Opinion
1:22cv1750
06-17-2024
CONDUCTIVE TECHNOLOGIES, INC., Plaintiff v. PNC BANK, NATIONAL ASSOCIATION, Defendant
MEMORANDUM
JULIA K. MUNLEY United States District Court Judge
Before the court is Defendant PNC Bank, National Association's (“PNC”) motion to dismiss Plaintiff Conductive Technologies, Inc.'s amended complaint in this breach of contract action. This matter is ripe for a decision.
The Honorable Christopher C. Conner transferred this case to the undersigned on November 8, 2023.
Background
Plaintiff manufactures products for the medical device and industrial markets. (Doc. 32, Am. Compl. ¶ 5). As part of doing business, plaintiff maintains a bank account with Defendant PNC. (Id. at ¶ 6).
Per the amended complaint, on June 2, 2022, one of plaintiff's employees encountered difficulties logging into PNC's PINACLE online banking portal. (See id. ¶¶ 11, 18). Later, as the result of several communications between the parties, plaintiff discovered that fourteen (14) fraudulent wire transfers were completed on that date. (Id. ¶¶ 18, 20, 31). A total of $3,504,105.77 was withdrawn from plaintiff's PNC account by a third-party. (Id. at ¶ 20). Sixteen (16) other attempted fraudulent transactions failed because plaintiff's bank account had been emptied. (Id.)
These background facts are derived from plaintiff's amended complaint and exhibits. At this stage of the proceedings, the court must accept all factual allegations in the complaint as true. Phillips v. Cnty. of Allegheny, 515 F.3d 224, 233 (3d Cir. 2008).
PNC recaptured some of the funds and plaintiff recovered an additional sum through insurance proceeds. (Id. ¶¶ 25-26). Plaintiff, however, claims an uncompensated loss of $387,410.49 in this matter. (Id. ¶¶ 25-26).
Plaintiff also alleges it incurred expenses after it retained an information technology consultant to investigate and remediate the causes of the fraudulent transfers. (Doc. 32, Am. Compl. ¶ 21).
The question raised in this action is whether PNC is obligated to pay plaintiff's remaining loss from the fraudulent transfers based on the parties' contract. Plaintiff's amended complaint attaches three agreements between the parties: 1) a Treasury Management Services Comprehensive Agreement © 2007, executed on October 3, 2008 (“2008 TM Services Agreement”), (see Doc. 32-1, Exh. A, ECF p. 2-10); 2) a Master Resolution and Authorization for Depository Accounts and Treasury Management Services, executed on October 3, 2008 (“2008 Master Resolution”), (see Doc. 32-1, Exh. B, ECF p. 11-18); and 3) a Treasury Management Services Comprehensive Agreement Version July 2021 (“2021 TM Services Agreement”), (see Doc. 32-1, Exh. B, ECF p. 20-120). Plaintiff alleges that PNC failed to comply with obligations set forth in these agreements.
The parties' agreements contain terms regarding security procedures. The plaintiff alleges that the 2008 TM Services Agreement with PNC required plaintiff to select a security procedure from the options offered by PNC and name one or more authorized representatives to initiate transactions. (Doc. 32, Am. Compl. ¶ 8, Doc. 32-1, Exh. A, § 4, Security Procedures, ECF p. 3). Per plaintiff, the security procedure chosen was designated in the separate 2008 Master Resolution. (Id. ¶ 9). The 2008 Master Resolution attached to the amended complaint contains a handwritten amendment:
(Image Omitted) (Doc. 32-1, Exh. B, § 3B, ECF p. 12).
Plaintiff alleges that the handwritten amendment to the 2008 Master Resolution requires that two designated individuals approve withdrawal orders in amounts over $25,000. (Doc. 32, Am. Compl. ¶ 9).
Plaintiff also attaches and references the 2021 TM Services Agreement in the amended complaint. (Id. ¶ 12). Likewise, the 2021 TM Services Agreement provides that the accountholder must select a security procedure from the options offered by PNC. (Doc. 32-1, Exh. C., Security Procedures, ECF p. 27). Security procedures, pursuant to the 2021 TM Services Agreement, “may include security codes, personal identification numbers (“PINs”), tokens, check stock, or other security devices.” (Id.) Furthermore, per plaintiff, the 2021 TM Services Agreement contains provisions requiring secondary authorization. (Id. at ¶ 15). Plaintiff alleges that, at no time, did it change its designated security procedure, i.e., secondary authorization for withdrawals over $25,000, as designated in the 2008 Master Resolution. (Doc. 32, Am. Compl. ¶ 14).
