From Casetext: Smarter Legal Research

Security First Network Bank v. C.A.P.S., Inc.

United States District Court, N.D. Illinois
Oct 7, 2003
No. 01C 342 (N.D. Ill. Oct. 7, 2003)

Opinion

No. 01C 342

October 7, 2003


MEMORANDUM OPINION AND ORDER


This civil action arises from a fraud perpetrated by an individual, Joseph V. Sykes ("Sykes"), on several unsuspecting financial institutions and their respective customers in early January, 2000. Before the court are The Northern Trust Company's ("Northern Trust") motion for partial summary judgment on Count I of its counterclaim and The LaSalle Bank's ("LaSalle") motion for summary judgment. Both parties move for summary judgment on their respective counterclaims against Security First Network Bank ("Security First") asserting that it breached several warranties under the 2000 Operating Rules of the National Automated Clearing House Association ("NACHA") and must indemnify Northern Trust and LaSalle for all costs and expenses incurred directly or indirectly as a result of cross-claims filed by their respective bank customers. The court has diversity jurisdiction under 28 U.S.C. § 1332(a)(1) because there is complete diversity of citizenship between plaintiff/counterdefendant and defendants/counterplaintiffs and the amount in controversy exceeds $75,000. For the reasons set forth below, the court grants the motions.

On August 7, 2002, this court dismissed this case without prejudice because the parties had not established diversity jurisdiction. The respective parties then filed supplemental statements of undisputed facts properly alleging jurisdiction, and the case was reinstated on September 4, 2003.
Defendant/counterplaintiffs are Northern Trust, LaSalle, C.A.P.S., Inc.("C.A.P.S."), and Saks, Incorporated ("Saks"). Northern Trust is banking corporation organized under the laws of Illinois, with its principal place of business in Illinois. LaSalle is a National Banking Association formed under the laws of the United States. Illinois is listed as on its charter and its principal place of business is Illinois. C.A.P.S. is incorporated and has its principal place of business in Illinois. Saks is incorporated in Tennessee and has its principal place of business in Alabama.
Plaintiff/counterdefendant Security First, which no longer exists as an entity, was a federal savings bank chartered under the laws of the United States. It admits that its principal place of business was Georgia and that it was a citizen of Georgia. (Security First's Resp. to LaSalle's Supplement to Statement of Undisputed Facts L.R. 56.1 ¶ 17.)
The citizenship of third-party defendants Goldman and Sykes is not clear from the pleadings. However, a third-party claim brought under Rule 14(a) of the Federal Rules of Civil Procedure does not require independent jurisdictional grounds, but is an ancillary claim to the original suit. See People of the State of Illinois, for use of Trust Co. of Chicago v. Maryland Casualty Co., 132 F.2d 850, 855 (7th Cir. 1942).
Because Security First is a citizen of Georgia and the defendants/counterplaintiffs are citizens of other states, there is complete diversity of citizenship between the parties. Because both C.A.P.S. and Northern Trust are citizens of Illinois, the court exercises supplemental jurisdiction under 28 U.S.C. § 1367(a) over C.A.P.S. cross-claim against Security First.

SUMMARY JUDGMENT STANDARDS

Summary judgment obviates the need for a trial where there is no genuine issue as to any material fact and the moving party is entitled to judgment as a matter of law. Fed.R.Civ.P. 56(c). To determine whether any genuine fact exists, the court must pierce the pleadings and assess the proof as presented in depositions, answers to interrogatories, admissions, and affidavits that are part of the record. Fed.R.Civ.P. 56(c) Advisory Committee's notes. The party seeking summary judgment bears the initial burden of proving there is no genuine issue of material fact. Celotex Corp. v. Catrett, 477 U.S. 317, 323 (1986). In response, the nonmoving party cannot rest on bare pleadings alone but must use the evidentiary tools listed above to designate specific material facts showing that there is a genuine issue for trial. Id. at 324; Insolia v. Philip Morris Inc., 216 F.3d 596, 598 (7th Cir. 2000). A material fact must be outcome determinative under the governing law. Insolia, 216 F.3d at 598-99. Although a bare contention that an issue of fact exists is insufficient to create a factual dispute, Bellaver v. Quanex Corp., 200 F.3d 485, 492 (7th Cir. 2000), the court must construe all facts in a light most favorable to the nonmoving party as well as view all reasonable inferences in that party's favor. Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 255 (1986).

FACTS STATED IN A LIGHT MOST FAVORABLE TO THE NONMOVING PARTY

As with every summary judgment motion, the court accepts the nonmoving party's version of any disputed fact where it is arguably supported by the record. Pluta v. Ford Motor Co., 110 F. Supp.2d 742, 744 (N.D. Ill. 2000).

