Sal’s presentation focused on the legal regime for allocating liability for unauthorized fund transfers, including wire transfers, ACH transactions, and SWIFT transfers.  He discussed several key and recent cases under UCC Article 4A that have grappled with the breadth of the “security procedure” defense, applied the UCC test for determining whether a bank’s procedures are “commercially reasonable,” and addressed circumstances where banks were considered to have or have not acted in “good faith.”  He covered applicable regulatory guidelines issued by the Federal Financial Institutions Examination Council and the New York State Department of Financial Services, including recent developments on reporting cybercrime.

Sal’s presentation also addressed the continuing trend in the payment card arena in which fraud liability is shifting from issuers to acquirer/merchants under card network rules and recent suits brought by issuing banks against merchants for data breaches.   (For an overview of the evolving payment card system and developing loss allocation, see Sal Scanio’s prior article, Payment Card Fraud, Data Breaches and Emerging Payment Technologies, XXI Fidelity L.J. 59 (2015)).

Finally, Sal outlined a number of practical measures that can be taken by financial institutions to reduce their legal and compliance risk.

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605.

In that case, the Michigan bank received a faxed wire transfer request from an individual purporting to be its customer, requesting that $196,000 be wired from the customer’s home equity line to a bank in South Korea. The request contained the customer’s signature and account information. The bank further verified the request by calling the phone number on file (modified the week before by letter purportedly emailed from the customer), and wired the funds to Seoul. Two days later the bank received a second request for a $98,000 wire, this time processed by an employee who knew the customer, questioned why he would wire funds to South Korea, and called him on his actual phone number, uncovering the scam. The bank re-credited the account and submitted a claim for coverage under its FIB, which the insurer denied.

On cross-motions for summary judgment, the court overruled the insurer’s two grounds for denying coverage. The court found the forged wire request was a covered “Withdrawal Order” under Insuring Agreement (D) and an Unauthorized Signature Rider, and that the loan-loss exclusion of the Bond did not apply where the loss was not the result of a loan, the customer having neither received the funds nor agreed to repay the debt. Though both Agreement (D) and the Rider expressly required a “Written Original” for coverage, which the faxed transfer request clearly did satisfy, that requirement was not raised by the insurer until after summary judgment, and the court declined to consider the new argument on reconsideration in the exercise of its discretion pursuant to Federal Rule 59(e).

This Spring three more federal decisions were handed down which further underscore the importance of timely raising the original document requirement in FIB cases under Insuring Agreements (D) and (E).

1.         In April, the Sixth Circuit affirmed the result in Bank of Ann Arbor, holding the district court did not abuse its discretion in refusing to entertain the insurer’s original document defense, raised for the first time on motion for reconsideration after summary judgment had been granted. Bank of Ann Arbor v. Everest Nat’l Ins. Co., 2014 U.S. App. LEXIS 7820 (6th Cir. Apr. 23, 2014). Additionally, the appeals court held that under Michigan law, when an insurer denies coverage on stated grounds, it generally waives or is estopped from raising new defenses. Here the insurer’s declination letter stated only two grounds for denying coverage, and did not raise the original document requirement. Although not addressed in either opinion, the insurer also did not raise the related “physical possession” requirement of the Bond, which provided further grounds for denial of coverage.

Bank of Ann Arbor serves as a cautionary tale of the importance for insurers to closely evaluate the potential applicability of the original document defense (and related physical possession defense) at the earliest stages of not only the litigation, but the claim itself.

2.         In contrast, in May the District Court for the Southern District of Alabama granted summary judgment to the insurer which did timely raise the original document defense in relation to certificated securities alleged to be counterfeit. Bank of Brewton v. The Travelers Companies, Inc., 2014 U.S. Dist. LEXIS 69567 (S.D. Ala. May 21, 2014).

In that case the bank, in exchange for a series of loans consolidated and renewed beginning in 2005, obtained assignment of several stock certificates from its customer. Comparing the certificates in 2009, the bank realized one was not an original but a color copy. The customer provided a replacement certificate, and the bank renewed certain loans totaling $1.5 million. Then in 2010, the bank discovered the customer had actually pledged the prior original certificate to another bank, rendering the replacement certificate null and void, as representing the same shares as the pledged original certificate.

