Banco del Austro, S.A. v. Wells Fargo Bank, N.A.

MEMORANDUM OPINION

Lewis A. Kaplan, United States District Judge

Defendant Wells Fargo, N.A. moves to dismiss the complaint, which alleges violations of the New York Uniform Commercial Code (“UCC”) (Count II) as well as breach of contract (Count I) and common law duties (Count III). The Court assumes familiarity with the allegations in the complaint, which it accepts as true for ■ the purposes of this motion.1 For the following reasons, the motion is granted in part and denied in part.

Discussion

1. Claim under the UCC

Article 4-A of the UCC “governs the procedures, rights, and liabilities arising out of commercial electronic funds transfers,” including liability for the unauthorized 2 transfers at issue here (the “Trans*304fers”).3 As a default rule, Section 4-A-202 allocates the risk of loss to the bank that received and honored the unauthorized orders, in this case Wells Fargo.4 Section 4-A-202(2) provides an exception to that rule — if a bank and its customer agree that the bank will verify the authenticity of orders pursuant to a “security procedure,” then an order is “effective as the order of the customer, whether or not authorized,” so long as the security procedure is “commercially reasonable” and the “bank proves that it accepted the payment order in good faith and in compliance with the security procedure.”5 When those requirements are met, the customer, here Banco del Austro, must bear the risk of loss.

A. Scope of the Agreed-Upon Security Procedure

As an initial matter, the parties dispute the nature of the security procedures found. in their agreement (the “Agreement”). Wells Fargo received the orders at issue via the Society for Worldwide Interbank Financial Telecommunication network (“SWIFT”). Paragraph 3.1 of the Agreement adopts “the SWIFT Authentication procedures in accordance with the SWIFT User Handbook” as the security procedure for such orders.6

Banco del Austro does not allege that Wells Fargo failed to adhere to SWIFT authentication procedures, but maintains that other terms in the Agreement required additional safeguards. Specifically, Banco del Austro identifies paragraph 7.7, which states that the Agreement “will be governed by and construed in accordance with the Laws of the US and the State of New York, including (without limitation) Articles 3, 4, 4A and 5 of the” UCC, as incorporating into the Agreement certain “know your customer” fraud detection policies.7 Banco del Austro argues also that a July 31, 2014 communication from Wells Fargo in which the bank described its “financial crimes risk management program” incorporated additional safety measures into the agreed-upon security procedure.8

Banco del Austro’s contractual arguments fail as a matter of law. The Agreement, which constitutes the “entire agreement and understanding with respect to the matters addressed,”9 requires only that Wells Fargo adhere to the SWIFT authentication procedures when processing orders received via SWIFT. The provision on which Banco del Austro relies did not transform any and all violations of federal and state law into breaches of contract and did not modify the security procedure explicitly outlined under separate header.10 Thus, Banco del Austro has failed sufficiently to allege that Wells Fargo did not accept the request for the Transfers in compliance with the agreed-upon security procedure.

B. Bad Faith and Commercial Reasonableness

Even where the authorizing bank follows an agreed-upon security procedure, Sec*305tion 4-A-202(2) compels reimbursement of unauthorized funds transfers if (1) the authorizing bank nevertheless failed to act in good faith or (2) the security procedure was not commercially reasonable. These two theories of recovery under Section 4-A-202(2) implicate related, yet distinct legal standards.

The UCC defines “good faith” as “honesty in fact and the observance of reasonable commercial standards of fair dealing.”11 This “two-pronged definition,” which includes both objective and subjective components, “ensure[s] that each party to the contract performs its contractual duties in a way that reflects the reasonable expectations of the other party.”12 Thus, even claims under the objective “reasonable commercial standards” prong center on the parties to the transaction.

