Journal of the Senate
of the First Session of the 111th General Assembly
of the State of South Carolina
being the Regular Session Beginning Tuesday, January 10, 1995

Page Finder Index
| Printed Page 4170, June 13-15 | Printed Page 4190, June 13-15 |
Printed Page 4180 . . . . . Tuesday, June 13, 1995
(b) This section applies to amendments of payment orders to the same extent it applies to payment orders.
OFFICIAL COMMENT

1. Some person will always be identified as the sender of a payment order. Acceptance of the order by the receiving bank is based on a belief by the bank that the order was authorized by the person identified as the sender. If the receiving bank is the beneficiary's bank acceptance means that the receiving bank is obliged to pay the beneficiary. If the receiving bank is not the beneficiary's bank, acceptance means that the receiving bank has executed the sender's order and is obliged to pay the bank that accepted the order issued in execution of the sender's order. In either case the receiving bank may suffer a loss unless it is entitled to enforce payment of the payment order that it accepted. If the person identified as the sender of the order refuses to pay on the ground that the order was not authorized by that person, what are the rights of the receiving bank? In the absence of a statute or agreement that specifically addresses the issue, the question usually will be resolved by the law of agency. In some cases, the law of agency works well. For example, suppose the receiving bank executes a payment order given by means of a letter apparently written by a corporation that is a customer of the bank and apparently signed by an officer of the corporation. If the receiving bank acts solely on the basis of the letter, the corporation is not bound as the sender of the payment order unless the signature was that of the officer and the officer was authorized to act for the corporation in the issuance of payment orders, or some other agency doctrine such as apparent authority or estoppel causes the corporation to be bound. Estoppel can be illustrated by the following example. Suppose P is aware that A, who is unauthorized to act for P, has fraudulently misrepresented to T that A is authorized to act for P. T believes A and is about to rely on the misrepresentation. If P does not notify T of the true facts although P could easily do so, P may be estopped from denying A's lack of authority. A similar result could follow if the failure to notify T is the result of negligence rather than a deliberate decision. Restatement, Second, Agency Section 8B. Other equitable principles such as subrogation or restitution might also allow a receiving bank to recover with respect to an unauthorized payment order that it accepted. In Gatoil (U.S.A.), Inc. v. Forest Hill State Bank, 1 U.C.C. Rep. Serv. 2d 171 (D.Md. 1986), a joint venturer not authorized to order payments from the account of the joint venture, ordered a funds transfer from the account. The transfer paid a bona fide debt of the joint venture.

Printed Page 4181 . . . . . Tuesday, June 13, 1995
Although the transfer was unauthorized, the court refused to require recredit of the account because the joint venture suffered no loss. The result can be rationalized on the basis of subrogation of the receiving bank to the right of the beneficiary of the funds transfer to receive the payment from the joint venture.

But in most cases these legal principles give the receiving bank very little protection in the case of an authorized payment order. Cases like those just discussed are not typical of the way that most payment orders are transmitted and accepted, and such cases are likely to become even less common. Given the large amount of the typical payment order, a prudent receiving bank will be unwilling to accept a payment order unless it has assurance that the order is what it purports to be. This assurance is normally provided by security procedures described in Section 4A-201.

In a very large percentage of cases covered by Article 4A, transmission of the payment order is made electronically. The receiving bank may be required to act on the basis of a message that appears on a computer screen. Common law concepts of authority of agent to bind principal are not helpful. There is no way of determining the identity or the authority of the person who caused the message to be sent. The receiving bank is not relying on the authority of any particular person to act for the purported sender. The case is not comparable to payment of a check by the drawee bank on the basis of a signature that is forged. Rather, the receiving bank relies on a security procedure pursuant to which the authenticity of the message can be "tested" by various devices which are designed to provide certainty that the message is that of the sender identified in the payment order. In the wire transfer business the concept of "authorized" is different from that found in agency law. In that business a payment order is treated as the order of the person in whose name it is issued if it is properly tested pursuant to a security procedure and the order passes the test.

Section 4A-202 reflects the reality of the wire transfer business. A person in whose name a payment order is issued is considered to be the sender of the order if the order is "authorized" as stated in subsection (a) or if the order is "verified" pursuant to a security procedure in compliance with subsection (b). If subsection (b) does not apply, the question of whether the customer is responsible for the order is determined by the law of agency. The issue is one of actual or apparent authority of the person who caused the order to be issued in the name of the customer. In some cases the law of agency might allow the customer to be bound by an unauthorized order if conduct of the customer can be used to find an estoppel against the customer to deny that the order was unauthorized. If

Printed Page 4182 . . . . . Tuesday, June 13, 1995
the customer is bound by the order under any of these agency doctrines, subsection (a) treats the order as authorized and thus the customer is deemed to be the sender of the order. In most cases, however, subsection (b) will apply. In that event there is no need to make an agency law analysis to determine authority. Under Section 4A-202, the issue of liability of the purported sender of the payment order will be determined by agency law only if the receiving bank did not comply with subsection (b).

2. The scope of Section 4A-202 can be illustrated by the following cases. Case #1. A payment order purporting to be that of Customer is received by Receiving Bank, but the order was fraudulently transmitted by a person who had no authority to act for Customer. Case #2. An authentic payment order was sent by Customer, but before the order was received by Receiving Bank the order was fraudulently altered by an unauthorized person to change the beneficiary. Case #3. An authentic payment order was received by Receiving Bank, but before the order was executed by Receiving Bank a person who had no authority to act for Customer fraudulently sent a communication purporting to amend the order by changing the beneficiary. In each case Receiving Bank acted on the fraudulent communication by accepting the payment order. These cases are all essentially similar and they are treated identically by Section 4A-202. In each case Receiving Bank acted on a communication that it thought was authorized by Customer when in fact the communication was fraudulent. No distinction is made between Case #1 in which Customer took no part at all in the transaction and Case #2 and Case #3 in which an authentic order was fraudulently altered or amended by an unauthorized person. If subsection (b) does not apply, each case is governed by subsection (a). If there are no additional facts on which an estoppel might be found, Customer is not responsible in Case #1 for the fraudulently issued payment order, in Case #2 for the fraudulent alteration, or in Case #3 for the fraudulent amendment. Thus, in each case Customer is not liable to pay the order and Receiving Bank takes the loss. The only remedy of Receiving Bank is to seek recovery from the person who received payment as beneficiary of the fraudulent order. If there was verification in compliance with subsection (b), Customer will take the loss unless Section 4A-203 applies.

3. Subsection (b) of Section 4A-202 is based on the assumption that losses due to fraudulent payment orders can best be avoided by the use of commercially reasonable security procedures, and that the use of such procedures should be encouraged. The subsection is designed to protect both the customer and the receiving bank. A receiving bank needs to be

Printed Page 4183 . . . . . Tuesday, June 13, 1995
able to rely on objective criteria to determine whether it can safely act on a payment order. Employees of the bank can be trained to "test" a payment order according to the various steps specified in the security procedure. The bank is responsible for the acts of these employees. Subsection (b)(ii) requires the bank to prove that it accepted the payment order in good faith and "in compliance with the security procedure." If the fraud was not detected because the bank's employee did not perform the acts required by the security procedure, the bank has not complied. Subsection (b)(ii) also requires the bank to prove that it complied with any agreement or instruction that restricts acceptance of payment orders issued in the name of the customer. A customer may want to protect itself by imposing limitations on acceptance of payment orders by the bank. For example, the customer may prohibit the bank from accepting a payment order that is not payable from an authorized account, that exceeds the credit balance in specified accounts of the customer, or that exceeds some other amount. Another limitation may relate to the beneficiary. The customer may provide the bank with a list of authorized beneficiaries and prohibit acceptance of any payment order to a beneficiary not appearing on the list. Such limitations may be incorporated into the security procedure itself or they may be covered by a separate agreement or instruction. In either case, the bank must comply with the limitations if the conditions stated in subsection (b) are met. Normally limitations on acceptance would be incorporated into an agreement between the customer and the receiving bank, but in some cases the instruction might be unilaterally given by the customer. If standing instructions or an agreement state limitations on the ability of the receiving bank to act, provision must be made for later modification of the limitations. Normally, this would be done by an agreement that specifies particular procedures to be followed. Thus, subsection (b) states that the receiving bank is not required to follow an instruction that violates a written agreement. The receiving bank is not bound by an instruction unless it has ade- quate notice of it. Subsections (25), (26) and (27) of Section 1-201 apply.

Subsection (b)(i) assures that the interests of the customer will be protected by providing an incentive to a bank to make available to the customer a security procedure that is commercially reasonable. If a commercially reasonable security procedure is not made available to the customer, subsection (b) does not apply. The result is that subsection (a) applies and the bank acts at its peril in accepting a payment order that may be unauthorized. Prudent banking practice may require that security procedures be utilized in virtually all cases except for those in which

Printed Page 4184 . . . . . Tuesday, June 13, 1995
personal contact between the customer and the bank eliminates the possibility of an unauthorized order. The burden of making available commercially reasonable security procedures is imposed on receiving banks because they generally determine what security procedures can be used and are in the best position to evaluate the efficacy of procedures offered to customers to combat fraud. The burden on the customer is to supervise its employees to assure compliance with the security procedure and to safeguard confidential security information and access to transmitting facilities so that the security procedure cannot be breached.

4. The principal issue that is likely to arise in litigation involving subsection (b) is whether the security procedure in effect when a fraudulent payment order was accepted was commercially reasonable. The concept of what is commercially reasonable in a given case is flexible. Verification entails labor and equipment costs that can vary greatly depending upon the degree of security that is sought. A customer that transmits very large numbers of payment orders in very large amounts may desire and may reasonably expect to be provided with state-of-the-art procedures that provide maximum security. But the expense involved may make use of a state-of-the-art procedure infeasible for a customer that normally transmits payment orders infrequently or in relatively low amounts. Another variable is the type of receiving bank. It is reasonable to require large money center banks to make available state-of-the-art security procedures. On the other hand, the same requirement may not be reasonable for a small country bank. A receiving bank might have several security procedures that are designed to meet the varying needs of different customers. The type of payment order is another variable. For example, in a wholesale wire transfer, each payment order is normally transmitted electronically and individually. A testing procedure will be individually applied to each payment order. In funds transfers to be made by means of an automated clearing house, many payment orders are incorporated into an electronic device such as a magnetic tape that is physically delivered. Testing of the individual payment orders is not feasible. Thus, a different kind of security procedure must be adopted to take into account the different mode of transmission.

The issue of whether a particular security procedure is commercially reasonable is a question of law. Whether the receiving bank complied with the procedure is a question of fact. It is appropriate to make the finding concerning commercial reasonability a matter of law because security procedures are likely to be standardized in the banking industry and a question of law standard leads to more predictability concerning the level of security that a bank must offer to its customers. The purpose of

Printed Page 4185 . . . . . Tuesday, June 13, 1995
subsection (b) is to encourage banks to institute reasonable safeguards against fraud but not to make them insurers against fraud. A security procedure is not commercially unreasonable simply because another procedure might have been better or because the judge deciding the question would have opted for a more stringent procedure. The standard is not whether the security procedure is the best available. Rather it is whether the procedure is reasonable for the particular customer and the particular bank, which is a lower standard. On the other hand, a security procedure that fails to meet prevailing standards of good banking practice applicable to the particular bank should not be held to be commercially reasonable. Subsection (c) states factors to be considered by the judge in making the determination of commercial reasonableness. Sometimes an informed customer refuses a security procedure that is commercially reasonable and suitable for that customer and insists on using a higher-risk procedure because it is more convenient or cheaper. In that case, under the last sentence of subsection (c), the customer has voluntarily assumed the risk of failure of the procedure and cannot shift the loss to the bank. But this result follows only if the customer expressly agrees in writing to assume that risk. It is implicit in the last sentence of subsection (c) that a bank that accedes to the wishes of its customer in this regard is not acting in bad faith by so doing so long as the customer is made aware of the risk. In all cases, however, a receiving bank cannot get the benefit of subsection (b) unless it has made available to the customer a security procedure that is commercially reasonable and suitable for use by that customer. In most cases, the mutual interest of bank and customer to protect against fraud should lead to agreement to a security procedure which is commercially reasonable.

5. The effect of Section 4A-202(b) is to place the risk of loss on the customer if an unauthorized payment order is accepted by the receiving bank after verification by the bank in compliance with a commercially reasonable security procedure. An exception to this result is provided by Section 4A-203(a)(2). The customer may avoid the loss resulting from such a payment order if the customer can prove that the fraud was not committed by a person described in that subsection. Breach of a commercially reasonable security procedure requires that the person committing the fraud have knowledge of how the procedure works and knowledge of codes, identifying devices, and the like. That person may also need access to transmitting facilities through an access device or other software in order to breach the security procedure. This confidential information must be obtained either from a source controlled by the customer or from a source controlled by the receiving bank. If the

Printed Page 4186 . . . . . Tuesday, June 13, 1995
customer can prove that the person committing the fraud did not obtain the confidential information from an agent or former agent of the customer or from a source controlled by the customer, the loss is shifted to the bank. "Prove" is defined in Section 4A-105(a)(7). Because of bank regulation requirements, in this kind of case there will always be a criminal investigation as well as an internal investigation of the bank to determine the probable explanation for the breach of security. Because a funds transfer fraud usually will involve a very large amount of money, both the criminal investigation and the internal investigation are likely to be thorough. In some cases there may be an investigation by bank examiners as well. Frequently, these investigations will develop evidence of who is at fault and the cause of the loss. The customer will have access to evidence developed in these investigations and that evidence can be used by the customer in meeting its burden of proof.

