(dissenting in part). Uniform Commercial Code § 4-406, titled “Customer’s Duty to Discover and Report Unauthorized Signature or Alteration,” sets forth a customer’s and bank’s respective duties concerning a customer’s statement of account. When the bank sends the customer such a statement accompanied by items paid in good faith, the customer must “exercise reasonable care and promptness to examine the statement and items to discover his unauthorized signature . . . and . . . notify the bank promptly after discovery thereof” (UCC 4-406 [1]). If the customer does not comply with that provision he or she is precluded from asserting against the bank: A customer is not precluded from asserting against a bank an unauthorized signature under subsection (2), however, “if the customer establishes lack of ordinary care on the part of the bank in paying the item(s)” (UCC 4-406 [3]). UCC 4-406 (4) prescribes a one-year time limit on a customer to make a claim against a bank for its payment of an altered or forged paper irrespective of whether the bank exercised ordinary care.
“(a) his unauthorized signature or any alteration on the item if the bank also establishes that it suffered a loss by reason of such failure; and
“(b) an unauthorized signature or alteration by the same wrongdoer on any other item paid in good faith by the bank after the first item and statement was available to the customer for a reasonable period not exceeding fourteen calendar days and before the bank receives notification from the customer of any such unauthorized signature or alteration” (UCC 4-406 [2] [a], [b]).
Plaintiff claims that Capital One had notice of defendant Hafner-Milazzo’s predisposition to commit illegal acts and failed to exercise ordinary care. By boilerplate resolution, however, the bank claims to have reduced the time under which the plaintiff could assert such a lack of ordinary care from one year to the *291same 14-day time period as set forth in section 4-406 (2), effectively repealing section 4-406 (4) as it applies to its customers. The majority finds this reasonable, relying on UCC 4-103 (1), which provides, as relevant here, that UCC article 4’s provisions “may be varied by agreement” with the caveat “that no agreement can disclaim a bank’s responsibility for its own lack of good faith or failure to exercise ordinary care or can limit the measure of damages for such lack or failure; but the parties may by agreement determine the standards by which such responsibility is to be measured if such standards are not manifestly unreasonable” (emphasis supplied).
In my view, because section 4-406 (4) clearly imposes a one-year limitation on claims involving a bank’s “failure to exercise ordinary care,” the time period cannot be changed by agreement. To be sure, there may be a variation in standards by which a bank’s responsibility is to be measured (so long as such standards are not manifestly unreasonable), but the one-year limitation remains.
The majority claims that the shortening of the period resulted in a limitation of liability, and reduced only plaintiffs time to provide notice of the improper charge (majority op at 288). That is mere semantics, however, because the overall effect of the time reduction is to eliminate plaintiffs opportunity to assert, after the 14-day period had passed (but before the one-year time period had elapsed) that Capital One had failed to exercise ordinary care and, consequently, recover damages as a result of that negligence. The shortening of the time period works a de facto disclaimer of liability, which is prohibited under section 4-103 (1).
It is my view that just as the customer and bank in Regatos v North Fork Bank (5 NY3d 395 [2005]) were prohibited from modifying by contract the one-year statute of repose set forth in UCC 4-A-505*—which grants a customer one year to notify the bank of an unauthorized wire transfer — plaintiff and Capital *292One were prohibited from contractually shortening section 4-406 (4)’s one-year time limitation. In Regatos, the bank received two unauthorized funds transfers totaling $600,000 and, in violation of the agreed security procedures, transferred the funds from the customer’s account. When the customer notified the bank of the unauthorized transfers five months later, the bank refused to refund the money, relying on the account agreement’s provision that the customer was to notify the bank of “any unauthorized signature or alteration” within 15 days (see Regatos, 5 NY3d at 399-400). Relying on UCC 4-A-204 (1)’s language that a “bank is not entitled to any recovery from the customer on account of a failure by the customer to give notification as stated in this section,” we concluded that the bank had an obligation to refund the principal so long as notice was given within one year as required by section 4-A-505 (id. at 402-403). We explained that the policy behind UCC article 4-A was to encourage financial institutions “to adopt appropriate security procedures,” and that allowing them “to vary the notice period by agreement would reduce the effectiveness of the statute’s one-year period of repose as an incentive for banks to create and follow security procedures” (id. at 402).
Likewise, UCC article 4 imposes upon a bank the obligation to act with ordinary care, which required Capital One to follow commercially reasonable security procedures to ensure it was not making payments on unauthorized checks. A reduction in the one-year period to 14 days provides little, if any, incentive for a bank to act with ordinary care. And, of course, a bank’s obligation to exercise ordinary care may not be varied by agreement (see Aikens Constr. of Rome v Simons, 284 AD2d 946, 947 [4th Dept 2001]; Herzog, Engstrom & Koplovitz v Union Natl. Bank, 226 AD2d 1004, 1005 [3d Dept 1996]). But that is precisely what the corporate resolution does in this case. Prior to today, our courts have never sanctioned such a practice.
The majority approach has at least two significant drawbacks. First, it impairs the incentive the authors of UCC article 4 created for banks to exercise ordinary care in the payment of items. Second, it seems to make the outcome of cases depend upon whether the customer is a Fortune 500 company, a medium-sized one (this plaintiff is no corporate giant), a small one, or an individual. It would be better to interpret the statute in a way that obviates the need for a court to analyze whether the customer was “financially sophisticated,” possessed “the resources to acquire professional guidance,” was a “small family *293business” or an “elderly” individual (majority op at 289) because the rule would apply to every type of consumer. The rule proposed by the majority provides less certainty and will create more litigation because it doesn’t apply to everyone in like fashion. The fact that the majority is concerned that financial institutions will “use contracts of adhesion to impose” what it acknowledges is “an exacting 14-day limit on unsophisticated consumers” (majority op at 289 [emphasis supplied]) only underscores why customers and banks should not be permitted to contractually reduce section 4-406 (4)’s one-year limitation period.
Accordingly, I respectfully dissent from that part of the majority holding that a customer and bank may contractually reduce section 4-406 (4)’s one-year limitations period.
Judges Graffeo, Read, Rivera and Abdus-Salaam concur with Chief Judge Lippman; Judge Pigott dissents in part in an opinion in which Judge Smith concurs.Order modified, without costs, by remitting to Supreme Court, Suffolk County, for further proceedings in accordance with the opinion herein and, as so modified, affirmed.
UCC 4-A-505, titled, “Preclusion of Objection to Debit of Customer’s Account,” provides that
“[i]f a receiving bank has received payment from its customer with respect to a payment order issued in the name of the customer as sender and accepted by the bank, and the customer received notification reasonably identifying the order, the customer is precluded from asserting that the bank is not entitled to retain the payment unless the customer notifies the bank of the customer’s objection to the payment within one year after the notification was received by the customer.”