Unless a customer objects to a fraudulent funds transfer within one year, its claims against the bank are subject to UCC Article 4A’s one-year statute of repose. See UCC § 4A-505 cmt.  UCC § 4A-505 provides:

If a receiving bank has received payment from its customer with respect to a payment order issued in the name of the customer as sender and accepted by the bank, and the customer received notification reasonably identifying the order, the customer is precluded from asserting that the bank is not entitled to retain the payment unless the customer notifies the bank of the customer’s objection to the payment within one year after the notification was received by the customer.

As a statute of repose, section 4A-505 does not provide an “affirmative defense . . . often subject to tolling principles,” but “extinguishes a plaintiff’s cause of action after the passage of a fixed period of time,” here, one year. Ma v. Merrill Lynch, Pierce, Fenner & Smith, Inc., 597 F.3d 84, 88 n.4 (2d Cir. 2010).

In Cardino, the bank attempted to cut down Article 4A’s one-year notice period to 60 days. Relying on Regatos v. N. Fork Bank, 838 N.E.2d 629 (N.Y. 2005), the court reasoned that because “Banks are liable under article 4-A of the UCC for improper funds transfers . . . and UCC [§ 4A-204(b)] provides ‘the obligation of a receiving bank to refund payment . . . may not otherwise be varied by agreement,’ . . . shortening the one-year period effectively would vary the bank’s obligation to refund payment[.]” Cardino, at *7. Therefore, the bank could not shorten the one-year period in any way. Id. at *8.

In contrast, courts generally permit the one-year notice rule in UCC Article 4 covering unauthorized checks and other items, UCC § 4-406(f), to be cut down by contract to as little as 14 days in some cases. See Salvatore Scanio & Robert W. Ludwig, Contracting Out of the Uniform Commercial Code: Reducing Bank Liability by Shortening the One-Year Notice Period for Reporting Check Fraud, 33 Banking & Fin. Servs. Policy Report 15 (Nov. 2014).

This case is an important reminder for customers and banks alike to consider whether particular cut-down provisions in bank-customer agreements are enforceable in the event of a dispute.

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605 or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.

The Advisory highlights how the COVID-19 pandemic is being exploited in “cyber-enabled crime through malware and phishing schemes, extortion, business email compromise (BEC) fraud, and exploitation of remote applications.” FinCEN identifies numerous “red flag indicators of COVID-19 cyber-enabled crimes to assist financial institutions in detecting, preventing, and reporting suspicious transactions associated with the COVID-19 pandemic.”

At the same time, FinCEN warns financial institutions they should continue to “consider additional contextual information and the surrounding facts and circumstances, such as a customer’s historical financial activity, whether the transactions are in line with prevailing business practices, and whether the customer exhibits multiple indicators, before determining if a transaction is suspicious or otherwise indicative of potential fraudulent COVID-19-related activities.” In other words, fundamental, long-established signs of suspicious activity apply equally, if not more so, in the COVID-19 era.

The impact of COVID-19 on funds transfer schemes was recently reviewed in an ABA webinar Salvatore Scanio presented with Ben Wallach, Cybercrime and Funds Transfer Fund – Recent Developments. 

The lively program discussed the latest trends in cybercrime involving fraudulent funds transfers. They reviewed recent funds transfer schemes, including those arising as a result of the COVID-19 era. The program discussed the latest developments in the legal regime applicable to fraudulent ACH and wire transfers, and explained the allocation of liability in such cases. They also addressed schemes involving law firms. The webinar featured numerous questions and answers throughout the event.

For a copy of the program materials, please contact Salvatore Scanio at sscanio@ludwigrobinson.com.

The subsidiary reported the unauthorized ACH debits to its bank, a major U.S. commercial bank, which declined reimbursement because the ODFI, another major U.S. commercial bank, declined the claim as its customer, the Originator, also declined responsibility.

