The subsidiary reported the unauthorized ACH debits to its bank, a major U.S. commercial bank, which declined reimbursement because the ODFI, another major U.S. commercial bank, declined the claim as its customer, the Originator, also declined responsibility.

Upon being retained, L&R quickly investigated and pursued the matter with the banks under Operating Rules and Guidelines of the National Automated Clearing House Association (NACHA).  While corporate ACH debits are not subject to the substantial protections afforded consumer ACH debits under Regulation E and NACHA’s rules, numerous other provisions of NACHA’s rules and guidelines do apply to unauthorized corporate debits.  Of particular significance is NACHA’s warranty under which an ODFI warrants to the RDFI that transactions have been properly authorized by the Receiver, for which it is required to indemnify the RDFI for “all claims, demands, losses, liabilities, and expenses, including attorneys’ fees and costs, that result directly or indirectly” from the breach of warranty.

In less than a month after L&R contacted the RDFI, both banks reversed their positions, and the U.S. subsidiary was reimbursed for its full loss.

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605 or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.

Whitaker, a Georgia physician, maintained an account with Wedbush, a futures commission merchant. Whitaker’s email account was hacked, and a cybercriminal sent fraudulent emails to Wedbush, directing four wire transfers overseas totaling $374,960.  Defending the suit, Wedbush, claimed it was not a “bank” because it was not “engaged in the business of banking,” as defined in UCC § 4A-105(a)(2), but merely acted as plaintiff’s agent in forwarding wire instructions to its bank, BMO Harris, for processing.  The Illinois high court, reversing the courts below, recognized that non-bank financial institutions like brokerage firms, mutual funds, and insurance companies have consistently been held by the courts to be a “bank” under UCC Articles 3, 4, and 4A. Id. at *17.  The court concluded Wedbush was a “bank” for purposes of Article 4A because it provided financial services, including brokerage and trading services, and “regularly assisted customers in processing funds transfers,” id. at *18, and thus subject to Article 4A’s strict liability regime for unauthorized funds transfers.

This case is an important reminder that non-bank financial firms, whether brokerages, mutual funds, or insurers that assist customers in processing funds transfers can be held to the same legal requirements as chartered banks under UCC Article 4A, and thus should have commercially reasonable security policies and procedures in place.  It further reminds that non-bank entities providing such customer assistance may share in the risk of loss under Article 4A’s loss-allocation rules.

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605 or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.

The law firm filed a pro se claim against Citibank under the Computer Fraud and Abuse Act (“CFAA”), requiring a showing that Citibank aided and abetted the hacker by “knowingly and with intent to defraud, access[ing] a computer without authorization, . . . and by means of such conduct further[ing] the intended fraud….” 18 U.S.C. § 1030(a)(4).  The firm alleged the bank’s maintenance of the hacker’s account, allowing the deposit of stolen funds and permitting their withdrawal, constituted the requisite assistance. The district court rejected the allegations of Citibank involvement as insufficient “even under a willful-blindness theory,” noting the plaintiff did not allege “facts that indicate that the bank ‘closed its eyes’ to the hacker’s obvious crime” nor did it “allege any unusual activity that might have raised the bank’s suspicion or any vetting irregularities,” and dismissed the claim without prejudice.  2020 U.S. Dist. LEXIS 71713, at 10.

While this claim under the CFAA is novel, it is also serves to show that banks can be subject to aiding and abetting liability when properly plead.  L&R has successfully brought aiding and abetting claims, including in a major, serial loan fraud case, representing bank no. 2 against bank no. 1, where bank no. 1 discovered the fraud, forcing the fraudster to commit the same fraud against bank no. 2 in order to be repaid, with bank no. 1 later paying a substantial settlement.

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605 or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.

Cybercriminals are exploiting the pandemic in countless ways, from preying on human vulnerability to taking advantage of the increased use of online banking and electronic payments. The scams include credential phishing, spam email campaigns, malware, and business email compromise (BEC).

According to the FBI’s Alert No. I-040120-PSA, Cyber Actors Take Advantage of COVID-19 Pandemic to Exploit Increased Use of Virtual Environments (Apr. 1, 2020), its Internet Crime Complaint Center received over 1,200 complaints as of March 30, 2020.  The FBI Alert warns that “during this pandemic, BEC fraudsters have impersonated vendors and asked for payment outside the normal course of business due to COVID-19.”  As defined by the FBI’s Internet Crime Report (2019), BEC “is a sophisticated scam targeting both businesses and individuals performing a transfer of funds. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.” In 2019, there were 24,000 complaints of BEC scams, with a total loss of $1.7 billion.