In addition to an assessment of good faith, Section 4-A-202(2) requires a separate inquiry into whether the agreed-upon security procedure itself was “commercially reasonable.”13 Section 4-A-202(3) explains that commercial reasonableness is “a question of law” that courts determine “by considering the wishes of the customer expressed to the bank, the circumstances of the customer known to the bank, ... alternative security procedures offered to the customer, and security procedures in general use by customers and receiving banks similarly situated.”14 The UCC further instructs that security procedures “may require the use of algorithms or other codes, identifying words or numbers, encryption, callback procedures, or similar security devices.”15

To be sure, the questions whether a bank has adopted a “commercially reasonable” security procedure, and whether the bank observed “reasonable commercial standards of fair dealing” when authorizing specific funds transfers, in many cases are redundant.16 That is especially so where there is no plausible allegation that the authorizing bank failed to adhere to the agreed-upon security procedure, as is true here. In that case, the two inquiries largely collapse. The court must assess whether the agreed-upon security procedure was commercially reasonable and whether the authorizing bank’s use of that procedure to authenticate the transfers at issue comported with reasonable commercial standards of fair dealing. In many cases the answer to the two questions will be the same.

This complaint muddles the two theories of recovery. Regarding “good faith,” Banco del Austro alleges facts relevant to the objective “reasonable commercial standards” prong of the UCC definition, but foregoes any claim of subjective bad faith.17 The gravamen of its complaint is that the agreed-upon security procedure *306cannot possibly comply with reasonable commercial standards of fair dealing because it failed to detect the alleged fraud and that reliance on the SWIFT system alone therefore constituted bad faith. However, the complaint fails to allege “commercial reasonableness” as a distinct theory under Section 4-A-202. Nevertheless, given the substantial overlap in the two inquiries in this case, the Court concludes that Banco del Austro has sufficiently pleaded facts relevant to both theories.

The Court cannot now determine the commercial reasonableness of the agreed-upon security procedure or, by extension, whether Wells Fargo complied with reasonable commercial standards of fair dealing when it processed the Transfers pursuant to that procedure. In defining that procedure, the Agreement incorporates wholesale the SWIFT user manual, a document outside of the complaint. Further, both parties in their memoranda urge upon the Court news articles and industry publications detailing the security bonafides and vulnerabilities of the SWIFT system. Resort to these extra-complaint sources illustrates the fact-intensive nature of the commercial reasonableness inquiry, one that courts typically address at summary judgment.18 At bottom, the facts alleged in the complaint and its exhibits do not permit the Court to rule as a matter of law that use of the SWIFT system, with nothing more, constituted a commercially reasonable security procedure in the context of this particular customer-bank relationship. In consequence, the motion to dismiss plaintiffs claim under section 4-A-202 (Count II) of the UCC is denied.

II. Common Law Claims

A. Breach of Contract

Banco del Austro’s breach of contract claim (Count I) relies on the same assertions as its argument concerning the scope of the agreed-upon security procedure and fails for the reasons explained above. Paragraph 3.1 of the Agreement states the agreed-upon security procedure and requires authentication of orders via the SWIFT system in accordance with its user handbook.19 Wells Fargo’s motion to dismiss the breach of contract claim is granted because Banco del Austro does not plausibly allege that Wells Fargo deviated from that procedure.

B. Negligence

Wells Fargo contends that UCC Article 4-A precludes Banco del Austro’s negligence claim (Count III). Article 4-A precludes “common law claims when such claims would impose liability inconsistent with the rights and liabilities expressly created by Article 4-A.”20 When determining whether a common law claim is inconsistent with Article 4-A, “the critical inquiry is whether its provisions protect against the type of underlying injury or misconduct alleged in a claim.”21

Here, Banco del' Austro alleges that Wells Fargo “violated its duty of care by negligently honoring the” Transfers.22 This claim falls entirely within the coverage of Section 4-A-202, which creates a *307comprehensive system of risk allocation for unauthorized funds transfers.23 As explained above, that section completely determines liability in this case. If the agreed-upon security procedure was commercially reasonable and Wells Fargo otherwise adhered to reasonable commercial standards of fair dealing, Section 4-A-202 absolves Wells Fargo of its default obligation to refund Banco del Austro. “This allocation of loss is so integral to the structure of Article 4A that it may not be varied by contract.”24 Negligence liability above and beyond the commands of Section 4-A-202 would be inconsistent with that section.25 Accordingly, Wells Fargo’s motion to dismiss the negligence claim (Count III) is granted.

Conclusion

In conclusion, defendant Wells Fargo’s motion to dismiss [DI 13] is granted to the extent that the breach of contract and negligence claims (Counts I and III) are dismissed. It is denied in all other respects.

SO ORDERED.

. Ashcroft v. Iqbal, 556 U.S. 662, 678-79, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009).

. At this stage, Wells Fargo does not dispute that the transfers at issue are unauthorized *304within the meaning of N.Y. U.C.C. § 4-A-102(1).

. Grain Traders, Inc. v. Citibank, N.A., 160 F.3d 97, 100 (2d Cir. 1998).

. See N.Y. U.C.C. § 4-A-202(1); Regatos v. North Fork Bank, 257 F.Supp.2d 632, 640 (S.D.N.Y. 2003).

. N.Y. U.C.C. § 4-A-202(2).

. DI 1-1 ¶ 56; DI 1-1 Ex. A ¶ 3.1.

. DI 1-1 Ex. A ¶ 7.7.

. DI 1-1 ¶¶ 14, 56, 59.

. DI 1-1 Ex. A ¶ 7.19.

. See Capital Ventures Int’l v. Republic of Argentina, 652 F.3d 266, 271 (2d Cir. 2011).

. N.Y. U.C.C. § 4-A-105(l)(f).

. Choice Escrow & Land Title v. Bancorp-South Bank, 754 F.3d 611, 622 (8th Cir. 2014).

. N.Y. U.C.C. § 4 — A-202(2).

. N.Y. U.C.C. § 4-A-202(3).

. N.Y. U.C.C. § 4-A-201.

. At least one circuit court has noted that, although “[fit may appear at first glance that these inquiries are redundant,” they are not “coextensive.” Choice Escrow, at 622-23. “While the commercial reasonableness inquiry concerns the adequacy of a bank's security procedures, the objective good faith inquiry concerns a bank’s acceptance of payment orders in accordance with those security procedures.” Id. at 623. "In other words, technical compliance with a security procedure is not enough under Article 4A,” rather "the bank must abide by its procedures in a way that reflects the parties' reasonable expectations as to how those procedures will operate.” Id.

.DI 1-1 ¶ 52.

. See, e.g., Patco Const. Co., Inc. v. People’s United Bank, 684 F.3d 197, 216 (1st Cir. 2012); Braga Filho v. Interaudi Bank, 2008 WL 1752693, at *4-5 (S.D.N.Y. Apr. 16, 2008); Regatos, 257 F.Supp.2d at 646.

. DI 1-1 Ex. A ¶ 3.1.

. Grain Traders, 160 F.3d at 103.

. Ma v. Merrill Lynch, Pierce, Fenner & Smith, Inc., 597 F.3d 84, 89-90 (2d Cir. 2010).

. DI 1-1 ¶ 72.

. See 2006 Frank Calandra, Jr. Irrevocable Trust v. Signature Bank Corp., 816 F.Supp.2d 222, 236 (S.D.N.Y. 2011) (explaining that ''[a]ny common law claims about the existence of unauthorized wire transfers ... fall within the regime of Article!] 4-A”), aff'd, 503 Fed.Appx. 51 (2d Cir. 2012).

. Regatos, 257 F.Supp.2d at 643.

. See Patco, 684 F.3d at 216 (granting summary judgment in favor of defendant bank on negligence claim, finding it inconsistent with Section 4-A-202 even while holding that the agreed-upon security procedure was commercially unreasonable). Nor does Regions Bank v. Provident Bank, Inc., 345 F.3d 1267 (11th Cir. 2003), assist Banco del Austro. In Regions, the plaintiff did not dispute that the defendant "complied with the relevant provisions of the U.C.C.,” contending instead that the defendant knew "or should have'known that the funds were obtained illegally.” Id. at 1275, 1279. The court found that the state law cláims (conversion, unjust enrichment, receipt of stolen property), which sounded in fraud and not negligence, were not precluded. Id. at 1279. In contrast, the parties here actively dispute compliance with Section 4-A-202, and Banco del Austro has also failed to plead facts remotely similar to those in Regions.