Upon being retained, L&R quickly investigated and pursued the matter with the banks under Operating Rules and Guidelines of the National Automated Clearing House Association (NACHA).  While corporate ACH debits are not subject to the substantial protections afforded consumer ACH debits under Regulation E and NACHA’s rules, numerous other provisions of NACHA’s rules and guidelines do apply to unauthorized corporate debits.  Of particular significance is NACHA’s warranty under which an ODFI warrants to the RDFI that transactions have been properly authorized by the Receiver, for which it is required to indemnify the RDFI for “all claims, demands, losses, liabilities, and expenses, including attorneys’ fees and costs, that result directly or indirectly” from the breach of warranty.

In less than a month after L&R contacted the RDFI, both banks reversed their positions, and the U.S. subsidiary was reimbursed for its full loss.

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605 or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.

Whitaker, a Georgia physician, maintained an account with Wedbush, a futures commission merchant. Whitaker’s email account was hacked, and a cybercriminal sent fraudulent emails to Wedbush, directing four wire transfers overseas totaling $374,960.  Defending the suit, Wedbush, claimed it was not a “bank” because it was not “engaged in the business of banking,” as defined in UCC § 4A-105(a)(2), but merely acted as plaintiff’s agent in forwarding wire instructions to its bank, BMO Harris, for processing.  The Illinois high court, reversing the courts below, recognized that non-bank financial institutions like brokerage firms, mutual funds, and insurance companies have consistently been held by the courts to be a “bank” under UCC Articles 3, 4, and 4A. Id. at *17.  The court concluded Wedbush was a “bank” for purposes of Article 4A because it provided financial services, including brokerage and trading services, and “regularly assisted customers in processing funds transfers,” id. at *18, and thus subject to Article 4A’s strict liability regime for unauthorized funds transfers.

This case is an important reminder that non-bank financial firms, whether brokerages, mutual funds, or insurers that assist customers in processing funds transfers can be held to the same legal requirements as chartered banks under UCC Article 4A, and thus should have commercially reasonable security policies and procedures in place.  It further reminds that non-bank entities providing such customer assistance may share in the risk of loss under Article 4A’s loss-allocation rules.

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605 or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.

The law firm filed a pro se claim against Citibank under the Computer Fraud and Abuse Act (“CFAA”), requiring a showing that Citibank aided and abetted the hacker by “knowingly and with intent to defraud, access[ing] a computer without authorization, . . . and by means of such conduct further[ing] the intended fraud….” 18 U.S.C. § 1030(a)(4).  The firm alleged the bank’s maintenance of the hacker’s account, allowing the deposit of stolen funds and permitting their withdrawal, constituted the requisite assistance. The district court rejected the allegations of Citibank involvement as insufficient “even under a willful-blindness theory,” noting the plaintiff did not allege “facts that indicate that the bank ‘closed its eyes’ to the hacker’s obvious crime” nor did it “allege any unusual activity that might have raised the bank’s suspicion or any vetting irregularities,” and dismissed the claim without prejudice.  2020 U.S. Dist. LEXIS 71713, at 10.

While this claim under the CFAA is novel, it is also serves to show that banks can be subject to aiding and abetting liability when properly plead.  L&R has successfully brought aiding and abetting claims, including in a major, serial loan fraud case, representing bank no. 2 against bank no. 1, where bank no. 1 discovered the fraud, forcing the fraudster to commit the same fraud against bank no. 2 in order to be repaid, with bank no. 1 later paying a substantial settlement.

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605 or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.

This action was the last of a series of suits filed in Maryland, Connecticut and New York arising from the latest financial fraud by Michael Howard Clott, who 25 years ago during the S&L crisis, as head of First American Mortgage Co. (FAMCO), pled guilty to “one of the largest [frauds] brought to prosecution in the federal system” in Maryland. E.F. Hutton Mortg. Corp. v. Equitable Bank, 678 F. Supp. 567, 570 (D. Md. 1988). At sentencing for another financial crime, the federal judge reportedly proclaimed that Clott could not be stopped “short of isolating him from all contact with humanity, like putting him on a desert island,” and even then “[h]e’d fleece the pigeons that landed there.”

