1995 Permanent Senate Journal Printed Pages 1790-1799 - South Carolina Legislature Online

Journal of the Senate
of the First Session of the 111th General Assembly
of the State of South Carolina
being the Regular Session Beginning Tuesday, January 10, 1995

Page Finder Index

Printed Page 1780, Apr. 19 | Printed Page 1800, Apr. 19

Printed Page 1790 . . . . . Wednesday, April 19, 1995

commercially reasonable security procedures, and that the use of such procedures should be encouraged. The subsection is designed to protect both the customer and the receiving bank. A receiving bank needs to be able to rely on objective criteria to determine whether it can safely act on a payment order. Employees of the bank can be trained to "test" a payment order according to the various steps specified in the security procedure. The bank is responsible for the acts of these employees. Subsection (b)(ii) requires the bank to prove that it accepted the payment order in good faith and "in compliance with the security procedure." If the fraud was not detected because the bank's employee did not perform the acts required by the security procedure, the bank has not complied. Subsection (b)(ii) also requires the bank to prove that it complied with any agreement or instruction that restricts acceptance of payment orders issued in the name of the customer. A customer may want to protect itself by imposing limitations on acceptance of payment orders by the bank. For example, the customer may prohibit the bank from accepting a payment order that is not payable from an authorized account, that exceeds the credit balance in specified accounts of the customer, or that exceeds some other amount. Another limitation may relate to the beneficiary. The customer may provide the bank with a list of authorized beneficiaries and prohibit acceptance of any payment order to a beneficiary not appearing on the list. Such limitations may be incorporated into the security procedure itself or they may be covered by a separate agreement or instruction. In either case, the bank must comply with the limitations if the conditions stated in subsection (b) are met. Normally limitations on acceptance would be incorporated into an agreement between the customer and the receiving bank, but in some cases the instruction might be unilaterally given by the customer. If standing instructions or an agreement state limitations on the ability of the receiving bank to act, provision must be made for later modification of the limitations. Normally, this would be done by an agreement that specifies particular procedures to be followed. Thus, subsection (b) states that the receiving bank is not required to follow an instruction that violates a written agreement. The receiving bank is not bound by an instruction unless it has adequate notice of it. Subsections (25), (26) and (27) of Section 1-201 apply.

Subsection (b)(i) assures that the interests of the customer will be protected by providing an incentive to a bank to make available to the customer a security procedure that is commercially reasonable. If a commercially reasonable security procedure is not made available to the customer, subsection (b) does not apply. The result is that subsection (a)

Printed Page 1791 . . . . . Wednesday, April 19, 1995

applies and the bank acts at its peril in accepting a payment order that may be unauthorized. Prudent banking practice may require that security procedures be utilized in virtually all cases except for those in which personal contact between the customer and the bank eliminates the possibility of an unauthorized order. The burden of making available commercially reasonable security procedures is imposed on receiving banks because they generally determine what security procedures can be used and are in the best position to evaluate the efficacy of procedures offered to customers to combat fraud. The burden on the customer is to supervise its employees to assure compliance with the security procedure and to safeguard confidential security information and access to transmitting facilities so that the security procedure cannot be breached.

4. The principal issue that is likely to arise in litigation involving subsection (b) is whether the security procedure in effect when a fraudulent payment order was accepted was commercially reasonable. The concept of what is commercially reasonable in a given case is flexible. Verification entails labor and equipment costs that can vary greatly depending upon the degree of security that is sought. A customer that transmits very large numbers of payment orders in very large amounts may desire and may reasonably expect to be provided with state-of-the-art procedures that provide maximum security. But the expense involved may make use of a state-of-the-art procedure infeasible for a customer that normally transmits payment orders infrequently or in relatively low amounts. Another variable is the type of receiving bank. It is reasonable to require large money center banks to make available state- of-the-art security procedures. On the other hand, the same requirement may not be reasonable for a small country bank. A receiving bank might have several security procedures that are designed to meet the varying needs of different customers. The type of payment order is another variable. For example, in a wholesale wire transfer, each payment order is normally transmitted electronically and individually. A testing procedure will be individually applied to each payment order. In funds transfers to be made by means of an automated clearing house, many payment orders are incorporated into an electronic device such as a magnetic tape that is physically delivered. Testing of the individual payment orders is not feasible. Thus, a different kind of security procedure must be adopted to take into account the different mode of transmission.

