Essilor Int'l SAS v. J.P. Morgan Chase Bank

Full title: ESSILOR INTERNATIONAL SAS and ESSILOR MANUFACTURING THAILAND CO., LTD.…

Court: United States District Court, S.D. New York

Date published: Jan 4, 2023

650 F. Supp. 3d 62 (S.D.N.Y. 2023)

Opinion

22-cv-3361 (LJL)

2023-01-04

ESSILOR INTERNATIONAL SAS and Essilor Manufacturing (Thailand) Co., Ltd., Plaintiffs, v. J.P. MORGAN CHASE BANK, N.A., Defendant.

Ariel Moore, Steven Sanford Fitzgerald, William Andrew Maher, Wollmuth Maher & Deutsch LLP, New York, NY, for Plaintiff Essilor International SAS. Ariel Moore, Randall R. Rainer, Steven Sanford Fitzgerald, William Andrew Maher, Wollmuth Maher & Deutsch LLP, New York, NY, for Plaintiff Essilor Manufacturing (Thailand) Co., Ltd. Alan Schoenfeld, Wilmer Cutler Pickering Hale & Dorr LLP, New York, NY, Margarita Maria Botero, Wilmer Cutler Pickering Hale & Dorr LLP, Denver, CO, for Defendant.

LEWIS J. LIMAN, United States District Judge

Ariel Moore, Steven Sanford Fitzgerald, William Andrew Maher, Wollmuth Maher & Deutsch LLP, New York, NY, for Plaintiff Essilor International SAS. Ariel Moore, Randall R. Rainer, Steven Sanford Fitzgerald, William Andrew Maher, Wollmuth Maher & Deutsch LLP, New York, NY, for Plaintiff Essilor Manufacturing (Thailand) Co., Ltd. Alan Schoenfeld, Wilmer Cutler Pickering Hale & Dorr LLP, New York, NY, Margarita Maria Botero, Wilmer Cutler Pickering Hale & Dorr LLP, Denver, CO, for Defendant.

OPINION AND ORDER

LEWIS J. LIMAN, United States District Judge:

Defendant J.P. Morgan Chase Bank, N.A. ("JP Morgan" or "Defendant") moves to dismiss the complaint against it pursuant to Federal Rule of Civil Procedure 12(b)(6). Dkt. No. 18. For the following reasons, Defendant's motion to dismiss is granted in part and denied in part.

BACKGROUND

The Court accepts as true for purposes of this motion the well-pleaded factual allegations of the complaint, Dkt. No. 1 ("Complaint"), and the documents incorporated by reference therein.

This case arises out of a complex fraud orchestrated against plaintiffs Essilor International SAS ("Essilor") and Essilor Manufacturing (Thailand) Co., Ltd. ("EMTC," and, together with Essilor, "Plaintiffs") from mid-September 2019 through mid-December 2019 by a group of international cybercriminals. Dkt. No. 1 ¶ 1. The scheme resulted in the transfer of approximately $272 million from an account in the name of EMTC maintained at a New York, New York branch of JP Morgan. Id. ¶ 2. As of April 25, 2022, Plaintiffs were able to recover approximately $172 million, but have been unable to recover approximately $100 million. See id.

Essilor is a French simplified joint-stock company with its principal place of business in Charenton-le Pont, France. Id. ¶ 11. It is one of three main subsidiaries of EssilorLuxottica SA, the world's leading ophthalmic company. Id. EMTC, a wholly owned subsidiary of Essilor, is a Thai limited company with its principal place of business in Bangkok, Thailand. Id. ¶ 12. EMTC operates a manufacturing plant in Thailand. Id. EMTC has a U.S. bank account with JP Morgan, a national banking association; EMTC uses this account to purchase supplies and conduct other transactions in U.S. dollars. Id. ¶¶ 12-13.

EMTC and Essilor both had long-standing relationships with JP Morgan. Id. ¶ 16. Although long in allegations about the fraud and the red flags that allegedly accompanied it, the Complaint is short on allegations about the nature and timing of the relationships of each of EMTC and Essilor with JP Morgan. As noted, Plaintiffs allege that EMTC had an account at a JP Morgan branch located in New York, New York (the "NY Account"). Id. Plaintiffs also allege that a "broader cash management system . . . was put in place in [March] 2017 involving EMTC and other Essilor subsidiaries." Id. ¶ 53; see also id. ¶ 16. The cash management system ("Cash Management System") ensured that EMTC and other affiliates had sufficient funds to operate. Id. ¶ 27. JP Morgan permitted overdrafts, subject to a daily limit; JP Morgan would settle negative balances through the daily cash sweeping process. Id. If the balance of any affiliate's account was negative, proceeds would be "swept down" from Essilor at the end of each day, while positive balances would be "swept up" to Essilor. Id. As a result, the account of each affiliate would begin each day with a balance of $0. Id. The Complaint alleges that the NY Account was opened pursuant to the Cash Management System, presumably also in March 2017. See id. ¶¶ 16, 27, 53.

The parties have submitted a number of documents that each claims constitutes the relevant agreements between JP Morgan and Plaintiffs. Defendant has submitted a declaration from Siriwan Premplumjit, a Vice President and Client Services Manager at JPMorgan Chase Bank, N.A.-Bangkok Branch and the dedicated client suite manager for EMTC (the "Premplumjit Declaration"), declaring that EMTC's JP Morgan account was opened in September 2015 and was governed by a set of account terms ("EMTC Account Terms"). See Dkt. No. 20 ¶¶ 3-5. The EMTC Account Terms give "[e]ach Authorized Person . . . , subject to any written limitation provided by [EMTC] and received and accepted by [JP Morgan]," the authority to "give instructions [ ], including requests and payment orders, by means other than the signing of an [i]tem, with respect to any Account transaction . . . ." Dkt. No. 20-2 § 1.2. Authorized Person is defined as "a person authorized to act on behalf of [EMTC] . . . with respect to the Accounts and Services." Id. § 1.1. The EMTC Account Terms also provide that "[w]hen issuing instructions, [EMTC] is required to follow [JP Morgan]'s security procedures as communicated to [EMTC] by [JP Morgan] from time to time," and that "[u]pon receipt of an instruction, [JP Morgan] will use the security procedures to verify that the instruction is effective as that of [EMTC]." Id. § 2.1. The EMTC Account Terms further state: "It is understood that the purpose of the security procedure is to verify the authenticity of, and not to detect errors in, [i]nstructions." Id. The EMTC Account Terms impose a two-year statute of limitations for claims in connection with any account. Id. § 16.2 ("Any claim in connection with any Account or Service, unless a shorter period of time is expressly provided, must be brought against [JP Morgan] within two (2) years of the occurrence of the event giving rise to the claim, except as prohibited by applicable law.").

Plaintiffs contest that the EMTC Account Terms apply to the NY Account. In support of its contention, Plaintiffs have submitted copies of two contracts entitled "US Cash Concentration Service Terms (Multi Entity)." Dkt. Nos. 29-1, 29-2. The first agreement, effective March 10, 2017, is between JP Morgan and a number of Essilor-affiliated customers, including EMTC, for cash concentration services. See Dkt. No. 29-1 §§ 1, 4(a). It requires JP Morgan to transfer funds to and from a list of customer accounts identified in an attached schedule in accordance with certain instructions and selections agreed to by JP Morgan and the customers. Id. § 1 & Sch. A. Schedule A identifies Essidev SASU ("Essidev") as the "Master Customer," identifies an EMTC account (number 496591988) as a "participating account," permits overdrafts among the participating accounts, and indicates that intercompany reporting services were not requested in connection with the cash concentration services. See id. Sch. A & nn.2, 5, 15. The second agreement, which is undated, mirrors the first, but lists Essilor as the "Master Customer" and Essidev as the only "participating account."¹ See Dkt. No. 29-2, Sch. A. Schedule A also permits overdrafts between the participating accounts and indicates that intercompany reporting services were not requested in connection with the cash concentration services. Id. Sch. A & n. 15. EMTC is not identified as a party to this contract. Plaintiffs have also submitted a set of account terms between JP Morgan and Essidev ("Essidev Account Terms"). See Dkt. No. 29-3. The Essidev Account Terms are similar to the EMTC Account Terms, except the statute of limitations is three years. Id. § 16.2.

1 The relationship between Essidev and Essilor is not entirely clear based on the information provided by Plaintiffs. In Plaintiffs' memorandum of law in opposition to JP Morgan's motion to dismiss, Plaintiffs suggest that Essidev is "Essilor's predecessor." See Dkt. No. 28 at 9. However, Essilor's relationship to the Cash Management System is through this separate agreement, which lists the Essidev account, the master account in the agreement to which EMTC is a party, as a participating account. Compare Dkt. No. 29-1 Sch. A (listing Essidev Account 826175593 as the "Master Customer Account"), with Dkt. No. 29-2 Sch. A (listing Essidev Account 826175593 as a "Customer Account"). Through the operation of these two agreements, it is possible that Essilor was integrated into a broader cash concentration system with Essidev and EMTC; Essilor would daily sweep money from Essidev's account through the operation of the agreement provided to the Court at Dkt. No. 29-2, which in turn would daily sweep money from EMTC's account through the operation of the agreement provided to the Court at Dkt. No. 29-1. But the Court struggles to see how Essidev is the "predecessor" to Essilor. If Essidev were a true predecessor to Essilor, then Essilor would have stepped into the shoes of Essidev, not have been integrated into the Cash Management System through a separate agreement.

