SECURITY FIRST NETWORK BANK V. C.A.P.S., INC.
47 UCC REP.SERV.2D 670 (N.D. ILL. 2002)

LEFKOW, District J.

* * * *

BACKGROUND

The parties in this case, in some way or another, seek to recover for or be absolved of the alleged fraudulent act of Joseph V. Sykes (“Sykes”), a resident of Florida. Security First is a national banking association chartered under the laws of the United States with its principal place of business in Georgia. On or about December 28, 1999, Sykes, using the name “Marvin L. Goldman” opened an account (the “Goldman account”) at Security First. Marvin L. Goldman is also a resident of Florida. Security First was unaware of Sykes’ real identity at that time. Using the name “Marvin L. Goldman,” Sykes debited, or attempted to debit, accounts held at various financial institutions, including The Northern Trust Company (“Northern Trust”) and LaSalle Bank National Association (“LaSalle Bank”), and transfer the debited funds into the “Goldman account.”

One of the accounts debited was Consolidated Artist’s Payroll Service, Inc.’s (“C.A.P.S.”) account # 30175914 at Northern Trust. C.A.P.S., an Illinois corporation located in Cook County, utilizes electronic fund transfers to provide payroll services to its customers throughout the United States. Northern Trust, in establishing and servicing C.A.P.S.’ account # 30175914, utilizes the Automated Clearing House (“ACH”) network. The ACH network is a national electronic payment system which allows pre-authorized credits and debits to be automatically posted as a means to electronically transfer funds to and from banks’ customers’ accounts.

The other account debited was Saks, Incorporated’s (“Saks”) payroll account # 559-0019500 at LaSalle Bank. Saks is a Tennessee corporation with its principal place of business in Alabama and is a holding company for several retail department stores including Saks Fifth Avenue and Carson Pirie Scott. Saks and Northern Trust had an ACH agreement under which Saks initiated ACH debits and credits to its accounts at LaSalle Bank. Their agreement incorporated the rules promulgated by the National Automated Clearing House Association (“NACHA”), which govern banks that participate in the ACH network.

To accomplish the debit transfers, Sykes submitted to Security First numerous recurring ACH transfer requests from Northern Trust and LaSalle Bank. With each ACH transfer request, Sykes presented a void check from the account which was to be debited, with the name “M.L. Goldman” printed on the check. From January 7, 2000 through January 13, 2000, Sykes successfully transferred over $1,500.000.00 into the “Goldman account” ($900,000.00 from Saks’ account and $525,000.00 from C.A.P.S.’ account). He transferred approximately $508,455.00 of that amount to third parties.

On January 14, 2000, after certain ACH transfer requests had been rejected by the financial institutions at which the accounts to be debited were located, Security First began investigating Sykes and the “Goldman account” and learned that the “Marvin L. Goldman” who had opened the account and directed the debits was actually Sykes and that Sykes had procured and fraudulently used data relating to the real Marvin L. Goldman in order to open an account at Security First and commit fraud. Security First froze the “Goldman account” which contained, at the time, approximately $900,000.00 (the “Remaining Debit Proceeds”).

According to C.A.P.S. and Saks, neither of them authorized the debit transfers. They further assert that although Security First discovered Sykes’ fraudulent scheme in January, 2000, it failed to timely notify them or their banks of the unauthorized debit entries. C.A.P.S. first discovered the unauthorized debits in April, 2000 and demanded that Northern Trust credit its account. Northern Trust advised C.A.P.S. that the loss would be “dealt with accordingly” and that Northern Trust would recover the funds from Security First. At some point in May, 2000, Northern Trust contacted Security First and demanded it satisfy C.A.P.S.’ claim. Security First refused, pointing to the strict time limits in the NACHA rules for the return of a debit by a receiving bank such as Northern Trust. At some point, Saks also discovered the unauthorized debits and demand was made on Security First in August, 2000 for return of the money that had been debited from Saks’ account, but Security First refused.