The FIB provided coverage under Insuring Agreement (E) for an extension of credit “on the faith of any item listed in (a)(i) through (a)(iv) above [including a “Certificated Security”], which is a Counterfeit.” The Bond defined “Counterfeit” as meaning “an imitation which is intended to deceive and to be taken as an original.” Addressing those provisions of the Bond, the court upheld the insurer’s denial of coverage upon the bank’s initial claim that the color copy of the original certificate constituted a counterfeit, on grounds that the bank knew the certificate was a copy and not an original, and thus not counterfeit. The court further held that the bank suffered no loss resulting directly from having relied upon that certificate as a genuine original document, knowing it to be a copy when the loans were renewed.

Addressing the bank’s belated alternative argument that the replacement certificate constituted a counterfeit within the meaning of the Bond, the court noted that a document “must be a fake version of an existing, genuine document,” and “must possess sufficient similarity to to the original to render it plausible that it is the genuine original of that which it imitates.” 2014 U.S. Dist. LEXIS 69567, *10. Finding the prior original certificate was a genuine document, the court held the replacement certificate, while quite similar, bore obvious differences beginning with the certificate number itself, and thus could not purport to be a counterfeit imitation as a matter of law.

The bank filed a notice of appeal of the district court’s grant of summary judgment denying coverage, on June 2nd.

3.         Earlier this year a district court in Utah addressed whether electronic transmissions are covered “originals” under a modified version of the standard Form 24 FIB that omitted the form’s definition of “Original.” Transportation Alliance Bank, Inc. v. BancInsure, Inc., 2014 U.S. Dist. LEXIS 22187 (D. Utah Feb. 21, 2014).

The case involved a factoring fraud perpetuated on Transportation Alliance Bank (TAB) by Arrow Trucking, Inc. TAB, pursuant to an Accounts Receivable Purchase and Security Agreement, purchased Arrow’s accounts receivable at discount with the right to the full receivables when paid, also guaranteed and secured by Arrow’s accounts and assets. Pursuant to the Agreement, Arrow periodically provided TAB with electronic account statements, which Arrow electronically altered to falsely reflect higher receivables, inducing TAB to advance more cash than Arrow was entitled to receive, leading to a loss of $11.5 million. TAB submitted a FIB claim to BankInsure, Inc., which denied coverage for failure to satisfy the five discrete conditions to coverage under Insuring Agreement (E).

Addressing the first condition, the court found the electronic account statements were covered documents, whether as “Evidence of Debt,” or as a “Security Agreement” when combined with the A/R Purchase and Security Agreement. Next, addressing the condition that each covered document be an “original,” the court noted the Bond omitted the Form 24 definition (“Original…does not include…electronic transmissions even if received and printed”), under which there would have been no coverage. Finding that omission to be deliberate, and citing case law and Utah’s Uniform Electronic Transactions Act, the court held that, in the absence of a contrary definition, electronic transmissions “are a way of life and are just as original as a printed, hard copy of document…” Further, the court found that Arrow’s electronic overwrites were covered “alterations,” and that TAB had “physical possession” of the electronic data in its computers within the meaning of the Bond. The “physical possession” requirement, however, is meant to be read in conjunction with the “original” requirement and to provide the insured the opportunity to examine the “original” document and discover obvious defects. That purpose is not served in the case of electronic documents. Lastly, the court held the loss “resulted directly from” TAB having made over-advances upon Arrow’s alterations of its accounts receivable.

The case is an object lesson, particularly in today’s banking world where electronic documents are widely treated as originals, to ensure the standard form definition of “original” or its equivalent is included in the Bond.

For further information, contact Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603, or Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605.

The bank received a $440,000 wire request purportedly from the customer, an escrow company, for transfer to a beneficiary’s account in the Republic of Cyprus.  The request, received over the Internet using the customer’s login and password, was authenticated via a secure ID token downloaded on the customer’s computer to show it had been initiated from its registered IP address. The customer, a common malware target as an escrow company, had been attacked and its purported request was unauthorized.

Significantly, in establishing online banking services, the customer had declined the use of “Dual Control,” as offered by the bank, requiring two users using separate logins and passwords to process wire transfers, as well as daily limits on wire transfer activity.  Subsequently, the customer inquired whether foreign wire transfers could be blocked to avoid fraudulent wires.  The bank advised that it was unable to stop just foreign wires, recommending again dual control which the customer still declined.