Plaintiffs allege that from mid-September 2019 until mid-December 2019 (the "Fraudulent Period"), approximately 243 fraudulent payments were made from EMTC's NY Account, resulting in the fraudulent transfer of approximately $272,151,000. Dkt. No. 1 ¶ 17. This fraud was accomplished with the active assistance of a then-EMTC employee, Chamanun Phetporee ("Phetporee"). Id. ¶ 18. JP Morgan's security protocol involved a two-step verification process for the NY Account. Id. ¶ 41. First, the "maker" would initiate a payment order. Id. Two separate "approvers" would then have to approve the payment order before it was executed. Id. Phetporee was authorized to provide the first approval. Id. ¶ 19. To obtain the required second approval, Phetporee misappropriated the credentials of the designated second approver. Id. The nature of the transactions from EMTC's NY Account differed markedly during the Fraudulent Period from their nature prior to that period. Id. ¶ 32. During the period prior to September 2019, the average total dollar value of transfers per month was less than $15 million. Id. ¶ 33. In October 2019, approximately $33,222,000 was transferred from the NY Account. Id. The average increased to $119,354,000 in November 2019 and $140,117,000 in December 2019. Id. Similarly, the number of monthly payment orders from the NY Account doubled after September 2019. Id. ¶ 34. In 2017, there was an average of thirty-two payment orders per month from the NY Account. Id. In 2018, there was an average of fifty-four payment orders per month from the NY Account. Id. And between January and August 2019, there was an average of fifty-six payment orders per month from the NY Account. Id. In contrast, during the three-month period from October 2019 through December 2019, there was an average of 102 payment orders from the NY Account, with over a hundred payment orders made in each of October, November, and December 2019. Id.

Plaintiffs allege that, based on JP Morgan's communications, they "reasonably understood that [JP Morgan] would monitor the NY Account" for this type of fraudulent activity. Id. ¶ 22. Plaintiffs point to both JP Morgan's legal and contractual obligations. Plaintiffs specifically point to a section of JP Morgan's website, which describes the company's anti-money laundering efforts designed to comply with "laws and regulations in the U.S." Id. Based on this portion of the website, Plaintiffs claim that JP Morgan "was required to monitor EMTC's account activity . . . [and] to develop an understanding of EMTC's business sufficient to assess whether transactions were suspicious." Id. ¶ 23. Plaintiffs highlight Section 17.5 of, presumably, the Essidev Account Terms, which states, in relevant part,

[JP Morgan] is required to act in accordance with [JP Morgan] policies, the laws and regulations of various jurisdictions relating to the prevention of money laundering and the implementation of sanctions, including but not limited to regulations issued by the U.S. Office of Foreign Assets Control . . . . Transaction screening may result in delays in the posting of transactions and/or funds availability.

Id. ¶ 24. And Section 17.15 indicates that JP Morgan might request additional information from EMTC to fulfill its "know your customer" requirements. Id. ¶ 25.

Plaintiffs also claim that JP Morgan had separate contractual obligations to monitor EMTC's account. In an email, JP Morgan described the overdraft limit process that was integrated into its Cash Management System:

intraday overdraft ("IDOD") limits will be set up, either to be shared by the participating entities or applied individually to each bank account participating in the cash pool. We will work closely with Essilor to determine the appropriate overdraft (intraday and overnight) limits required to support your daily transactional requirements. The usage of these lines will also be monitored on an ongoing basis to ensure that the limits

remain adequate to enable the efficient processing of your transactions.

Id. ¶ 27 (emphasis added). Plaintiffs claim that they asked JP Morgan in writing to institute a daily overdraft limit of $10 million for the NY Account and JP Morgan agreed to do so. Id. ¶ 28. As a result, Plaintiffs allege that JP Morgan "should have automatically blocked any transfers that exceeded the [daily overdraft limit] and contacted Plaintiffs" and that the daily overdraft limit "constituted a written instruction form EMTC and Essilor to block any daily transfers for the NY Account exceeding $10 million." Id.

Plaintiffs further allege that the types of payment orders issued during the Fraudulent Period were suspicious and should have alerted JP Morgan to the fraudulent activity. Id. ¶ 36. Prior to October 2019, most payment orders from the NY Account were for very specific amounts, which almost always included fractional dollars (i.e., cents). Id. In contrast, all of the fraudulent transfers were round-dollar payments orders. Id. Additionally, most of the beneficiaries of the payment orders prior to October 2019 were either recognizable businesses within the optical industry or subsidiaries of Essilor; from October 2019 through December 2019, the beneficiaries had names including Guangzhou Wendy Hair Products, Citgo Oil Trading LLC, Maskhoa Coffee Roast Limited, Dekwa Furniture Global, Wealthy Creation Asia Private Limited, and Charity Njabili, suggesting that they did not operate within the optical industry. Id. ¶ 37. These were not entities with which EMTC had previously transacted. Id. Further, transactions prior to the Fraudulent Period were almost exclusively transmitted through Citibank N.A., JP Morgan, Standard Chartered Bank, or HSBC Bank USA, N.A. Id. Transactions during the Fraudulent Period tended to be transmitted through small, regional banks located in Southeast Asia, including in China and other high-risk jurisdictions. Id. Plaintiff alleges that, 174 of the fraudulent transfers went to seventy-two entities "that were easily identifiable"—through Google searches or a review of incorporation documents—"as shell entities with no purpose except to facilitate fraud." Id. ¶ 38.

Plaintiffs allege there were other suspicious facts or red flags that should have alerted JP Morgan to the fraudulent transactions. For the three-year period prior to October 2019, the daily overdraft limit of $10 million was never exceeded. Id. ¶ 40. During the Fraudulent Period, however, the limit was exceeded on at least nine occasions. Id. Prior to October 2019 and for non-fraudulent transactions generally, the second approval in the two-step verification process did not take place for ten or more hours. Id. ¶ 41. However, for ninety-one of the fraudulent transfers, the second approval occurred less than 60 seconds after the first approval. Id. Additionally, during the Fraudulent Period, Phetporee recalled more than forty payment orders; prior to October 2019 only one order had been recalled. Id. ¶ 43. Finally, JP Morgan initially rejected at least twenty transfers during the Fraudulent Period due to errors in payment orders made by Phetporee. Id. Plaintiffs allege that had the red flags been reported to Essilor and EMTC, the fraud would have been detected in its early stages and Plaintiffs' losses could have been prevented. Id. ¶ 9; see also id. ¶ 43. In fact, Plaintiffs allege that it was JP Morgan's practice to flag suspicious transactions to Plaintiffs. For example, in 2019 JP Morgan sent two emails, one to an unnamed EMTC employee and another to Phetporee with the unnamed EMTC employee copied, requesting further details for a $500,000 payment. Id. ¶ 30. Additionally, on December 11, 2019, JP Morgan blocked an attempt by Essilor to transfer $19 million, which was not fraudulent, from its account without explanation. Id. ¶ 31.

Finally, Plaintiffs allege that Phetporee provided false quarterly reports of payment orders to a regulator, the Bank of Thailand. Id. ¶ 42. JP Morgan reviewed monthly reports before EMTC submitted these reports to the Bank of Thailand. Id. On October 21, 2019, Phetporee sent a monthly report to two JP Morgan employees that falsely represented that three transfers from the NY Account were made to another EMTC account maintained with JP Morgan in Bangkok. Id. The Complaint alleges that JP Morgan knew or should have known that the transfers were actually made to third parties and not to another EMTC account. Id.

Based on these allegations, the Complaint asserts three causes of action against JP Morgan: (1) failure to comply with Article 4-A of the New York Uniform Commercial Code (First Cause of Action), id. ¶¶ 44-51; (2) breach of contract (Second Cause of Action), id. ¶¶ 52-56; and (3) negligence (Third Cause of Action), id. ¶¶ 57-60.

PROCEDURAL HISTORY

Plaintiffs filed their Complaint on April 25, 2022. Dkt. No. 1. On July 15, 2022, Defendant filed a motion to dismiss, along with a supporting memorandum of law and two supporting declarations. Dkt. Nos. 18-21. On September 9, 2022, Plaintiffs filed a memorandum of law in opposition to the motion to dismiss along with a supporting declaration and corrected exhibit to the supporting declaration. Dkt. Nos. 28-30. On September 30, 2022, Defendants filed a reply memorandum of law in further support of their motion. Dkt. No. 31. The Court heard oral argument on the motion on December 6, 2022. See Dkt. No. 39. At oral argument, the Court requested supplemental letter briefing on whether the EMTC Account Terms with the two-year statute of limitations should be considered integral to the Complaint and thus could be incorporated by reference into the Complaint. See December 6, 2022 Oral Argument Tr. ("Tr.") 67. Plaintiffs and Defendant submitted the supplemental letter briefing on December 13, 2022. Dkt. Nos. 37-38.

LEGAL STANDARD

To survive a motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(6) for failure to state a claim upon which relief can be granted, a complaint must include "sufficient factual matter, accepted as true, to 'state a claim to relief that is plausible on its face.' " Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (quoting Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007)). A complaint must offer more than "labels and conclusions," "a formulaic recitation of the elements of a cause of action," or "naked assertion[s]" devoid of "further factual enhancement." Twombly, 550 U.S. at 555, 557, 127 S.Ct. 1955. The ultimate question is whether "[a] claim has facial plausibility, [i.e.,] the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged." Iqbal, 556 U.S. at 678, 129 S.Ct. 1937. "Determining whether a complaint states a plausible claim for relief will . . . be a context-specific task that requires the reviewing court to draw on its judicial experience and common sense." Id. at 679, 129 S.Ct. 1937. Put another way, the plausibility requirement "calls for enough fact to raise a reasonable expectation that discovery will reveal evidence [supporting the claim]." Twombly, 550 U.S. at 556, 127 S.Ct. 1955; see also Matrixx Initiatives, Inc. v. Siracusano, 563 U.S. 27, 46, 131 S.Ct. 1309, 179 L.Ed.2d 398 (2011).

