Dickinson, Mackaman, Tyler & Hagen, P.C.
Iowa Cybersecurity Blog, Iowa Banking Blog, Dickinson Law Firm, John Lande

Posted on 02/16/2018 at 02:32 PM by John Lande

A January 24, 2018 decision from the United States District Court for the Southern District of Ohio illustrates how important it is for banks to make sure that only authorized individuals have access to deposit accounts. Federal Insurance Co. v. Benchmark Bank involved unauthorized transfers from commercial accounts at Benchmark Bank.

Woda Management was a depositor at Benchmark Bank. Woda’s controller emailed Benchmark Bank to request that Woda’s employee, Donna Ferrell, be granted access to Woda’s bank accounts to view and process ACH transactions. Contrary to these instructions, Benchmark Bank not only granted Donna Ferrell access to Woda’s accounts but also to the accounts of several of Woda’s affiliated entities. At some point, fraudsters obtained Donna Ferrell’s login credentials and used their access to transfer over $600,000 from two of the affiliates’ bank accounts.

While the affiliates’ accounts were setup through Woda, the affiliates did not have a direct contractual relationship with Benchmark Bank. Rather, Woda had the contractual relationship with Benchmark Bank, and established the bank accounts for the affiliates. This proved to be a critical issue when it came time to determine whether Benchmark Bank was liable for the loss.

Under the Uniform Commercial Code (“UCC”) banks are presumed liable for unauthorized electronic transfers from non-consumer deposit accounts. If banks want to shift that liability to the depositor then the bank and depositor must enter into an agreement to use a commercially reasonable security procedure to verify the authenticity of electronic fund transfer requests, among other requirements. If the bank does not enter into an agreement to use a commercially reasonable security procedure with the depositor, then the bank remains liable for unauthorized transfers.

In this case, Benchmark Bank did not have an agreement with the Woda affiliates to use a commercially reasonable security procedure to verify the authenticity of electronic funds transfer requests. Since there was no agreement between Benchmark Bank and the Woda affiliates, Benchmark Bank was liable for unauthorized transfers. Even if there was an agreement between the Woda affiliates and Benchmark Bank, Benchmark Bank acted inconsistent with Woda’s instructions when it granted Donna Ferrell access to all Woda and the Woda affiliates’ accounts.

This case illustrates why banks should pay close attention to their deposit account and funds transfer agreements. Banks should take time to carefully review their agreements governing electronic fund transfers to ensure that they do everything necessary to protect themselves from liability for unauthorized electronic fund transfers. In this case, if Benchmark Bank had paid closer attention to who it had a contractual relationship with then it may have been better protected from unauthorized transfers.

For questions on deposits and banking law, contact attorney John Lande.

The material in this blog is not intended, nor should it be construed or relied upon, as legal advice. Please consult with an attorney if specific legal information is needed. 

- John Lande

Comments
There are no comments yet.
Add Comment

* Indicates a required field

© 2018 Dickinson Mackaman Tyler & Hagen, PC