Plaintiff, however, also alleges that PNC required the use of tokens to initiate transactions on its online banking platform beginning in 2009. (See Doc. 32, Am. Compl. ¶ 11).
The parties' agreements also contain terms regarding notification to accountholders. The 2008 TM Services Agreement provides: “If we [PNC] become aware of any unauthorized disclosure or use of a Security Procedure or other breach of security by. . .any third party, we will use reasonable efforts to notify you promptly of such disclosure, use or other breach.” (Doc. 32-1, Exh. A, § 4, Security Procedures, ECF p. 3). This term is omitted from the corresponding section in the 2021 TM Services Agreement. (See Doc. 32-1, Exh. C., Security Procedures, ECF p. 27). Plaintiff alleges nonetheless that the 2021 TM Services Agreement provides for notification “consistent” with the 2008 TM Services Agreement in a different paragraph. (Doc. 32, Am. Compl. ¶ 16; Doc. 32-1, Exh. C., Event Notification, ECF p. 90).
Plaintiff advances three different theories of contractual liability against PNC:
• PNC breached its obligation to protect the funds in plaintiff's account from unauthorized wire transfers without proper authentication. (Id. ¶¶ 31, 34, 37(i)).
• PNC breached its obligation to have practices or policies in place that would have alerted PNC to the suspicious nature of the transfers in excess of plaintiff's customary banking policies. (Id. ¶¶ 32, 37(H)).
• PNC breached its contractual obligation to plaintiff to notify the company of the suspicious, excessive transfers. (Id. ¶¶ 33, 35, 37(iii)).
PNC responded to the amended complaint with the instant motion to dismiss. (Doc. 36). PNC relies predominantly upon admissions made by plaintiff in this matter to argue that other terms in the 2021 TM Services Agreement relieve PNC of liability as a matter of law. Having been fully briefed, this matter is ripe for disposition.
Jurisdiction
The court has jurisdiction pursuant to the diversity statute, 28 U.S.C. § 1332. Plaintiff is a Pennsylvania corporation with its principal place of business in York, Pennsylvania. (Doc. 32, Am. Compl, ¶ 1). PNC is a national banking association with its main office in Wilmington, Delaware as designated by its Articles of Association. (Doc. 1, Notice of Removal ¶ 5, Exh. 3-1, Articles of Assoc.). Accordingly, PNC is a citizen of Delaware. See Liptok v. Bank of Am., 773 Fed.Appx. 97, 99 (3d Cir. 2019) (citing 28 U.S.C. § 1348 (“All national banking associations shall, for the purposes of all other actions by or against them be deemed citizens of the States in which they are respectively located.”) and Wachovia Bank v. Schmidt, 546 U.S. 303, 306-07 (2006) (“[A] bank's citizenship is determined by the place designated in the bank's articles of association as the location of its main office[.]”)).
Additionally, the amount in controversy exceeded $75,000 at the time this matter was commenced based on the alleged uncompensated losses to plaintiff. Because complete diversity of citizenship exists among the parties and the amount in controversy exceeded $75,000 at the commencement of the action, the court has jurisdiction over this case. See 28 U.S.C. § 1332(a)(1) (“district courts shall have original jurisdiction of all civil actions where the matter in controversy exceeds the sum or value of $75,000, exclusive of interest and costs, and is between . . . citizens of different states[.]”); 28 U.S.C. § 1441(a) (A defendant can generally move a state court civil action to federal court if the federal court would have had original jurisdiction to address the matter pursuant to the diversity jurisdiction statute). As a federal court sitting in diversity, the substantive law of Pennsylvania shall apply to the instant case. Chamberlain v. Giampapa, 210 F.3d 154, 158 (3d Cir. 2000) (citing Erie R.R. v. Tomkins, 304 U.S. 64, 78 (1938)).
Legal Standards
1. Motions to Dismiss for Failure to State a Claim
Defendant filed the instant motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(6) for failure to state a claim upon which relief can be granted. The court tests the sufficiency of the complaint's allegations when considering a Rule 12(b)(6) motion.
To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to state a claim to relief that is plausible on its face. Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (citing Bell Atl. Corp, v. Twombly, 55C U.S. 544, 570 (2007)). A claim has facial plausibility when factual content is pled that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged. Id. (citing Twombly, 550 U.S. at 570). “Threadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.” Id. (citing Twombly, 550 U.S. at 555).
On a motion to dismiss for failure to state a claim, district courts accept all factual allegations as true, construe the complaint in the light most favorable to the plaintiff, and determine whether, under any reasonable reading of the complaint, the plaintiff may be entitled to relief. See Phillips, 515 F.3d at 233 (citations omitted).
2. Documents The Court May Consider on a Motion to Dismiss
As an initial matter, PNC asks the court to consider a subsequently executed agreement between the parties that is not attached to plaintiff's amended complaint: the Master Resolution and Authorization for Depository Accounts and Treasury Management Services, dated November 18, 2016 (Doc. 37-1, Deci. T. Burke, Exh. 2, (“2016 Master Resolution”)). Plaintiff has admitted in a discovery response that the 2016 Master Resolution is authentic. (See Id. Exh. 1, PI. Resp. to Df. Req. for Adm., ¶ 7).
Courts may “generally consider only the allegations contained in the complaint, exhibits attached to the complaint and matters of public record” when deciding a motion to dismiss. Pension Ben. Guar. Corp, v. White Consol. Indus., Inc., 998 F.2d 1192, 1196 (3d Cir. 1993)(citations omitted). A court may also properly consider “an undisputedly authentic document that a defendant attaches as an exhibit to a motion to dismiss if the plaintiff's claims are based on the document.” (Id.)(citations omitted). Additionally, “a document integral to or explicitly relied upon in the complaint may be considered without converting the motion to dismiss into one for summary judgment.” In re Burlington Coat Factory Sec. Litig., 114 F.3d 1410, 1426 (3d Cir. 1997)(citation omitted, internal quotatior marks and brackets removed)(emphasis in original).
The rationale for the “integral documents exception” is that “it is not unfair to hold a plaintiff accountable for the contents of documents it must have used in framing its complaint[.]” Schmidt v. Skolas, 770 F.3d 241, 250 (3d Cir. 2014)(citinq In re Burlington Coat Factory Sec. Litiq., 114 F.3d at 1426) “[N]or should a plaintiff be able to evade accountability for such documents simply by not attaching them to [its] complaint.” Id. The critical component “is whether the claims in the complaint are ‘based' on an extrinsic document and not whether the extrinsic document was explicitly cited[,]” and a plaintiff “cannot prevent a court from looking at the texts of the documents on which its claim is based by failing to attach or explicitly cite them.” In re Burlington Coat Factory Sec. Litiq., 114 F.3d at 1426 (citations omitted).
After careful consideration, the court will consider the 2016 Master Resolution as an “integral document.” Plaintiff has admitted the authenticity of this document. Furthermore, plaintiff also attaches the 2008 Master Resolution to its amended complaint. Thus, plaintiff's breach of contract claim is based, in part, on the terms of some Master Resolution executed by the parties. Plaintiff also appends both the 2008 TM Services Agreement and the 2021 TM Services Agreement to the amended complaint. This contemplates that the parties, over time, executed successive documents with the same or substantially similar names relative to the depositor-bank relationship.
Additionally, it would also not be unfair in this matter to “hold plaintiff accountable” for the contents of the 2016 Master Resolution after plaintiff has admitted its authenticity. At best, plaintiff omitted the 2016 Master Resolution because it believed it was not necessary to frame the breach of contract claim due to the existence of the 2008 Master Resolution. At worst, the 2016 Master Resolution contains an unfavorable term, and the omission is part of plaintiff's litigation strategy.
Some brief history of this case guides the court's decision to consider the 2016 Master Agreement as an integral document. Plaintiff initially filed suit in the York County Court of Common Pleas with both tort and contract claims asserted. (Doc. 1-2, State Court Compl.). The original complaint did not cite any contractual terms or attach any contracts between the parties. (See id.). After removal of the action to this court, PNC filed an initial motion to dismiss. (Doc. 6). PNC also attached and referenced the 2008 TM Services Agreement and the 2021 TM Services Agreement in its brief in support of the first motion to dismiss. (Docs. 6-3, 6-4). Then, plaintiff countered the first motion to dismiss with extensive analysis of these documents. (See Doc. 8). And, in its opposition brief, plaintiff appended a document executed by the parties, the 2008 Master Resolution, and argued that the language in that document guided its breach of contract claim. (Doc. 8, Exh. A., ECF p. 9-16). In response, PNC attached the 2016 Master Resolution to its reply brief and argued that its language controlled. (Doc. 12-1, Exh. 2, ECF p. 26-31).
Faced with this unusual situation, Judge Conner construed plaintiff's opposition brief as a motion for leave to file an amended complaint pursuant to Federal Rule of Civil Procedure 15(a), which he then granted. (Doc. 28). In doinc so, Judge Conner explicitly encouraged plaintiff “to use its amended complaint to fully incorporate the agreements upon which [plaintiff] intends to rely within the four corners of the complaint, attach all relevant agreements, [and] articulate with specificity the contractual terms it believes PNC Bank breached[.]” (Id. at n. 4 (emphasis added)).
In light of the above, the court will consider the 2016 Master Agreement as an integral document in ruling upon PNC's current motion to dismiss.
Analysis
Having abandoned its common law tort claims earlier in this litigation, plaintiff brings one claim for breach of contract in the amended complaint. PNC focuses its arguments defending against that claim.
The court must note that Article 4A of the Pennsylvania Uniform Commercial Code (“UCC”) governs wire transfers from commercial accounts. 13 PA. CONS. STAT. § 4A101; see also § 4A104, cmt. 6 (“Most payments covered by Article 4A are commonly referred to as wire transfers and usually involve some kind of electronic transmission!.]”). In moving to dismiss, PNC did not argue that plaintiff's breach of contract claim was displaced by Article 4A. The court will thus proceed with an analysis of plaintiff's breach of contract claim based on the parties' arguments. The court will refer to Article 4A's provisions in the footnotes and section 3 of this memorandum.
To maintain a breach of contract action in the Commonwealth, a plaintiff must allege: 1) the existence of a contract, including its essential terms, (2) a breach of the contract; and (3) resultant damages. Meyer, Darragh, Buckler, Bebenek & Eck, P.L.L.C. v. L Firm of Malone Middleman, P.C., 635 Pa. 427, 445, 137 A.3d 1247, 1258 (2016). When a party fails to perform any obligation imposed by the parties' agreement, the lack of performance is considered to be a breach of the agreement creating that obligation. John B. Conomos, Inc, v, Sun Co. (R&M), 831 A.2d 696, 704 (Pa. Super. Ct. 2003), app. denied, 845 A.2d 818 (Pa. 2004).
The parties dispute which agreements were effective as of June 2, 2022. With respect to the four documents now being considered, PNC argues that the 2016 Master Resolution and 2021 TM Services Agreement make up the essential terms of the contract between the parties. The court must agree.
Those four documents are the: 1) 2008 TM Services Agreement; 2) 2008 Master Resolution; 3) 2016 Master Resolution; and 4) 2021 TM Services Agreement.
“Under Pennsylvania law, the later of two agreements between the same parties as to the same subject matter generally supersedes the prior agreement.” Jaludi v. Citigroup, 933 F.3d 246, 256 (3d Cir. 2019)(citing In re Klugh's Est, 66 A.2d 822, 825 (Pa. 1949)).
In re Klugh's Estate applied Section 408 of the Restatement (First) of Contracts. 66 A.2d at 825. That section provides:
A contract containing a term inconsistent with a term of an earlier contract between the same parties is interpreted as including an agreement to rescind the inconsistent term in the earlier contract. The parties may or may not at the same time agree to rescind all the other provisions of the earlier contract. Whether they do this is a guestion of interpretation. . .Restatement (First) of Contracts § 408 (1932).
By its clear terms, the 2016 Master Resolution supersedes the 2008 Master Resolution. Both agreements authorize officers and directors of the plaintiff corporation to make deposits without endorsements, sign checks and other instruments, and access PNC's treasury management services. (See Doc. 32-1, Exh. B, § 3, Resolutions, ECF p. 12-13; Doc. 37-1, Deci. T. Burke, Exh. 2, § 3, Resolutions, ECF p. 11-12). Both also contain the same provision regarding superseding resolutions:
Resolved, that a certified copy of these resolutions be delivered to the Bank and that they and the authority vested in the persons specified herein will remain in full force and effect until a certified copy of a resolution of the Client revoking or modifying these resolutions and such authority has been filed with the Bank and the Bank has had a reasonable time to act on it. These resolutions
supersede any prior resolution of Client provided to the Bank.”(Doc. 32-1, Exh. B, § 3H, General, ECF p. 13, (spelling the word “supercede”) Doc. 37-1, Deci. T. Burke, Exh. 2, § 3H, General, ECF p. 12). Accordingly, the 2016 Master Resolution controls the essential terms here as to who at the plaintiff corporation can take certain actions with the defendant bank regarding the account. Furthermore, the handwritten notation in the 2008 Master Resolution allegedly requiring PNC to obtain secondary authorization for transactions over $25,000 is superseded (and rescinded) by the 2016 Master Resolution, which does not contain that notation.
