Printer Friendly

What you should know about wire-transfer liabilities.

Although more than $1 trillion is moved among businesses by wire transfers every business day, until this year no law regulated all of the responsibilities of the parties involved. No piece of regulation defined each party's rights in the event of a problem with a particular transfer. That, however, is changing rapidly.

The Uniform Commercial Code, which is in effect in largely the same form in nearly all 50 states, sets forth rules that govern such commercial transactions as the sale of goods and those that involve commercial paper such as checks and notes. A proposed amendment to the UCC-that will become Article 4A of the code-already has been adopted by a number of states and establishes standards for commercial wire transfers. indeed, as of mid-1990, 14 states-including the banking centers of New York, California, and Illinois-have adopted or will soon complete the legislative process necessary to adopt Article 4A. (See page 42 for a listing of the 14 states and the status of the legislation.) By the end of 1991, more than half of the states likely will have adopted it, and the vast majority of those who haven't are likely to follow suit within a year or two thereafter.

The adoption of Article 4A will, among other things, allow parties to wire transfers (principally banks and their business customers) while predicting risk with more certainty and to adjust their operational and security procedures appropriately. The new rules will affect wire transfers in two of the most important areas left unclear by current law: fraudulent transfers and erroneous transfers.

These two areas have seen a relatively large amount of litigation in the past. In one leading case, for instance, a bank failed to execute a $27,000 payment order and was sued for $2.1 million after the originator of the wire transfer lost a valuable ship charter. That suit went as far as a federal appellate court before it was finally resolved in the bank's favor.

Whether a wire transfer is made by the Federal Reserve wire transfer network (Fedwire), the New York Clearing House Interbank Payments Systems (CHIPS), or some other method, the procedure is relatively standard.

A business, or the "originator" of the wire transfer, issues an instruction ("a payment order") to its bank, which in turn instructs an intermediary bank, if necessary, or the bank of the intended recipient (the beneficiary") to pay or credit a fixed amount to the beneficiary on behalf of the originator. For the most part, each of the payment orders sent by each entity to the next is transmitted electronically. (Because there may be a non-electronic communication in the series of orders, the drafters of Article 4A refer to these transfers as "funds transfers," not wire transfers.)

These electronic transfers are perhaps the most efficient payment system available today, far superior to written instruments such as checks. They are faster and less expensive for banks, and these economies are generally passed on to business customers. But problems do exist.

When the transfer is fraudulent

The low cost and the routine, rather ministerial nature of a bank's acts with respect to funds transfers can often promote one of the principal problems associated with such transfers-the fraudulent or unauthorized payment order.

Because most payment orders are transmitted electronically, a bank may not know whether a funds transfer has been authorized by its customer. It usually has to act on the basis of a message that appears on a computer screen.

Consequently, and as otherwise would be required in theory by Article 4 of the UCC, the bank is unable to authenticate the originator's signature since none is required to effect a funds transfer.

Article 4A's solution to this technical problem is to promote the use of security procedures. These are procedures established by agreement between a customer and a bank for the purpose of verifying that a payment order, or any communication amending or canceling a payment order, is authentic. Functioning in effect as signature substitutes, typical security procedures include the use of algorithms or other codes, identifying words or numbers, encryption, or callback procedures.

A certain kind of security can also be obtained by imposing limits-for example, by limiting the maximum amount of any transfer without specific non-electronic approval, by limiting the group of authorized beneficiaries to which funds transfers may be made, by requiring that funds transfers be payable only from an authorized account, or by prohibiting any transfers that exceed certain credit limits or balances.

It goes without saying that a business that agrees on a security procedure with its bank must carefully guard the information relating to the procedure. The business should supervise its employees to insure compliance with the security procedure as well as to safeguard confidential security information and access to transmitting facilities so that the security procedure cannot be circumvented.

Article 4A requires that the security procedure that a business and a bank adopt be commercially reasonable. " Whether a particular security procedure is reasonable depends on a number of different factors. For instance, when a business is dealing with a money-center banks security may be different than when it is dealing with a smaller bank. The interpretation of "reasonable" procedures also may differ for individual funds transfers and for repetitive transfers, or transfers made by an automated clearing house.

Other facts may affect the determination of a security procedure as reasonable, such as the circumstances of the customer known to the bank; the size, kind, and frequency of payment orders usually issued by the customer; alternative security procedures offered to the customer; security procedures otherwise in use in the industry; and the wishes of a customer. Thus, some customers may adopt less secure procedures because of the costs of and delays in implementing a higher level of security. That may mean, though, that the customer assumes more of the risk of failure of the procedure and the associated losses.

What, then, are the liabilities when a security procedure is in place? Any breach of a commercially reasonable security procedure requires that the person committing the fraud have knowledge of how the procedure works and knowledge of the code, identifying device, or the like. That person may also need access to transmitting facilities through an access device or other software. Logically, this confidential information usually is obtained from a source controlled by either the customer or the receiving bank.

If a fraudulent payment order is issued as a result of a breach of security on the part of the customer, liability for that unauthorized funds transfer will be imposed on the customer under Article 4A. Thus, generally speaking, if a bank receives a payment order and verifies its authenticity through the correct, agreed-upon security procedure, but it turns out that the order was fraudulent, the customer will be liable for the amount of the transfer.

only when the customer can prove that the person committing the fraud did not obtain the confidential information from an agent (or a former agent) of the customer or from any other source controlled by the customer is the loss shifted to the bank. A customer, therefore, is not responsible for an unauthorized transfer if it can prove that the bank or an outsider (such as a computer hacker) compromised its security.

Banks are in the best position to evaluate the efficacy of procedures offered to customers to combat fraud. Accordingly, banks likely will suggest, or even require, security procedures for all customers except where personal contact between a customer and a bank eliminates the possibility of an unauthorized funds transfer. Businesses, though, must give careful consideration to the kinds of security procedures they employ, with a view to both practicality and expense.

Interestingly, Article 4A provides that if customer can show that the bank did not comply with the applicable security procedures or that the customer did not otherwise cause the breach, the bank must refund the amount of the transfer with interest to the customer. The customer is not, however, entitled to interest if it fails t notify the bank of the relevant facts within 90 days of the date the customer received notification from the bank that the order was accepted or that the customer's account was debited. The obvious goal of this exercise is to allow the bank to be notified in sufficient time to seek recovery of the amount of the fraudulent transfer.

What if there's an error in the transfer?

Security devices will also have a role to play in protecting against erroneous payment orders.

Although it is uncommon for errors to occur in funds-transfer transactions, it is possible. There may be a discrepancy in the amount, such as when the originator's payment order instructs payment of $1 million but its bank subsequently instructs payment of $ 1 0 million. Or the beneficiary's bank may credit the wrong account. Errors also may occur when a payment order is sent, or appears to have been sent, that duplicates a previously sent payment order.

Some security devices are able to detect these kinds of funds-transfer errors. For instance, the security device could notify the bank when a purported beneficiary's account number is not one to which the customer normally makes payments; the device might require verification that payment to the stated account number was intended before the transaction continues. Similarly, the customer and bank could adopt a security procedure that would utilize different codes for different ranges of dollar amounts so that a $1 million wire transfer could not be erroneously sent as a $10 million transfer. To avoid duplicate orders, a security procedure could identify each payment order by a sequenced number or code that would apply to no other order.

Under Article 4A, if a customer and a bank have agreed on a security device to detect erroneous payment orders and the customer can show that the bank failed to comply with the system-but would have detected the error had it complied-liability falls on the bank.

The customer is not, however, without obligation in such a case. It must discover the error within 90 days or it will become liable to the bank for any loss that the bank can prove was incurred as a result of the delay in notification. That does not mean that the customer will have to pay for the error; rather, it will have to pay only what the bank can show it would have recovered had it been notified.

There is thus good reason for a business to negotiate a security procedure with its bank that detects errors. Indeed, without such a security procedure, the business customer will likely have to bear the loss. Article 4A assumes that the manual handling and verification of funds transfers would be expensive for banks, and that the process is subject to human error; therefore, the amendment does not encourage it.

Limiting damage recovery by business

Businesses that regularly use funds transfers should also recognize that Article 4A limits the scope of the damages they may recover from banks that commit errors.

In the case described earlier in which a bank failed to execute a $27,000 payment order and was told in the trial court to pay the originator $2.1 million for lost profits, a federal circuit court of appeals reversed. It relied in part on an ancient common-law rule that these so-called consequential damages may not be awarded unless a defendant had notice of the special factual circumstances giving rise to them. In this case, the appellate court said, the bank may have known that the wire transfer's originator was paying the ship owner for the hire of a vessel, but it did not know that the profits from a favorable charter would be lost if the payment were delayed. "Electronic payments are not so unusual as to automatically place a bank on notice of extraordinary consequences if such a transfer goes awry," the court held.

Unwilling to buck the trend of hundreds of years of Anglo-American jurisprudence, the drafters of Article 4A incorporate that rule by essentially prohibiting an award of consequential damages to businesses for errors made by banks in connection with funds transfers.

The theory, of course, is that evaluation of the nature and consequences of payment orders on an individual basis, which would be required in order to hold banks liable for consequential damages, is not consistent with the high-speed, low-price nature of processing wire transfers. Article 4A permits the parties to increase the measure of damages by an express agreement; obviously, the cost of each ensuing transfer likely would increase as well.

With Article 4A rapidly becoming the law in a growing number of states, businesses can expect banks to propose funds-transfer agreements reflecting its rules.

This will provide the business customer with a degree of certainty over such transfers that currently does not exist. It will also require that the parties to such agreements adopt new procedures and change existing policies in an attempt to ensure that only authorized and accurate funds transfers are made. As they have since the beginning of commerce, thieves and fools will render this goal unattainable; Article 4A of the UCC will at least permit the resulting losses to fall appropriately and predictably.
COPYRIGHT 1990 Financial Executives International
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1990, Gale Group. All rights reserved. Gale Group is a Thomson Corporation Company.

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:Technology; includes related article
Author:Brandon, George
Publication:Financial Executive
Date:Nov 1, 1990
Previous Article:Is it equity? Is it debt? Or is it both?
Next Article:Prospering in the European Community: state aids and financial reporting.

Related Articles
Finally, guidance on like-kind exchanges; when do business swaps qualify for like-kind treatment? The Internal Revenue Service's new rules provide...
Transfer taxes apply to cash poor too.
Contested liabilities - when is a deduction allowed?
Look before you leap: are LLCs right for you?
Canadian company formed by U.S. S corporation will be considered a partnership.
Proposed software regulations.
The IRS's ability to attack S corporation stock transfers.
Arms transfer principles.
Be prepared: if you don't already have a risk management plan addressing all facets of your organization, it's time to get one. (Risk Management).
Customs duty considerations.

Terms of use | Privacy policy | Copyright © 2022 Farlex, Inc. | Feedback | For webmasters |