On or about December 7, 1999, Sykes applied for a checking account with Security First. Using what appeared to be a valid driver's license and two utility bills, Sykes represented to Security First that he was Marvin L. Goldman ("Goldman"). Thereafter, Security First opened an account under Goldman's name ("the Goldman account"). (Security First's Resp. to Northern Trust L.R. 56.1 ¶ 18.) Between January 6 and January 12, 2000, Sykes, posing as Goldman, asked Security First to initiate several funds transfers through the Automated Clearing House ("ACH") network, a national processing and delivery system that provides for the distribution and settlement of electronic credits and debits among financial institutions. In response to Goldman's request, on January 6, 10, and 12, 2000, Security First transmitted instructions to Northern Trust to debit $175,000 against account number 30175914, an account held by Consolidated Artist's Payroll Service ("C.A.P.S.") at Northern Trust. (Id. at ¶ 23.) On or about January 11 and 13, 2000, Security First transmitted instructions to LaSalle to debit $450,000 against account 559-0019500, an account held by Saks, Incorporated ("Saks") at LaSalle. (Security First's Resp. to LaSalle L.R. 56.1 ¶ 3.) These transactions resulted in the transfer of approximately $1,500,000 into the Goldman account ($900,000 from Saks' account and $525,000 from C.A.P.S.' account). (Security First's Resp. to Northern Trust L.R. 56.1 ¶ 22, 23; Security First's Resp. to LaSalle L.R. 56.1 ¶ 3, 4, 6.) Neither C.A.P.S. nor Saks authorized Goldman to debit their accounts. (Security First's Resp. to LaSalle L.R. 56.1 ¶ 5; Security First's Resp. to Northern Trust L.R. 56.1 ¶ 20.) Goldman subsequently transferred approximately $508,455 of the total amount to third parties. (Plea Agreement in United States v. Joseph Vaundry Sykes, No. 01 CR 647 (N.D. Ill. August 28, 2002)).

The "real" Goldman also happens to be a third-party defendant in this action. But, for purposes of this memorandum opinion and order, all references to Goldman concern Sykes's identity fraud.

Prior to processing at least one request, on or about January 6, 2000, a Security First employee contacted a Northern Trust employee to confirm information regarding one of Goldman's ACH requests. The Security First employee told the Northern Trust employee that Security First was processing a request by a "mutual customer." (Hinley Dep. at 101.) The Security First employee identified the account number. The Northern Trust employee then asked the Security First employee for the name of the account holder. The Security First employee gave Goldman's name. The Northern Trust employee said nothing about the name on the account, but verified that the account contained sufficient funds to process the transaction. (Id. at 102-03.)

The parties stipulate to the transcription of the Security First employee's call to the Northern Trust employee on January 6, 2003 as follows:

Introduction: Client services main toll free number.
[Northern Trust]: Good afternoon, thank you for calling Northern Trust Client Services. My name is Patrice, how may I help you?
[Security First]: Hi, there. My name is Andrew calling from Security First Network Bank in Atlanta, Georgia. How are you today?

Patrice: Alright and you.
Andrew: Good, thanks. A mutual customer of ours is attempting to do a transfer from his bank at Northern Trust to our . . . he has an account with us.

Patrice: Ok.
Andrew: And I just want to know if his balance will support such a transfer.

Patrice: Ok. And the account number?
Andrew: The account number is 30175914.
Patrice: One moment. 30175914?
Andrew: Yes ma'am.
Patrice: The name on the account?
Andrew: Marvin Goldman.
Patrice: Yes, at this time $175,000 is available.
Andrew: Thank you very kindly. I certainly appreciate your help.

(Security First's Resp. To Northern Trust L.R. 56.1, Ex. O.2.)
Further, Robert Andrew Hinley ("Hinley") made the phone call on behalf of Security First. At that time, he was an Operations Analyst for Security First. (Hinley Dep. at 10.) He testified that neither the Northern Trust employee nor he "verified" that Goldman was the Northern Trust account holder. (Id. at 102.) Nevertheless, he subsequently testified that he believed that, when the Northern Trust employee asked him the account holder's name, she was asking for the name of the Northern Trust account holder and that he was giving her that information. (Id. at 174-75.)

A few days later, Security First received "returns" for insufficient funds from several banks that Goldman had submitted ACH requests for debit entries. Security First then began to monitor Goldman's requests, even instituting procedures whereby any additional ACH requests by Goldman had to be approved by the vice president of customer care or a management official in charge of fraud and internal auditing. (Id. at 108-10.)