Also, by its clear terms, the 2021 TM Services Agreement supersedes the 2008 TM Services Agreement. Plaintiff specifically relies on the 2021 TM Services Agreement in its amended complaint. (Doc. 32 ¶¶ 12-13, 15-16). The 2021 TM Services Agreement contains an entire agreement clause: “This Agreement (including those documents that are incorporated herein), constitutes your and our entire agreement with respect to the Services covered by this Agreement and supersedes any previous or contemporaneous proposals, representations, warranties, understandings and agreements for such Services, either oral or in writing.” (Doc. 32-1, Exh. C, Entire Agreement, ECF p. 33). The 2021 TM Services Agreement thus controls. To the extent that plaintiff relies upon language in the 2008 TM Services Agreement about notification, those terms were rescinded or superseded by the later agreement.
Based on the terms of the 2021 TM Services Agreement, PNC advances four arguments in support of the motion to dismiss. First, PNC argues that judicial admissions made by plaintiff in its prior and current briefing preclude recovery under other terms in the 2021 TM Services Agreement. Second, PNC asserts that the amended complaint fails to identify a contractual provision requiring secondary authorization for wire transfers. Third, per PNC, plaintiff failed to identify a term requiring “reasonable efforts” by PNC to alert plaintiff of the transfers on June 2, 2022. Fourth, PNC argues plaintiff also failed to identify a contractual provision requiring processes or policies that would alert PNC to the suspicious nature of the fraudulent wire transfers.
The court will first address PNC's arguments regarding judicial admissions. The court's conclusion there impacts the discussion of PNC's arguments about plaintiff failing to identify any contractual obligations of PNC to monitor and notify plaintiff when there are suspicious, excessive transactions. The court will then address PNC's arguments regarding any secondary authorization requirements under the 2021 TM Services Agreement.
1. Judicial Admissions
Like the brief it submitted opposing PNC's original motion to dismiss, plaintiff states in its present brief in opposition:
On June 2, 2022 a senior employee of [plaintiff] encountered difficulties logging into the online platform for its bank account held with PNC and inadvertently accessed a fraudulent website created by an unknown criminal actor, provided the criminal actor with the username and password for administrator-level access to [plaintiff's] account, and then provided additional security verification that left the criminal actor in complete control of the [plaintiff's] account.(Doc. 39 at 1-2; see also Doc. 8 at 1-2).
Consequently, PNC argues that plaintiff has made judicial admissions and these admissions foreclose recovery under the terms of the 2021 TM Services Agreement regarding the limits of PNC's liability. (Doc. 37, Df. Br. in Supp. at 1-2 6-7; Doc. 40, Df. Rep. Br. at 1-3). Plaintiff admits that it is has made these admissions, but counters that “[u]nder the circumstances, PNC ought not to be able to rely on a limitation of liability in the contract to avoid the consequences of its own breach.” (Doc. 39 at 8).
“Judicial admissions are concessions in pleadings or briefs that bind the party who makes them.” Berckeley Inv. Grp., Ltd, v. Colkitt, 455 F.3d 195, 211 n. 20 (3d Cir. 2006)(citing Parilla v. IAP Worldwide Serv., VI, Inc., 368 F.3d 269, 275 (3d Cir. 2004)(further citations omitted). “The scope of judicial admissions is restricted to matters of fact which otherwise would require evidentiary proof.” Glick v. White Motor Co., 458 F.2d 1287, 1291 (3d Cir. 1972) (citation omitted).
In this case, plaintiff has stated consistently in two briefs that a senior employee unwittingly inputted the corporation's username and password into a fraudulent PNC website created by a third-party criminal actor, and then provider them with additional security verification information. Plaintiff has further stated (twice) that its employee gave the scammer complete control of its PNC account by doing so. Accordingly, the plaintiff has made judicial admissions in two briefs that the court “may accept as an established fact for the purposes of this case.” Burns v. Stratos, 581 F.Supp.3d 687, 697 & n. 6 (E.D. Pa. 2022)(citations omitted), affd, No. 22-1319, 2023 WL 4014474 (3d Cir. June 15, 2023).