DISCUSSION

Defendant argues that the Complaint must be dismissed in full. First, it argues that EMTC's claims against JP Morgan are barred by the two-year statute of limitations in the EMTC Account Terms. See Dkt. No. 19 at 7-9. In the alternative, Defendant argues that EMTC's Uniform Commercial Code ("U.C.C.") claim fails because the payment orders were "authorized" within the meaning of the N.Y. U.C.C. and that Essilor cannot maintain a claim against JP Morgan under the N.Y. U.C.C. because it was not the "sender" of the payment orders and thus cannot obtain a refund. Id. at 11-17. Finally, Defendant argues that EMTC's common law claims are preempted by the N.Y. U.C.C., id. at 17-18, Plaintiffs' contract claims are inadequately pled, id. at 18-20, and Plaintiffs' negligence claims do not allege a legally cognizable duty independent of the contracts between Plaintiffs and JP Morgan, breach, or compensable damages, id. at 20-24.

The Court addresses each of Defendant's arguments in turn and holds that EMTC's N.Y. U.C.C. § 4-A-204(1) claim survives, but that Essilor's N.Y. U.C.C. § 4-A-204(1) and Plaintiffs' common-law claims must be dismissed.

I. Statute of Limitations

Defendant argues that EMTC's claims are time barred by the EMTC Account Terms, which provide that "[a]ny claim in connection with any Account or Service, unless a shorter period of time is expressly provided, must be brought against [JP Morgan] within two (2) years of the occurrence of the event giving rise to the claim, except as prohibited by applicable law." Dkt. No. 20-2 § 1.2; see Dkt. No. 19 at 7. The Complaint in this action was filed in April 2022, more than two years after the last payment order at issue. Defendant thus argues that Plaintiffs claims are time-barred. See Dkt. No. 19 at 8-9. Plaintiffs counter, in part, that the parties cannot, under Article 4-A of the N.Y. U.C.C., contractually modify the statute of limitations period for seeking a refund because Section 4-A-204(2) provides that "the obligation of a receiving bank to refund payment as stated in subsection (b) may not . . . be varied by agreement." Dkt. No. 28 at 10.

Before deciding whether the parties are permitted to modify the contractual statute of limitations period, the Court must decide whether the EMTC Account Terms and its two-year statute of limitations can be considered on a motion to dismiss. Defendant argues that the EMTC Account Terms can be considered at the motion to dismiss stage because they are "both integral to Plaintiffs' claims and incorporated by reference" therein. See Dkt. No. 37 at 1. Specifically, Defendant contends that EMTC's status as a JP Morgan customer is integral to each of Plaintiffs' claims. See Dkt. No. 37 at 1-3. Plaintiffs counter that the EMTC Account Terms should not be considered at the motion to dismiss stage because "the Complaint does not reference" the EMTC Account Terms, Plaintiffs' claims are not reliant on the EMTC Account Terms, and there are factual issues surrounding the authenticity and continued force of the EMTC Account Terms. See Dkt. No. 38.

As an initial matter, the fact that the Complaint does not specifically reference the EMTC Account Terms is wholly irrelevant. " '[W]hen a plaintiff chooses not to attach to the complaint or incorporate by reference a [document] upon which it solely relies and is integral to the complaint,' the court may nevertheless take the document into consideration in deciding the defendant's motion to dismiss, without converting the proceeding to one for summary judgment." Int'l Audiotext Network, Inc. v. Am. Tel. & Tel. Co., 62 F.3d 69, 72 (2d Cir. 1995) (quoting Cortec Indus., Inv. v. Sum Holding, 949 F.2d 42, 47-48 (2d Cir. 1991)). "As a necessary corollary to the foregoing principles, a plaintiff cannot avoid judicial consideration of a document upon which it bases its complaint by the expedient refusal to attach it to the pleading or refer to it in haec verba." Bongiorno v. Baquet, 2021 WL 4311169, at *10 (S.D.N.Y. Sept. 20, 2021). "Where a plaintiff has 'reli[ed] on the terms and effect of a document in drafting the complaint,' and that document is thus 'integral to the complaint,' we may consider its contents even if it is not formally incorporated by reference." Broder v. Cablevision Sys. Corp., 418 F.3d 187, 196 (2d Cir. 2005) (alteration in original). "Th[is] exception thus prevents plaintiffs from generating complaints invulnerable to Rule 12(b)(6) simply by clever drafting." Glob. Network Commc'ns, Inc. v. City of New York, 458 F.3d 150, 157 (2d Cir. 2006) (citation omitted).

However, "[e]ven where a document is considered integral to the complaint, it must be clear on the record that no dispute exists regarding the authenticity or accuracy of the document. It must also be clear that there exist[s] no material disputed issues of fact regarding the relevance of the document." Nicosia v. Amazon.com, Inc., 834 F.3d 220, 231 (2d Cir. 2016) (internal quotation marks and citations omitted). "Indeed, evidentiary uncertainty is a primary reason why courts have refused to consider such submissions at the pleadings stage." Ong v. Chipotle Mexican Grill, Inc., 294 F. Supp. 3d 199, 224 (S.D.N.Y. 2018). This requirement—that there be "no dispute" as to the authenticity, accuracy, or relevance of the document—has been strictly interpreted by courts in this Circuit. See Mbody Minimally Invasive Surgery, P.C. v. United Healthcare Ins. Co., 2016 WL 4382709, at *7 (S.D.N.Y. Aug. 16, 2016); see also Savides v. United Healthcare Servs., Inc., 2019 WL 1173008, at *2 (S.D.N.Y. Mar. 13, 2019) (collecting cases). "[E]ven implicit, conclusory, contradictory, or implausible objections to the authenticity or accuracy of a document render consideration impermissible." Mbody Minimally Invasive Surgery, P.C., 2016 WL 4382709, at *7 (quoting UPS Store, Inc. v. Hagan, 99 F. Supp. 3d 426, 435 (S.D.N.Y. 2015)); see also Barberan v. Nationpoint, 706 F. Supp. 2d 408, 416 n.4 (S.D.N.Y. 2010) ("[W]hile Plaintiffs' attempt to slalom their way through these documents may not be well-founded, and while Plaintiffs may face a rocky road in thwarting Defendants' inevitable summary judgment motion, the Court will apply [Second Circuit precedent] and decline to consider these documents at this time.").

Here, Plaintiffs raise sufficient challenges to the authenticity and continued relevance of the EMTC Account Terms, both in its briefing and at oral argument, to prevent the Court from considering the EMTC Account Terms at the motion-to-dismiss stage. Plaintiffs dispute the authenticity of the EMTC Account Terms. The Premplumjit Declaration states that the EMTC Account Terms were sent to EMTC and a signed acceptance letter showing EMTC's "receipt and acceptance of the Account Terms" was returned to JP Morgan. Dkt. No. 20 ¶¶ 3-4. Plaintiffs, however, argue that they never received the EMTC Account Terms and thus cannot be bound by them. See Dkt. No. 38 at 3 ("Based upon a good faith search, EMTC does not have the purported [account terms] in its files, and thus disputes having ever received them."); Tr. 31 ("My position is that we never got [the EMTC Account Terms]."). They also question the authenticity of the signature included in the Premplumjit Declaration as it applies to the EMTC Account Terms. See Dkt. No. 28 at 7-8; Tr. 37-38. There is thus an issue of fact as to whether the EMTC Account Terms are authentic as applied to Plaintiffs and thus binding on them. See Starke v. SquareTrade, Inc., 913 F.3d 279, 289 (2d Cir. 2019) (noting under New York law that offeree must be on at least inquiry notice of contract terms to be bound by them).

Plaintiffs also question the relevance of the EMTC Account Terms. In their supplemental briefing, Plaintiffs assert that "in 2017, JPMC and Essilor negotiated a set of account terms to apply to all of Essilor's affiliates, including EMTC, that contains a three-year contractual statute of limitations, when they negotiated the Cash Concentration Service Terms." Dkt. No. 38 at 3; see also Dkt. No. 28 at 9. Plaintiffs thus suggest that, even if the EMTC Account Terms were received and accepted by EMTC, they were no longer relevant by 2019 when the fraudulent transactions occurred.² See Structured Asset Sales, LLC v. Sheeran, 2021 WL 1199495, at *10 (S.D.N.Y. Mar. 30, 2021) ("Where, as here, there are material disputes of fact regarding the relevance of a document, the Court should not rely on that document as a basis for dismissal."); Pearce v. Manhattan Ensemble Theater, Inc., 528 F. Supp. 2d 175, 179 (S.D.N.Y. 2007) (refusing to consider agreement at motion to dismiss stage when "the parties disagree about whether and how the draft agreement relates to their relationship").

2 Plaintiffs have not provided the Court with the account terms that they claim novated any previous EMTC agreement. Plaintiffs submitted account terms entered into between Essidev and JP Morgan. See Dkt. No. 29-3. The Essidev Account Terms contain a provision stating that they "supersede and replace any other account conditions previously sent to the [c]ustomer." Id. § 17.3. However, this contract, only applies to Essidev, not EMTC. See Analect LLC v. Fifth Third Bancorp, 380 F. App'x 54, 56 (2d Cir. 2010) (noting that parent and subsidiary are "legally distinct entities and a contract under the corporate name of one is not treated as that of both"). At this stage, it is sufficient that Plaintiffs have represented to the Court that the EMTC Account Terms are no longer relevant, if they ever were. See Mbody Minimally Invasive Surgery, P.C. 2016 WL 4382709, at *7.

The Court thus declines to consider the EMTC Account Terms at the motion-to-dismiss stage and thus will not dismiss the Complaint as time barred. See Banca Commerciale Italiana v. N. Tr. Int'l Banking Corp., 160 F.3d 90, 93-95 (2d Cir. 1998) (holding that Article 4-A claims are governed by a three-year statute of limitations period). Because the Court declines to consider the EMTC Account Terms, it will not address whether, if the EMTC Account Terms were admissible at this stage, the parties were permitted to vary the statute of limitations by agreement.