C.A.P.S. filed suit against Northern Trust in the Circuit Court of Cook County in June, 2000. Northern Trust informed Security First that if Security First failed to indemnify Northern Trust for C.A.P.S.’ claims in the state action, it would file a third-party complaint against Security First. On September 18, 2000, Northern Trust filed a third-party complaint against Security First in state court. * * * *

* * * *

DISCUSSION

* * * *

I. SECURITY FIRST’S MOTIONS TO DISMISS

Before recounting the specific allegations of each of Saks’ and C.A.P.S.’ counterclaims, the court sets out the framework for an ACH transaction. There are typically five participants in an ACH transaction: (1) the originating company or individual (“Originator”); (2) the Originating Depository Financial Institution (“ODFI”); (3) the ACH Operator; (4) the Receiving Depository Financial Institution (“RDFI”); and (5) the receiving company or individual (“Receiver”). For an ACH transaction to occur, the Receiver must authorize an Originator to initiate an ACH entry to the Receiver’s account with the RDFI. The Originator agrees to initiate ACH entries into the payment system according to its arrangement with a Receiver. The ODFI receives payment instructions from the Originator. The ODFI then forwards the entry to the ACH Operator, which is the central clearing facility operated by a private organization or a Federal Reserve Bank on behalf of DFIs, to or from which DFIs transmit or receive ACH entries. The RDFI receives the ACH entry from the ACH Operator and posts the entry to the account of its depositor (the Receiver). See also 2000 NACHA Operating Rule § 13.1 (Definitions).

Saks alleges that although Saks never authorized Sykes to debit its account, Sykes (the Originator) fraudulently initiated a debit entry to transfer funds from Saks’ (the Receiver’s) account to the “Goldman account.” Saks alleges Sykes originated two debit transfers, one on January 11 and the other on January 13, 2000 in the amount of $450,000.00 each, from Saks’ account # 559-0019500 to the “Goldman account.” Saks alleges that the debit transfers were originated through Security First, the ODFI, using Saks’ account number but wrongfully naming the account holder as “Marvin Goldman” and that LaSalle Bank, the RDFI, debited Saks’ account pursuant to Security First’s instruction. Saks alleges that Security First failed to require proper identification from Sykes, failed to verify “Goldman’s” real identity and failed to conduct any background investigation. As a result, Saks alleges that Security First is liable to it for negligence, breach of warranties under the Illinois Uniform Commercial Code, [§§ 4-207(a)] and 4-208(a), and for breach of warranty under the 2000 NACHA Operating Rules.

C.A.P.S. alleges Sykes originated three debit transfers, one on January 7, one on January 11 and another on January 13, 2000, in the amount of $175,000.00 each, from C.A.P.S’ account # 30175914 to the “Goldman account.” The debit transfers were originated through Security First, the ODFI, using C.A.P.S.’ account number but wrongfully naming the account holder as “Marvin Goldman.” Northern Trust, the RDFI, debited C.A.P.S.’ account pursuant to Security First’s instruction. C.A.P.S. alleges that Security First failed to properly investigate and verify the identity of “Goldman” and failed to immediately notify Northern Trust and C.A.P.S. when it first learned of the unauthorized debit transfers. As a result, C.A.P.S. alleges that Security First is liable to it for breach of Security First’s duty to exercise ordinary care under the Illinois Uniform Commercial Code, [§ 4-103], breach of warranties under the Illinois Uniform Commercial Code, [§§ 4-207(a)] and 4-208(a), and for violation of the Illinois Consumer Fraud and Deceptive Practices Act, 815 ILCS 5/505-2.

* * * *

A. Saks’ Claims Against Security First

NACHA Claim

In Count IV of its counterclaim, Saks brings a claim against Security First for breach of the NACHA Operating Rule warranties. As already noted herein, Saks alleged that it entered into an agreement with LaSalle Bank for ACH services and that agreement incorporated the NACHA Operating Rules. As such, Saks claims it is entitled to enforce the NACHA rules against Security First. The NACHA Operating Rules “apply to all entries and entry data transmitted through one or more ACH Operators,” NACHA Operating Rule § 1.1, and “[e]ach participating DFI agrees to comply with these rules[.]” Id. § 1 .2. A prerequisite to origination is that the “Receiver had authorized the Originator to initiate the entry to the Receiver’s account.” Id. § 2.1.2. Under the rules, the “ODFI * * * warrants * * * to each RDFI, ACH Operator, and Association * * * [that] each entry transmitted by the ODFI to an ACH Operator is in accordance with the proper authorization provided by the Originator and the Receiver.” Id. § 2.2.1.1.

