We believe that Article 4A of the Illinois Uniform Commercial Code (UCC) would protect you from liability for sending unauthorized wires on behalf of non-business customers if you have previously agreed to verify their identities through a commercially reasonable security procedure (other than signing for each one in-person). While requiring in-person signatures would help ensure that all wire transfers made from personal accounts are authorized, that practice would not be necessary if your customers agree to and follow such an alternative procedure.
Article 4A of the Illinois UCC protects banks from liability for unauthorized payment orders if the bank and its customer have previously agreed that the customer will be verified as the sender of the orders pursuant to a “commercially reasonable” security procedure, the bank accepts the payment orders in good faith, and the bank is in compliance with the security procedure and any written agreement or instruction of the customer. What is considered “commercially reasonable” depends on the specific facts and circumstances of your bank and its clients.
Additionally, it can be tricky to determine whether Article 4A applies to a consumer wire transfer performed outside of the Fedwire system (Fedwire transfers are governed by Regulation J, which incorporates Article 4A by reference). Outside of the Fedwire context, Article 4A generally applies only to non-consumer wires, since it excludes any transfer “any part of which is governed by the Electronic Fund Transfer Act” (or Regulation E). But Regulation E by its terms does not govern wire transfers through Fedwire or similar wire transfer systems used primarily for transfers between financial institutions or between businesses. If these wire transfers are excluded by Regulation E, it seems that Article 4A would apply after all.
However, note that Regulation E does govern a wire transfer if “any part” of the wire transfer is governed by Regulation E, which would be the case if your institution transfers the wired funds into consumer accounts using an ACH system. If you do complete these wire transfers with ACH transfers, Article 4A would not apply to any part of the transfer. But even in that case, the official commentary to Article 4A provides that “in the absence of any law to govern the part of the funds transfer that is not subject to EFTA, a court might apply appropriate principles from Article 4A by analogy.”
If your bank decides to continue allowing wire transfers from personal accounts, we recommend using agreements that are specific to the consumer context rather than those intended for business purposes only. Wire transfer agreements intended for business customers may contain provisions inappropriate for the consumer context, such as those alluding to the ability of authorized employees to conduct wire transfers on behalf of their employer. While such a provision would be useful in the business context, its inclusion in a wire transfer agreement for a consumer account would be inappropriate.
We are including a link to a sample consumer wire transfer agreement provided to us by a member of our Compliance Division Advisory Committee. We recommend reviewing the sample carefully before using it to ensure that it fits the needs of your institution. By providing you this sample, the IBA does not intend to make any guarantees or assurances as to its legal effectiveness.
For resources related to our guidance, please see:
- Illinois UCC, 810 ILCS 5/4A-202(b) (“If a bank and its customer have agreed that the authenticity of payment orders issued to the bank in the name of the customer as sender will be verified pursuant to a security procedure, a payment order received by the receiving bank is effective as the order of the customer, whether or not authorized, if (i) the security procedure is a commercially reasonable method of providing security against unauthorized payment orders, and (ii) the bank proves that it accepted the payment order in good faith and in compliance with the security procedure and any written agreement or instruction of the customer restricting acceptance of payment orders issued in the name of the customer. The bank is not required to follow an instruction that violates a written agreement with the customer or notice of which is not received at a time and in a manner affording the bank a reasonable opportunity to act on it before the payment order is accepted.”)
- Illinois UCC, 810 ILCS 5/4A-201 (“‘Security procedure’ means a procedure established by agreement of a customer and a receiving bank for the purpose of (i) verifying that a payment order or communication amending or cancelling a payment order is that of the customer, or (ii) detecting error in the transmission or the content of the payment order or communication. A security procedure may require the use of algorithms or other codes, identifying words or numbers, encryption, callback procedures, or similar security devices. Comparison of a signature on a payment order or communication with an authorized specimen signature of the customer is not by itself a security procedure.”)
- Illinois UCC Official Comments, Section 4A-201, Comment 1 (“A large percentage of payment orders and communications amending or cancelling payment orders are transmitted electronically and it is standard practice to use security procedures that are designed to assure the authenticity of the message. . . . Security procedures might also apply to communications that are transmitted by telephone or in writing. Section 4A-201 defines these security procedures. The definition of security procedure limits the term to a procedure ‘established by agreement of a customer and a receiving bank.’ The term does not apply to procedures that the receiving bank may follow unilaterally in processing payment orders. The question of whether loss that may result from the transmission of a spurious or erroneous payment order will be borne by the receiving bank or the sender or purported sender is affected by whether a security procedure was or was not in effect and whether there was or was not compliance with the procedure.”)
- Illinois UCC, 810 ILCS 5/4A-202(c) (“Commercial reasonableness of a security procedure is a question of law to be determined by considering the wishes of the customer expressed to the bank, the circumstances of the customer known to the bank, including the size, type, and frequency of payment orders normally issued by the customer to the bank, alternative security procedures offered to the customer, and security procedures in general use by customers and receiving banks similarly situated. A security procedure is deemed to be commercially reasonable if (i) the security procedure was chosen by the customer after the bank offered, and the customer refused, a security procedure that was commercially reasonable for that customer, and (ii) the customer expressly agreed in writing to be bound by any payment order, whether or not authorized, issued in its name and accepted by the bank in compliance with the security procedure chosen by the customer.”)