On or about January 14, 2000, a Security First employee called Northern Trust and LaSalle as well as other banks to which it had transmitted Goldman's previous requests. Security First claims that Northern Trust confirmed that Goldman was authorized to withdraw funds from C.A.P.S.' account. (Security First's Resp. to Northern Trust L.R. 56.1 ¶ 26.) However, the Security First employee who made the call never indicated that he was calling about an ACH transaction. (Hinley Dep. at 146-47.) As for its call to LaSalle, the Security First employee learned that Goldman was not the account holder, but did not indicate to LaSalle that he was trying to authenticate or verify that Goldman was authorized to debit the account at issue. (Hinley Dep. at 199.)

The Security First employee claims in his affidavit that his phone call put LaSalle "on notice of the potential problem." (Hinley Affidavit ¶ 9.) However, during his deposition, the employee was asked directly if he "at any time during that conversation indicate[d] to them that [he] was trying to authenticate or verify that Mr. Goldman was authorized to withdraw funds from that account" The employee replied, "I did not." (Hinley Dep. at 199.) Thus, the court finds no genuine issue of material fact that the Security First employee did not put LaSalle "on notice" of the unauthorized transactions. See Piscione v. Ernst Young L.L.P., 171 F.3d 527, 532-33 (7th Cir. 1999) ("[W]hen a conflict arises between a plaintiff's sworn deposition and his sworn affidavit, the deposition testimony overrides statements made in the affidavit.").

At some unspecified time, Security First learned that Sykes had committed identity fraud and froze the Goldman account which contained, at the time, approximately $900,000 (the "Remaining Debit Proceeds"). Currently, Sykes is incarcerated in a federal prison for the bank fraud that he perpetrated on the parties here as well as on other non-party financial institutions. (Plea Agreement in United States v. Joseph Vaundry Sykes, No. 01 CR 647 (N.D. Ill. August 28, 2002) Security First has managed to recoup some of the money credited to the Goldman account under 28 U.S.C. § 1335.

Thereafter, Security First filed a complaint for interpleader in the United States District Court for the Northern District of Georgia against defendants to resolve the disbursement of the remaining debit proceeds and the recouped money. In January 2001, this case was transferred to the Northern District of Illinois where it is now before the undersigned. Although this court dismissed the complaint for interpleader on March 29, 2002, see Security First Network Bank v. C.A.P.S., Inc., No. 01 C 0342, 2002 WL 485352, at *13 (N.D. Ill. Mar. 29, 2OO2), this litigation proceeds a consequence of the various counterclaims and cross-claims filed by Northern Trust, LaSalle, C.A.P.S. and Saks.

Security First processed ACH requests totaling approximately $900,000 in debit entries to Saks's account with LaSalle. Saks recovered over $600,000 and claims its loss now totals approximately $255,000. (Security First's Resp. To LaSalle L.R. 56.1, Ex. F, Saks Inc.'s Answers To Security First's First Interrogatories ¶ 3.)
Security First processed ACH requests totaling approximately $525,000 in debit entries to C.A.P.S.'s account with Northern Trust. (Security First's Resp. To Northern Trust L.R. 56.1, Ex. M, Am. Resp. Of C.A.P.S., INC. To Northern's First Request For Admissions ¶ 2.) The parties make no representations concerning how much C.A.P.S. recovered and what is its claimed loss. Based on the court's review of the interpleader action, however, C.A.P.S. apparently recovered $300,000 and claims a loss of approximately $225,000.

DISCUSSION

Before addressing the issues in this case, it is appropriate to review the framework for an ACH transaction. There are typically five participants in an ACH transaction: (1) the originating company or individual ("Originator"); (2) the Originating Depository Financial Institution ("ODFI"); (3) the ACH Operator; (4) the Receiving Depository Financial Institution ("RDFI"); and (5) the receiving company or individual ("Receiver"). 2000 ACH Rules, An ACH Primer, at 1. For an ACH transaction to occur, the Receiver must authorize an Originator to Initiate an ACH entry-a credit or debit-to the Receiver's account with the RDFI. The Originator agrees to initiate ACH entries according to its arrangement with a Receiver. The ODFI receives payment instructions from the Originator. The ODFI then forwards the entry to the ACH Operator, which is the central clearing facility operated by a private organization or a Federal Reserve Bank on behalf of DFIs, to or from which DFIs transmit or receive ACH entries. The RDFI receives the ACH entry from the ACH Operator and posts the entry to the account of the Receiver. Id. at 2; see also 2000 NACHA Operating Rule § 13.1 (Definitions).