Returning to the 2021 TM Services Agreement, that agreement calls for plaintiff to select a security procedure, which may include security codes, PINs, tokens, check stock, or other security devices. (See Doc. 32-1, Exh. C, Security Procedures, ECF p. 27). Per the 2021 TM Services Agreement, if PNC follows a security procedure that is commercially reasonable (as determined by law), wher acting on an instruction, i.e., a funds transfer, PNC is “entitled to rely without investigation on such [i]nstruction[,]” and the accountholder “shall be bound by such [instruction, whether or not such [instruction is actually authorized by the [accountholder].” Id. Additionally, under the agreement, an accountholder's security procedures have the same effect as a signature. Id.
Plaintiff does not allege that PNC's security procedures were commercially unreasonable. Thus, based on plaintiff's allegations and its admissions in this case, the court cannot conclude that PNC breached the agreement when it was entitled to rely on a funds transfer instruction initiated using security verification, even when verification was not actually coming from the plaintiff.
Under Section 4A202(b) of the UCC:
If a bank and its customer have agreed that the authenticity of payment orders issued to the bank in the name of the customer as sender will be verified pursuant to a security procedure, a payment order received by the receiving bank is effective as the order of the customer, whether or not authorized, if:
(1) the security procedure is a commercially reasonable method of providing security against unauthorized payment orders; and
(2) the bank proves that it accepted the payment order in good faith and in compliance with the security procedure and any written agreement or instruction of the customer restricting acceptance of payment orders issued in the name of the customer.13 PA. CONS. STAT. § 4A202(b). Pursuant to Section 4A202(c) of the UCC:
Commercial reasonableness of a security procedure is a question of law to be determined by considering the wishes of the customer expressed to the bank, the circumstances of the customer known to the bank, including the size, type and frequency of payment orders normally issued by the customer to the bank, alternative security procedures offered to the customer and security procedures in general use by customers and receiving banks similarly situated.13 PA. CONS. STAT. § 4A202(c). A security procedure is deemed to be commercially reasonable if:
(1) the security procedure was chosen by the customer after the bank offered, and the customer refused, a security procedure that was commercially reasonable for that customer; and
(2) the customer expressly agreed in writing to be bound by any payment order, whether or not authorized, issued in its name and accepted by the bank in compliance with the security procedure chosen by the customer.Id.
The 2021 TM Services Agreement also disclaims PNC's responsibility to discover unauthorized disclosures of security procedures or a breach of security by plaintiff's employees or any third party. (See Id. (“We shall be entitled to accept any information, instruction, direct or transaction from any person using our Security Procedures. . .We also assume no responsibility to discover or audit for any unauthorized disclosure or use of the Security Procedure or any other breach of security by your employees. . .or any third party, and any losses resulting therefrom shall be solely your responsibility '')(emphasis added); see also Limitation of Liability, ECF p. 29 (“We shall have no responsibility, and shall incur no liability, for any act or omission of yours, or for any error, omission or inaccuracy in the information contained in any instruction.”)). Thus, the 2021 TM Services Agreement expressly limits PNC's liability under such circumstances judicially admitted in this case.
“The law of the Commonwealth does not disfavor limitation of liability provisions.” John B. Conomos, Inc., 831 A.2d at 704 (collecting cases). Furthermore, “[a]bsent unconscionability, limited liability provisions are binding or the parties that fashioned the terms of their agreement.” Id. (citing Vasilis v. Bell of Pa., 598 A.2d 52, 54 (Pa. Super. Ct. 1991)).
Moreover, the provisions cited by plaintiff specific to PINACLE services also do not necessarily obligate PNC to have notified plaintiff of the transfers. Under the 2021 TM Services Agreement, PNC makes an event notification service available to PINACLE users, but this service is not mandatory. (See Doc. 32-1, Exh. C, § II. A. Event Notification, ECF p. 17). Rather, “[o]perators have the option to receive notification of events online while using PINACLE, by email, by text message on the Operator's mobile device, or any combination of these delivery methods...” (Id. (emphasis added)). There are no allegations in the amended complaint that: 1) plaintiff selected a method of delivery for PINACLE event notifications or 2) those event notification services failed To the extent that plaintiff relies on this provision, plaintiff's amended complaint fails to state a claim.
