Opinion
No. 09 C 06473.
March 30, 2010
MEMORANDUM AND ORDER
Plaintiff, Travelers Casualty Surety Company of America, as assignee and subrogee of Katy Industries, Inc. ("Katy"), filed an amended complaint alleging that defendant, Bank of America, N.A.: 1) violated various provisions of Article 4A of Illinois' Commercial Code (Counts I through III), 810 Ill. Comp. Stat. 5/4A-201, -202, -204, -211; and 2) breached an implied contract with Katy under Illinois' common law (Count IV). Before the court is defendant's motion to dismiss Count IV of plaintiff's complaint for failure to state a claim.
When considering a Federal Rule of Civil Procedure 12(b)(6) motion to dismiss, this court must accept as true all of the factual allegations contained in the complaint and draw all reasonable inferences in plaintiff's favor. Killingsworth v. HSBC Bank Nevada, N.A., 507 F.3d 614, 618 (7th Cir. 2007). The court may grant a Rule 12(b)(6) motion to dismiss if the complaint lacks "enough facts to state a claim to relief that is plausible on its face." See id. at 618. To survive defendant's motion to dismiss, the factual allegations in plaintiff's complaint "must be enough to raise a right to relief above the speculative level." Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007). Plaintiff's obligation to provide the grounds of its entitlement to relief "requires more than labels and conclusions, and a formulaic recitation of elements of a cause of action will not do." Id.
Plaintiff's breach of implied contract claim alleges that Katy had a bank account with defendant and used its funds transfer services. To avoid unauthorized transfers, defendant used a number of security procedures, including a system of security IDs and passwords. Additionally, defendant would send Katy a fax confirmation after each fund payment order it received from Katy.
Beginning December 9, 2008, Katy received a number of phishing emails, disguised as emails from defendant, which sought to acquire the means to breach the security procedures guarding Katy's accounts. Despite having actual notice of these phishing emails, defendant failed to notify its customers or protect their accounts. On December 11, 2008, Katy received a fax confirmation from defendant for payment orders totaling $449,393. After a series of debits and credits related to the unauthorized fund transfers, Katy's account ultimately was short $235,045.
Count IV of plaintiff's amended complaint alleges that defendant's use of emails to communicate with Katy regarding Katy's funds transfer account established an implied contract pursuant to which defendant implicitly promised that it would promptly notify Katy of any phishing emails purporting to be from defendant that might result in Katy divulging information that could be used to effect an unauthorized transfer from Katy's accounts. Defendant seeks to dismiss plaintiff's breach of implied contract claim on the grounds that: 1) Article 4A of Illinois' Commercial Code displaces this claim; and 2) plaintiff fails to sufficiently plead the existence of an implied contract.
The UCC does not displace all common law or equitable causes of action. See 810 Ill. Comp. Stat. 5/1-103(b); see also Zengen, Inc. v. Comerica Bank, 158 P.3d 800, 806 (Cal. 2007). However, Article 4A-102's Official Comment states, in part:
Funds transfers involve competing interests — those of the banks that provide funds transfer services and the commercial and financial organizations that use the services, as well as the public interest. These competing interests were represented in the drafting process and they were thoroughly considered. The rules that emerged represent a careful and delicate balancing of those interests and are intended to be the exclusive means of determining the rights, duties and liabilities of the affected parties in any situation covered by particular provisions of the Article. Consequently, resort to principles of law or equity outside of Article 4A is not appropriate to create rights, duties and liabilities inconsistent with those stated in this Article.810 Ill. Comp. Stat. 5/4A-102 UCC cmt. Specifically, Article 4A "provides that common law causes of action based on allegedly unauthorized funds transfers are preempted in two specific areas: (1) where the common law claims would create rights, duties, or liabilities inconsistent with [Article 4A]; and (2) where the circumstances giving rise to the common law claims are specifically covered by" Article 4A's provisions. Zengen, Inc., 158 P.3d at 808; see also 810 Ill. Comp. Stat. 5/1-103(b); 810 Ill. Comp. Stat. 5/4A-102 UCC cmt; Fitts v. AmSouth Bank, 917 So. 2d 818, 824 (Ala. 2005) ("if the situation made the basis of a dispute is addressed in Article 4A, then, the provisions of Article 4A provide the exclusive rights and remedies"); Centre-Point Merch. Bank v. Am. Express Bank, 913 F. Supp. 202, 206 (S.D.N.Y. 1996). Article 4A displaces common law causes of action that are covered by its provisions because "[t]he uniformity and certainty sought . . . for these transactions could not possibly exist if parties could opt to sue by way of pre-Code remedies where the statute has specifically defined the duties, rights and liabilities of the parties." Corfan Banco Asuncion Para. v. Ocean Bank, 715 So. 2d 967, 971 (Fla. Dist. Ct. App. 1998).