All ACH transactions are governed by the National Automated Clearing House Association ("NACHA") Operating Rules. NACHA Rule 1.1. Under NACHA Rule § 2.2, an ODFI sending an entry warrants to each RDFI that

each entry transmitted by the ODFI to an ACH Operator is in accordance with proper authorization provided by the Originator and Receiver, §§ 2.2.1.1;
each debit entry is for an amount which on the Settlement date will be due and owing to the Originator from the Receiver, is for a sum specified by the Receiver to be paid to the Originator, or is to correct a previously transmitted erroneous credit entry, §§ 2.2.1.2; and
[e]ach entry transmitted by the ODFI to an ACH Operator contains the correct Receiver account number . . .,§§ 2.2.1.7.

In the transactions at issue in this case, Goldman was the Originator, Security First was the ODFI, Northern Trust and LaSalle were the RDFIs, and C.A.P.S. and Saks were the Receivers. By transmitting the entries in question to Northern Trust and LaSalle, Security First warranted to Northern Trust and LaSalle that the entries were properly authorized by C.A.P.S. and Saks. Neither C.A.P.S. nor Saks authorized the entries that Security First transmitted to Northern Trust and LaSalle. Thus, the entries were not properly authorized, and Security First breached its warranties to Northern Trust and LaSalle. NACHA Rule § 2.2.3 states

Security First argues that Goldman was the Receiver, because he "purportedly owned the account receiving the debit instructions, and because he was apparently authorized to withdraw funds from the Account." (Security First's Brief in Opp'n to Northern Trust's Mot. for Summ. J., at 3.) (emphasis added). However, under the NACHA Rules, there can be no doubt that Goldman was not a Receiver. As applied to the debit transactions at issue, NACHA defines a "Receiver" as

a person that has authorized an Originator to initiate . . . a debit entry to the Receiver's transaction account with an RDFI. With respect to debit entries, the term "Receiver" shall be deemed to mean all persons whose signatures are required to withdraw funds for the purposes of the warranty provisions of subsection 2.2.1 (Warranties).

NACHA Rule § 13.1.39. C.A.P.S. and Saks owned the accounts which were debited. Goldman was not a signatory on either account. Thus, Goldman was not a Receiver.

In this case, the breach of the warranty of proper authorization, NACHA Rule §§ 2.2.1.1, necessarily entailed a breach of the warranty that the debit entries were "due and owing to the Originator from the Receiver," Rule §§ 2.2.1.2, and the warranty that each entry transmitted by the ODFI to an ACH Operator contained the correct Receiver account number, Rule §§ 2.2.1.7. Thus, the court only addresses the breach of the warranty of proper authorization in the discussion below.

Each ODFI breaching any of the preceding warranties shall indemnify every RDFI . . . from and against any and all claim, demand, loss, liability, or expense, including attorneys' fees and costs, that result directly or indirectly from the breach of warranty or the debiting or crediting of the entry to the Receiver's account.

Because Security First breached its warranty of proper authorization, it must indemnify Northern Trust and LaSalle for the costs and expenses they incurred as a result of Security First's breach. None of Security First's arguments provide any reasons for holding otherwise.

a. Warranty to Northern Trust

Security First argues that it made no warranty to Northern Trust. On January 6, 2003, Security First called Northern Trust to verify the information given by Goldman. Northern Trust confirmed that sufficient funds were in the account and, when Security First stated that the name on the account was "Marvin Goldman," Northern Trust did not alert Security First that Goldman was not authorized by the Receiver. Based on these facts, Security First asserts that the warranty of proper authorization has no application where, as here, "the intended beneficiary of the warranty has knowledge of the actual facts [that Goldman was not an authorized Receiver] superior to that of the supposed warrantor." (Security First's Br. In Opp'n To Northern Trust's Mot. For Summary J. at 5.)

As support for its argument, Security First relies on Keller v. Flynn, which states, in pertinent part,

The law is well established that no particular words or forms of expression are

necessary to create an express warranty. . . . To determine whether or not there is a warranty, the decisive test is whether the vendor assumes to assert a fact of which the buyer is ignorant, or merely states an opinion or judgment on a matter of which the vendor has no special knowledge, and on which the buyer may be expected also to have an opinion and to exercise his judgment.
346 Ill. App. 499, 508, 105 N.E.2d 532, 536 (2d Dist. 1952) (holding that the seller made an express warranty that he was selling healthy hogs to the buyer). Security First further cites cases that turned on whether the seller made express or implied warranties to the buyer concerning defects in the goods or property sold to the buyer. See Hayes v. Gen. Elec. Co., 151 F. Supp.2d 1001, 1013-14 (N.D. Ill. 2001) (holding that an implied warranty does not apply where the buyer had knowledge of the purportedly warranted defects prior to purchase of the item); McClure v. Sennstrom, 267 Ill. App.3d 277, 281-82, 642 N.E.2d 885, 888 (2d Dist. 1994) (holding that an implied warranty of habitability applied such that the home buyers could sue the builder-seller for latent defects in their new house which rested on foundation from the previous house); Sass v. Spradlin, 66 Ill. App.3d 976, 981, 384 N.E.2d 464, 467 (2d Dist. 1978) (holding that the seller made no implied warranty as to the condition of the truck but he did make an express warranty under the UCC that the truck was in "undamaged condition"); Weiss v. Rockwell Mfg. Co., Ill. App.3d 906, 915, 293 N.E.2d 375, 381 (1st Dist. 1973) (holding no warranty under the UCC because "the vendor here certainly did not assert a fact of which the buyer was ignorant. [The defendant] was not possessed of any special knowledge.").

Security First's reliance on these cases is unavailing. Each of these cases concerns whether a seller made an express or implied warranty to a buyer purchasing goods or property.

Throughout their briefs, both Security First and Northern Trust address whether the Uniform Commercial Code ("UCC") presentment warranties serve as "gap-fillers" to the NACHA Rules. Although both parties are in agreement that the court need not rely on the UCC presentment warranties as gap-fillers, they cite case law throughout their briefs that concern other UCC warranty provisions.
The court previously explored the issue of whether the UCC presentment warranties served as gap-fillers to the NACHA Rules. Security First, 2002 WL 485352, at *6 n. 7. Specifically, it stated that NACHA Rule § 13.1.20 provides that a debit entry means an item for purposes of Article 4 of the UCC and that Article 4 protections are incorporated into the parties' agreement unless they are inconsistent with the NACHA Rules. Id. Nonetheless, it declines to find that the UCC presentment warranties provide a gap-filler to resolve the issues in this case.

None of them addresses whether an express warranty attaches to a transaction where "the intended beneficiary of the warranty has knowledge of the actual facts superior to that of the supposed warrantor." But even if the court accepts the legal principle that Security First proposes, it is of no help here. Security First has presented no facts that show that the Northern Trust employee had information that the transfers were not authorized over the ACH Network. Northern Trust verified that sufficient funds were in the account that Security First identified by the account number. When Security First stated that Goldman's name was on the account, Northern Trust did not mention that Goldman's name was not on the account. This does not show that Northern Trust had "knowledge of the actual facts superior" to Security First. In fact, NACHA Rule § 4.1.4 allows an RDFI to "rely solely on the account number," even if other information in a debit entry is inconsistent. Thus, according to the NACHA Rules, Northern Trust could assume that the debit request was authorized despite the fact that Goldman's name was not on the Receiver's account. Security First seems to believe that, because the inconsistent information was conveyed to Northern Trust in a telephone call, the result should be different from where the inconsistent information had been conveyed solely through an electronic entry. This court finds no reason to draw such a distinction. The court finds that Security First warranted to Northern Trust that the debit entries at issue were properly authorized. b. Proper Authorization

Security First claims that Northern Trust verified that Goldman was an authorized Receiver for the C.A.P.S. account during the phone call made on January 14, 2002. However, Security First sent the last of the three debit entries to Northern Trust on January 12, 2002. Thus, the January 14, 2002, call is not relevant to the warranty that had already attached to the entries on January 6, 10, and 12, 2002, when Security First sent the entries.

Based on the same set of facts, Security First argues that there are genuine issues of material fact as to whether Northern Trust relied on any warranty by Security First. As support for this assertion, it cites cases that concerned whether the plaintiff waived the warranties provided by the defendant. See Spectramed Inc. v. Gould, 304 Ill. App.3d 762, 775, 710 N.E.2d 1, 9 (1st Dist. 1998) (determining questions of facts existed as to whether the plaintiff waived the warranty provision such that the plaintiff "actually relied on the warranties"); Harrington v. Kay, 136 Ill. App.3d 561, 563, 483 N.E.2d 560, 564 (1st Dist. 1985) ("upholding trial court's determination that the plaintiff waived the warranty provision). As relevant here, the court in Harrington stated:

Parties to a contract have the power to waive provisions placed in the contract for their benefit. . . . Such a waiver may be established by conduct indicating that strict compliance with the contractual provision will not be required . . . [A]n implied waiver of a legal right may arise when the conduct of the person against whom the waiver is asserted is inconsistent with any other intention than to waive it.
136 Ill. App.3d at 563-64; 483 N.E.2d at 563. Because Security First does not show that Northern Trust knew the entries were unauthorized, it is unable to show that Northern Trust waived the warranty of proper authorization.