On April 6, 2020, the FBI issued a press release, FBI Anticipates Rise in Business Email Compromise Schemes Related to the COVID-19 Pandemic, in which it detailed recent examples of BEC attacks:

• A financial institution received an email allegedly from the CEO of a company, who had previously scheduled a transfer of $1 million, requesting that the transfer date be moved up and the recipient account be changed “due to the Coronavirus outbreak and quarantine processes and precautions.” The email address used by the fraudsters was almost identical to the CEO’s actual email address with only one letter changed.
• A bank customer was emailed by someone claiming to be one of the customer’s clients in China. The client requested that all invoice payments be changed to a different bank because their regular bank accounts were inaccessible due to “Corona Virus audits.” The victim sent several wires to the new bank account for a significant loss before discovering the fraud.

Also on April 6, 2020, the FBI issued a further warning, Money Mule Schemes Exploiting the COVID-19 Pandemic.  The FBI anticipates a rise in work-at-home schemes to recruit money mules to wittingly or unwittingly facilitate the laundering of fraudulent funds transfers.

On April 13, 2020, the FBI issued another release, Advance Fee and BEC Schemes Related to Procurement of PPE and Other Supplies During COVID-19 Pandemic.  The FBI’s warning reports on evolving schemes being utilized to exploit the coronavirus pandemic.

The FBI is often the first place to turn for assistance when a business is the of a cyberattack that results in fraudulent wire transfers or ACHs. If contacted within 48 hours of the theft and a loss threshold is met, the FBI may be able to identify whether any of the funds may be recovered.

The next option would be potentially responsible third-parties.  L&R recently presented a paper at an American Bar Association Conference, titled Technology and Salvage: Using Social Media in Recovery and Allocating Cybercrime Funds Transfers to Third Parties (Jan. 31, 2020), that discusses the latest trends in cybercrime involving fraudulent transfers and how losses are allocated between businesses and third-parties, particularly banks.

Generally, the focus is on the beneficiary’s bank in the business email compromise scenario and on the receiving bank in the malware/account takeover situation.

As detailed in L&R’s recent paper, the beneficiary’s bank (i.e., the bank of the beneficiary of the funds transfer where the funds are ultimately transferred) has potential liability exposure for fraudulent funds transfers arising in the business email compromise scenario under any of the following:  (1) the bank “knows” that the name and account number on the wire transfer order refer to different persons; (2) improper bank conduct took place before the funds transfer, such as at account opening; (3) improper bank conduct took place after the wire transfer; or (4) where the bank accepted funds when it knew or should have known that the funds were fraudulently obtained.

In the malware/account takeover scenario, the receiving bank (i.e., generally the customer’s bank from where the transfer originated) has liability exposure for fraudulent funds transfers, unless the bank proves: (1) the bank and customer agreed that the authenticity of a payment order would be verified through a “security procedure;” (2) the security procedure agreed upon is “commercially reasonable;” (3) the bank processed the payment order in “compliance” with the security procedure; (4) the bank processed the order in compliance with any written agreement or instruction of the customer; and (5) the bank accepted the payment order in “good faith.”

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605 or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.

The conference theme was, “A Whole New World: The Impact of Technology and Cybercrime on Fidelity Policies.”  They were joined by Joseph S. Szary of Great American Insurance Group.  Their presentation addressed the latest trends in cybercrime involving fraudulent funds transfers and how losses are allocated between insureds and third-parties, particularly banks. They also discussed how social media may be used effectively in locating businesses and individuals, their income and assets, and covered applicable regulatory guidelines. Their discussion included the recent opinion by the 11^th Circuit Court of Appeals, Peter E. Shapiro, P.A. v. Wells Fargo Bank, N.A., 2019 U.S. App. LEXIS 35604 (11^th Cir. Nov. 27, 2019).

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605 or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.

In this case the bank, in exchange for a series of loans consolidated and renewed beginning in 2005, obtained assignment of several stock certificates from its customer. Comparing the certificates in 2009, the bank realized one was not an original but a color copy. The customer provided a replacement certificate, and the bank renewed certain loans totaling $1.5 million. Then in 2010, the bank discovered the customer had actually pledged the prior original certificate to another bank, rendering the replacement null and void, as representing the same shares as the pledged original.