In this case, while facing separate charges in New York, Clott induced investors from Greenwich and Philadelphia in 2009 to invest $9 million in a purported “no-risk” deal, to buy and sell simultaneously portfolios of foreclosed properties from banks, as “show money” deposited in a Rockville title company’s accounts at PNC. The investors, after settling prior actions against the title company and others, belatedly brought suit in December 2012 against PNC for $5 million in remaining damages, asserting claims of knowing participation in breach of fiduciary duty, negligence, and breach of contract, among others.

On the eve of trial in February 2014, the Hon. Michael D. Mason, having already dismissed eight of ten counts against the bank, granted summary judgment dismissing the rest, finding the bank owed no duty to the investors, and had not acted with actual knowledge of any breach or in bad faith. Judge Mason further held the action barred as a matter of law, both by contributory negligence and the statute of limitations as not tolled by the discovery rule, issues commonly left to the jury.

“This was a hard-fought litigation, and we’re pleased that both the trial and appellate courts saw the case the way we did” said L&R’s Robert Ludwig. “The investor-plaintiffs were not customers but virtual strangers to the bank, all transactions were authorized, and by their own admissions they failed to conduct any due diligence to protect themselves and then ignored numerous red flags.”

On appeal, the Maryland Court of Special Appeals summarily affirmed in all respects. It adopted the opinions of the trial court as its own and issued an unreported opinion focused on the statute of limitations, agreeing that plaintiffs “were on inquiry notice that something was amiss more than three years prior to the filing of the action.”  The appellate court rejected the testimony proffered by plaintiffs’ real estate investment expert on multiple grounds, noting it was “undisputed [plaintiffs] made no effort to look into the reputations or backgrounds of [their business associates] for, had [they] done so, [they] would have learned that [Clott’s alias] did not exist.”

For further information, contact Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603 or Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605.

In 2009, while facing charges in New York, Clott induced investors from Greenwich and Philadelphia to invest $9 million in a purported “no-risk” deal, to simultaneously buy and sell bulk portfolios of foreclosed properties from banks, as “show money” deposited in a title company’s accounts at PNC Bank.  The investors, after filing prior actions against the title company and others, brought suit against PNC asserting claims of knowing participation in breach of fiduciary duty, negligence, breach of implied contract, breach of contract for intended third-party beneficiaries, negligent misrepresentation, conversion, banking malpractice, and wrongful involvement in litigation.

In December 2013, the trial court dismissed eight of ten counts against the bank, permitting plaintiffs’ two negligence claims to proceed pursuant to Chicago Title Ins. Co. v. Allfirst Bank, 394 Md. 270 (2006).  On summary judgment in March 2014, the court dismissed the remaining claims, finding the bank owed no duty to the investors under Chicago Title, had not acted with actual knowledge of any breach or in bad faith, and that the action was further barred by contributory negligence and the statute of limitations.

The court observed that “as a general rule, banks don’t owe duties to non-account holders.”  Under the exception in Chicago Title, however, a duty may exist where there is “some type of intimate nexus that is established and based upon the facts of [the] case.”  Here, based upon the facts in the record, plaintiffs did not fall within the exception, particularly as there was “no evidence that the defendant, PNC, was aware of the plaintiff’s reliance on any of their actions.”

The court found, based upon the record evidence, that PNC had not acted with actual knowledge of any breach of fiduciary duty by the fiduciaries or in bad faith.  The court rejected plaintiffs’ argument that the bank was chargeable with knowledge of alleged suspicious account activity and obligated to investigate, finding that PNC did not act in a commercially unjustified manner under the circumstances.

The court also ruled that plaintiffs’ action was barred by contributory negligence and the statute of limitations, finding as a matter of law that plaintiffs were both contributorily negligent and on inquiry notice well before December 2009, more than three years before suit was filed.  The court made extensive findings based on undisputed facts and admissions developed in discovery that the investors could not simply rely on Clott, but rather ignored repeated red flags and failed to investigate, illustrated particularly by the primary investor request that the investment manager obtain bank statements on plaintiffs’ purported account, who failed to do so.

The case is currently on appeal to the Maryland Court of Special Appeals.

For further information, contact Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603 or Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605.