Security First argues that its reliance on Goldman's facially proper documentation satisfied its obligation to Northern Trust and LaSalle to ensure "proper authorization." In other words, the "NACHA should not be construed to make the ODFI a guarantor of something that the ODFI does not and cannot know: whether the person having authority over the account receiving the debit instruction has in fact authorized the debit." (Security First's Br. In Opp'n To LaSalle's Mot. For Summ. J., at 5.) The ODFI warranty of proper authorization is not contingent on whether the ODFI believes an entry is properly authorized, but on whether it is, in fact, authorized. The warranty language is unambiguous on this point. NACHA Rules §§ 2.2.1 2.2.1.1 make it clear that an ODFI that transmits an entry that is not properly authorized commits a breach. The NACHA Rules specify that only a Receiver can authorize an Originator to initiate a debit entry in a Receiver's account. NACHA Rule § 13.1.39. Goldman was not an authorized Receiver on either CAPS' or Saks' account, and Security First's belief that he was does not make it so. Thus, Security First transmitted the entries to Northern Trust and LaSalle without proper authorization.

c. Banker's Privilege

Security First invokes the "banker's privilege" to argue that it should not be held liable for breaching its warranty of proper authorization to Northern Trust and LaSalle. The "banker's privilege" frees a bank from a duty to investigate the propriety of each customer transaction or otherwise act as an insurer of its customers' orders. A bank is not liable to third parties where it "slavishly follows" a customer's instructions, even if the customer "devised these instructions to cheat" the third person. General Electric v. Central Bank, 49 F.3d 280, 281 (7th Cir. 1995).

All of the cases on which Security First relies to support its invocation of the banker's privilege deal with tort actions, not contract or warranty actions. See id.; Eisenberg v. Wachovia Bank, N.A., 301 F.3d 220 (4th Cir. 2002) (negligence); Aetna Cas. Sur. Co. v. Leahey Constr. Co., 219 F.3d 519 (6th Cir. 2000) (fraud and negligence); Chrysler Credit Corp. v. Whitney Nat'l Bank, 798 F. Supp. 1234 (E.D. La. 1992) (conversion); Volpe v. Fleet Nat'I Bank, 710 A.2d 661 (R.I. 1998) (restitution); McCallum v. Rizzo, 1995 WL 1146812 (Mass.Super. Oct 13, 1995) (negligence). In a tort action, the court must decide if the defendant owes a duty to the plaintiff. See, e.g. Eisenberg, 301 F.3d at 224-25. The banker's privilege cases hold that a bank does not have a general duty to non-customer third parties. See General Elec., 49 F.3d at 281. In warranty or contract actions, however, the defendant has expressly assumed a duty by agreeing to the warranty or contract. Thus, the banker's privilege is not applicable. Security First expressly assumed a duty to Northern Trust and LaSalle to ensure that any entries it transmitted to them were properly authorized. The banker's privilege cannot shield them from liability if they failed to do so.

d. Negligence

Security First argues that it cannot be held liable for breach because it was not negligent in processing the entries, while Northern Trust and LaSalle were negligent. Again, Security First confuses tort and contract liability. Contract liability, unlike tort liability, is strict. See Evra Corp. v. Swiss Bank Corp., 673 F.2d 951, 956-7 (7th Cir. 1982) ("Contract liability is strict. . . . And while such contract doctrines as impossibility, impracticality, and frustration relieve promisors from liability for some failures to perform that are beyond their control, many other such failures are actionable though they could not have been prevented by the exercise of due care."); Album Graphics, Inc. v. Beatrice Foods Co., 87 Ill. App.3d 338, 350, 408 N.E.2d 1041, 1050 (1st Dist. 1980) ("Whether one intentionally, carelessly, or innocently breaches a contract, he is still considered to be in breach of that contract and extent of his liability is generally the same."). Moreover, the NACHA Rules conspicuously omit any reference to negligence or fault in the warranty and indemnity provisions at issue. See NACHA Rules §§ 2.2.1 2.2.3. The 2000 NACHA Operating Guidelines state plainly, "The ODFI is totally responsible for entries originated by its companies." 2000 Operating Guidelines § 2, ch. 2 at 28 (emphasis added). Nothing in the NACHA Rules or Operating Guidelines suggest that an ODFI can escape this responsibility by exercising commercial reasonableness. Thus, it is irrelevant whether Security First was negligent or not.