On appeal as in the district court, the customer argued that the security procedures offered were not commercially reasonable because none involved transactional analysis whereby wire transfers are subject to individual fraud review.  The Eighth Circuit disagreed, affirming thatit would be impracticable for the bank to review every outgoing wire and that there was no genuine question of fact whether the bank was required to use transactional analysis as a matter of reasonable commercial procedures.  The Eighth Circuit concluded that the security procedures offered were commercially reasonable for that customer, observing:

[T]his appears to be a case where “an informed customer refuses a security procedure that is commercially reasonable and suitable for that customer and insists on using a higher-risk procedure because it is more convenient or cheaper[,]” in which case “the customer has voluntarily assumed the risk of failure of the procedure and cannot shift the loss to the bank.”

Id. at *26-27 (quoting UCC § 4A-203 cmt. 4).

Turning to whether the bank had proved it accepted the payment order in good faith under UCC § 4A-202(b), the Eighth Circuit described the good faith test as follows:

[W]hile there may be some evidentiary overlap between the commercial reasonableness of a bank’s security procedures and its compliance with reasonable commercial standards of fair dealing, we do not believe that the two inquiries are coextensive. While the commercial reasonableness inquiry concerns the adequacy of a bank’s security procedures, the objective good faith inquiry concerns a bank’s acceptance of payment orders in accordance with those security procedures. In other words, technical compliance with a security procedure is not enough under Article 4A; instead . . . the bank must abide by its procedures in a way that reflects the parties’ reasonable expectations as to how those procedures will operate.

[T]he focus of our good faith inquiry is on the aspects of wire transfer that are left to the bank’s discretion. . . .Where, as here, a bank’s security procedures do not depend on the judgment or discretion of its employees, the scope of the good-faith inquiry under Article 4A is correspondingly narrow. . . . [T]o establish that it acted in good faith, [the bank] must establish that its employees accepted and executed the . . . payment order in a way that comported with [the customer’s] reasonable expectations, as established by reasonable commercial standards of fair dealing.

Id. at *29-31.  The court concluded that the bank met its burden because: (1) the customer was aware that the only time the bank’s employees saw the payment order was after the wire had cleared its security procedures, (2) the customer was also aware that the employees’ role was to route payment orders, not to check for irregularities, (3) the “payment order was not so unusual that it should have raised eyebrows,” as the amount was not unusual for the customer, and (4) the bank was under no obligation to review the memo line of the payment order.  Id. at *32-33.  The Eighth Circuit contrasted this case with Experi-Metal, Inc. v. Comerica Bank, 2011 U.S. Dist. LEXIS 62677 (E.D. Mich. June 13, 2011), where the district court found a lack of good faith by the bank in allowing, inter alia, $5 million in overdrafts from an account that had a zero balance.

Finally, the Eighth Circuit addressed the bank’s counterclaim for attorney’s fees based on an indemnification provision in the customer agreement.  The district court had found that the indemnification provision conflicted with Article 4A, and dismissed the counterclaim.  The Eighth Circuit reversed:

[The bank’s] counterclaim seeks attorney’s fees, not damages stemming from the fraudulent payment order, and Article 4A contains no provision allocating attorney’s fees between the bank and its customer in the event of litigation.  Although awarding attorney’s fees to a bank under an indemnification agreement might reduce a customer’s overall recovery against that bank, it would do so for reasons extrinsic to Article 4A’s attempts to balance the risk of loss due to a fraudulent payment order. We thus conclude that the portion of the indemnification provision relating to attorney’s fees is not inconsistent with Article 4A and that [the bank] may seek attorney’s fees from [the customer] under this provision.

Id. at *38-39. Plainly, a bank’s ability to obtain attorney’s fees upon prevailing in customer claims under Article 4A may become a significant factor in the resolution of such claims.

Choice Escrow represents another decision illustrating the importance of bank customer agreements in allocating losses for unauthorized electronic funds transfers.  See Salvatore Scanio and Robert W. Ludwig, Surging, Swift and Liable? Cybercrime and Electronic Payments Fraud Involving Commercial Bank: Who Bears the Loss?, 16 J. of Internet L. 3 (April 2013). 

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605, or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.