In this case, plaintiff has proffered an agreement that limits PNC's liability and has admitted an occurrence that fits within circumstances where PNC's liability is disclaimed. Plaintiff has not made any compelling arguments calling this contractual limit of liability into question. Additionally, plaintiff has failed to identify contractual provisions obligating PNC to monitor and notify plaintiff of suspicious transactions. The amended complaint fails to state a breach of the 2021 TM Services Agreement's essential terms regarding monitoring and notification. Thus, PNC's motion to dismiss must be granted.
2. Secondary Authorizations
Plaintiff's last theory of recovery focuses on PNC's alleged breach of a contractual duty to use secondary authorizations before initiating fund transfers. The amended complaint, however, fails to identify an operative term in the 2021 TM Services Agreement that obligates PNC to do so. As discussed above, any earlier handwritten term purportedly requiring two-person authorization of transfers over $25,000 in the 2008 Master Resolution is superseded by the terms of the 2016 Master Resolution and the 2021 TM Services Agreement where that handwritten alteration is absent.
Plaintiff's citation to secondary authorization provisions within the 2021 TM Services Agreement is also unavailing. This matter involves the use of PNC PINACLE online banking services. Under the agreement:
Secondary authentication is used for authentication to log in to PINACLE when an additional layer of verification is required. Secondary authentication will use a security code that can be received by a delivery method, including by text message, email, token, and/or voice call.(See Doc. 32-1, Exh. C, § II. A., PINACLE, Secondary Authentication, ECF p. 27).
Regarding wire transfers specifically, several different provisions of the 2021 TM Services Agreement apply to secondary authorization. First, by its terms, PNC only will “execute payment orders if the individual(s) issuing the orders provides the authentication protocols (including password(s), PIN(s), token(s), or security codes(s)) and other information as required by [PNC].” (Id., * II. N., Funds Transfer, Issuing and Executing Payment Orders, ECF p. 69). Moreover: “Secondary authorization applies to certain Payment Orders issued via PINACLE. When applicable, it reguires a second Authorized Person to verify and approve a Payment Order by PINACLE prior to its acceptance by [PNC].” (Id., Secondary Authorization, ECF p. 69)(emphasis added)).
In this case, plaintiff has admitted that its employee provided the company's username, password, and additional security verification to a scammer. In effect, plaintiff has admitted that its employee provided information for that criminal actor to give PNC secondary authorization, whether PNC was reguired to obtain it or not under the terms of the 2021 TM Services Agreement. Thus, plaintiff's amended complaint fails to state a breach of contract claim and PNC's motion to dismiss must be granted.
3. Leave to Amend
Before dismissing a complaint for failure to state a claim upon which relief may be granted, a court must grant the plaintiff leave to amend, unless . amendment would be inequitable or futile. See Phillips, 515 F.3d at 245 (citing Grayson v. Mayview State Hospital, 293 F.3d 103, 114 (3d Cir. 2002)).
Permitting plaintiff to amend its common law breach of contract claim wouk be futile. Judge Conner afforded plaintiff that opportunity previously and plaintiff responded by amending its claim to include specific references to the 2021 TM Services Agreement, which precludes plaintiff's recovery under circumstances it has admitted.
Additionally, under Pennsylvania law, parties whose conflict arises out of a funds transfer should look first and foremost to Article 4A of the UCC for guidance in bringing and resolving their claims. See Fraqale v. Wells Fargo Bank, N.A., 480 F.Supp.3d 653, 659 (E.D. Pa. 2020)(citation omitted); see also Shooter Pops LLC v. Wells Fargo Bank, N.A., 649 F.Supp.3d 62, 66 (E.D. Pa. 2023) (“Article 4A of the UCC applies to claims arising out of wire transfers.”)(citations omitted).
The UCC displaces parallel common law claims: 1) when it supplies a comprehensive remedy; and 2) where reliance on the common law would thwart the purposes of the UCC. Env't Eguip. & Serv. Co. v. Wachovia Bank, N.A., 741 F.Supp.2d 705, 713 (E.D. Pa. 2010)(citing New Jersey Bank, N.A. v. Bradford Sec. Operations, Inc., 690 F.2d 339. 346 (3d Cir 1982). “The test is whether a [UCC] provision “would be rendered meaningless by allowance of common-law claim[s].” Perlberqer L Assocs., P.C. v. Wells Fargo Bank, N.A., 552 F.Supp. 3c 490, 497 (E.D. Pa. 2021)(quoting New Jersey Bank, NA, 690 F.2d at 346).