II. N.Y. U.C.C. Claim

Defendant argues that both Essilor's and EMTC's N.Y. U.C.C. § 4-A-204(1) claims fail. The Court addresses each in turn and finds that, while Essilor's N.Y. U.C.C. § 4-A-204(1) claim fails as a matter of law, EMTC's presents a question of fact that cannot be decided at the motion-to-dismiss stage.

A. Statutory Overview

"Article 4-A of the UCC governs the procedures, rights, and liabilities arising out of commercial electronic funds transfers." Grain Traders, Inc. v. Citibank, N.A., 160 F.3d 97, 100 (2d Cir. 1998). Article 4-A was adopted because "attempts to define rights and obligations in funds transfers by general principles or by analogy to rights and obligations in negotiable instrument law or the law of check collection have not been satisfactory." N.Y. U.C.C. § 4-A-102 (cmt.). As a result, the National Conference of Commissioners on Uniform State Laws and the American Law Institute drafted Article 4-A, which was adopted by the New York legislature in 1990 and became effective on January 1, 1991. See Banque Worms v. BankAmerica Int'l, 77 N.Y.2d 362, 568 N.Y.S.2d 541, 570 N.E.2d 189, 194-95 (N.Y. 1991). Notably, the drafters of Article 4-A "use[d] precise and detailed rules to assign responsibility, define behavioral norms, allocate risks and establish limits on liability, rather than to rely on broadly stated, flexible principles." N.Y. U.C.C. § 4-A-102 (cmt.).

This precise language is reflected in the definitions provided in Article 4-A. See id. §§ 4-A-103-105. A "payment order" is defined as "an instruction of a sender to a receiving bank, transmitted orally, electronically, or in writing, to pay, or to cause another bank to pay, a fixed or determinable amount of money to a beneficiary." Id. § 4-A-103(1)(a). In turn, a "sender" is defined as "the person giving the instruction to the receiving bank," id. § 4-A-103(1)(e), and the "receiving bank" is defined as "the bank to which sender's instruction is addressed," id. § 4-A-103(1)(d). A "customer" in contrast, "means a person, including a bank, having an account with a bank or from whom a bank has agreed to receive payment orders." Id. § 4-A-105(1)(c). "Person" is undefined in Article 4-A but is defined in N.Y. U.C.C. Section 1-201 to include "an individual . . . or any other legal or commercial entity." N.Y. U.C.C. § 1-201(b)(27); see N.Y. U.C.C. § 1-201(a) ("Unless the context otherwise requires, words or phrases defined in this section, or in the additional definitions contained in other articles of this act that apply to particular articles or parts thereof, have the meanings stated.").

Whether the bank or customer bears the risk of loss for a fraudulent wire transfer is determined by the interlocking provisions of Sections 4-A-202, 4-A-203, and 4-A-204. Section 4-A-204(1)(a) provides that "[i]f a receiving bank accepts a payment order issued in the name of its customer as sender which is [ ] not authorized and not effective as the order of the customer under Section 4-A-202 . . . the bank shall refund any payment of the payment order received from the customer." N.Y. U.C.C. § 4-A-201(a) (emphasis added). For the bank's refund obligations to be triggered under Section 4-A-204(1)(a), then, the payment order must be both not authorized and not effective; if it is authorized or if it is effective, there is no refund obligation. In turn, Section 4-A-202 defines "authorized" and "effective." A payment order can be "authorized" in one of two ways. First, a "payment order received by the receiving bank is the authorized order of the person identified as sender if that person authorized the order." Id. § 4-A-202(1) (emphasis added). Second, the payment order is authorized if "the person identified as sender . . . is otherwise bound by it under the law of agency." Id. A "payment order received by the receiving bank is effective as the order of the customer" if "a bank and its customer have agreed that the authenticity of payment orders issued to the bank in the name of the customer as sender will be verified pursuant to a security procedure," and that security procedure is both "commercially reasonable" and "the bank proves that it accepted the payment order in good faith and in compliance with the security procedure and any written agreement or instruction of the customer restricting acceptance of payment orders issued in the name of the customer." Id. § 4-A-202(2) (emphasis added). A "security procedure" is a "procedure established by agreement of a customer and a receiving bank for the purpose of [ ] verifying that a payment order or communication amending or cancelling a payment order is that of the customer." Id. § 4-A-201.

If a payment order is not authorized under Section 4-A-202(1), but is effective under Section 4-A-202(2), Section 4-A-203(1) limits the circumstances under which a bank is entitled to enforce payment (i.e., demand payment) of a payment order. See id. § 4-A-203(1)(a)-(b); see also id. § 4-A-204 (provided that a customer is entitled to a refund if the payment order is "not enforceable, in whole or in part, against the customer under Section 4-A-203"). First, the receiving bank may by "express written agreement" limit the circumstances under which it is entitled to enforce payment. Id. § 4-A-203(1)(a). Second, the customer is entitled to a refund if it can demonstrate that it was not at fault for the fraudulent payment order. Id. § 4-A-203(1)(b). As Section 203(1)(b) establishes,

The receiving bank is not entitled to enforce or retain payment of the payment order if the customer proves that the order was not caused, directly or indirectly, by a person (i) entrusted at any time with duties to act for the customer with respect to payment orders or the security procedure, or (ii) who obtained access to transmitting facilities of the customer or who obtained, from a source controlled by the customer and without authority of the receiving bank, information facilitating breach of the security procedure, regardless of how the information was obtained or whether the customer was at fault.

Id.

B. Essilor's N.Y. U.C.C. § 4-A-204(1) Claim

As discussed above, a receiving bank must "refund any payment of the payment order received from the customer" "[i]f a receiving bank accepts a payment order issued in the name of its customer as sender which is" neither authorized nor effective. Id. § 4-A-204(1)(a). Defendant argues that Essilor cannot sustain a claim under N.Y. U.C.C. § 4-A-204(1), because the Complaint fails to allege that Essilor was the "sender" of the payment orders. Dkt. No. 19 at 11-12. Plaintiffs counter that it is a question of fact whether Essilor is entitled to a refund under N.Y. U.C.C. § 4-A-204(1). Dkt. No. 28 at 19. The Court disagrees.

Section 4-A-204(1) establishes that only the customer who issued the payment order is entitled to a refund from the receiving bank. Section 4-A-204(1) is only triggered when the "receiving bank accepts a payment order issued in the name of its customer as sender." In turn, Section 4-A-204(1) limits the party entitled to a refund to "the customer" (i.e., the customer as sender). As a result, Essilor must have been the "sender"—that is, "the person giving the instruction to the receiving bank," id. § 4-A-103(1)(e)—to have standing under Section 4-A-204(1). The Complaint makes no allegations that any of the fraudulent wire transfers were initiated by Essilor. Rather, it suggests that each of the fraudulent payments came from an EMTC account, see Dkt. No. 1 ¶ 17 (alleging that, during the Fraudulent Period, "international cybercriminals caused EMTC to make approximately 243 fraudulent payments resulting in the transfer of approximately $272,151,000 out of the NY Account"), and that each fraudulent payment order was initiated using EMTC's security procedure, see Dkt. No. 1 ¶ 19 (describing the security procedure to approve EMTC payment orders and suggesting that each fraudulent payment order went through this process). Thus, absent allegations that Essilor was the sender of any of the payment orders, Essilor's N.Y. U.C.C. § 204(1) claim cannot stand.

Plaintiffs' argument that the Cash Management System creates "an issue of fact as to whether Essilor or EMTC provided 'payment of the payment order,' or both provided payment jointly and Plaintiffs should be permitted to pursue this claim jointly" is unavailing. Dkt. No. 28 at 19. Which party provided "payment of the payment order" is not determinative of the party entitled to a refund. It is the party's status as the sender that entitles that party to a refund, and Plaintiffs have not pled sufficient allegations to establish that Essilor was a sender of any of the fraudulent payment orders.³

3 Additionally, Plaintiffs have not alleged facts to support that Essilor provided payment of any of the payment orders. First, it is possible that the EMTC account had sufficient funds to cover at least some of the fraudulent wire transfers in full. Second, based on the agreements provided to the Court, and as described above, see supra p. 4 n.1, it appears that the Cash Management System operated in the following way: Essidev's account would sweep excess and insufficient funds from and to EMTC's account daily and in turn, Essilor's account would sweep excess and insufficient funds from and to Essilor's account daily. See Dkt. Nos. 29-1, 29-2. Thus, it is entirely possible that the Essidev account could have fully funded any EMTC overdrafts without involvement of the Essilor account. In such situation, Essilor could not have paid any of the payment orders, directly or indirectly. In fact, Plaintiffs have pled no facts that suggest Essilor paid any of the fraudulent payment orders.

The nature of the Cash Management System established between Essilor and JP Morgan does not support Essilor's Article 4-A claim. The Cash Management System maintained a zero cash balance in EMTC's account by, each day, sweeping excess funds from EMTC's account to Essilor's and filling any shortfalls in EMTC's account by sweeping funds down from Essilor's. See Dkt. No. 1 ¶ 27. Article 4-A, however, only governs "funds transfer[s] . . . commonly referred to in the commercial community as a wholesale wire transfer . . . a unique method of payment to be governed by unique rules that address the particular issues raised by this method of payment." N.Y. U.C.C. § 4-A-102 (cmt.); see also Grain Traders, Inc., 160 F.3d at 100. The Cash Management System agreement, see Dkt. No. 29-1 ("Cash Management System Agreement"), does not establish, and Plaintiffs do not allege, that the intercompany payments between EMTC's and Essilor's accounts were initiated through a series of payment orders and thus would constitute wire transfers governed by Article 4-A. See N.Y. U.C.C. Law § 4-A-104(1) (" 'Funds transfer' means the series of transactions, beginning with the originator's payment order, made for the purpose of making payment to the beneficiary of the order." (emphasis added)).