The issue of whether a particular security procedure is commercially reasonable is a question of law. Whether the receiving bank complied with the procedure is a question of fact. It is appropriate to make the finding concerning commercial reasonability a matter of law because

Printed Page 1792 . . . . . Wednesday, April 19, 1995

security procedures are likely to be standardized in the banking industry and a question of law standard leads to more predictability concerning the level of security that a bank must offer to its customers. The purpose of subsection (b) is to encourage banks to institute reasonable safeguards against fraud but not to make them insurers against fraud. A security procedure is not commercially unreasonable simply because another procedure might have been better or because the judge deciding the question would have opted for a more stringent procedure. The standard is not whether the security procedure is the best available. Rather it is whether the procedure is reasonable for the particular customer and the particular bank, which is a lower standard. On the other hand, a security procedure that fails to meet prevailing standards of good banking practice applicable to the particular bank should not be held to be commercially reasonable. Subsection (c) states factors to be considered by the judge in making the determination of commercial reasonableness. Sometimes an informed customer refuses a security procedure that is commercially reasonable and suitable for that customer and insists on using a higher- risk procedure because it is more convenient or cheaper. In that case, under the last sentence of subsection (c), the customer has voluntarily assumed the risk of failure of the procedure and cannot shift the loss to the bank. But this result follows only if the customer expressly agrees in writing to assume that risk. It is implicit in the last sentence of subsection (c) that a bank that accedes to the wishes of its customer in this regard is not acting in bad faith by so doing so long as the customer is made aware of the risk. In all cases, however, a receiving bank cannot get the benefit of subsection (b) unless it has made available to the customer a security procedure that is commercially reasonable and suitable for use by that customer. In most cases, the mutual interest of bank and customer to protect against fraud should lead to agreement to a security procedure which is commercially reasonable.

5. The effect of Section 4A-202(b) is to place the risk of loss on the customer if an unauthorized payment order is accepted by the receiving bank after verification by the bank in compliance with a commercially reasonable security procedure. An exception to this result is provided by Section 4A-203(a)(2). The customer may avoid the loss resulting from such a payment order if the customer can prove that the fraud was not committed by a person described in that subsection. Breach of a commercially reasonable security procedure requires that the person committing the fraud have knowledge of how the procedure works and knowledge of codes, identifying devices, and the like. That person may also need access to transmitting facilities through an access device or other

Printed Page 1793 . . . . . Wednesday, April 19, 1995

software in order to breach the security procedure. This confidential information must be obtained either from a source controlled by the customer or from a source controlled by the receiving bank. If the customer can prove that the person committing the fraud did not obtain the confidential information from an agent or former agent of the customer or from a source controlled by the customer, the loss is shifted to the bank. "Prove" is defined in Section 4A-105(a)(7). Because of bank regulation requirements, in this kind of case there will always be a criminal investigation as well as an internal investigation of the bank to determine the probable explanation for the breach of security. Because a funds transfer fraud usually will involve a very large amount of money, both the criminal investigation and the internal investigation are likely to be thorough. In some cases there may be an investigation by bank examiners as well. Frequently, these investigations will develop evidence of who is at fault and the cause of the loss. The customer will have access to evidence developed in these investigations and that evidence can be used by the customer in meeting its burden of proof.

6. The effect of Section 4A-202(b) may also be changed by an agreement meeting the requirements of Section 4A-203(a)(1). Some customers may be unwilling to take all or part of the risk of loss with respect to unauthorized payment orders even if all of the requirements of Section 4A-202(b) are met. By virtue of Section 4A-203(a)(1), a receiving bank may assume all of the risk of loss with respect to unauthorized payment orders, or the customer and bank may agree that losses from unauthorized payment orders are to be divided as provided in the agreement.

7. In a large majority of cases the sender of a payment order is a bank. In many cases in which there is a bank sender, both the sender and the receiving bank will be members of a funds transfer system over which the payment order is transmitted. Since Section 4A-202(f) does not prohibit a funds transfer system rule from varying rights and obligations under Section 4A-202, a rule of the funds transfer system can determine how loss due to an unauthorized payment order from a participating bank to another participating bank is to be allocated. A funds transfer system rule, however, cannot change the rights of a customer that is not a participating bank. Section 4A-501(b). Section 4A-202(f) also prevents variation by agreement except to the extent stated.

Section 36-4A-204. Refund of payment and duty of customer to report with respect to unauthorized payment order.

