, a third party drove up and the plaintiff handed the coins to the individual in the car. The lawsuit accuses the bank and the coin dealer of negligence and violating state law by not using reasonable security procedures when conducting wire transfers.

In another case, an elderly gentleman lost $337,000 in a romance scam involving several banks. Ironically, the victim was a computer security expert but suffered from cognitive decline. The plaintiff alleges that the scam was orchestrated by a foreign-based company operating romance websites. The fraudster and plaintiff allegedly rotated transactions across multiple accounts and banks to keep the volume of charges at any single bank below the threshold for fraud detection. Regulation E error resolution notices were sent to each of seven institutions. Two institutions investigated the claims, completing the error resolution process and refunded the money that went through their institutions, treating the issue as an authorized transfer error. The remaining five banks are fighting the fraud claims, arguing that the plaintiff authorized the transfers even while impaired and the banks are not liable. Both litigation cases are over a perceived regulatory gap in Regulation E — which primarily covers unauthorized transactions — where the plaintiffs are trying to expand liability for authorized person-to-person transactions, but involving fraud in the inducement.

Points to take from these cases are 1) make sure staff is aware of red flags in dealing with elderly customers engaging in transactions that are outside their ordinary custom, 2) make sure the error resolution process under Regulation E is thoroughly documented, and 3) to the extent possible, utilize trusted contacts to involve family members in such transactions as a means to reduce liability exposure.

Data Breach Litigation and Insurance Coverage

The second area is data breach litigation and insurance coverage. Recently, a community bank in the Midwest agreed to pay more than $2 million to resolve a class action by customers related to the MoveIt data breach from several years ago. Although the bank strongly denied any negligence, it settled when a judge denied requests to dismiss the lawsuits, ruling that the victims faced a substantial risk of future harm from stolen data and finding standing to pursue claims in the class action in the US District Court for the District of Massachusetts. Similarly, Fidelity Investments and Fidelity Brokerage Services LLC settled a data breach case for $2.5 million. There has been a proliferation of these class actions over data breaches against fintechs, commercial banks, and wealth management firms.

On the insurance side, insurers are seeking cyber liability caps under cyber risk insurance policies. In one case, the coverage dispute concerned a social engineering cyberattack suffered by a construction company in which fraudsters purporting to be a vendor solicited payment to outstanding invoices totaling $870,000. Two payments were made within one minute of each other. The insurance company paid $250,000 based on provisions pertaining to losses from cybercrimes, such as social engineering, thus combining the losses rather than paying two separate claims for $250,000. There was a policy endorsement limiting the maximum amount the insurer would be liable to pay for all first-party losses more than $250,000. Thus, policies should be closely examined at inception to determine the loss parameters. On the other hand, a federal district court in Texas held that a ransomware event sublimit endorsement did not cap the insured’s recovery at $250,000, concluding that the insurer did not draft an endorsement with necessary clarity to limit the coverage as it intended. Although the policy had a $3 million aggregate limit, the insurer attempted to apply an endorsement that capped all losses arising from a ransomware event at $250,000. The endorsement did not specify which insuring agreements it purported to modify, thus the court limited its applicability.

Wire Fraud

In a piece of good news, a bank has escaped a proposed class action accusing it of failing to reimburse consumers for wire fraud, ruling that the Electronic Funds Transfer Act (EFTA) and Regulation E explicitly exclude consumer wire transfers. This result is the opposite of a 2025 decision in State of New York v. Citibank N.A., in which a New York federal court determined that only bank-to-bank portions of wire transfers are exempt from the EFTA.

Wire fraud, however, remains a significant risk. A real estate law firm has been sued for malpractice where the plaintiff alleged that negligence led to $400,000 being wired to a fraudulent account in connection with a refinancing. The plaintiff’s closing company received two conflicting emails purporting to be from the prior lender, the first of which contained the correct wire instructions and the second, of course, contained fraudulent instructions. No steps were allegedly taken by the closing firm to verify the authenticity of the wire instructions. In a similar case, a bank was sued where a customer’s email had been compromised by third-party hackers. Thirty-three minutes after the banker sent legitimate wire instructions, the fraudster sent an email to the banker saying the earlier wire instructions needed to be revised. The banker requested the updated wire instructions, which were emailed by the fraudster. The plaintiff alleges the bank did not provide any additional verification or perform any due diligence to confirm the change. In this case, the plaintiff received and unwittingly approved the fraudulent wire via a code sent to his mobile phone, thinking the code was associated with the original and legitimate wire transfer instructions. This case demonstrates the importance of out-of-band verification of changes in wire transfer instructions and even the initial instruction.

Similarly, a law firm has sued a bank for failing to stop a fraudulent wire transfer. As in most cases, the fraudster had infiltrated the law firm’s email system and imitated the law firm in changing the email instructions. The plaintiff’s agent confirmed receipt of the wire instructions by email with the fraudulent instructions attached. The plaintiff alleges that the banker was negligent in not opening the attachment, which the banker assumed were the instructions he originally sent. The plaintiff alleges that by opening the email attachment, the banker would have discovered the changed wire instructions. Again, an out-of-band callback may have prevented this issue.

Other Risks

Finally, in what may or may not be fraud, a bank made a mortgage loan in 2022 to a customer who subsequently failed to make payments and pay taxes on real estate. Due to the default, the bank is attempting to foreclose on the subject property. The plaintiff is now alleging that subsequent tax sales have extinguished the lien of the deed of trust. Property taxes for tax years 2022, 2023, and 2024 were not paid by the plaintiff or by the defendant bank. Such taxes were paid by separate unrelated entities in 2023, 2024, and 2025 and confirmed. At issue is whether proper notice was received by both the defendant bank and the plaintiff landowner. This will be an interesting case to follow; however, it illustrates that banks should pay attention to tax notices and advance funds to pay the taxes if applicable.

In summary, these cases highlight how evolving fraud schemes and expanding litigation theories can increase risk exposure for community banks, often arising from breakdowns in routine processes rather than systemic failures. Continued focus on staff training, verification procedures, documentation, and careful attention to regulatory requirements can help mitigate exposure and prevent relatively small issues from developing into costly disputes.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.