C. EMTC's N.Y. U.C.C. § 4-A-204(1) Claim

Defendant argues that EMTC's N.Y. U.C.C. § 4-A-204(1) claim fails, because EMTC "authorized" each of the fraudulent payment orders. See Dkt. No. 18 at 11-17.⁴ Because most payment orders are initiated through electronic messages, it is impossible to determine the identity of the person initiating the payment order. Id. at 13. Banks thus rely upon security procedures to determine whether a payment order is authorized; Defendant argues that "the person identified as sender . . . authorized the order" under Section 4-A-202(1) if the payment order is "tested" pursuant to agreed upon security procedures and the payment order passes that test. See id. 13-14. It is irrelevant for authorization purposes, according to Defendant, whether the security procedures were compromised; what matters is that the payment orders were issued pursuant to the agreed upon security procedures. See id. 14-15. In this context, EMTC "authorized" the wire transfers, even if Phetporee misappropriated his colleague's credentials, because JP Morgan received two approvals for each wire transfer and, as a result, each wire transfer was made pursuant to the agreed upon security procedure. Id. ("[R]eceipt by [JP Morgan] of the two approvals [one, from Phetporee, and the other, from Phetporee's 'colleague,' whose credentials Phetporee misappropriated] fully satisfied the dual-approver [security] procedure agreed to by EMTC and [JP Morgan]—thereby confirming that the wires were in fact initiated and authorized by EMTC."). This argument fails to persuade the Court that EMTC authorized the fraudulent payment orders within the meaning of the N.Y. U.C.C. and thus that Defendant is entitled to an order of dismissal.

4 Defendant notes, as the language of N.Y. U.C.C. Section 4-A-204(1) makes clear, that Plaintiffs are not entitled to a refund of the fraudulent payment orders if the payment orders were either authorized or effective under Section 4-A-202. See Dkt. No. 31 at 6. Thus, Defendant "expressly disclaim[s] for the purposes of this motion only that [the payment orders] were also 'effective.' " Id.; see Dkt. No. 19 at 12 ("Accordingly, the Court need not analyze on this motion whether the payment orders were also 'effective.' "). Further, as described above, supra II.A, there are two ways that a payment order can be "authorized" under Section 4-A-202(1): "the person identified as sender . . . authorized the order" or the person "is otherwise bound by it under the law of agency." N.Y. U.C.C. § 4-A-202(1). Defendant also "expressly disclaim[s] for purposes of this motion only any reliance on Phetporee's agency (i.e., the second way of establishing authority)." Dkt. No. 31 at 6 (cleaned up). As a result, the only issue on this motion to dismiss is whether "the person identified as sender . . . authorized the order." See id.

"[O]ne of the most basic interpretive canons[ is] that a statute should be construed so that effect is given to all its provisions, so that no part will be inoperative or superfluous, void or insignificant." Corley v. United States, 556 U.S. 303, 314, 129 S.Ct. 1558, 173 L.Ed.2d 443, (2009) (internal quotation marks and citation omitted and alteration accepted); see Mary Jo C. v. New York State & Loc. Ret. Sys., 707 F.3d 144, 156 (2d Cir. 2013). Defendant's interpretation of Section 4-A-202(1) reads "effective[ness]" out of Article 4-A. Section 4-A-202(2) sets forth two necessary preconditions for a security procedure to be deemed "effective." First, the security procedure must be "commercially reasonable." N.Y. U.C.C. § 4-A-202(2)(a). Second, the bank must have acted "in good faith" and "in compliance with the security procedure and any [other] written agreement or instruction." Id. § 4-A-202(2)(b). In contrast, Defendant's interpretation of "authorized" only requires that the payment order be verified according to the agreed upon security procedure, irrespective of the commercial reasonableness of the security procedure or the receiving bank's good faith. See Dkt. No. 19 at 14 ("[E]lectronic wire transfers are authorized within the meaning of § 4-A-202(1) if bank customers issue them in compliance with security procedures that certify users." (internal quotation marks and citation omitted) (cleaned up)). Under Defendant's reading of the statute, Section 4-A-202(2)'s additional requirements would become superfluous. Because Section 4-A-204(1)(a) requires that a payment order be both not authorized and not effective for the payment order to be refunded, a bank would only need to demonstrate that a security procedure existed and the payment order was issued pursuant to that procedure; it would never need to meet the stricter requirements of Section 4-A-202(2). As a result, there would be no incentive for a bank to provide its customers with commercially reasonable security procedures, to act in good faith, or to comply with its customers' other written instructions. See id. § 4-A-202(2). Stated differently, Section 4-A-202(2) would not lose any meaning under this interpretation if the requirements that the payment order also be "not effective as the order of the customer under Section 4-A-202" were excised from the statute.

Defendant's interpretation of "authorized" would also make Section 4-A-203 superfluous. Section 4-A-203 further limits the circumstances under which an accepted payment order is "effective," but only applies to an accepted payment order that is "not, under subsection (1) of Section 4-A-202, an authorized order of a customer identified as sender, but is effective." N.Y. U.C.C. § 4-A-203(1). The effect of Section 4-A-203 is to render the customer responsible for an unauthorized payment order when an effective system is in place, save for the circumstances where the customer can show it was not at fault for the fraudulent payment order. But, under Defendant's reading, Section 4-A-203 would never be triggered. Every payment order that is verified according to the stricter requirements of Section 4-A-202(2) would definitionally be "authorized" under Section 4-A-202(1). There would be no circumstance where a payment order was both "effective" and unauthorized. Thus, Section 4-A-203(1), and the corresponding provisions in Section 4-A-204, see id. § 4-A-204(1)(b) (a customer is entitled to a refund if the payment order is "not enforceable, in whole or in part, against the customer under Section 4-A-203"), would do no work and be rendered surplusage.⁵

5 Defendant points to one case, Elite Investigations v. Bank of New York, 2006 WL 3232185 (N.Y. Sup. Ct. 2006) to support its reading of the statute. Defendant argues that Elite Investigations stands for the proposition that "wires issued with approved security codes [are] 'authorized' under U.C.C. § 4-A-202(a), despite dishonest employee using another employee's security codes to initiate fraudulent wires." Dkt. No. 31 at 6. In Elite Investigations, the plaintiff sued to recover funds for payments that it claimed were initiated by an employee who had misappropriated his company's security credentials. 2006 WL 3232185, at *4. The court concluded that the "debits to Elite's BNY accounts were 'authorized' payments." Id. However, it is unclear whether the court was deciding the case on Section 4-A-202(1) or 4-A-202(2) grounds, despite using language from Section 4-A-202(1): immediately after finding that the payment were "authorized" the court cites to both sections. Id. And the court cites to a New York State Court of Appeals case, Banque Worms v. BankAmerica International, 77 N.Y.2d 362, 568 N.Y.S.2d 541, 570 N.E.2d 189, 197 (1991), that only discusses Section 202(2). Id. In any event, a decision from New York Supreme Court is not binding on this Court.

Perhaps recognizing this flaw in its argument, Defendant, for the first time at oral argument, sought to distinguish between first-party and third-party frauds. As Defendant asserted,

All we are . . . cleaving off from the coverage of Article 4-A . . . is true first-party fraud where it is in-house people entrusted with security credentials using those [credentials] improperly or misappropriating them. Every other species of fraud that involves third parties in one respect or another is still covered by Article 4-A and requires the bank to ensure [compliance with Section 4-A-202(2).]

Tr. 20 (cleaned up). Stated differently, Defendant attempts to draw a distinction between embezzlement and by third-party theft through "[f]ishing attacks, account takeover," and similar situations. Id. On Defendant's theory, Section 4-A-203 would require the receiving bank to show that it had an "effective" security procedure when the payment order was the result of a third-party fraud but not when it was the result of a first-party fraud. Defendant points to nothing in the statutory text that would limit its more expansive interpretation of "authorized" in this way. Instead, Defendant points to the purpose of Article 4-A, as evidence by Section 4-A-203: "[T]he drafters of [Article] 4-A did [not] want banks to be in the position of acting as insurers for their customers and their customers' failure to safeguard security credentials that are entrusted to trusted employees." Id. But even Defendant's more limited interpretation of "authorized" would render portions of Section 4-A-203, the very provision that Defendant claims to be giving meaning to, inoperative.

As relevant here, under Section 4-A-203, a receiving bank cannot retain payment "if [first] the customer proves that the order was not caused, directly or indirectly, by a person [ ] entrusted at any time with duties to act for the customer with respect to payment orders or the security procedures."⁶ Id. § 4-A-203(1)(b)(i). A "payment order . . . caused, directly . . . by a person [ ] entrusted at any time with duties to act for the customer with respect to payment orders or the security procedures" is a first-party fraud, id. (emphasis added); an "in-house person entrusted with security credentials" "misapropriat[es]" those credentials for fraudulent purposes, see Tr. 20. It also reflects what the Complaint alleges happened in this case: Phetporee, who was entrusted with EMTC's security credentials through his approval authority, directly caused the fraudulent payment orders by misappropriating the second approver's credentials. See Dkt. No. 1 ¶ 19. Under Defendant's refined interpretation of § 4-A-202(1), however, "directly" becomes surplusage; because all such payment orders would be "authorized," Section 4-A-203(1), which only applies to "effective" payment orders that are not authorized, could never apply. See id. § 4-A-203(1). Rather than looking to the definition of "authorized" to shift losses from first-party frauds to customers, Article 4-A looks to the effectiveness of the payment order. The Court thus refuses to accept either of Defendant's interpretations of "authorized," both of which would render statutory provisions superfluous. See Pharaohs GC, Inc. v. United States Small Bus. Admin., 990 F.3d 217, 227 (2d Cir. 2021) (rejecting interpretation of statute that would leave "several provisions of the [statute] superfluous"); Burrus v. Vegliante, 336 F.3d 82, 91 (2d Cir. 2003) ("Where possible we avoid construing a statute so as to render a provision mere surplusage.").