(a) If a receiving bank accepts a payment order issued in the name of its customer as sender which is (i) not authorized and not effective as

Printed Page 1794 . . . . . Wednesday, April 19, 1995

the order of the customer under Section 36-4A-202, or (ii) not enforceable, in whole or in part, against the customer under Section 36-4A-203, the bank shall refund any payment of the payment order received from the customer to the extent the bank is not entitled to enforce payment and shall pay interest on the refundable amount calculated from the date the bank received payment to the date of the refund. However, the customer is not entitled to interest from the bank on the amount to be refunded if the customer fails to exercise ordinary care to determine that the order was not authorized by the customer and to notify the bank of the relevant facts within a reasonable time not exceeding ninety days after the date the customer received notification from the bank that the order was accepted or that the customer's account was debited with respect to the order. The bank is not entitled to any recovery from the customer on account of a failure by the customer to give notification as stated in this section.

(b) Reasonable time under subsection (a) may be fixed by agreement as stated in Section 36-1-204(1), but the obligation of a receiving bank to refund payment as stated in subsection (a) may not otherwise be varied by agreement.

OFFICIAL COMMENT

1. With respect to unauthorized payment orders, in a very large percentage of cases a commercially reasonable security procedure will be in effect. Section 4A-204 applies only to cases in which (i) no commercially reasonable security procedure is in effect, (ii) the bank did not comply with a commercially reasonable security procedure that was in effect, (iii) the sender can prove, pursuant to Section 4A-203(a)(2), that the culprit did not obtain confidential security information controlled by the customer, or (iv) the bank, pursuant to Section 4A-203(a)(1) agreed to take all or part of the loss resulting from an unauthorized payment order. In each of these cases the bank takes the risk of loss with respect to an unauthorized payment order because the bank is not entitled to payment from the customer with respect to the order. The bank normally debits the customer's account or otherwise receives payment from the customer shortly after acceptance of the payment order. Subsection (a) of Section 4A-204 states that the bank must recredit the account or refund payment to the extent the bank is not entitled to enforce payment.

2. Section 4A-204 is designed to encourage a customer to promptly notify the receiving bank that it has accepted an unauthorized payment order. Since cases of unauthorized payment orders will almost always involve fraud, the bank's remedy is normally to recover from the beneficiary of the unauthorized order if the beneficiary was party to the

Printed Page 1795 . . . . . Wednesday, April 19, 1995

fraud. This remedy may not be worth very much and it may not make any difference whether or not the bank promptly learns about the fraud. But in some cases prompt notification may make it easier for the bank to recover some part of its loss from the culprit. The customer will routinely be notified of the debit to its account with respect to an unauthorized order or will otherwise be notified of acceptance of the order. The customer has a duty to exercise ordinary care to determine that the order was unauthorized after it has received notification from the bank, and to advise the bank of the relevant facts within a reasonable time not exceeding ninety days after receipt of notification. Reasonable time is not defined and it may depend on the facts of the particular case. If a payment order for $1,000,000 is wholly unauthorized, the customer should normally discover it in far less than ninety days. If a $1,000,000 payment order was authorized but the name of the beneficiary was fraudulently changed, a much longer period may be necessary to discover the fraud. But in any event, if the customer delays more than ninety days, the customer's duty has not been met. The only consequence of a failure of the customer to perform this duty is a loss of interest on the refund payable by the bank. A customer that acts promptly is entitled to interest from the time the customer's account was debited or the customer otherwise made payment. The rate of interest is stated in Section 4A-506. If the customer fails to perform the duty, no interest is recoverable for any part of the period before the bank learns that it accepted an unauthorized order. But the bank is not entitled to any recovery from the customer based on negligence for failure to inform the bank. Loss of interest is in the nature of a penalty on the customer designed to provide an incentive for the customer to police its account. There is no intention to impose a duty on the customer that might result in shifting loss from the unauthorized order to the customer.

Section 36-4A-205. Erroneous payment orders.

(a) If an accepted payment order was transmitted pursuant to a security procedure for the detection of error and the payment order (i) erroneously instructed payment to a beneficiary not intended by the sender, (ii) erroneously instructed payment in an amount greater than the amount intended by the sender, or (iii) was an erroneously transmitted duplicate of a payment order previously sent by the sender, the following rules apply:

(1) If the sender proves that the sender or a person acting on behalf of the sender pursuant to Section 36-4A-206 complied with the security procedure and that the error would have been detected if the

Printed Page 1796 . . . . . Wednesday, April 19, 1995

receiving bank had also complied, the sender is not obliged to pay the order to the extent stated in paragraphs (2) and (3).