- Regulation J, 12 CFR 210.25(b)(1) (“This subpart incorporates the provisions of Article 4A set forth in appendix B to this subpart. In the event of an inconsistency between the provisions of the sections of this subpart and appendix B to this subpart, the provisions of the sections of this subpart shall prevail. In the event of an inconsistency between the provisions this subpart and section 919 of the Electronic Fund Transfer Act, section 919 of the Electronic Fund Transfer Act shall prevail.”)
- Regulation J, 12 CFR 210.25(b)(2) (“Except as otherwise provided in paragraphs (b)(3) and (4) of this section, including Article 4A as set forth in appendix B to this subpart, and operating circulars of the Reserve Banks issued in accordance with paragraph (c) of this section, this subpart governs the rights and obligations of: . . . (v) Other parties to a funds transfer any part of which is carried out through Fedwire to the same extent as if this subpart were considered a funds-transfer system rule under Article 4A.”)
- Regulation J, 12 CFR 210.25(b)(3) (“This subpart governs a funds transfer that is sent through the Fedwire Funds Service, as provided in paragraph (b)(2) of this section, even though a portion of the funds transfer is governed by the Electronic Fund Transfer Act, but the portion of such funds transfer that is governed by the Electronic Fund Transfer Act (other than section 919 governing remittance transfers) is not governed by this subpart.”)
- Illinois UCC, 810 ILCS 5/4A-108 (“(a) Except as provided in subsection (b), this Article does not apply to a funds transfer any part of which is governed by the Electronic Fund Transfer Act of 1978 (Title XX, Public Law 95-630, 92 Stat. 3728, 15 U.S.C. Section 1693 et seq.) as amended from time to time.”)
- Regulation E, 12 CFR 1005.3(a) (“This part applies to any electronic fund transfer that authorizes a financial institution to debit or credit a consumer’s account. Generally, this part applies to financial institutions. . . .”)
- Regulation E, 12 CFR 1005.3(b)(1) (“The term ‘electronic fund transfer’ means any transfer of funds that is initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer’s account. The term includes, but is not limited to:
(i) Point-of-sale transfers;
(ii) Automated teller machine transfers;
(iii) Direct deposits or withdrawals of funds;
(iv) Transfers initiated by telephone; and
(v) Transfers resulting from debit card transactions, whether or not initiated through an electronic terminal.”)
- Regulation E, 12 CFR 1005.3(c) (“The term electronic fund transfer does not include: . . . (3) Wire or other similar transfers. Any transfer of funds through Fedwire or through a similar wire transfer system that is used primarily for transfers between financial institutions or between businesses.”)
- Regulation E, Paragraph 3(c)(3), Comment 3 (“Fund transfer systems that are similar to Fedwire include the Clearing House Interbank Payments System (CHIPS), Society for Worldwide Interbank Financial Telecommunication (SWIFT), Telex, and transfers made on the books of correspondent banks.”)
- Regulation E, Official Interpretations, Paragraph 3(c)(3), Comment 1 (“If a financial institution makes a fund transfer to a consumer’s account after receiving funds through Fedwire or a similar network, the transfer by ACH is covered by the regulation even though the Fedwire or network transfer is exempt.”)
- Illinois UCC Official Comments, Section 4A-108, Comment 1 (“The Electronic Fund Transfer Act of 1978 is a federal statute that covers a wide variety of electronic funds transfers involving consumers. The types of transfers covered by the federal statute are essentially different from the wholesale wire transfers that are the primary focus of Article 4A. Section 4A-108 excludes a funds transfer from Article 4A if any part of the transfer is covered by the federal law. Existing procedures designed to comply with federal law will not be affected by Article 4A. The effect of Section 4A-108 is to make Article 4A and EFTA mutually exclusive. For example, if a funds transfer is to a consumer account in the beneficiary’s bank and the funds transfer is made in part by use of Fedwire and in part by means of an automated clearing house, EFTA applies to the ACH part of the transfer but not to the Fedwire part. Under Section 4A-108, Article 4A does not apply to any part of the transfer. However, in the absence of any law to govern the part of the funds transfer that is not subject to EFTA, a court might apply appropriate principles from Article 4A by analogy.”)
- Radius Bank, Business Wire Transfer Agreement (“9.4 Customer warrants that no individual will be allowed to initiate transfers without proper supervision and safeguards, and agrees to take reasonable steps to maintain the confidentiality of the security procedures and any passwords, codes, security devices and related instructions provided by Bank in connection with the Security Procedures applicable to the Service and to restrict access thereto to Customer’s employees trusted with the duty to transmit wire transfer orders to Bank. . . .”)