6 The customer must also prove that "the order was not caused, directly or indirectly, by a person . . . who obtained access to transmitting facilities of the customer or who obtained, from a source controlled by the customer and without authority of the receiving bank information facilitating breach of the security procedure." N.Y. U.C.C. § 4-A-203(1)(b)(ii).

Defendant points to a section of the commentary on Section 4-A-202 to support its interpretation of authorized.⁷ Comment 1 reads: "In the wire transfer business the concept of 'authorized' is different from that found in agency law. In that business a payment order is treated as the order of the person in whose name it is issued if it is properly tested pursuant to a security procedure and the order passes the test." Id. § 4-A-203 (cmt. 1). Defendant asserts that "the commentary [thus] makes clear that 'electronic[ ]' wire transfers are 'authorized' within the meaning of § 4-A-202(1) if bank customers issue them in compliance with 'security procedure[s]' that certify users, which banks can then 'test[ ]' 'on the basis of . . . a computer screen.' " Dkt. No. 19 at 14 (quoting N.Y. U.C.C. § 4-A-203 (cmt. 1)). This interpretation, however, relies on selective quotations of the commentary. The remainder of the comment makes clear that § 4-A-202(1) was not designed to import "security procedures" into the definition of "authorized." The comment reads in part,

7 The commentary to Section 4-A-202 is found after Section 4-A-203. See N.Y. U.C.C. § 4-A-202 (cmt.) ("This section is discussed in the Comment following Section 4A-203.").

Section 4A-202 reflects the reality of the wire transfer business . . . . If [subsection (2)] does not apply, the question of whether the customer is responsible for the order is determined by the law of agency . . . . If the customer is bound by the order under any of these agency doctrines, [subsection (1)] treats the order as authorized and thus the customer is deemed to be the sender of the order. In most cases, however, [subsection (2)] will apply. In that event there is no need to make an agency law analysis to determine authority. Under Section 4A-202, the issue of liability of the purported sender of the payment order will be determined by agency law only if the receiving bank did not comply with [subsection (2)].

N.Y. U.C.C. § 4-A-203 (cmt. 1) (cleaned up) (emphasis added). Although the comment suggests that "the concept of 'authorized' is different from that in agency law," id., it makes clear, by only referencing agency law—and not security procedures—when describing the function of subsection (1), that a bank's recourse to security procedures is limited to verifying "the authenticity of payment orders issued to the bank in the name of the customer as sender," id. § 4-A-202(2), under subsection (2).

This general idea is prevalent throughout the comments to Sections 4-A-202 and 4-A-203. Comment 3, for example, describes the purpose of subsection (2), which "is based on the assumption that losses due to fraudulent payment orders can best be avoided by the use of commercially reasonable security procedures, and that the use of such procedures should be encouraged." Id. § 4-A-203 (cmt. 3) (cleaned up). As Comment 3 continues, "The subsection [(i.e., subsection (2))] is designed to protect both the customer and the receiving bank. A receiving bank needs to be able to rely on objective criteria to determine whether it can safely act on a payment order. Employees of the bank can be trained to 'test' a payment order according to the various steps specified in the security procedure." Under Defendant's reading of "authorized," this comment would apply equally to subsection (1) as it does to subsection (2); if a bank were able to conclude that a payment order was "authorized" based on a security procedure, then the parties would be encouraged to implement security procedures and the bank would be protected when it relies on "objective criteria" in deeming a payment order authorized and processing the payment order. But the commentary singles out the role that security procedures play in subsection (2) without acknowledging the apparently identical role that they would play in subsection (1) if Defendant's interpretation of "authorized" were adopted.

The cases that the commentary provide to "illustrate[ ]" the "scope of Section 4A-202" further underscore the conclusion that security procedures are only relevant to determining whether or not a payment order is "effective," not whether it is authorized. See id. 4-A-203 (cmt. 2). In Case #1, "A payment order purporting to be that of Customer is received by Receiving Bank but the order was fraudulently transmitted by a person who had no authority to act for Customer." Id. Case #1 is analogous to the situation here: Phetporee initiated the fraudulent payment orders without the authority of EMTC. The comment concludes that the customer will take the loss (absent "additional facts on which an estoppel might be found") unless "there was verification in compliance with [subsection (2)], . . . [and] Section 4A-203 [does not] appl[y]." Id. The comments thus make clear that security procedures are only used to test the "effective[ness]" of a payment order under subsection (2), not whether the payment order was "authorized" under subsection (1).

Notably, this interpretation is consistent with how the drafters of Article 4-A understood Section 4-A-202 to function. In June 1990, The Business Lawyer dedicated a special issue to articles⁸ addressing Article 4-A, written primarily by those involved in its drafting, "to provide an early source of discussion of Article 4A in light of its anticipated enactment in several large commercial states in 1990, with effective dates perhaps in 1991." See Fred H. Miller and William B. Davenport, Introduction to the Special Issue on the Uniform Commercial Code, 45 Bus. Law. 1389, 1392 (1990). As J. Kevin French, an advisor to the Article 4-A Drafting Committee wrote in a special issue of The Business Lawyer at the time of Article 4-A's adoption, "Subsection ([1]) of section 4A-202 can be said generally to cover cases where security procedures are not used." J. Kevin French, Unauthorized and Erroneous Payment Orders, 45 Bus. Law. 1425, 1429 (1990); see also Thomas C. Baxter, Jr. and Raj Bhala,⁹ The Interrelationship of Article 4A With Other Law, 45 Bus. Law. 1485, 1500 (1990) (describing how, if "a bank and its customer have not agreed upon a security procedure to determine the 'authenticity of orders,' " the parties must look to whether the payment order was "authorized"). The drafters of Article 4-A, like the comments to Section 4-A-202 suggest, understood authorization to involve tools other than security procedures, which only establish whether or not a payment order is "effective." Cf. Hedged Inv. Partners, L.P. v. Norwest Bank Minnesota, N.A., 578 N.W.2d 765, 774 (Minn. Ct. App. 1998) ("Although it is tempting to treat 'authorized payment orders' and 'verified payment orders' as interchangeable, the concepts are quite different. The concept of an 'authorized payment order' is rooted in traditional banking transactions in which there is some type of personal contact between the sender and the receiving bank . . . . By contrast, a 'verified payment order' is a distinct concept, designed for situations in which there is no personal contact between the sender and the receiving financial institution.").

8 These articles expanded on presentations given during a program sponsored by the Committee on the Uniform Commercial Code and the Ad Hoc Committee on Payment Systems at the American Bar Association 1989 Annual Meeting. See Fred H. Miller and William B. Davenport, Introduction to the Special Issue on the Uniform Commercial Code, 45 Bus. Law. 1389, 1389 nn.a, aa, 1392 (1990).

9 At the time the article was written, Thomas C. Baxter, Jr. was the chair of the Subcommittee on Proposed U.C.C. Article 4A and the Ad Hoc Committee on Payment Systems; Raj Bhala was a Federal Reserve Bank of New York lawyer. See Thomas C. Baxter, Jr. and Raj Bhala, The Interrelationship of Article 4A With Other Law, 45 Bus. Law. 1485, 1485 nn.a, aa (1990).

Defendant argues that this interpretation "read[s] the first and most obvious way of showing that a wire transfer is authorized—by showing that the person identified as sender authorized it—out of the statute entirely." Dkt. No. 31 at 7; see also Tr. 19 ("[Plaintiffs] don't give any meaning to authorization as a freestanding term."). This contention glosses over another interpretation of that clause: It applies to natural persons. The definition of "person" under Article 4-A extends to "individual[s]." See N.Y. U.C.C. § 1-201(b)(27). The law of agency, however, does not apply to individuals. See Restatement (Third) of Agency, Intro. (2006) ("[T]he common law of agency, encompasses the legal consequences of consensual relationships in which one person (the 'principal') manifests assent that another person (the 'agent') shall, subject to the principal's right of control, have power to affect the principal's legal relations through the agent's acts and on the principal's behalf." (emphasis added). Thus, the clause "if that person authorized the order" accomplishes what "if that person . . . is otherwise bound by [the order] under the laws of agency" cannot; it expands the concept of "authorized" to include wire transfers issued in the name of individuals. See Panjiva, Inc. v. United States Customs & Border Prot., 342 F. Supp. 3d 481, 490 (S.D.N.Y. 2018), aff'd, 975 F.3d 171 (2d Cir. 2020) ("[W]here . . . [there are] two competing interpretations of a statute, the rule against superfluities 'favors that interpretation which avoids surplusage.' ") (quoting Freeman v. Quicken Loans, Inc., 566 U.S. 624, 635, 132 S.Ct. 2034, 182 L.Ed.2d 955 (2012)). Defendant's motion to dismiss EMTC's Section 4-A-204(1) claim is thus denied.

III. Breach of Contract

Plaintiffs allege that Defendant breached the "valid and binding agreement governing the NY Account and the broader cash management system that was put in place in 2017." Dkt. No. 1 ¶ 53. Plaintiffs provided this agreement in a supporting declaration filed in response to JP Morgan's motion to dismiss and acknowledged that it was bound by it. See Dkt. No. 29-1; Tr. 33 ("[W]e are willing to be bound by those documents" attached to Dkt. No. 29.). It is incorporated by reference. Defendant contends that the contract claim must be dismissed (1) as it relates to EMTC, because EMTC's contract claims are preempted by Article 4-A of the N.Y. U.C.C., see Dkt. No. 19 at 17-18, and (2) as it relates to Essilor, because the Complaint fails to allege the contract and contract provision that was breached and how, see id. at 18-19.