Count IV's gravamen is that defendant implicitly agreed to warn Katy of any phishing emails purporting to be from defendant that might result in Katy divulging the security procedures used to verify its payment orders, and defendant accepted payment orders that are unenforceable against Katy. See Zengen, Inc., 158 P.3d at 808-809. Sections 4A-201 through — 204 provide "a detailed scheme for analyzing the rights, duties and liabilities of banks and their customers in connection with the authorization and verification of payment orders. Analysis of a funds transfer under these sections results in a determination of whether or not the funds transfer was `authorized,' and provides a very specific scheme for allocation of loss." Id. at 807; see also Centre-Point Merch. Bank, 913 F. Supp. at 208 (Sections 4A-201 through -204 deal "with security procedures and verification of payment orders" and "determine the rights, duties and obligations of the parties.").
In addition, Article 4A provides the "rules and remedies for the failure to follow a security procedure." Zengen, Inc., 158 P.3d at 809; see also Centre-Point Merch. Bank, 913 F. Supp. at 208. In particular, Sections 4A-201 through -204 govern agreements between a bank and its customer for the security procedures a bank is to follow when verifying payment orders' authenticity and govern whether a payment order is enforceable against a customer; Sections 4A-201 through -204 and Section 4A-211 govern agreements for cancelling or amending payment orders and govern whether the cancellation or amendment is effective; and Section 4A-202(b)(ii) governs payment orders that are not accepted in good faith. Furthermore, Section 4A-204 provides remedies for unauthorized payment orders under Section 4A-202 and for payment orders not enforceable under Section 4A-203. 810 Ill. Comp. Stat. 5/4A-204; see also Schlegel v. Bank of Am., N.A., 628 S.E.2d 362, 366-367 (Va. 2006).
Plaintiff claims that Article 4A fails to address "security . . . practices involving communications between a bank and its customer through e-mail and the internet" and thus its common law claim falls outside Article 4A's coverage. The UCC defines a "security procedure," in part, as a "procedure . . . verifying that a payment order or communication amending or cancelling a payment order is that of the customer." 810 Ill. Comp. Stat. 5/4A-201. Article 4A defines a "payment order," in part, as "an instruction of a sender to a receiving bank, transmitted . . . electronically." 810 Ill. Comp. Stat. 5/4A-103(a)(1). Thus, Article 4A explicitly contemplates that communications between a bank and its customer may be electronic. Id.
It is true that cases have held that Article 4A does not displace claims relating to transactions that are entirely separate from fraudulent payment orders. However, these cases do not avail plaintiff because they also hold that Article 4A displaces claims relating to fraudulent payment orders that are covered by specific provisions in Article 4A. See Centre-Point Merch. Bank, 913 F. Supp. at 207; Schlegel, 628 S.E.2d at 368.
Article 4A does not need to provide a step-by-step account of the circumstances under which a funds transfer is unenforceable against a customer to displace plaintiff's common law breach of implied contract claim. See, e.g., Zengen, Inc., 158 P.3d at 809 ("Although the [UCC] does not catalog all the ways in which a bank may execute an unauthorized wire transfer, it certainly specifies the consequences for doing so."); Hyung J. Ahn, Note, Article 4A of the Uniform Commercial Code: Dangers of Departing from the Rule of Exclusivity, 85 Va. L. Rev. 183, 198 (1999) (assuming "that predictability and certainty are underlying goals of . . . Article 4A, then silence in Article 4A with regard to a particular fact pattern may itself be a form of `coverage'"(footnote omitted)); see also 810 Ill. Comp. Stat. 5/1-103 (the UCC "must be liberally construed and applied to promote its underlying purposes and policies"). It suffices that Article 4A addresses the issues implicated by plaintiff's breach of implied contract claim — who bears the burden of protecting information that may facilitate breaching security procedures and whether particular payment orders accepted by defendant are enforceable against Katy. See, e.g., Zengen, Inc., 158 P.3d at 809; Fitts, 917 So. 2d at 824. The obligation placed upon Katy in Section 4A-203(2) of safeguarding confidential security information to prevent breaches of the agreed upon security procedures may not be varied absent an express written agreement. 810 Ill. Comp. Stat. 5/4A-202(f); 810 Ill. Comp. Stat. 5/4A-203(2); see 810 Ill. Comp. Stat. 5/4A-203 UCC cmt. Accordingly, plaintiff's implied contract claim is dismissed. See, e.g., Zengen, Inc., 158 P.3d at 809; Fitts, 917 So. 2d at 824. ORDERED: Defendant Bank of America, N.A.'s "Motion to Dismiss Count IV of Amended Complaint" [16] is granted. Count IV of plaintiff Travelers Casualty Surety Company of America's amended complaint [13] is dismissed.