The FIB provided coverage under Insuring Agreement (E) for an extension of credit “on the faith of any item listed in (a)(i) through (a)(iv) above [including a “Certificated Security”], which is a Counterfeit.” The Bond defined “Counterfeit” as meaning “an imitation which is intended to deceive and to be taken as an original.”  The bank argued that the replacement certificates qualified as counterfeit because they “appeared for all intents and purposes to be a valuable stock certificate.”  777 F.3d at 1342.

The 11^th Circuit rejected this argument, stating “[a]n attempt to deceive by means of a document that imitates the appearance of an authentic original is not the same as an attempt to deceive by means of false factual representations implicit in an authentic document.  To conflate the two, as the Bank would have us do, would obliterate elementary distinctions among the techniques of deceptions,…distinctions [which] are recognized in ordinary and commercial usage and preserved in the bond.” Id. at 1343 (internal quotation marks and citation omitted).  The 11^th Circuit recognized: “The Bond does not cover losses resulting from every document tainted by fraud.  Instead, the Bond provides coverage for a subset of deception-based losses—those stemming from documents that imitate an original.  The difference hinges on the nature of the underlying misrepresentation.  While counterfeit documents deceive by misrepresenting authenticity, [the replacement certificates’] deception concerned a misrepresentation of value.”  Id. (emphasis in original).  While the replacement certificates were authentic (issued, numbered, dated, and signed), they had no value because they were obtained under false pretenses.  Thus, the replacement certificates were not “counterfeit” under the terms of the Bond.  Id.

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605, or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.

This action was the last of a series of suits filed in Maryland, Connecticut and New York arising from the latest financial fraud by Michael Howard Clott, who 25 years ago during the S&L crisis, as head of First American Mortgage Co. (FAMCO), pled guilty to “one of the largest [frauds] brought to prosecution in the federal system” in Maryland. E.F. Hutton Mortg. Corp. v. Equitable Bank, 678 F. Supp. 567, 570 (D. Md. 1988). At sentencing for another financial crime, the federal judge reportedly proclaimed that Clott could not be stopped “short of isolating him from all contact with humanity, like putting him on a desert island,” and even then “[h]e’d fleece the pigeons that landed there.”

In this case, while facing separate charges in New York, Clott induced investors from Greenwich and Philadelphia in 2009 to invest $9 million in a purported “no-risk” deal, to buy and sell simultaneously portfolios of foreclosed properties from banks, as “show money” deposited in a Rockville title company’s accounts at PNC. The investors, after settling prior actions against the title company and others, belatedly brought suit in December 2012 against PNC for $5 million in remaining damages, asserting claims of knowing participation in breach of fiduciary duty, negligence, and breach of contract, among others.

On the eve of trial in February 2014, the Hon. Michael D. Mason, having already dismissed eight of ten counts against the bank, granted summary judgment dismissing the rest, finding the bank owed no duty to the investors, and had not acted with actual knowledge of any breach or in bad faith. Judge Mason further held the action barred as a matter of law, both by contributory negligence and the statute of limitations as not tolled by the discovery rule, issues commonly left to the jury.

“This was a hard-fought litigation, and we’re pleased that both the trial and appellate courts saw the case the way we did” said L&R’s Robert Ludwig. “The investor-plaintiffs were not customers but virtual strangers to the bank, all transactions were authorized, and by their own admissions they failed to conduct any due diligence to protect themselves and then ignored numerous red flags.”

On appeal, the Maryland Court of Special Appeals summarily affirmed in all respects. It adopted the opinions of the trial court as its own and issued an unreported opinion focused on the statute of limitations, agreeing that plaintiffs “were on inquiry notice that something was amiss more than three years prior to the filing of the action.”  The appellate court rejected the testimony proffered by plaintiffs’ real estate investment expert on multiple grounds, noting it was “undisputed [plaintiffs] made no effort to look into the reputations or backgrounds of [their business associates] for, had [they] done so, [they] would have learned that [Clott’s alias] did not exist.”

For further information, contact Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603 or Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605.

In that case, the Michigan bank received a faxed wire transfer request from an individual purporting to be its customer, requesting that $196,000 be wired from the customer’s home equity line to a bank in South Korea. The request contained the customer’s signature and account information. The bank further verified the request by calling the phone number on file (modified the week before by letter purportedly emailed from the customer), and wired the funds to Seoul. Two days later the bank received a second request for a $98,000 wire, this time processed by an employee who knew the customer, questioned why he would wire funds to South Korea, and called him on his actual phone number, uncovering the scam. The bank re-credited the account and submitted a claim for coverage under its FIB, which the insurer denied.