In its memorandum of law in opposition to the motion to dismiss, Plaintiffs clarify the provision they allege was breached by JP Morgan: JP Morgan "agreed to implement an overdraft limit on all of the accounts that were part of the cash management system, including EMTC's account" and JP Morgan breached this agreement "when it allowed transfers from EMTC's account that exceeded the daily limit of $10 million on nine separate occasions." Dkt. No. 28 at 20 (citing Dkt. No. 1 ¶¶ 27, 40); see also Dkt. No. 38 ("Plaintiffs allege that JPMC breached its agreement to monitor the NY Account for overdrafts, to limit overdrafts of the EMTC account to $10 [million] daily, and to notify Plaintiffs if that overdraft limit was breached."). Plaintiffs thus argue that EMTC's contract claim is not preempted by Article 4-A of the N.Y. U.C.C., id. at 20-21, and EMTC and Essilor alleged the existence and breach of a contract with sufficient specificity, id. at 21.

"Article 4A precludes customers from bringing common law claims inconsistent with the statute." Ma v. Merrill Lynch, Pierce, Fenner & Smith, Inc., 597 F.3d 84, 89 (2d Cir. 2010). "The Official Comment to Section 4-A-102 states that the provisions of Article 4-A 'represent a careful and delicate balancing of [competing] interests and are intended to be the exclusive means of determining the rights, duties, and liabilities of the affected parties in any situation covered by particular provisions of the Article. Consequently, resort to principles of law or equity outside of Article 4A is not appropriate to create rights, duties and liabilities inconsistent with those stated in this Article.' " Grain Traders, Inc., 160 F.3d at 102-03 (quoting N.Y. U.C.C. § 4-A-102 (cmt.)). Thus, "common law claims [are preempted] when such claims would impose liability inconsistent with the rights and liabilities expressly created by Article 4-A." Id. at 103. However, not all common law claims are preempted by Article 4-A. "Claims that, for example, are not about the mechanics of how a funds transfer was conducted may fall outside of this regime." Ma, 597 F.3d at 89; see also Fischer & Mandell, LLP v. Citibank, N.A., 632 F.3d 793, 797 (2d Cir. 2011) ("[A] common law breach of contract claim is not preempted by Article 4-A to the extent the provisions are not inconsistent with Article 4-A or they fall within one of the areas where a variance is permitted."). "[T]he critical inquiry is whether [Article 4-A's] provisions protect against the type of underlying injury or misconduct alleged in a claim." Ma, 597 F.3d at 89-90.

Here, Plaintiffs' breach of contract claim falls outside of Article 4-A and is not preempted. Plaintiffs allege that a "NY Account was opened as part of a larger cash management solution, implemented in March 2017." Dkt. No. 1 ¶ 16; see also id. ¶¶ 27, 53. The Cash Management System ensures a zero-cash balance in each subsidiary's account by sweeping excess funds up to and covering negative balances by sweeping funds down from the parent company. See id. ¶ 27; Dkt. No. 29-1, Sch. A n.6 (defining "Zero-Balance Account," EMTC's account type). Plaintiffs specifically allege that it was the agreement that governs the Cash Management System that was violated by Defendant. See Dkt. No. 1 ¶ 53. The injury caused by a violation of the Cash Management System Agreement falls outside of Article 4-A. As described above, the Cash Management System does not involve wholesale wire transfers, and thus "[is] not about the mechanics of how a funds transfer was conducted." Ma, 597 F.3d at 89. Instead, the Cash Management System governs what happens at the end of each day to the balances in the participating accounts (including EMTC's) and the participating accounts' relationship to the master customer account. See generally Dkt. No. 29-1. Because the Cash Management System Agreement governs conduct wholly outside of wire transfers and establishes rights and liabilities that are not addressed by Article 4-A, Plaintiffs' claim based on the Cash Management System Agreement is not preempted by Article 4-A. See Huang v. Hong Kong & Shanghai Banking Corp. LTD, 2022 WL 4123879, at *3 (S.D.N.Y. Sept. 9, 2022) (concluding that the relevant analysis is whether "the claims are about events that occurred either before or after the processing of the wire transfer").

However, Plaintiffs fail to adequately plead breach of the Cash Management System Agreement. "Under New York law, a breach of contract claim requires proof of (1) an agreement, (2) adequate performance by the plaintiff, (3) breach by the defendant, and (4) damages." Fischer & Mandell, LLP, 632 F.3d at 799. Plaintiffs claim that Defendant failed to monitor for and prevent overdrafts above an agreed-upon $10 million limit. See Dkt. No. 28 at 21; Dkt. No. 1 ¶¶ 3, 28, 40. This obligation, however, is found nowhere in the Cash Management System Agreement that Plaintiffs provided to the Court. See Dkt. No. 29-1. In fact, the 2017 Cash Management System Agreement, which Plaintiffs allege was breached, see Dkt. No. 1 ¶ 53, granted JP Morgan discretion whether to permit overdrafts. The agreement states that JP Morgan "may refuse or reverse" wire transfers if Plaintiffs' accounts have insufficient funds and that, if JP Morgan effects wire transfers that result in overdrafts, "such overdraft[s] shall be immediately due and payable by" the customer. Dkt. No. 29-2 § 2. Further, Plaintiffs explicitly agreed that the master account (in this case Essidev) could "overdraw when necessary, to fund customer account" by marking "YES" next to the appropriate box in Schedule A. See id. Sch. A. nn. 5, 12 & accompanying text. The Cash Management System Agreement thus expressly contemplates that there may be overdrafts both in the individual accounts that were parties to the Cash Management System Agreement and collectively among the accounts. And nowhere does the Cash Management System Agreement limit the size of the overdraft that JP Morgan could permit or give Plaintiffs the option to limit the size; the overdraft determination was left entirely to JP Morgan's discretion. Finally, pursuant to the Cash Management System Agreement, JP Morgan offered Plaintiffs the option to receive "intercompany report[s]" that would track accumulated inter-account balances and a calculation of intercompany or intracompany earnings and borrowing charges, in addition to "any additional" information Plaintiffs requested. See Dkt. No. 29-1, Sch. A nn.15-19 & accompanying text; see also id. § 6 ("If the Customer selects . . . the Intercompany Reporting Service feature . . . , [JP Morgan] will provide the affected Customer with reports, for the Customer Accounts, detailing: (i) a tracking of accumulated inter-account balance transfers; and (ii) a calculation of intercompany or intracompany earnings and borrowing charges."). Plaintiffs elected not to receive such services, however, by marking the box requesting such services "NO." Id. Sch. A text accompanying n.15. Thus, Defendant was not required by the Cash Management System Agreement to either alert Plaintiffs to the overdrafts or block the overdrafts, see Dkt. No. 28 at 20-21, and Plaintiffs' breach of contract claim for damages fails.¹⁰ See Merritt Hill Vineyards Inc. v. Windy Heights Vineyard, Inc., 61 N.Y.2d 106, 472 N.Y.S.2d 592, 460 N.E.2d 1077, 1081-82 (1984) (holding that without "words of promise" there can be no "breach of contract subjecting the nonfulfilling party to liability for damages").

10 Although the Complaint alleges that JP Morgan failed to report suspicious activity, see Dkt. No. 1 ¶¶ 22-25, Plaintiffs have represented that these allegations are unrelated to their breach of contract claim, see Dkt. No. 28 at 22 ("To be sure, [JP Morgan] represented that it would monitor Plaintiffs' accounts to detect money laundering or other criminal activity. But that is not the basis of their breach of contract claim." (internal citation omitted)). This Court thus does not consider Defendant's argument that Plaintiffs have impermissibly sought to create a private right of action in the anti-money laundering statutes and to dress up a statutory claim as a breach of contract claim. See Dkt. No. 19 at 19-20.

Recognizing this deficiency in its pleadings, Plaintiffs argue that they have instead alleged the existence of a second contract, one that, in contrast to the Cash Management System Agreement, did affirmatively obligate JP Morgan to "monitor for and prevent overdrafts." See Dkt. No. 28 at 21. But this agreement is not the subject of Plaintiffs' Second Cause of Action. The Second Cause of Action alleges that Defendant breached "a valid and binding agreement governing the NY Account and the broader cash management system that was put in place in 2017 involving EMTC and other Essilor subsidiaries." Dkt. No. 1 ¶ 53. Plaintiffs represent that this agreement was the one provided to the Court in its supporting declaration. See Dkt. No. 29-2. Plaintiffs cannot now claim that a separate agreement, one wholly inconsistent with the agreement they allege was breached, see Tr. 39 (acknowledging that "[t]here is nothing in that document that refers specifically to the $10 million overdraft [limit]"), serves as the basis for their breach of contract claim. "It is well established in this district that a plaintiff cannot amend his pleadings in his opposition briefs." Fac., Alumni, & Students Opposed to Racial References v. N.Y. Univ. L. Rev., 2020 WL 1529311, at *7 (S.D.N.Y. Mar. 31, 2020); see Wright v. Ernst & Young LLP, 152 F.3d 169, 178 (2d Cir. 1998) (holding that a complaint cannot be amended through opposition briefing); Watkins v. Harlem Ctr. for Nursing & Rehab., LLC, 2021 WL 4443968, at *2 (S.D.N.Y. Sept. 28, 2021) (same). The Court will follow that rule here and dismiss Plaintiffs breach of contract claim.¹¹

11 The Court questions whether Plaintiffs have pled sufficient facts to establish that a separate contract that would have obligated JP Morgan to monitor, report, and block overdrafts was formed between JP Morgan and themselves. Plaintiffs allege that JP Morgan described something called an "intraday overdraft ('IDOD')" in an email. See Dkt. No. 1 ¶ 27. "Plaintiffs then requested in writing that [JP Morgan] institute a daily overdraft limit (i.e., a 'DOL') of US $10 million for the NY Account. JPM agreed to do so." Id. ¶ 28. But besides an apparent obligation to "monitor[ ]" Plaintiffs' overdrafts in connection with an IDOD, id. ¶ 27, which Plaintiffs do not claim JP Morgan failed to do, Plaintiffs allege no facts that agreeing to a DOL obligated JP Morgan to either report overages to Plaintiffs or to block such overages. Rather, Plaintiffs argue that a DOL "ensures that unusual overdraft activity will be brought to the bank's, the account holder's, and any other relevant parties' attention" and that the "DOL constituted a written instruction from EMTC and Essilor to block any daily transfers from the NY Account." Id. ¶ 28. However, these are precisely the kinds of conclusory allegations that the Court, without more, is not obligated to accept.

