Grounded Ingenuity | Refined Results


Investment fraud is a type of fraud where fraudsters use false pretences to persuade a victim to make an investment in a business or financial product that does not exist or that is different from what the victim has been led to believe. In a common type of online investment fraud, the fraudster preys on a victim looking to raise capital for a business. The fraudster assures the victim that he will be able to provide the needed capital, but the victim must pay various fees to access the capital. Needless to say, once the fees are paid, no capital is provided.

Hong Kong's status as a global business and financial hub leads to widespread international interactions with its companies and financial institutions. Unfortunately, this openness can also attract fraudulent activities, as the use of Hong Kong-based bank accounts and companies often raises no alarms due to its common business practices. The rapid and uncomplicated process of incorporating companies in Hong Kong further contributes to this susceptibility. Consequently, it's unsurprising that cyber fraud frequently involves Hong Kong banks and companies, with the U.S. Federal Bureau of Investigation (FBI) noting that the majority of business email compromise and email account compromise frauds feature Hong Kong bank accounts.

Business email compromise is a type of cyber fraud where fraudsters compromise email systems, enabling them to impersonate individuals for the purpose of giving instructions for the movement of funds or otherwise disclosing valuable commercial data to the fraudsters. Business email compromise is sometimes known as email account compromise (EAC).

Once funds have been transferred due to cyber fraud and deposited into a Hong Kong bank account, the chances of recall become minimal. However, victims do have other avenues available for asset recovery.

Reporting the incident to local and Hong Kong police is an initial step, though the latter won't directly help with fund recovery, but will investigate the case. A Hong Kong police report serves as evidence of the fraud and supports legal claims for recovery.

Police Action and Civil Proceedings

Hong Kong police's investigation can involve disclosing certain information (possible criminal offences including fraud and obtaining property or pecuniary advantage by deception) or issuing a Letter of No Consent ("LNC") to banks holding fraud proceeds, which could lead to showing you the bank balance of the account to which the proceeds of the fraud have been transferred or account freezing.

However, these actions are discretionary, they have no obligation to do so and often will refuse to do so, often based on personal data privacy legislation. For asset recovery, victims often require civil proceedings, as the police focus primarily on criminal investigations. Engaging and retaining Hong Kong lawyers becomes crucial for asset recovery efforts.

Through the civil courts this will typically involve two stages: locating the fraud proceeds and protecting them from dissipation, followed by the second stage of securing a court order for their return.

Norwich Pharmacal Order:

A Norwich Pharmacal order is a court directive requiring a third party linked to wrongful activities to disclose relevant information. For cyber fraud victims, a Bankers Trust order, a type of Norwich Pharmacal order, can compel banks to reveal details about accounts receiving fraud funds. Without this, victims can't identify the account holder or trace remaining proceeds.

Criteria for Norwich Pharmacal Order:
  1. Cogent and Compelling Evidence of Wrongdoing - Substantial evidence of serious wrongful activities, particularly in cases involving fraud. This standard of proof reflects that the wrongdoer is not and will not likely be before the court to answer the allegations.

  2. Substantial Benefits of Discovery - The victim must prove that the will (very likely) reap substantial and worthwhile benefits, aiding asset preservation or recovery. Please note that if the information can be obtained through other means, the Norwich Pharmacal order may be denied.

  3. Discovery Necessary - The requested discovery must be specific and restricted to those documents that are necessary to enable the victim to preserve or discover assets. This does not mean that the orders cannot be wide; what is crucial is that the discovery, be it wide or narrow, should be necessary.

Bankers Books and Records Order

Under s. 21 of the Evidence Ordinance, the victim may apply to court for an order to access specified bank records and entries for proceedings. Known as a Bankers Books or Bankers Records order, this allows the victim to trace the funds transferred to the fraudster's designated bank account.

Position of Banks in Asset Recovery Discovery

Banks in general adopt a neutral stance in proceedings for the production of documents such as bank account opening documentation, bank account statements or other records relating to transactions on a suspected fraudster's account. While they generally won't oppose discovery applications, they might if the scope is too broad.

Though the victim of fraud may complain that they should not bear the burden of discovery costs, courts tend to support banks' reimbursement of reasonable administrative and legal expenses for compliance (since the bank is an innocent third party required to assist).

A victim of cyber fraud will understandably be concerned with the movement of the proceeds of the fraud, since the ongoing movement could make asset recovery endeavors financially uneconomical. Consequently, if there is a risk that fraudsters might relocate these assets beyond the victim's reach, the victim may wish take steps to protect those assets.

Mareva Injunction

A Mareva injunction is an order of a court to freeze assets. A victim of a cyber fraud may apply to court for a Mareva injunction against a bank account holder which received funds from the fraud, and a copy of the Mareva injunction order will be served on the bank.

This order prohibits the bank from allowing any dealings in those funds and stops any withdrawals. This is normally issued ex parte (without the bank account holder’s knowledge), because if the person were notified of the application, they might seek to remove the assets before the order is given.

This has as the potential to cause considerable harm to the person subject to it, especially if the holder has not had an opportunity to challenge the allegations of fraud being made.

Given this risk of harm, the requirements for a Mareva injunction are high:

  1. Good Arguable Case - Strong evidence showing a serious case for recovery.

  2. Assets within Jurisdiction - The targeted party must possess assets within Hong Kong.

  3. Real Risk of Dissipation - A genuine risk of assets being hidden or disposed.

  4. Balance of Convenience - The balance of convenience must lie in favour of granting the injunction. The inconvenience or harm that may be caused to the bank account holder must be weighed against the need to protect the proceeds of the fraud from being moved out of the reach of the victim.