6. The effect of Section 4A-202(b) may also be changed by an agreement meeting the requirements of Section 4A-203(a)(1). Some customers may be unwilling to take all or part of the risk of loss with respect to unauthorized payment orders even if all of the requirements of Section 4A-202(b) are met. By virtue of Section 4A-203(a)(1), a receiving bank may assume all of the risk of loss with respect to unauthorized payment orders, or the customer and bank may agree that losses from unauthorized payment orders are to be divided as provided in the agreement.

7. In a large majority of cases the sender of a payment order is a bank. In many cases in which there is a bank sender, both the sender and the receiving bank will be members of a funds transfer system over which the payment order is transmitted. Since Section 4A-202(f) does not prohibit a funds transfer system rule from varying rights and obligations under Section 4A-202, a rule of the funds transfer system can determine how loss due to an unauthorized payment order from a participating bank to another participating bank is to be allocated. A funds transfer system rule, however, cannot change the rights of a customer that is not a participating bank. Section 4A-501(b). Section 4A-202(f) also prevents variation by agreement except to the extent stated.

Section 36-4A-204. Refund of payment and duty of customer to report with respect to unauthorized payment order.

(a) If a receiving bank accepts a payment order issued in the name of its customer as sender which is (i) not authorized and not effective as the order of the customer under Section 36-4A-202, or (ii) not enforceable, in whole or in part, against the customer under Section 36-4A-203, the bank shall refund any payment of the payment order

Printed Page 4187 . . . . . Tuesday, June 13, 1995
received from the customer to the extent the bank is not entitled to enforce payment and shall pay interest on the refundable amount calculated from the date the bank received payment to the date of the refund. However, the customer is not entitled to interest from the bank on the amount to be refunded if the customer fails to exercise ordinary care to determine that the order was not authorized by the customer and to notify the bank of the relevant facts within a reasonable time not exceeding ninety days after the date the customer received notification from the bank that the order was accepted or that the customer's account was debited with respect to the order. The bank is not entitled to any recovery from the customer on account of a failure by the customer to give notification as stated in this section.

(b) Reasonable time under subsection (a) may be fixed by agreement as stated in Section 36-1-204(1), but the obligation of a receiving bank to refund payment as stated in subsection (a) may not otherwise be varied by agreement.

OFFICIAL COMMENT

1. With respect to unauthorized payment orders, in a very large percentage of cases a commercially reasonable security procedure will be in effect. Section 4A-204 applies only to cases in which (i) no commercially reasonable security procedure is in effect, (ii) the bank did not comply with a commercially reasonable security procedure that was in effect, (iii) the sender can prove, pursuant to Section 4A-203(a)(2), that the culprit did not obtain confidential security information controlled by the customer, or (iv) the bank, pursuant to Section 4A-203(a)(1) agreed to take all or part of the loss resulting from an unauthorized payment order. In each of these cases the bank takes the risk of loss with respect to an unauthorized payment order because the bank is not entitled to payment from the customer with respect to the order. The bank normally debits the customer's account or otherwise receives payment from the customer shortly after acceptance of the payment order. Subsection (a) of Section 4A-204 states that the bank must recredit the account or refund payment to the extent the bank is not entitled to enforce payment.