(2) If the funds transfer is completed on the basis of an erroneous payment order described in clause (i) or (iii) of subsection (a), the sender is not obliged to pay the order and the receiving bank is entitled to recover from the beneficiary any amount paid to the beneficiary to the extent allowed by the law governing mistake and restitution.

(3) If the funds transfer is completed on the basis of a payment order described in clause (ii) of subsection (a), the sender is not obliged to pay the order to the extent the amount received by the beneficiary is greater than the amount intended by the sender. In that case, the receiving bank is entitled to recover from the beneficiary the excess amount received to the extent allowed by the law governing mistake and restitution.

(b) If (i) the sender of an erroneous payment order described in subsection (a) is not obliged to pay all or part of the order, and (ii) the sender receives notification from the receiving bank that the order was accepted by the bank or that the sender's account was debited with respect to the order, the sender has a duty to exercise ordinary care, on the basis of information available to the sender, to discover the error with respect to the order and to advise the bank of the relevant facts within a reasonable time, not exceeding ninety days, after the bank's notification was received by the sender. If the bank proves that the sender failed to perform that duty, the sender is liable to the bank for the loss the bank proves it incurred as a result of the failure, but the liability of the sender may not exceed the amount of the sender's order.

OFFICIAL COMMENT

1. This section concerns error in the content or in the transmission of payment orders. It deals with three kinds of error. Case #1. The order identifies a beneficiary not intended by the sender. For example, Sender intends to wire funds to a beneficiary identified only by an account number. The wrong account number is stated in the order. Case #2. The error is in the amount of the order. For example, Sender intends to wire $1,000 to Beneficiary. Through error, the payment order instructs payment of $1,000,000. Case #3. A payment order is sent to the receiving bank and then, by mistake, the same payment order is sent to the receiving bank again. In Case #3, the receiving bank may have no way of knowing whether the second order is a duplicate of the first or is another order. Similarly, in Case #1 and Case #2, the receiving bank may have no way of knowing that the error exists. In each case, if this section

Printed Page 1797 . . . . . Wednesday, April 19, 1995

does not apply and the funds transfer is completed,Sender is obliged to pay the order. Section 4A-402. Sender's remedy, based on payment by mistake, is to recover from the beneficiary that received payment.

Sometimes, however, transmission of payment orders of the sender to the receiving bank is made pursuant to a security procedure designed to detect one or more of the errors described above. Since "security procedure" is defined by Section 4A-201 as "a procedure established by agreement of a customer and a receiving bank for the purpose of * * * detecting error * * *," Section 4A-205 does not apply if the receiving bank and the customer did not agree to the establishment of a procedure for detecting error. A security procedure may be designed to detect an account number that is not one to which Sender normally makes payment. In that case, the security procedure may require a special verification that payment to the stated account number was intended. In the case of dollar amounts, the security procedure may require different codes for different dollar amounts. If a $1,000,000 payment order contains a code that is inappropriate for that amount, the error in amount should be detected. In the case of duplicate orders, the security procedure may require that each payment order be identified by a number or code that applies to no other order. If the number or code of each payment order received is registered in a computer base, the receiving bank can quickly identify a duplicate order. The three cases covered by this section are essentially similar. In each, if the error is not detected, some beneficiary will receive funds that the beneficiary was not intended to receive. If this section applies, the risk of loss with respect to the error of the sender is shifted to the bank which has the burden of recovering the funds from the beneficiary. The risk of loss is shifted to the bank only if the sender proves that the error would have been detected if there had been compliance with the procedure and that the sender (or an agent under Section 4A-206) complied. In the case of a duplicate order or a wrong beneficiary, the sender doesn't have to pay the order. In the case of an overpayment, the sender does not have to pay the order to the extent of the overpayment. If subsection (a)(1) applies, the position of the receiving bank is comparable to that of a receiving bank that erroneously executes a payment order as stated in Section 4A-303. However, failure of the sender to timely report the error is covered by Section 4A-205(b) rather than by Section 4A-304 which applies only to erroneous execution under Section 4A-303. A receiving bank to which the risk of loss is shifted by subsection (a)(1) or (2) is entitled to recover the amount erroneously paid to the beneficiary to the extent allowed by the law of mistake and restitution. Rights of the receiving bank against the beneficiary are similar to those of a receiving

Printed Page 1798 . . . . . Wednesday, April 19, 1995

bank that erroneously executes a payment order as stated in Section 4A-303. Those rights are discussed in Comment 2 to Section 4A-303.