A Mareva injunction will typically include a return date for the parties to return to court to determine whether the injunction will be set aside, varied or discharged. This date gives the accused the opportunity to challenge the injunction.

Gagging Order

A gagging order prohibits disclosure of information relating to court proceedings. A victim of cyber fraud can apply to court for this order to prevent a bank who received the funds from a fraud to disclose that the victim is taking legal proceedings for discovery to recover the funds.

As an exceptional remedy, it is only granted when a strong case supports it and the court believes that once the fraudster is aware of being pursued, the person will frustrate the claim or investigation. The court balances the prejudice caused to victim if it is not granted, against the prejudice caused to the other party or any third party.

Similar to the Mareva injunction, a gagging order will include a return date with the idea that the prohibition on disclosure may be released, so that asset recovery efforts will no longer be frustrated by the fraudster's knowledge of the legal proceedings being taken by the victim.

Anti-Money Laundering Legislation

The Organized and Serious Crimes Ordinance and other anti-money laundering legislation in Hong Kong prohibit property dealings believed in whole or in part, directly or indirectly, to involve proceeds from specific crimes, including indictable offences for fraud.

As part of an investigation, the police may issue a "no-consent" letter (or LNC) to freeze a bank account, However, it is for the bank to decide whether to freeze the account and the police to decide how long they wish to take a no-consent position. Victims can also report to banks to freeze accounts, but legal involvement is often more persuasive and effective.

It is generally best practice for a Hong Kong law firm to apply for injunctive relief rather than to rely upon a bank's anti-money laundering processes to preserve the proceeds of any cyber fraud.

Claims for asset recovery in the context of cyber fraud encompass several legal avenues through which victims can seek to retrieve fraudulently obtained funds. These avenues include:

  1. Unjust Enrichment: Victims of a cyber fraud can assert claims of unjust enrichment against a holder of a bank account where the fraud proceeds are held. To succeed, the victim must demonstrate that the account holder received an unjust enrichment at the victim's expense. This enrichment can be shown to be unjust if it is caused by a mistake of fact or law. It is prima facie unjust for a recipient of money to retain the money if the payer had known the true state of affairs. Equally, enrichment may be unjust if there is a total failure of the anticipated performance or purpose for which the money was paid. Please note that the enrichment does not require proving fault on the part of the defendant.

  2. Change of Position: A claim for unjust enrichment may be defeated by a change of position, where the account holder may defend that claim by showing a change of position that would make it inequitable for restitution. For example, if the account holder did not realize that the funds should not have been received and paid out the money for a charitable donation, this may be defended as a change of position.

  3. Constructive Trust: Victims can seek a constructive trust over the proceeds of the fraud, allowing them to claim beneficiary rights and to call for the delivery of these proceeds. This establishes a proprietary claim which can defeat claims of other creditors, thus safeguarding their interests and may facilitate asset recovery.

  4. Tracing and Following: As fraud proceeds are often moved among various accounts, tracing involves identifying the path of the funds' movement, while following pertains to identifying assets substituted for the original ones. As a result, once the victim establishes a basis for a constructive trust over the proceeds of the fraud, asset recovery efforts will focus on following and tracing the proceeds.

  5. Backward Tracing and Intermediate Balance Rule: A difficulty with tracing is that bank accounts to where the proceeds of a cyber fraud are deposited may see multiple deposits and withdrawals, often falling below or rise above the original amount. In this case, the victim will need to show that the subsequent deposits were intended to make good the earlier withdrawals. Otherwise, the victim will face difficulties in tracing the proceeds beyond the lowest intermediate balance. Recent legal developments suggest that it may be possible to trace the proceeds as they move through the accounts so long as there is a clear link between credits and debits to an account as part of a co-ordinated scheme.

  6. Bona Fide Purchaser for Value: If fraud proceeds lose their specific identity and are spent by a bona fide purchaser unaware of the fraud, the victim's interest will be extinguished. E.g. if the fraudster uses the money from the victim to purchase goods and the seller of the goods is unaware that the payment are the proceeds of fraud, the seller will take the money free of any interest that the victim might have had on the money.

  7. Default Judgment: In cases where the deposited funds may belong to a legitimate business who may contest asset recovery proceedings, often the bank accounts are controlled by the fraudsters themselves and they may not defend asset recovery proceedings. In this case, the victim can then apply for judgement and the court can make its determination based on pleaded facts rather than evidence.

  8. Garnishee Order: After obtaining a judgment, a victim will often apply for a garnishee order to satisfy the judgment from the bank account where the proceeds of the fraud are held. An order nisi will be served on both the bank and the account holder. If no one disputes it, it then becomes absolute. The bank must pay the amount due to the victim from the account balance, discharging the bank's liability to the account holder.

  9. Vesting Order: This is potential “shortcut” to a garnishee order that can take place when the judgment is passed in the victim's favour on a proprietary claim. It effectively treats the account holders as trustees of a bare trust and compels them to transfer the fraud proceeds back to victim. However, there is some uncertainty to when this order might be available to a victim of cyber fraud in Hong Kong as there are conflicting authorities.




+852 2899 0179

head of funds


+852 2899 0149

head of


+852 2899 0127



+852 2899 0407

We use cookies to enhance your experience of our websites and to enable you to register when necessary. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our Cookie Policy and our Privacy Notice.