2. Section 4A-204 is designed to encourage a customer to promptly notify the receiving bank that it has accepted an unauthorized payment order. Since cases of unauthorized payment orders will almost always involve fraud, the bank's remedy is normally to recover from the beneficiary of the unauthorized order if the beneficiary was party to the fraud. This remedy may not be worth very much and it may not make any difference whether or not the bank promptly learns about the fraud. But in some cases prompt notification may make it easier for the bank to

Printed Page 4188 . . . . . Tuesday, June 13, 1995
recover some part of its loss from the culprit. The customer will routinely be notified of the debit to its account with respect to an unauthorized order or will otherwise be notified of acceptance of the order. The customer has a duty to exercise ordinary care to determine that the order was unauthorized after it has received notification from the bank, and to advise the bank of the relevant facts within a reasonable time not exceeding ninety days after receipt of notification. Reasonable time is not defined and it may depend on the facts of the particular case. If a payment order for $1,000,000 is wholly unauthorized, the customer should normally discover it in far less than ninety days. If a $1,000,000 payment order was authorized but the name of the beneficiary was fraudulently changed, a much longer period may be necessary to discover the fraud. But in any event, if the customer delays more than ninety days, the customer's duty has not been met. The only consequence of a failure of the customer to perform this duty is a loss of interest on the refund payable by the bank. A customer that acts promptly is entitled to interest from the time the customer's account was debited or the customer otherwise made payment. The rate of interest is stated in Section 4A-506. If the customer fails to perform the duty, no interest is recoverable for any part of the period before the bank learns that it accepted an unauthorized order. But the bank is not entitled to any recovery from the customer based on negligence for failure to inform the bank. Loss of interest is in the nature of a penalty on the customer designed to provide an incentive for the customer to police its account. There is no intention to impose a duty on the customer that might result in shifting loss from the unauthorized order to the customer.

Section 36-4A-205. Erroneous payment orders.

(a) If an accepted payment order was transmitted pursuant to a security procedure for the detection of error and the payment order (i) erroneously instructed payment to a beneficiary not intended by the sender, (ii) erroneously instructed payment in an amount greater than the amount intended by the sender, or (iii) was an erroneously transmitted duplicate of a payment order previously sent by the sender, the following rules apply:

(1) If the sender proves that the sender or a person acting on behalf of the sender pursuant to Section 36-4A-206 complied with the security procedure and that the error would have been detected if the receiving bank had also complied, the sender is not obliged to pay the order to the extent stated in paragraphs (2) and (3).

(2) If the funds transfer is completed on the basis of an erroneous payment order described in clause (i) or (iii) of subsection (a), the sender

Printed Page 4189 . . . . . Tuesday, June 13, 1995
is not obliged to pay the order and the receiving bank is entitled to recover from the beneficiary any amount paid to the beneficiary to the extent allowed by the law governing mistake and restitution.

(3) If the funds transfer is completed on the basis of a payment order described in clause (ii) of subsection (a), the sender is not obliged to pay the order to the extent the amount received by the beneficiary is greater than the amount intended by the sender. In that case, the receiving bank is entitled to recover from the beneficiary the excess amount received to the extent allowed by the law governing mistake and restitution.

(b) If (i) the sender of an erroneous payment order described in subsection (a) is not obliged to pay all or part of the order, and (ii) the sender receives notification from the receiving bank that the order was accepted by the bank or that the sender's account was debited with respect to the order, the sender has a duty to exercise ordinary care, on the basis of information available to the sender, to discover the error with respect to the order and to advise the bank of the relevant facts within a reasonable time, not exceeding ninety days, after the bank's notification was received by the sender. If the bank proves that the sender failed to perform that duty, the sender is liable to the bank for the loss the bank proves it incurred as a result of the failure, but the liability of the sender may not exceed the amount of the sender's order.

(c) This section applies to amendments to payment orders to the same extent it applies to payment orders.

OFFICIAL COMMENT

1. This section concerns error in the content or in the transmission of payment orders. It deals with three kinds of error. Case #1. The order identifies a beneficiary not intended by the sender. For example, Sender intends to wire funds to a beneficiary identified only by an account number. The wrong account number is stated in the order. Case #2. The error is in the amount of the order. For example, Sender intends to wire $1,000 to Beneficiary. Through error, the payment order instructs payment of $1,000,000. Case #3. A payment order is sent to the receiving bank and then, by mistake, the same payment order is sent to the receiving bank again. In Case #3, the receiving bank may have no way of knowing whether the second order is a duplicate of the first or is another order. Similarly, in Case #1 and Case #2, the receiving bank may have no way of knowing that the error exists. In each case, if this section does not apply and the funds transfer is completed, Sender is obliged to pay the order. Section 4A-402. Sender's remedy, based on payment by mistake, is to recover from the beneficiary that received payment.

| Printed Page 4170, June 13-15 | Printed Page 4190, June 13-15 |
Page Finder Index

This web page was last updated on Monday, June 29, 2009 at 2:12 P.M.