Based on the facts provided, we believe these checks are remotely created checks (defined in Regulation CC as a check “that does not bear a signature applied, or purported to be applied, by the person on whose account the check is drawn”). We do not believe that your bank should be liable for the unauthorized checks that were paid outside of the notice period established in your account agreement. As for the more recent checks, you may be able to claim reimbursement under the Regulation CC warranties for remotely created checks.
We do not believe you are required to re-credit your customer’s account for the checks that were paid outside of your bank’s sixty-day notice period. The Uniform Commercial Code (UCC) requires customers to report unauthorized checks with “reasonable promptness.” Depository institutions may define “reasonable promptness” in their account agreements, and an Illinois court has held that a thirty-day notice period is reasonable. Consequently, a sixty-day notice period should be considered to be reasonable. For unauthorized checks that were paid outside of the sixty-day notice period, you are not required to re-credit your customer’s account (although you may do so).
For the more recent checks (those for which your customer did provide timely notification), you likely should re-credit your customer’s account. But you may in turn claim reimbursement from the bank at which the checks were deposited (the “depositary bank”), based on the Regulation CC warranties for remotely created checks. The Regulation CC warranties impose liability for unauthorized remotely-created checks on the depositary bank, not the paying bank. These warranties make the depositary bank liable for reimbursing your bank for those checks that were re-credited to your customer, due to its breach of its Regulation CC warranties.
While you may claim reimbursement from the depositary bank, we do not believe that you can return any of these checks to the depositary bank. The midnight deadline for returning checks has passed for all of the unauthorized checks reported by your customer. Consequently, instead of returning the checks, you must claim reimbursement under the Regulation CC warranties discussed above (your bank has “up to a year to make a claim” against the depositary bank for unauthorized remotely created checks).
Going forward, we do recommend monitoring for additional checks with the same payee and returning any unauthorized checks before the midnight deadline (midnight on the next banking day following the banking day on which the check is presented). Also, if you determine that the checks are fraudulent or suspicious (as appears to be the case here), you should assess whether the bank needs to file a Suspicious Activity Report on these transactions.
For more information on remotely created checks, we recommend reading the IBA article Regulation CC and Remotely-Created Checks (January 2006).
For resources related to our guidance, please see:
-
Regulation CC, 12 CFR 229.2(fff) (“Remotely created check means a check that is not created by the paying bank and that does not bear a signature applied, or purported to be applied, by the person on whose account the check is drawn. . . .”)
-
UCC, 810 ILCS 5/4-406(c) (“ . . . If, based on the statement or items provided, the customer should reasonably have discovered the unauthorized payment, the customer must promptly notify the bank of the relevant facts.”)
-
UCC, 810 ILCS 5/4-103(a) (“The effect of the provisions of this Article may be varied by agreement . . . .”)
-
Napleton v. Great Lakes Bank, N.A., 408 Ill.App.3d 448, 452 (1st Dist. 2011) (“Here, the parties agree that pursuant to the terms of the Account Agreement, the plaintiff’s duty to ‘promptly notify’ the bank of any unauthorized charges was modified to mean 30 days from the date the Monthly Statement was mailed to plaintiff. Although we did not find any Illinois cases directly addressing this issue, decisions from other jurisdictions indicate that such an alteration in the notification period is clearly permissible.”)
-
FFIEC IT Booklets, retail Payment Systems, Remotely Created Checks (“The Federal Reserve Board amended Regulation CC effective July 1, 2006, to reallocate the risk of loss resulting from unauthorized RCCs. Under the amendments, any financial institution that transfers or presents an RCC warrants that the person on whose account the check is drawn authorized the issuance of the check in the amount and to the payee stated on the RCC. . . . Also, any financial institution that received an RCC from another financial institution has up to a year to make a claim against the transferring financial institution for an unauthorized RCC. Similarly, the Board amended Collection of Checks and Other Items by Federal Reserve Banks and Funds Transfers Through Fedwire (Regulation J) in 2006 to clarify that the new warranties apply to RCCs collected through the Reserve Banks.”)
-
Regulation CC, 12 CFR 229.34(d)(1) (“A bank that transfers or presents a remotely created check and receives a settlement or other consideration warrants to the transferee bank, any subsequent collecting bank, and the paying bank that the person on whose account the remotely created check is drawn authorized the issuance of the check in the amount stated on the check and to the payee stated on the check.”)
-
Regulation CC, 12 CFR 229.34(d)(2) (“If a paying bank asserts a claim for breach of warranty under paragraph (d)(1) of this section, the warranting bank may defend by proving that the customer of the paying bank is precluded under U.C.C. 4-406, as applicable, from asserting against the paying bank the unauthorized issuance of the check.”)
-
UCC, 810 ILCS 5/4-302(a) (“If an item is presented to and received by a payor bank, the bank is accountable for the amount of: (1) a demand item . . . whether properly payable or not, if the bank, . . . does not pay or return the item or send notice of dishonor until after its midnight deadline.”)
-
UCC, 810 ILCS 5/4-104(a)(10) (“‘Midnight deadline’ with respect to a bank is midnight on its next banking day following the banking day on which hit receives the relevant item . . . .”)
- OCC Suspicious Activity Report Rules, 12 CFR 21.11(c) (Providing that national banks should file suspicious activity reports “(2) Whenever the national bank detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the bank or involving a transaction or transactions conducted through the bank and involving or aggregating $5,000 or more in funds or other assets where the bank believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations or that it was used to facilitate a criminal transaction, and the bank has a substantial basis for identifying a possible suspect or group of suspects,” among other circumstances.)