The drafters of Article 4A intended to establish “precise and detailed rules to assign responsibility, define behavioral norms, allocate risks and establish limits on liability, rather than to rely on broadly stated, flexible principles.” See 13 PA. CONS. STAT. § 4A102, cmt. Thus, “resort to principles of law or equity outside of Article 4A is not appropriate to create rights, duties and liabilities inconsistent with” Article 4A of the UCC. Id.
Under Article 4A, a plaintiff can recoup funds from a bank for unauthorized unverified, or even certain verified payment orders. See 13 PA. CONS. STAT. § 4A204 (“If a receiving bank accepts a payment order issued in the name of its customer as sender which is not authorized and not effective as the order of the customer under section 4A202 (relating to authorized and verified payment orders) or not enforceable, in whole or in part, against the customer under section 4A203 (relating to unenforceability of certain verified payment orders), the bank shall refund any payment of the payment order received from the customer to the extent the bank is not entitled to enforce payment.”).
But the risk of loss shifts from the bank to the customer where a payment order is verified by the bank, i.e., the bank and customer have agreed that the bank will verify the authenticity of any transfer pursuant to a security procedure, that procedure itself is commercially reasonable, and the bank acts in good faith and in compliance with the security procedure and in accord with any written agreement or instruction from the customer restricting payment orders. See 13 PA. CONS. STAT. § 4A202(b)(1)-(2).
The customer can potentially recover from the receiving bank for an unauthorized but verified payment order under certain conditions. See 13 PA. CONS. STAT. § 4A203(a)(2). Specifically, the customer must prove that the payment order was not caused, directly or indirectly, by a person:
(i) entrusted at any time with duties to act for the customer with respect to payment orders or the security procedure; or
(ii) who obtained access to transmitting facilities of the customer or who obtained, from a source controlled by the customer and without authority of the receiving bank, information facilitating breach of the security procedure, regardless of how the information was obtained or whether the customer was at fault.Id.
Based on the allegations in plaintiff's amended complaint and the admissions in plaintiff's briefing, Sections 4A202, 4A203, and 4A204 would displace the principles of law relied upon in forming plaintiff's claims. See 13 P CONS. STAT. § 1103 & cmts.
To the extent that the Electronic Funds Transfer Act, 15 U.S.C. § 1693, et seq. (“EFTA”) m< apply to these particular funds transfers, an EFTA action must be brought within one year fro the date of the occurrence of a statutory violation. 15 U.S.C. §1693m(g). Any EFTA claim in this matter would be time-barred.
Regarding whether PNC's security procedures were commercially unreasonable to support a claim under UCC Sections 4A202(b) and 4A204, plaintiff has not made any allegation in the amended complaint or in its brief in opposition despite the phrase “commercially reasonable” appearing prominently in relevant provisions of the 2021 TM Services Agreement limiting PNC's liabilit The best argument offered by plaintiff in its current contract claim is that PNC “ought not” to be able to rely on that limitation of liability. (Doc. 39, Br. in Opp. a 8). Accordingly, any potential claim against PNC for authorized but unverified payment orders would fail.
To recover under Section 4A203(a)(2) when a payment order is verified b security procedures, a customer must prove that the payment order was not caused, directly or indirectly, by a person: (i) entrusted at any time with duties t(act for the customer with respect to payment orders or the security procedure; c (ii) who obtained access to transmitting facilities of the customer or who obtaine from a source controlled by the customer and without authority of the receiving bank, information facilitating breach of the security procedure. Plaintiff has admitted that its employee with access to PINACLE provided information to a criminal actor to bypass whatever security procedures were actually in place to obtain access to PINACLE and initiate payment orders. 13 PA. CONS. STAT. § 4A203(a)(2). Consequently, a claim brought pursuant to Sections 4A203(a)(3) and 4A204 would be futile. Thus, the motion to dismiss will be granted without leave to amend and this case will be dismissed.
Conclusion
For the reasons set forth above, PNC's motion to dismiss plaintiff's amended complaint will be granted without leave for plaintiff to amend and the Clerk of Court will be directed to close this case. An appropriate order follows.