On cross-motions for summary judgment, the court overruled the insurer’s two grounds for denying coverage. The court found the forged wire request was a covered “Withdrawal Order” under Insuring Agreement (D) and an Unauthorized Signature Rider, and that the loan-loss exclusion of the Bond did not apply where the loss was not the result of a loan, the customer having neither received the funds nor agreed to repay the debt. Though both Agreement (D) and the Rider expressly required a “Written Original” for coverage, which the faxed transfer request clearly did satisfy, that requirement was not raised by the insurer until after summary judgment, and the court declined to consider the new argument on reconsideration in the exercise of its discretion pursuant to Federal Rule 59(e).

This Spring three more federal decisions were handed down which further underscore the importance of timely raising the original document requirement in FIB cases under Insuring Agreements (D) and (E).

1.         In April, the Sixth Circuit affirmed the result in Bank of Ann Arbor, holding the district court did not abuse its discretion in refusing to entertain the insurer’s original document defense, raised for the first time on motion for reconsideration after summary judgment had been granted. Bank of Ann Arbor v. Everest Nat’l Ins. Co., 2014 U.S. App. LEXIS 7820 (6th Cir. Apr. 23, 2014). Additionally, the appeals court held that under Michigan law, when an insurer denies coverage on stated grounds, it generally waives or is estopped from raising new defenses. Here the insurer’s declination letter stated only two grounds for denying coverage, and did not raise the original document requirement. Although not addressed in either opinion, the insurer also did not raise the related “physical possession” requirement of the Bond, which provided further grounds for denial of coverage.

Bank of Ann Arbor serves as a cautionary tale of the importance for insurers to closely evaluate the potential applicability of the original document defense (and related physical possession defense) at the earliest stages of not only the litigation, but the claim itself.

2.         In contrast, in May the District Court for the Southern District of Alabama granted summary judgment to the insurer which did timely raise the original document defense in relation to certificated securities alleged to be counterfeit. Bank of Brewton v. The Travelers Companies, Inc., 2014 U.S. Dist. LEXIS 69567 (S.D. Ala. May 21, 2014).

In that case the bank, in exchange for a series of loans consolidated and renewed beginning in 2005, obtained assignment of several stock certificates from its customer. Comparing the certificates in 2009, the bank realized one was not an original but a color copy. The customer provided a replacement certificate, and the bank renewed certain loans totaling $1.5 million. Then in 2010, the bank discovered the customer had actually pledged the prior original certificate to another bank, rendering the replacement certificate null and void, as representing the same shares as the pledged original certificate.

The FIB provided coverage under Insuring Agreement (E) for an extension of credit “on the faith of any item listed in (a)(i) through (a)(iv) above [including a “Certificated Security”], which is a Counterfeit.” The Bond defined “Counterfeit” as meaning “an imitation which is intended to deceive and to be taken as an original.” Addressing those provisions of the Bond, the court upheld the insurer’s denial of coverage upon the bank’s initial claim that the color copy of the original certificate constituted a counterfeit, on grounds that the bank knew the certificate was a copy and not an original, and thus not counterfeit. The court further held that the bank suffered no loss resulting directly from having relied upon that certificate as a genuine original document, knowing it to be a copy when the loans were renewed.

Addressing the bank’s belated alternative argument that the replacement certificate constituted a counterfeit within the meaning of the Bond, the court noted that a document “must be a fake version of an existing, genuine document,” and “must possess sufficient similarity to to the original to render it plausible that it is the genuine original of that which it imitates.” 2014 U.S. Dist. LEXIS 69567, *10. Finding the prior original certificate was a genuine document, the court held the replacement certificate, while quite similar, bore obvious differences beginning with the certificate number itself, and thus could not purport to be a counterfeit imitation as a matter of law.

The bank filed a notice of appeal of the district court’s grant of summary judgment denying coverage, on June 2nd.

3.         Earlier this year a district court in Utah addressed whether electronic transmissions are covered “originals” under a modified version of the standard Form 24 FIB that omitted the form’s definition of “Original.” Transportation Alliance Bank, Inc. v. BancInsure, Inc., 2014 U.S. Dist. LEXIS 22187 (D. Utah Feb. 21, 2014).

The case involved a factoring fraud perpetuated on Transportation Alliance Bank (TAB) by Arrow Trucking, Inc. TAB, pursuant to an Accounts Receivable Purchase and Security Agreement, purchased Arrow’s accounts receivable at discount with the right to the full receivables when paid, also guaranteed and secured by Arrow’s accounts and assets. Pursuant to the Agreement, Arrow periodically provided TAB with electronic account statements, which Arrow electronically altered to falsely reflect higher receivables, inducing TAB to advance more cash than Arrow was entitled to receive, leading to a loss of $11.5 million. TAB submitted a FIB claim to BankInsure, Inc., which denied coverage for failure to satisfy the five discrete conditions to coverage under Insuring Agreement (E).

Addressing the first condition, the court found the electronic account statements were covered documents, whether as “Evidence of Debt,” or as a “Security Agreement” when combined with the A/R Purchase and Security Agreement. Next, addressing the condition that each covered document be an “original,” the court noted the Bond omitted the Form 24 definition (“Original…does not include…electronic transmissions even if received and printed”), under which there would have been no coverage. Finding that omission to be deliberate, and citing case law and Utah’s Uniform Electronic Transactions Act, the court held that, in the absence of a contrary definition, electronic transmissions “are a way of life and are just as original as a printed, hard copy of document…” Further, the court found that Arrow’s electronic overwrites were covered “alterations,” and that TAB had “physical possession” of the electronic data in its computers within the meaning of the Bond. The “physical possession” requirement, however, is meant to be read in conjunction with the “original” requirement and to provide the insured the opportunity to examine the “original” document and discover obvious defects. That purpose is not served in the case of electronic documents. Lastly, the court held the loss “resulted directly from” TAB having made over-advances upon Arrow’s alterations of its accounts receivable.

The case is an object lesson, particularly in today’s banking world where electronic documents are widely treated as originals, to ensure the standard form definition of “original” or its equivalent is included in the Bond.

For further information, contact Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603, or Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605.

The bank received a $440,000 wire request purportedly from the customer, an escrow company, for transfer to a beneficiary’s account in the Republic of Cyprus.  The request, received over the Internet using the customer’s login and password, was authenticated via a secure ID token downloaded on the customer’s computer to show it had been initiated from its registered IP address. The customer, a common malware target as an escrow company, had been attacked and its purported request was unauthorized.

Significantly, in establishing online banking services, the customer had declined the use of “Dual Control,” as offered by the bank, requiring two users using separate logins and passwords to process wire transfers, as well as daily limits on wire transfer activity.  Subsequently, the customer inquired whether foreign wire transfers could be blocked to avoid fraudulent wires.  The bank advised that it was unable to stop just foreign wires, recommending again dual control which the customer still declined.

On appeal as in the district court, the customer argued that the security procedures offered were not commercially reasonable because none involved transactional analysis whereby wire transfers are subject to individual fraud review.  The Eighth Circuit disagreed, affirming thatit would be impracticable for the bank to review every outgoing wire and that there was no genuine question of fact whether the bank was required to use transactional analysis as a matter of reasonable commercial procedures.  The Eighth Circuit concluded that the security procedures offered were commercially reasonable for that customer, observing:

[T]his appears to be a case where “an informed customer refuses a security procedure that is commercially reasonable and suitable for that customer and insists on using a higher-risk procedure because it is more convenient or cheaper[,]” in which case “the customer has voluntarily assumed the risk of failure of the procedure and cannot shift the loss to the bank.”

Id. at *26-27 (quoting UCC § 4A-203 cmt. 4).

Turning to whether the bank had proved it accepted the payment order in good faith under UCC § 4A-202(b), the Eighth Circuit described the good faith test as follows:

[W]hile there may be some evidentiary overlap between the commercial reasonableness of a bank’s security procedures and its compliance with reasonable commercial standards of fair dealing, we do not believe that the two inquiries are coextensive. While the commercial reasonableness inquiry concerns the adequacy of a bank’s security procedures, the objective good faith inquiry concerns a bank’s acceptance of payment orders in accordance with those security procedures. In other words, technical compliance with a security procedure is not enough under Article 4A; instead . . . the bank must abide by its procedures in a way that reflects the parties’ reasonable expectations as to how those procedures will operate.

[T]he focus of our good faith inquiry is on the aspects of wire transfer that are left to the bank’s discretion. . . .Where, as here, a bank’s security procedures do not depend on the judgment or discretion of its employees, the scope of the good-faith inquiry under Article 4A is correspondingly narrow. . . . [T]o establish that it acted in good faith, [the bank] must establish that its employees accepted and executed the . . . payment order in a way that comported with [the customer’s] reasonable expectations, as established by reasonable commercial standards of fair dealing.