Saks argues that Security First, by issuing a debit to LaSalle Bank for Saks’ account, warranted that Saks had properly authorized that debit. Saks further points to NACHA Operating Rule § 2.2.3, which provides, “[e]ach ODFI breaching any of the preceding warranties shall indemnify every RDFI, ACH Operator, and Association from and against any and all claim, demand, loss, liability, or expense, including attorneys’ fees and costs, that result directly or indirectly from the breach of warranty or the debiting or crediting of the entry to the Receiver’s account” and argues that because Saks did not authorize the debit, Security First is liable to it for breach of warranty.

Security First concedes that Saks has alleged it (Saks) is a party to the NACHA rules,6 but argues that Saks cannot enforce the warranty provisions since they run only from ODFIs to RDFIs, ACH Operators, and Associations, and not to receivers, like Saks. While the court agrees that enforcement of § 2.2.3 would not get Saks anywhere since that provision is an agreement to indemnify an RDFI, ACH Operator or Association for the breach of the warranty in § 2.2.1.1, enforcement of Security First’s warranty in § 2.2.1.1, would. When a person “warrants” something, he “promise[s] that a certain fact or state of facts, in relation to the subject-matter, is, or shall be, as it is represented to be.” BLACK’S LAW DICTIONARY, at 1585 (6th ed.1990). Had Security First not broken its promise in § 2.2.1.1 to LaSalle Bank that the debits were authorized, then Saks’ account would not have been improperly debited. Because Saks is a party to the rules, bound by its obligations as well as entitled to its benefits, it can enforce this provision, even though the provision applies only to an obligation from one bank to another. Cf. Sinclair Oil Corp. v. Sylvan Bank, 894 F. Supp. 1470, 1477-78 (D. Kan. 1995) (holding that a customer (Originator), which had a contract with the ODFI incorporating the NACHA rules, could enforce against defendant RDFI bank the NACHA return of entry provision that required the RDFI to make deposits with the ACH/reserve bank by deadlines established by the ACH) (emphasis added).7 Because Saks has adequately alleged a direct claim against Security First for breach of warranty, it does not address Saks’ third- party beneficiary argument.

UCC Claims

Saks also brings claims against Security First under Article 4 of the Illinois UCC. In Count II, Saks asserts a claim for breach of transfer warranty under [UCC § 4-207(a)(1)], which provides that “[a] customer or collecting bank that transfers an item and receives a settlement or other consideration warrants to the transferee and to any subsequent collecting bank that: ... the warrantor is a person entitled to enforce the item[.]” Saks claims that under this provision, Security First warranted to Saks that Security First and Sykes were entitled to enforce the debit transfers, that all signatures were authentic and authorized and the item was not altered. Saks alleges that because Security First, as the originating depository financial institution, debited Saks’ account with fraudulent and unauthorized transfers, Security First breached the transfer warranty of section 4-207(a). In Count III, Saks asserts a claim for breach of presentment warranty under [UCC § 4-208(a)(1)], which provides,

If an unaccepted draft is presented to the drawee for payment or acceptance and the drawee pays or accepts the draft, (i) the person obtaining payment or acceptance, at the time of presentment, and (ii) a previous transferor of the draft, at the time of transfer, warrant to the drawee that pays or accepts the draft in good faith that: (1) the warrantor is or was, at the time the warrantor transferred the draft, a person entitled to enforce the draft or authorized to obtain payment or acceptance of the draft on behalf of a person entitled to enforce the draft[.]

Saks claims that under this provision, Security First presented Sykes’ fraudulent transfer draft to Saks to obtain payment and, in so doing, warranted under section 4-208, that it and Sykes were entitled to obtain payment, the draft was not altered and it had no knowledge that the transfer was unauthorized. Saks alleges that because Security First, as the originating depository financial institution, debited Saks’ account with fraudulent and unauthorized transfers, it breached the presentment warranty of section 4-208(a).

As an initial matter, Security First argues that Saks cannot base a claim on the UCC because * * * Article 4 of the UCC is inapplicable to electronic funds transfers. Although there is no Illinois case specifically finding the Illinois UCC inapplicable to electronic debit transactions as opposed to an electronic funds transfer, at least one state court that addressed the issue * * * rejected the applicability of the UCC to an ACH debit transaction. See Sinclair Oil Corp. v. Sylvan Bank, 869 P.2d 675, 680-81 (Kan. 1994).

