We use cookies to give you the best online experience. By using our website you agree to our use of cookies in accordance with our cookie policy. Learn more here.Close Me
In a landmark decision, the 1st Circuit Court of Appeals held in
"Patco Construction Company, Inc. v. People's United
Bank", No. 11-2031 (1st Cir. July 3, 2012) that
People's United Bank (d/b/a Ocean Bank) was required to
reimburse its customer, PATCO Construction Co., for approximately
$580,000 that had been stolen from PATCO'S bank account. In so
doing, the court reversed the decision of the U.S. District Court
for the District of Maine that had granted summary judgment in the
bank's favor.
The dispute arose when Ocean Bank authorized six fraudulent
withdrawals over seven days from an online account held by PATCO.
While the bank's security system flagged each one of the
transactions as "high risk" because they were
inconsistent with the timing, value, and geographic location of
PATCO's regular payment orders, the bank's security system
did not notify PATCO of this information and allowed the payments
to go through. In light of this omission, PATCO sued, alleging that
Ocean Bank should bear responsibility for the loss because its
security system was not "commercially reasonable" under
the Uniform Commercial Code, as codified under Maine Law.
Ocean Bank moved for summary judgment on the basis that its use
of a one-time log-in and password security requirement for
transaction authentication was sufficient to comply with the
"commercially reasonable" standards. The district court
agreed and granted the bank's motion.
On appeal, the 1st Circuit reversed, based on its determination
that the bank's "generic 'one-size-fits-all'
approach to customers violates Article 4A's instruction to take
the customer's circumstances into account." The court
explained that Ocean Bank's failure to implement enhanced
security procedures was unreasonable in light of its knowledge of
ongoing fraud involving the same measures as had been used with
respect to PATCO's account. When the fraud re-occurred in this
"unordinary" situation, the court held that it was
"commercially unreasonable" for Ocean Bank's security
system to trigger only those security measures that were applicable
to "ordinary" transactions. The court reasoned the
"unprecedentedly high risk scores" on the potential
transactions were well above PATCO's regular risk scores and
therefore should have triggered extra security measures to
authenticate the transactions. The Court stressed, however, that it
was the bank's "collective failures" taken as a
whole, rather than any single failure, that rendered its security
system commercially unreasonable under the circumstances.
The PATCO decision could have significant implications
for financial institutions and their insurers, as it has the
potential to open the floodgates for businesses victimized by cyber
fraudsters to sue their banks in order to recover misappropriated
funds. It also could impact similar lawsuits currently pending,
such as Choice Escrow and Land Title, LLC v. BancorpSouth
Bank, Case No. 2010cv03531 (W.D. Miss.), which involves loss
arising from ACH and wire fraud.
On the other hand, the 1st Circuit in PATCO suggested
several proactive measures that might enable financial institutions
to avoid the fate suffered by Ocean Bank. Among other things, the
court identified the following enhanced security procedures: (i)
manual reviews of suspect transactions by actual personnel to
determine the legitimacy of a transaction, (ii) eschew a
one-size-fits-all security approach for customers, and (iii)
"customer verification" or notification to authenticate
uncharacteristic or suspicious transactions.
At the same time, the court noted customers such as PATCO also
might have certain responsibilities under Article 4A of the UCC,
even when its bank's security measures are found to be
"commercially unreasonable," although the court left open
the question of what those obligations might be. Of course,
whatever they may be, they did not exist on the facts
presented.
PATCO is but one more example of the value and import
of insurance products such as cyber, fidelity and related E&O
coverages in an ever-changing virtual economy. Financial
institutions, commercial entities and even individual
account-holders cannot rely on others to protect them. Rather, they
need to take proactive steps to secure their interests, including
purchasing tailored insurance that responds to their changing
needs. At the same time, the insurance industry must continue to
stay ahead of the curve by anticipating the evolving risks and
providing products that will address a rapidly evolving market.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
The Patient Protection and Affordable Care Act has gone from a distant deadline to an imminent reality, with the controversial "play or pay" provisions scheduled to take effect on January 1, 2014.
A commentary on a recent decision in the case of Engineering & Construction Innovations, Inc., v. L. H. Bolduc Co., interpreting a subcontractor's agreement to indemnify a contractor, the subcontractor's contractual obligation to procure insurance to cover that indemnity agreement and the impact of the Minnesota anti-indemnification statute on such contract provisions.
Less than two weeks apart, two appellate courts issued opinions analyzing whether faulty work claims are covered under commercial general liability policies, each reaching a different result.
Like many companies who made products containing asbestos, Kaiser Cement and Gypsum Corporation has over the past several decades defended thousands of asbestos bodily injury claims brought by construction workers who allege they were exposed and suffered bodily injury resulting from exposure to Kaiser Cement’s asbestos containing products.
Many jurisdictions have announced that they plan to more actively pursue natural resource damages from potentially responsible parties deemed liable under CERCLA or Superfund.
As reported in our November 2012 Client Alert entitled Latest Regulatory Developments Concerning Unclaimed Life Insurance Benefits, a few states have passed new laws governing claims investigation practices to address the issue of unclaimed life insurance benefits.
A New York appellate court recently upheld a supreme court ruling that an insurer had a duty to defend a manufacturer’s faulty workmanship where it resulted in third party property damage. I.J. White Corp. v. Columbia Cas. Co., 2013 NY Slip Op 2500 (N.Y. App. Div. 1st Dep’t Apr. 16, 2013).
In Farkas v. National Union Fire Insurance Company of Pittsburgh, PA, No. 12-1481, 2013 WL 1459248 (4th Cir. Apr. 11, 2013), the United States Court of Appeals for the Fourth Circuit affirmed the district court’s summary judgment order and held that a Directors & Officers (D&O) liability insurer had no duty to defend the chairman of the policyholder after he was convicted of criminal fraud.