Id. at *29-31.  The court concluded that the bank met its burden because: (1) the customer was aware that the only time the bank’s employees saw the payment order was after the wire had cleared its security procedures, (2) the customer was also aware that the employees’ role was to route payment orders, not to check for irregularities, (3) the “payment order was not so unusual that it should have raised eyebrows,” as the amount was not unusual for the customer, and (4) the bank was under no obligation to review the memo line of the payment order.  Id. at *32-33.  The Eighth Circuit contrasted this case with Experi-Metal, Inc. v. Comerica Bank, 2011 U.S. Dist. LEXIS 62677 (E.D. Mich. June 13, 2011), where the district court found a lack of good faith by the bank in allowing, inter alia, $5 million in overdrafts from an account that had a zero balance.

Finally, the Eighth Circuit addressed the bank’s counterclaim for attorney’s fees based on an indemnification provision in the customer agreement.  The district court had found that the indemnification provision conflicted with Article 4A, and dismissed the counterclaim.  The Eighth Circuit reversed:

[The bank’s] counterclaim seeks attorney’s fees, not damages stemming from the fraudulent payment order, and Article 4A contains no provision allocating attorney’s fees between the bank and its customer in the event of litigation.  Although awarding attorney’s fees to a bank under an indemnification agreement might reduce a customer’s overall recovery against that bank, it would do so for reasons extrinsic to Article 4A’s attempts to balance the risk of loss due to a fraudulent payment order. We thus conclude that the portion of the indemnification provision relating to attorney’s fees is not inconsistent with Article 4A and that [the bank] may seek attorney’s fees from [the customer] under this provision.

Id. at *38-39. Plainly, a bank’s ability to obtain attorney’s fees upon prevailing in customer claims under Article 4A may become a significant factor in the resolution of such claims.

Choice Escrow represents another decision illustrating the importance of bank customer agreements in allocating losses for unauthorized electronic funds transfers.  See Salvatore Scanio and Robert W. Ludwig, Surging, Swift and Liable? Cybercrime and Electronic Payments Fraud Involving Commercial Bank: Who Bears the Loss?, 16 J. of Internet L. 3 (April 2013). 

For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605, or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.

In 2009, while facing charges in New York, Clott induced investors from Greenwich and Philadelphia to invest $9 million in a purported “no-risk” deal, to simultaneously buy and sell bulk portfolios of foreclosed properties from banks, as “show money” deposited in a title company’s accounts at PNC Bank.  The investors, after filing prior actions against the title company and others, brought suit against PNC asserting claims of knowing participation in breach of fiduciary duty, negligence, breach of implied contract, breach of contract for intended third-party beneficiaries, negligent misrepresentation, conversion, banking malpractice, and wrongful involvement in litigation.

In December 2013, the trial court dismissed eight of ten counts against the bank, permitting plaintiffs’ two negligence claims to proceed pursuant to Chicago Title Ins. Co. v. Allfirst Bank, 394 Md. 270 (2006).  On summary judgment in March 2014, the court dismissed the remaining claims, finding the bank owed no duty to the investors under Chicago Title, had not acted with actual knowledge of any breach or in bad faith, and that the action was further barred by contributory negligence and the statute of limitations.

The court observed that “as a general rule, banks don’t owe duties to non-account holders.”  Under the exception in Chicago Title, however, a duty may exist where there is “some type of intimate nexus that is established and based upon the facts of [the] case.”  Here, based upon the facts in the record, plaintiffs did not fall within the exception, particularly as there was “no evidence that the defendant, PNC, was aware of the plaintiff’s reliance on any of their actions.”

The court found, based upon the record evidence, that PNC had not acted with actual knowledge of any breach of fiduciary duty by the fiduciaries or in bad faith.  The court rejected plaintiffs’ argument that the bank was chargeable with knowledge of alleged suspicious account activity and obligated to investigate, finding that PNC did not act in a commercially unjustified manner under the circumstances.

The court also ruled that plaintiffs’ action was barred by contributory negligence and the statute of limitations, finding as a matter of law that plaintiffs were both contributorily negligent and on inquiry notice well before December 2009, more than three years before suit was filed.  The court made extensive findings based on undisputed facts and admissions developed in discovery that the investors could not simply rely on Clott, but rather ignored repeated red flags and failed to investigate, illustrated particularly by the primary investor request that the investment manager obtain bank statements on plaintiffs’ purported account, who failed to do so.

The case is currently on appeal to the Maryland Court of Special Appeals.

For further information, contact Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603 or Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605.