By not interposing contrary authority, Saks appears to concede that the UCC, standing alone, does not offer a basis for recovery. Saks argues, however, that because it is a party to the NACHA rules, and NACHA Operating Rule § 13.1.20 expressly incorporates Article 4 to debit entries, Saks can resort to applicable UCC provisions, such as the UCC warranties in sections 4-207 and 4- 208. NACHA Operating Rule § 13.1.20, provides that a “debit entry shall be deemed an ‘item’ within the meaning of Revised Article 4 * * * and that Article shall apply to such entries except where the application is inconsistent with these rules, in which case these rules shall control.” Security First replies that no case has relied on § 13.1.20 and explains that § 13.1.20’s reference to the UCC was put into the NACHA rules at their inception as a gap-filler in the event courts found the NACHA rules incomplete.

The one case brought to the court’s attention involving both NACHA and UCC did not directly address the issue now before this court. On a certified question from a Kansas federal court to the Kansas Supreme Court regarding whether the NACHA return of entry deadline modified the Kansas UCC deadline (and thus whether the defendant bank could be liable to plaintiff under UCC as modified by NACHA), as just discussed, supra, the Kansas Supreme Court held that the UCC did not apply to electronic ACH debit transactions. See Sinclair Oil Corp., 869 P.2d at 680-81. Once back in the federal court, the federal court noted that because the Kansas Supreme Court had held that the UCC does not apply to electronic debits, plaintiff was not claiming “any statutory authority governing return of the electronic debit items.” Sinclair Oil Corp. v. Sylvan Bank, 894 F. Supp. 1470, 1476 (D. Kan. 1995). The federal court, however, held that plaintiff could recover against defendant bank directly under the NACHA rules for the defendant bank’s failure to meet the NACHA deadlines if plaintiff could prove that it was a party to the NACHA rules by way of its agreement with its bank. Because the UCC provision in Sinclair did not really give the plaintiff any additional benefit than that received by direct application of the NACHA rules, the court did not need to reach Rule § 13.1.20’s incorporation of Article 4.

Here, as in Sinclair, Saks seek to recover from Security First directly under the NACHA rules for breach of Security First’s promise to transmit only authorized entries. Because the court concludes that it can state such a claim, it need not reach the question of what effect § 13.1.20’s incorporation of UCC warranties would have. To apply two warranties, though not necessarily inconsistent, would appear to be duplicative.9 Thus, the court dismisses Saks’ UCC claims.

* * * *

6 Security First notes that NACHA rules require only the Originator to enter into a contract with the ODFI to be bound by the NACHA rules, NACHA Operating Rule § 2.1.1, and there is no such requirement for the Receiver. Security First does not, however, argue that the Receiver, Saks, could not have voluntarily agreed to be bound by the rules by way of an agreement with its bank.

7 Although not raised by Saks, it would seem Saks could also rely on a breach of § 2.1, “Origination of Entries,” specifically subsection 2.1.2 requiring the Receiver’s authorization (“The following must occur before an Originator may initiate the first credit or debit entry to a Receiver or to a Receiver’s account with an RDFI: * * * The Receiver has authorized the Originator to initiate the entry to the Receiver’s account.”). If, as the parties concede, the NACHA rules are a contract, and one of the contract provisions is that a condition for origination is the Receiver’s authorization, if the entry is not authorized by the Receiver, as here, a plaintiff could make a claim for breach of contract for this provision presumably against any of the parties to the transaction under the NACHA rules. Then, of course, the allocation of risk of loss is as set by NACHA Operating Rule, § 2.2.3.

9 Section 13.1.20, in short, says that a debit entry means an item for purposes of Article 4, and Article 4 protections are incorporated into the parties’ agreement unless they are inconsistent with NACHA rules. Either the Article 4 provision is (1) consistent with NACHA rules, in which case it is superfluous, (2) inconsistent, in which case it does not apply, or (3) fills a void in the NACHA rules, in which case it does apply. Thus, the court agrees with Security First that § 13.1.20 appears to be a gap-filler, providing a remedy where there are no applicable NACHA rules and the application would not be inconsistent with other NACHA rules.