2. A security procedure established for the purpose of detecting error is not effective unless both sender and receiving bank comply with the procedure. Thus, the bank undertakes a duty of complying with the procedure for the benefit of the sender. This duty is recognized in subsection (a)(1). The loss with respect to the sender's error is shifted to the bank if the bank fails to comply with the procedure and the sender (or an agent under Section 4A-206) does comply. Although the customer may have been negligent in transmitting the erroneous payment order, the loss is put on the bank on a last-clear-chance theory. A similar analysis applies to subsection (b). If the loss with respect to an error is shifted to the receiving bank and the sender is notified by the bank that the erroneous payment order was accepted, the sender has a duty to exercise ordinary care to discover the error and notify the bank of the relevant facts within a reasonable time not exceeding 90 days. If the bank can prove that the sender failed in this duty it is entitled to compensation for the loss incurred as a result of the failure. Whether the bank is entitled to recover from the sender depends upon whether the failure to give timely notice would have made any difference. If the bank could not have recovered from the beneficiary that received payment under the erroneous payment order even if timely notice had been given, the sender's failure to notify did not cause any loss of the bank.

3. Section 4A-205 is subject to variation by agreement under Section 4A-501. Thus, if a receiving bank and its customer have agreed to a security procedure for detection of error, the liability of the receiving bank for failing to detect an error of the customer as provided in Section 4A-205 may be varied as provided in an agreement of the bank and the customer.

Section 36-4A-206. Transmission of payment order through funds-transfer or other communication system.

(a) If a payment order addressed to a receiving bank is transmitted to a funds- transfer system or other third-party communication system for transmittal to the bank, the system is deemed to be an agent of the sender for the purpose of transmitting the payment order to the bank. If there is a discrepancy between the terms of the payment order transmitted to the system and the terms of the payment order transmitted by the system to the bank, the terms of the payment order of the sender are those transmitted by the system. This section does not apply to a funds- transfer system of the Federal Reserve Banks.

Printed Page 1799 . . . . . Wednesday, April 19, 1995

(b) This section applies to cancellations and amendments of payment orders to the same extent it applies to payment orders.
OFFICIAL COMMENT

1. A payment order may be issued to a receiving bank directly by delivery of a writing or electronic device or by an oral or electronic communication. If an agent of the sender is employed to transmit orders on behalf of the sender, the sender is bound by the order transmitted by the agent on the basis of agency law. Section 4A-206 is an application of that principle to cases in which a funds transfer or communication system acts as an intermediary in transmitting the sender's order to the receiving bank. The intermediary is deemed to be an agent of the sender for the purpose of transmitting payment orders and related messages for the sender. Section 4A-206 deals with error by the intermediary.

2. Transmission by an automated clearing house of an association of banks other than the Federal Reserve Banks is an example of a transaction covered by Section 4A-206. Suppose Originator orders Originator's Bank to cause a large number of payments to be made to many accounts in banks in various parts of the country. These payment orders are electronically transmitted to Originator's Bank and stored in an electronic device that is held by Originator's Bank. Or, transmission of the various payment orders is made by delivery to Originator's Bank of an electronic device containing the instruction to the bank. In either case the terms of the various payment orders by Originator are determined by the information contained in the electronic device. In order to execute the various orders, the information in the electronic device must be processed. For example, if some of the orders are for payments to accounts in Bank X and some to accounts in Bank Y, Originator's Bank will execute these orders of Originator by issuing a series of payment orders to Bank X covering all payments to accounts in that bank, and by issuing a series of payment orders to Bank Y covering all payments to accounts in that bank. The orders to Bank X may be transmitted together by means of an electronic device, and those to Bank Y may be included in another electronic device. Typically, this processing is done by an automated clearing house acting for a group of banks including Originator's Bank. The automated clearing house is a funds transfer system. Section 4A-105(a)(5). Originator's Bank delivers Originator's electronic device or transmits the information contained in the device to the funds transfer system for processing into payment orders of Originator's Bank to the appropriate beneficiary's banks. The processing may result in an erroneous payment order. Originator's Bank, by use of Originator's electronic device, may have given information to the funds transfer system

Printed Page 1780, Apr. 19 | Printed Page 1800, Apr. 19

Page Finder Index

This web page was last updated on Monday, June 29, 2009 at 2:09 P.M.