Bank customers beware: recovery of unauthorized electronic funds transfers isn't so easy.

AuthorTanner, Michael G.

It could happen today. You're sitting at your desk, and the phone rings. On the line you hear the voice of a family member, a good friend, or a long-time client. But now the voice is different; you hear the panic. Her bank account has been emptied by a series of electronic transfers she did not authorize. Can you help get her money back, she asks urgently.

The short answer is "maybe."

This article considers several issues you will encounter in trying to assist your bank customer client in this all too familiar predicament. (1)

For a remedy, you will first look to Uniform Commercial Code Article 4A, adopted in Florida as F.S. Ch. 670, (2) which regulates electronic funds transfers. The statute sets out the bank's and the customer's rights and responsibilities and prescribes which party bears the loss for unauthorized transfers. Complete familiarity with this statute is essential because you will soon discover that it may provide the only available remedy--one that the bank may attempt to further limit through its form account agreements. (3)

Article 4A Security Procedures

As electronic funds transfers became more common in recent years, it became apparent that U.C.C. art. 4 (bank deposits and collections4) did not adequately address a number of new issues. Article 4A was drafted to remedy this. Funds transfers to which art. 4A was intended to apply are typically initiated by electronic means (rather than face-to-face or by telephone), and often involve the transfer of large sums of money through multiple banks. (5) The primary purpose of art. 4A is to establish uniform and predictable rights, duties, and liabilities for arm's-length funds transfers between various commercial parties and their banks. (6)

But just because the customer who seeks your advice is not a commercial enterprise engaging in far-flung funds transfers through multiple banks does not mean he or she can escape the requirements and limitations of art. 4A. Even if the transfer from your client's account was initiated by a thief in person at a local bank, and the money moved from one account to another within that bank, art. 4A still applies. (7) These days, unless the money was transferred by check or withdrawn in cash, the bank transferred your client's funds using electronic means, and, consequently, art. 4A is the first place to look for a remedy.

The good news for your client is that art. 4A imposes on banks the obligation to refund unauthorized funds transfers for a one-year period after the bank gives the customer notice (ordinarily in the monthly account statement), thereby allowing the customer to identify the disputed transaction and notify the bank. (8) Accordingly, customers have a corresponding statutory right to receive a refund for that one-year period upon proper notice to the bank.

Beware that F.S. [section] 670.202 permits a bank to shift the risk of loss for unauthorized transfers to the customer in two ways. (9) First, a payment order initiating an electronic transfer is deemed authorized and effective if the sender, or the sender's agent, acting with actual or apparent authority, authorized it. (10) Second, if the account holder and the bank have agreed that authorization for payment orders will be verified by a security procedure (such as a PIN), a payment order is also effective, if 1) the security procedure is commercially reasonable; and 2) the bank accepted the payment order in good faith and in compliance with the security procedure and in compliance with any written agreement or instruction from the customer restricting acceptance of payment orders. (11)

"Given the large amount of the typical payment order, a prudent receiving bank will be unwilling to accept a payment order unless it has assurance that the order is what it purports to be. This assurance is normally provided by security procedures...." (12) This is because "[i]n a very large percentage of cases covered by [a]rticle 4A, transmission of the payment order is made electronically," on the basis of a message on a computer screen, and the common law concepts of the authority of an agent to bind a principle are not helpful. (13)

The art. 4A security procedure provision "is based on the assumption that losses due to fraudulent payment orders can best be avoided by the use of commercially reasonable security procedures.." (14) Otherwise, "the bank acts at its peril in accepting a payment order that may be unauthorized." (15)

As a result, to limit their risk of liability to refund unauthorized transfers, banks routinely enter into agreements with their customers specifying the security procedures the bank will use to verify that transfers from the customer's account are authorized by the customer. You must first determine whether your client's account was subject to security procedures and, if so, whether the bank complied with those.

Let's say you do some checking and discover there was no agreed security procedure for the account. In that situation, the issue under art. 4A becomes whether the transfer was authorized under general principles of agency. (16)

This will require you to examine carefully the facts as to how your client has used the account. Did anyone else have access to the account with your client's consent; and if so, when and under what circumstances? If your client is a business and an employee embezzled the money, the issue of whether the transaction was authorized under the law of agency may be thorny; certainly, the business would not have given the employee actual authority to steal funds, but did the employee have apparent authority to order the transfers? These issues will be very fact-specific and may require you to review a lengthy history of your client's banking practices.

Beyond these issues, you should also examine the bank's conduct. Did the bank have internal operating procedures to protect customer accounts that it failed to follow? And, again, you should review the account agreements because those may impose duties the bank failed to follow. In other words, do you have a potential cause of action against the bank outside art. 4A?

What if you review your client's records and discover unauthorized transfers occurring well more than one year before the client's telephone call to you; can you reach back to recover those? Again, the answer to both questions is "maybe."

Article 4A Displacement of Common Law Claims

The drafters made clear that art. 4A provides the exclusive remedy and displaces common law claims related to unauthorized funds transfers when a specific provision of art. 4A addresses the situation giving rise to the claim, and if the common law claims would create rights, duties, and liabilities inconsistent with art. 4A. (17) Such targeted displacement is consistent with the U.C.C.'s general acceptance of principles of equity and common law to supplement its provisions unless specifically displaced. (18) Whether art. 4A provides the exclusive remedy for your client is important because common law claims, if allowed, would provide a much longer statute of limitations (such as for breach of contract or negligence claims) than 4A's one-year look back, significantly expanding your client's potential for recovery. (19)

Thus, you will want to examine whether the bank undertook duties outside the funds transfer process, either unilaterally through its own internal procedures or in the account agreement, to protect your client's account. If so, art. 4A may allow you to assert common law remedies as a supplement to art. 4A's refund remedy. (20)

Notably, the U.C.C. drafters did not say expressly that either subsection (1) or subsection (2) of [section] 670.202 extinguishes bank duties (or customer claims) arising from account protection practices the bank may have undertaken unilaterally or through your client's account agreement. Indeed, art. 4A expressly excludes some such duties from [section] 670.202(2). (21) The drafters merely state what is apparent from the statutory language of [section] 670.202: If a bank and a customer have not agreed to a security procedure under subsection (2) to verify a transfer, the bank's sole defense against the customer's claim that the transfer was not authorized is under subsection (1), in accordance with general agency principles. (22)

Whether this opens the door to common law claims is largely uncharted territory in Florida jurisprudence. (23) Article 4A encourages banks to offer "security procedures" to customers to protect their accounts, but it does not require banks to do so. (24) You might argue for your client that if a bank adopts its own account protection practices, or agrees to certain practices by contract, and then fails to follow these, there should be a remedy outside...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT