I. INTRODUCTION
A. LB 160
Effective September 5, 1991 Nebraska added Article 4A to its Uniform Commercial Code (UCC). LB 160 was enacted into law by the Nebraska Legislature and is now among the great majority of states to have adopted UCC Article 4A. Article 4A governs funds transfers and banks of all sizes should have an understanding of and implementing Article 4A at this time.
Article 4A provides coverage of commercial, wholesale “funds transfers” from the order of the originator to the originator’s bank, through intermediary banks and to the beneficiary’s bank. Article 4A sets forth safety net rules absent agreement of the parties covering liabilities and obligations arising from: unauthorized payment orders; proper and improper (wrongful and erroneous) execution of payment orders; fraud; or insolvencies of participating banks. What constitutes payment for the discharge of an underlying obligation is also covered by Article 4A.
B. Regulation J
Article 4A has been adopted by the Federal Reserve Board as part of its Regulation J, which governs the Fed Wire. So, as a practical matter most all wholesale wire transfers in the U.S. have been governed by Article 4A since the Fed adopted its provisions in Regulation J, and New York adopted Article 4A, effective January 1, 1991. Just as the UCC provides rules for negotiable instruments that flow from one state to another, Article 4A fills the need for uniform treatment of funds transfers.
C. Key Provisions
A key provision of Article 4A concerns liability for unauthorized funds transfers. The rule establishes a method for shifting losses from such transfers to bank customers if the bank has offered customers a “commercially reasonable” security procedure. A factor used to determine commercial reasonableness is a comparison of security procedures in use by similarly situated banks and customers. Banks involved in wholesale electronic transactions should review their customer agreements to ensure that such agreements contain commercially reasonable security procedures as governed by Article 4A. Banks must also have written policies and procedures regarding wire transfers.
D. Usage
Over one trillion dollars is transferred almost every day in wholesale wire transfers and the average transfer is in an amount more than 5 million dollars. Wholesale funds transfers are transfers of large amounts of dollars used to close consumer acquisitions, to make commercial loan payments, to settle commercial accounts, and other similar transactions. Funds transfers can occur intrabank and interbank. Within the United States, two such recognizer systems for wire transfers are: (1) the Fed Wire (operated by the Federal Reserve System); and (2) The Clearing House Interbanks Payment System (CHIPS) which is operated by the New York Clearing House. Fed Wire arrangements between participating banks are covered by Federal Reserve Regulation J. Arrangements between participating banks on CHIPS are covered by the New York Clearing House Rules. Transfers to automated clearing houses (wholesale credit transfers and book entries) are governed by uniform rules adopted by associations of banks or by Federal Reserve rules or operating circulars.
Small banks that have few funds transfers, or use correspondent banks for such transfers, will still be affected. Even though a bank does not directly introduce a payment order into a funds transfer system, it may still act as an originator’s bank or a beneficiary’s bank.
II. FUNDAMENTAL CONCEPTS OF ARTICLE 4A
A. Terms
Article 4A applies to “funds transfers,” which are defined as a “series of transactions, beginning with the originator’s payment order, made for the purpose of making payment to the beneficiary of the order. The term includes a payment order issued by the originator’s bank or an intermediary bank intended to carry out the originator’s payment order.” A “payment order” is merely an unconditional instruction or message by the sender to a bank to pay a fixed or determinable amount of money to a beneficiary. The “originator’s bank” is the first bank in the funds transfer to which a payment order is issued. If the bank is initiating a payment order for its own account, the bank is both the originator and the originator’s bank. The “beneficiary’s bank” is the bank in the funds transfer that is to credit the account of, or otherwise pay, the beneficiary.
B. Illustration
Simply stated, a funds transfer is initiated by the payor entity communicating to its bank an instruction to make payment to the account of the payee at that bank or at a different bank. A typical funds transfer might look like the following:
Originator
to
Originator’s
Bank
Intermediary
Beneficiary’s
Beneficiary
Sender
Receiving Bank
1st Receiving
2nd Receiving
3rd Receiving
to= funds transfer
In the above illustration, the originator instructs its bank (the “originator’s bank”) to pay a beneficiary that is a customer of another bank. Typically, that payment order would require the originator’s bank in turn to issue another payment order to either an intermediary bank or to the beneficiary’s bank directly, perhaps over a funds transfer system such as the Fed Wire or CHIPS or perhaps to an intermediary bank that would then issue another order to the beneficiary’s bank.
C. Exclusions
Although the focus of Article 4A and most funds transfers are wire transfers, be reminded that (1) not all wire transfers are covered by Article 4A; (2) not all transactions under Article 4A are wire transfers; and (3) Article 4A rules may not be the only standards that apply to a particular funds transfer. The following points should be kept in mind:
1. Non-Bank Wire Services Excluded
Article 4A states that a payment order can be received only by a bank. Non-bank wire services (e.g., Western Union) are excluded from coverage.
2. Not Only Transfers by Wire Included
Not all the payments within the scope of Article 4A are transmitted electronically. Payment orders could be sent orally or in writing. Payment orders could be issued in person or through the mail rather than by telephone, telex, facsimile or computer-to-computer links or a funds transfer system such as CHIPS, Fed Wire, SWIFT, or ACH.
3. Conditional Orders Excluded
A payment order cannot state a condition to payment other than the time of payment. A payment order must be in a fixed or determinable amount of money and need not be denominated in U.S. dollars.
4. Debit Transaction Excluded
Article 4A does not cover debit transactions because a payment order must provide that the receiving bank is to be reimbursed by debiting an account of, or otherwise receiving payment from, the sender of the order. A debit transaction differs from an Article 4A transfer in that the instructions and the fund in the debit transaction flow in the opposite directions. Whereas, in the funds transfer transaction, funds flow in the same direction, i.e., to the beneficiary’s bank. For consumer transactions, debit transactions are governed by the Electronic Funds Transfer Act (EFTA) and Regulation E. National Automated Clearing House Association rules provide that debit transactions are drafts and governed by UCC Article 4 to the extent that they do not conflict.
5. Check and Credit Card Transactions Excluded
Checks and credit card sales drafts are not instructions given to a receiving bank to pay or to cause another bank to pay a beneficiary. They are typically delivered by the drawer to another person, such as a merchant or other payee.
6. Transfers Covered by EFTA Excluded
If any part of a funds transfer is covered by the EFTA, then it is not governed by Article 4A. Point of sale transfers, automated teller machine transfers, debit card transactions, and ACH direct deposits and debits to consumer accounts all fall under the EFTA. However, Article 4A would govern funds transfers that are initiated by or for the benefit of consumers if the transfer is conducted through CHIPS or the Fed Wire.
D. Acceptance of Orders
Payment orders do not have independent rights and liabilities for the payment of money and therefore are unlike checks. Rights and liabilities of the parties to a payment order stem from the contract formed, subject to Article 4A and any agreement of the parties, when the payment order is accepted by the receiving bank. Apart from contract outside Article 4A, a bank has no duty to accept a payment order. A receiving bank other than the beneficiary’s bank accepts a payment order if it executes it. A receiving bank does not have to reject such order it does not accept, unless otherwise provided by agreement or the receiving bank had sufficient funds of the sender on hand to cover the order.
A receiving bank that accepts a payment order (and that is not the beneficiary’s bank) is obliged to issue a payment order complying with the order of the sender that it accepted and generally to follow any instructions as to routing and method. If the resulting payment order does not comply, the sender is not responsible for the error and need not pay the bank other than to the extent of proper execution. But upon learning of improper execution the sender may have a duty to notify the bank of that fact. Certainly, if a funds transfer is not completed by acceptance by the beneficiary’s bank of a payment order instructing payment to the beneficiary in accordance with the sender’s order, the sender is not obligated to pay for its order, or is entitled to its money back.
A beneficiary’s bank may accept a payment order in a number of ways (e.g., by paying or notifying the beneficiary; when the bank receives the payment of the sender’s order; or by the passage of time if the amount of the sender’s order is fully covered by a withdrawable credit balance). Acceptance of the order entitles the bank to payment by the sender and generally obligates it to pay the amount of the order to the beneficiary. Failure to do so and give notice of the receipt of the order could subject the bank to liability. If the beneficiary’s bank accepts the order, generally at this point the debt of the originator to the beneficiary for which the order was issued is discharged.
E. Benefits of UCC Article 4A
Article 4A provide a number of advantages over the previous common law system and contracts offered by commercial banks. Article 4A represents a balanced set of rules. For example, the advantages to corporate users are as follows:
1. Finality of Payment
Funds transferred under Article 4A are essentially equivalent to cash.
2. Money Back Guarantee
A bank must generally make a customer whole if there is an improper execution of a funds transfer.
3. Discharge of Underlying Obligation
The law discharges the underlying obligation behind the funds transfer once acceptance of the order by the beneficiary’s bank occurs.
4. Commercially Reasonable Security Procedures
Banks must provide reasonable security procedures, the absence of which means that the bank must absorb the loss for an unauthorized order.
5. Error Reporting
The law provides that users must report errors and unauthorized orders and if this duty is neglected, the prime responsibility rests with the bank and the user only experiences a loss of interest or bears responsibility for loss suffered by the bank up to the amount of the order. No other damages are imposed.
6. Loss Apportionment
Should a loss result from an unauthorized order, even if the security procedures agreed upon were used, the receiving bank suffers the loss unless the bank can prove: (a) the security procedure was commercially reasonable; (b) the bank followed the procedure in good faith; and (c) the bank complied with the customer’s written agreement or instructions restricting acceptance of payment orders. If the bank proves all of the above but the customer shows that it was not responsible, then these types of losses fall on the bank.
7. Damages for Dishonor
Should the beneficiary’s bank accept the order and the beneficiary demands payment, the bank, for failure to pay, may be liable for damages including consequential damages if the beneficiary gave notice of the particular circumstances that would give rise to such damages and of the damages themselves.
For banks, Article 4 also provides many benefits over previous law:
1. Certainty
Article 4A follows current operating practices by banks, and preserves the present system, but eliminates uncertainties because contracts may be absent. Certainty as to liability and responsibility will also promote good credit policy and financial management.
2. Limitation of Liability
Article 4A limits liability for failure to carry out a payment order to the loss of interest and any loss of principal, with perhaps other incidentals cost and reasonable attorney’s fees. Only when there is intentional dishonor and with specific notice of particular circumstances and damages are consequential damages recoverable.
3. Statute of Limitations
There is a one-year preclusion against objecting to an order from the time the customer receives notice the order has been executed.
4. Creditor Processes
Banks are protected from creditor processes during the fast electronic batch processing of payment orders.
5. Choice of Law
Choice of law rules will promote certainty.
6. Netting of Obligations
The law authorizes bilateral and unilateral netting of payment obligations to reduce the risk in the event of bank insolvency.
7. Number and Name of Account
If the bank discloses to the customer that the bank will rely on numbers, the Article allows banks to rely upon numbers in making payment. This will facilitate funds transfers.
8. Rely on Tested Message
Banks can rely upon a message that test against the security procedure unless the customer proves that the payment order is unauthorized and the breach of the confidential security information did not result from a source controlled by the customer. Of course, the bank must offer a commercially reasonable security procedure and must follow that procedure and any customer written agreements or instructions, all in good faith.
III. ERRONEOUS PAYMENT ORDERS
Once again, a funds transfer begins with a payment order from an originator to the originator’s bank. An originator is the first sender of a payment order and the originator’s bank is the first receiving bank in the transaction. A beneficiary is the entity that ultimately receives the benefit of the sender’s payment order.
As a general rule, a receiving bank is free to accept or reject the sender’s payment order unless obligated by contract to accept it. A receiving bank accepts a payment order when it executes the order. The bank executes the order when it issues its own payment order to carry out the order received by it. Here is where problems can arise. For example, suppose the receiving bank executes the payment order for the wrong amount or in the wrong name?
Should the receiving bank issue a payment order in error to the wrong beneficiary, the bank would be held liable for the full amount of the payment order. In this case, the sender of the payment order that was wrongfully executed and all previous senders in the funds transfer are under no obligation to pay payment orders that they issued. Thus, the receiving bank’s only recourse is to attempt to recover from the mistakenly paid beneficiary.
Should the receiving bank issue a payment order in an amount greater than the amount of the sender’s order, it can only recover the original amount of payment order from the sender. The receiving bank must then attempt to recover the excess amount from the beneficiary of the erroneous payment order.
The concept of a security procedure is employed by Article 4A to allocate the risk of loss in the case where the sender issues an erroneous payment order. Suppose, for example that ACME Company issues its payment order to Big Red Bank, but the payment order contains incorrect instructions due to a clerical error or is garbled in transmission. Article 4A applies the law of agency and provides the ACME Company is bound by the terms of its payment order as received by Big Red Bank and bears the risk of loss for any transmission error. The bank is entitled to rely on the terms of the payment order as received. But if the payment order was transmitted pursuant to a security procedure for the detection of error and if ACME Company could prove that the error would have been detected, but for the failure of the bank to follow the security procedure, risk of loss would be transferred to the bank. ACME Company is under an obligation to exercise ordinary care to discover the error and to inform the bank, within a reasonable period of time, not exceeding 90 days, after the date on which the bank first notifies ACME Company that it has accepted, i.e., executed the erroneous payment order. If ACME Company would fail to do so, the risk of loss shifts back to ACME Company to the extent Big Red Bank could show that some amount could have been recovered given prompt notice of the error from ACME Company. The use of an appropriate security procedure determines whether it is the receiving bank or its customer who incurs liability arising from an erroneous payment order.
IV. UNAUTHORIZED PAYMENT ORDERS
A key provision of Article 4A concerns liability for unauthorized funds transfers. A proper security procedure between a bank and its customers serves as the basis for allocating the risk of loss arising from an unauthorized payment order between a bank and its customer. Article 4A was drafted to insure that imposters are not transmitting unauthorized payment orders to the bank. The basic rule states that a “payment order received by the receiving bank is the authorized order of the person identified as the sender if that person authorizes the order or is otherwise bound by it under the law of agency.” The effect of the rule is to give incentive to establishing security procedures, preventing fraud and reducing the chance of errors in a funds transfer.
If there is a security procedure in place and the bank accepts a payment order without verifying it according to the procedure, the risk of loss falls generally on the bank. If the bank verifies the payment order using the proper security procedure and accepts it, the risk of loss generally falls on the sender even if the payment order is in fact unauthorized. There are two situations however, in which the bank will not be able to avoid liability:
1. If the security procedure is determined not to be commercially reasonable; or
2. If the sender proves that the unauthorized payment order was not initiated by its employee or any other person in its shop who obtained confidential security information from it.
V. SECURITY PROCEDURES UNDER ARTICLE 4A
A. General
As discussed in Subdivisions III. and IV. above, it is obvious that banks having security procedures in place and followed when executing funds transfers are treated better under Article 4A than those who do not. “Security Procedure” is not spelled out specifically in the law, but Article 4A gives this guidance:
a procedure established by agreement of a customer and a receiving bank for the purpose of (i) verifying that a payment order or communication amending of canceling a payment order is that of the customer, or (ii) detecting error in the transmission or the content of the payment order or communication. A security procedure may require the use of algorithms or other codes, identifying words or numbers, encryption, call back procedures, or similar security devises. Comparison of a signature on a payment order or communication with an authorized specimen signature of the customer is not by itself a security procedure.
What are examples of funds transfer risks? Consider the following:
B. “Commercially Reasonable”
The law does state that “commercially reasonable” levels of security must be in place to protect transactions and that security procedures must be established by agreement between a bank and its customer. Note that a unilateral procedure adopted by a receiving bank (without the agreement of its customer) does not qualify as effective in order to limit the bank’s liability.
Because each customer may or will have differing needs, banks will have to offer a variety of security procedures. What is “commercially reasonable” for one customer may not be for another.
Article 4A sets forth the following factors with respect to the commercial reasonability of a security procedure:
1. The wishes of the customer expressed to the bank;
2. Circumstances of the customer known to the bank, including the size, type, and frequency of payment orders normally issued by the customer;
3. Alternative security procedures offered to the customer;
4. Security procedures, in general, used by customers and receiving banks similarly situated.
All of the foregoing definitions and factors may be reduced to the basic rule that the customer bears the risk of loss from an unauthorized payment order if: (1) the bank and the customer have agreed upon a commercially reasonable security procedure; (2) the bank has accepted the payment order in “good faith” and in compliance with that security procedure in the transfer in issue; (3) the bank does not in fact have knowledge that the payment order is unauthorized; and (4) acceptance of the payment order comports with basic norms of a bank-customer relationship. Otherwise, the bank bears the risk of loss, unless it can prove the payment order was in fact issued by a person authorized to do so on behalf of its customer. NOTE: Article 4A defines “good faith” as “honesty in fact and the observance of fair dealing.”
C. Written Agreements
The bank and customer should sign written agreements outlining each party’s responsibilities for security. For those customers who refuse to sign agreements, they should be asked to take full responsibility if problems occur with a funds transfer. The scope of the procedure should be a part of the agreement, i.e., state clearly whether the security procedure governs verification of authenticity and/or detection of errors.
Once security procedures have been set, it is imperative that banks establish a framework to insure that they are followed. This is relevant when liability is disputed, for it should be easier for a bank to prove its point than for the customer to prove no one in their business was indirectly or directly responsible for problems that may occur.
Note that methods as mere signature verification, telephone call-backs or confirmation alone are no longer acceptable, although the two used in combination, with other procedures could be enough to constitute a security procedure should the parties so agree. At any rate, banks should upgrade any low-level security procedures.
The following are some of the security measures being discussed in the banking press:
D. Bank Security Policies and Procedures
To minimize risk, articles in the banking press suggest many alternatives such as:
VI. CONCLUSION: WHAT SHOULD BANKS DO?
A. Bankers should familiarize themselves with Article 4A with two objectives:
1. Review of operating procedures to determine need for any changes; and
2. Review adequacy of security procedures for payment orders issued by the bank for its customers and for orders the bank issues to other banks.
B. Bankers should review operating procedures to cover:
1. Accepting and rejecting payment orders;
2. Canceling or amending payment orders; and
3. Setting cut-off hours for receipt and processing of payment orders and communication of canceling or amending orders.
C. Review, revise or update bank-customer and bank-correspondent bank funds transfer agreements. Bank counsel should be used to review the proper scope of the agreements vis-à-vis the particular bank customer relationship. Agreements should be reviewed to cover the following points:
1. Security procedures used in issuing, communicating about, amending and canceling payment orders;
2. Methods to be used for issuing payment orders;
3. Cut-off hours and other restrictions (e.g., dollar amounts); and
4. Terms of agreement which may not vary from Article 4A.