IV. Negligence

Finally, Plaintiffs fail to state a claim for negligence against Defendant. Plaintiffs' third cause of action against EMTC states simply that JP Morgan owed "Plaintiffs a duty of care, independent of their contractual agreement, to act in a manner consistent with commercially reasonable standards." Dkt. No. 1 ¶ 58. In their memorandum in opposition to JP Morgan's motion to dismiss, Plaintiffs clarify the duty that JP Morgan allegedly owed them: a duty "to identify and prevent overdrafts." Dkt. No. 28 at 23. Plaintiffs allege that JP Morgan violated this duty of care and Plaintiffs suffered damages as a direct and proximate result of JP Morgan's negligence. Dkt. No. 1 ¶¶ 59-60. Defendant counters that Plaintiffs have not adequately alleged a contractual duty that JP Morgan owed Plaintiffs and that, even if they have, they have not plausibly alleged breach of this duty or compensable damages. Dkt. No. 19 at 20-24. The Court finds that Plaintiffs have failed to allege an extracontractual duty that JP Morgan owed them.¹²

12 Because Plaintiffs' negligence claim relates to the Cash Management System, and not the payment orders, the claim is not displaced by Article 4-A of the N.Y. U.C.C. See supra pp. 31-32.

Under New York law, a claim for negligence requires, first, that a plaintiff allege "the defendant owed the plaintiff a cognizable duty of care as a matter of law." Curley v. AMR Corp., 153 F.3d 5, 13 (2d Cir. 1998). "Whether a defendant owes a duty of care to a plaintiff 'is a question of law that the Court may properly determine on a motion to dismiss.' " Qube Films Ltd. v. Padell, 2014 WL 3952931, at *7 (S.D.N.Y. Aug. 12, 2014) (quoting Musalli Factory For Gold & Jewellry v. JPMorgan Chase Bank, N.A., 261 F.R.D. 13, 27 (S.D.N.Y. 2009), aff'd 382 F. App'x 107 (2d Cir. 2010)(Nathan, J.)). "[A] breach of contract will not give rise to a tort claim unless a legal duty independent of the contract itself has been violated. Such a 'legal duty must spring from circumstances extraneous to, and not constituting elements of, the contract, although it may be connected with and dependent on the contract.' " Bayerische Landesbank, New York Branch v. Aladdin Cap. Mgmt. LLC, 692 F.3d 42, 58 (2d Cir. 2012) (internal citation omitted) (quoting Clark-Fitzpatrick v. Long Island R.R. Co., 70 N.Y.2d 382, 521 N.Y.S.2d 653, 516 N.E.2d 190, 194 (1987)). "A legal duty independent of contractual obligations may be imposed by law as an incident to the parties' relationship." Sommer v. Fed. Signal Corp., 79 N.Y.2d 540, 583 N.Y.S.2d 957, 593 N.E.2d 1365, 1369 (1992). "Professionals," for example, can become liable in tort if they fail to exercise reasonable care, without regard to the contractual relationship between the parties. Id. "The New York Court of Appeals has never found financial institutions . . . to be professionals for these purposes, and defendants do not cite to any New York decisions holding [otherwise] . . . On the contrary, courts have found that in actions involving the contractual duties of corporations and financial institutions, a negligence action may not be maintained and parties must proceed under a contract theory." Deutsche Bank Sec., Inc. v. Rhodes, 578 F. Supp. 2d 652, 670 (S.D.N.Y. 2008) (Chin, J.); see also Abhyankar by Behrstock v. JPMorgan Chase, N.A., 2020 WL 4001661, at *5 (S.D.N.Y. July 15, 2020) ("Typically, under New York law, a bank does not have an extracontractual duty to its depositors."); JPMorgan Chase Bank, N.A. v. Freyberg, 171 F. Supp. 3d 178, 191 (S.D.N.Y. 2016) ("[T]he relationship between a bank and its depositor is that of debtor and creditor, which, without more, is not a fiduciary or special relationship." (internal quotation marks and citation omitted)).¹³

13 The cases that Plaintiffs cite for the generalized proposition that " '[b]anks owe a duty of care to their customers' and breaches of that duty are actionable though a negligence claim," Dkt. No. 28 at 23 (quoting Dubai Islamic Bank v. Citibank, N.A., 126 F. Supp. 2d 659, 667 (S.D.N.Y. 2000)), are inapposite. All the cases can be traced to a single Second Circuit decision, King v. Crossland Sav. Bank, 111 F.3d 251 (2d Cir. 1997). King upheld the district court's grant of summary judgment on the plaintiffs' negligence claim and, in the process, noted that the district court "[c]onced[ed] that banks do, in fact, owe a duty of care to their customers." Id. at 259. However, the factual circumstances in King are very different from the ones here; King involved the false arrest of the plaintiffs when the defendant bank erroneously reported to the New York Police Department that the cashier checks they sought to exchange had been lost or stolen. Id. Thus, to the degree that the Second Circuit was endorsing the district court's view that banks owe customers a generalized duty of care, the duty of care owed by the bank was not a duty owed by the bank acting in its professional capacity. The case does not support the imposition of a duty of care owed by a bank to its customers under the circumstances presented here.

Plaintiffs' claim that Defendant owed it an extracontractual duty to monitor and report on overdrafts in EMTC's account fails for two reasons. First, Defendant's obligations related to the Cash Management System and overdraft reporting are governed by contract; Defendant offered Plaintiffs the opportunity to receive regular reports on overdrafts, but Plaintiffs explicitly declined this option in the Cash Management System Agreement. See Dkt. No. 29-1, Sch. A nn.15-19 & accompanying text; see also id. § 6. If the email exchange cited in the Complaint, see Dkt. No. 1 ¶¶ 27-28, altered Plaintiffs' and Defendant's contractual relationship, Plaintiffs' recourse against Defendant's would still be found in contract, not in tort. Stated differently, Plaintiffs have not adequately demonstrated how this email exchange created a common-law duty to "report and prevent overdrafts," Dkt. No. 28 at 24, separate and apart from Defendant's contractual obligations to the contrary. See Trez Cap. (Fla.) Corp. v. Noroton Heights & Co., LLC, 2022 WL 16833701, at *18 (S.D.N.Y. Nov. 8, 2022) ("If the only interest at stake is that of holding the defendant to a promise, the courts have said that the plaintiff may not transmogrify the contract claim into one for tort." (quoting Hargrave v. Oki Nursery, Inc., 636 F.2d 897, 899 (2d Cir. 1980))); Luxonomy Cars, Inc. v. Citibank, N.A., 65 A.D.2d 549, 408 N.Y.S.2d 951, 954 (2d Dep't 1978) ("The allegations that Citibank recklessly accelerated the loan . . . and failed to exercise reasonable care in accelerating the loan and debiting Luxonomy's checking account . . . do no more than assert violations of a duty which is identical to and indivisible from the contract obligations which have allegedly been breached. Since there is no tortious violation of an independent duty, these causes of action must be dismissed.").

In fact, the duty the Plaintiffs claim they were owed—a duty to monitor and report overdrafts—has been rejected by the Second Circuit. "As a general matter, 'a depositary bank has no duty to monitor fiduciary accounts maintained at its branches in order to safeguard funds in those accounts from fiduciary misappropriation.' " Lerner v. Fleet Bank, N.A., 459 F.3d 273, 287 (2d Cir. 2006) (quoting Norwest Mortgage, Inc. v. Dime Sav. Bank of N.Y., 280 A.D.2d 653, 721 N.Y.S.2d 94, 95 (2d Dep't 2001)); see also 2006 Frank Calandra, Jr. Irrevocable Tr. v. Signature Bank Corp., 503 F. App'x 51, 54 (2d Cir. 2012) (extending Lerner to trust accounts); Deutsche Bank Tr. Co. Americas v. Rado Ltd. P'ship, 819 F. App'x 66 (2d Cir. 2020) (same). If banks have no duty to monitor the fiduciary and fiduciaries and trustees for whose benefit they are opened, then logically there should be no extracontractual duty to report and prevent overdraft activity on behalf of Plaintiffs.¹⁴ To the degree that JP Morgan was required to do so, that duty must be found in contract, not tort. The Court thus finds that Defendant did not owe Plaintiffs an extracontractual duty to monitor and prevent overdrafts, and Plaintiffs' negligence cause of action is accordingly dismissed.¹⁵

14 The Second Circuit and New York courts recognize an exception to this general rule: "[A] bank may be liable for participation in [such a] diversion, either by itself acquiring a benefit, or by notice or knowledge that a diversion is intended or being executed." Lerner, 459 F.3d at 287 (quoting In re Knox, 64 N.Y.2d 434, 488 N.Y.S.2d 146, 477 N.E.2d 448, 451 (1985)). Plaintiffs have not argued that JP Morgan's actions fit into this exception.

15 Because the Court has found that Defendant did not owe Plaintiffs a duty under these circumstances, the Court does not address whether Plaintiffs have pled sufficient allegations that Defendant breached a duty or whether Plaintiffs have pled compensable damages. See Dkt. No. 19 at 23-24.

CONCLUSION

The motion to dismiss for failure to state a claim upon which relief can be granted is GRANTED IN PART and DENIED IN PART without prejudice to Plaintiffs' filing of an amended complaint solely with respect to its claims for breach of contract. Plaintiffs must file any amended complaint within thirty days of the date of this Opinion and Order.

SO ORDERED.