Security First argues that "if NACHA's intent was for the ODFI to bear the ultimate responsibility of ensuring that all transactions were in fact authorized, it would have done so expressly rather than by implication through §§ 2.2.1.1." (Security First's Brief in Opp'n to LaSalle's Mot. for Summ. J. at 8). It is difficult to imagine how NACHA could have stated its intent more clearly than this.

Security First argues, however, that liability under the NACHA Rules is not strict, "for requiring an ODFI to actually verify each transaction by investigating the genuineness of its customers' instructions would make the ODFI an insurer of every such transaction." Instead of strict liability, Security First argues that the NACHA Rules place responsibility for failing to detect wrongdoing on negligent parties. Security First suggests that the NACHA has "designed parallel provisions that require each party to fulfill its own responsibilities," comparing NACHA Rule § 2.2 (ODFI warranties) with § 4.2 (RDFI warranties). Under the NACHA Rules, an RDFI warrants only that "it has the power under applicable law to receive entries." Specifically, it warrants that it is a participating DFI which must (1) be authorized by law to accept deposits, (2) be assigned a routing number by Thompson Financial Publishing, and (3) agree to be bound by NACHA Rules. See NACHA Rules §§ 4.2, 13.1.31, 13.1.41. Contrary to Security First's claim, this is not a "parallel" warranty to the ODFI's obligation to guarantee that the entries are authorized by the Originator and Receiver. Had the NACHA intended an RDFI to share in the responsibility for ensuring that entries were properly authorized, the Rules would have made that clear. Instead, the NACHA Rules and Operating Guidelines only make clear that an ODFI is responsible for ensuring that entries are authorized and that the ODFI indemnifies the RDFI if the entries are not authorized. The Rules do not incorporate, indeed do not even mention, any conception of comparative or contributory negligence.

Security First also argues that the return provisions of § 5 of the NACHA Rules place the ultimate responsibility on the Receiver and the RDFI to notice errors affecting their own accounts and to act thereon in a timely fashion. Under NACHA Rule § 5.1, an RDFI may return an entry to an ODFI for any reason. Under Rule § 5.2.1, an ODFI is permitted to reject any return not made within two business days and which would cause a loss to the ODFI. Security First argues that this provision would be meaningless if an ODFI is strictly liable under § 2.2 for the ultimate propriety of each action. However, return of a debit entry by an RDFI is not mandatory. See NACHA Rule § 5.2.1. The NACHA Operating Guidelines make it clear that the return process is an alternate means of recovery for unauthorized debits:

An ODFI may receive a request from an RDFI to accept the return of a . . . debit when the time frame for the return has expired on the premise that the RDFI's account holder (the Receiver) claims that the debit was unauthorized. Although the NACHA Operating Rules do not require that an ODFI act upon such a request, the ODFI should carefully consider its warranty that all transactions are properly authorized. It is recommended that the ODFI establish procedures to determine the validity of the claim. Failure to agree to accept such a return may not alleviate the ODFI of its warranty and subsequent liability if the RDFI or Receiver chooses to pursue the claim out of the ACH return process.

2000 Operating Guidelines § 2, ch. 2 at 34 (emphasis added). It is evident that the RDFI does not have any obligation to return entries, and that the absence of a return does not eliminate the ODFI's liability for breach of its warranty. The excerpt further makes clear that an RDFI may chose to pursue a remedy outside the ACH return process. Thus, the return provisions cannot be interpreted to impose additional duties on RDFI's or in any way relieve the ODFI of its warranty obligations.

Ultimately, Security First's argument is based not on what the NACHA Rules dictate, but on what Security First believes the Rules should dictate. Security First argues, for instance, that "if ODFIs were so required [to investigate the authorization of each entry], they would ordinarily fulfill such a duty principally by contacting each RDFI associated with each transaction to confirm the Receiver's authorization as well as the RDFI's authority to process such a transaction. The RDFI, in turn, would have to confirm such transaction with its customer, the Receiver. These burdensome steps, however, would be unnecessary if each party to an ACH transaction was simply responsible for the information within its own control." (Security First's Brief in Opp'n to Northern Trust's Mot. for Summ. J., at 9.) This may be so, but it is not what the NACHA Rules dictate. Security First fails to recognize that the NACHA Rules were designed to facilitate efficient electronic transactions by assigning risk and guiding behavior before a transaction takes place. See NACHA Operating Guidelines § 1, at OG 2 (Development and Overview of the System) ("The ACH Network . . . allows a financial institution in one geographic region to originate and/or receive entries from an ACH Operator in another geographic region. Processing arrangements and agreements must be in place prior to the handling of entries in this manner."). The United States District Court for the Southern District of New York illustrated this concept in considering similar questions arising under the UCC:

Tort law is designed primarily to apportion loss. Because it is typically imposed on lay parties with little or no appreciation of its finer points, only secondarily can it hope to guide behavior so as to minimize harm. Rather, it most often becomes relevant only after the fact; the courts are asked to decide who must bear or respond for a loss previously incurred, and to what degree. As such, its guiding principle is fairness. In tort law courts have equated fairness with fault. The rule of comparative negligence is a perfect expression of this principle.
The UCC, however, was designed to facilitate commerce primarily by guiding and making predictable the consequences of behavior. It is imposed primarily upon a comparatively sophisticated group, businessmen and bankers, who look to the provisions to direct their business transactions. This is not to overlook the loss allocation function. Rules designed to guide behavior are inevitably turned against those who fail to follow them, and even the most carefully planned transactions may end in dispute. This function, however, is secondary to the creation of a system of rules to bring order and predictability to commercial transactions.
U.S. Fid. Guaranty Co. v. Fed. Res. of N.Y., 620 F. Supp. 361, 370 (S.D.N.Y. 1985). Following these principles, the court refused to borrow common law comparative or contributory negligence principles in deciding claims under the UCC. Id. The NACHA Rules are a similar system to the UCC-they are designed to facilitate the flow of commerce through ACH transactions, in the same way that UCC Article 4 is designed to facilitate the flow of commerce through check transactions and UCC Article 4A through electronic funds transfers. In fact, the NACHA Rules refer to the UCC for guidance with respect to check and credit entries. See NACHA Rules §§ 1.6, 2.9, 4.2, 5.1, 13.1.6. Just as it was inappropriate in the US.FG case to borrow negligence concepts for use in the UCC, it would likewise be inappropriate to graft those same common law concepts onto NACHA's system of rules that were designed to guide and make predictable the consequences of behavior in ACH transactions.

e. Causation and Mitigation of Loss

Security First argues that, even if it breached its warranty to Northern Trust and LaSalle, there are genuine issues of material fact as to whether the acts or omissions of Northern Trust and LaSalle were intervening, superseding causes of the losses or whether Northern Trust and LaSalle should have mitigated their losses. Security First claims that Northern Trust and LaSalle violated their respective ACH service agreements with C.A.P.S. and Saks, failed to utilize their account safety features, failed to return the debit entries under NACHA Rule § 5.1, and failed to act when Security First notified them of the suspected fraud. Thus, Security First claims that Northern Trust and LaSalle caused their own losses in whole or in part, and therefore Security First has no responsibility to indemnify Northern Trust and LaSalle for the resulting losses.

Where a warrantor has breached a warranty, the warrantor is obligated to pay damages in the amount of the loss suifered as a result of the breach. Although Security First uses language "ex delicto," presumably it is merely arguing that the losses did not result from the breach but from another cause.

None of the facts on which Security First relies raises a genuine issue of material fact regarding causation. In determining causation, the court asks whether, absent the defendant's conduct, the injury would have occurred. First Springfield Bank Trust v. Galman, 188 Ill.2d 252, 260, 720 N.E.2d 1068, 1073 (1999). It is clear that, had Security First not transmitted the unauthorized debit entries to Northern Trust and LaSalle, C.A.P.S.' and Saks' accounts would not have been debited. Even if Northern Trust and LaSalle were negligent, their negligence was not a superseding cause that insulates Security First from liability. In order to become a superseding cause, an intervening cause must be one that breaks the causal chain between the original wrongful act and the injury and becomes a direct and immediate cause of the injury. See, e.g., Ney v. Yellow Cab Co., 2 I11.2d 74, 79, 117 N.E.2d 74, 78 (1954). Northern Trust's and LaSalle's failure to "catch" the unauthorized debits cannot be considered a direct and immediate cause of the resulting losses any more than the failure of a fire alarm to ring can be considered a direct and immediate cause of a building burning down. Thus, even if Northern Trust and LaSalle were negligent, their negligence cannot shield Security First from liability for the resulting losses.

Furthermore, NACHA Rule § 2.2.3 provides that an ODFI breaching a warranty shall indemnify every RDFI for those losses "that result directly or indirectly from the breach of warranty or the debiting or crediting of the entry to the Receiver's account." If the rule provided indemnification only for "direct" harm, then Security First's allegation that the actions or omissions of Northern Trust and LaSalle played a role in causing their own losses might raise a genuine issue of material fact as to causation. However, the rule requires Security First to indemnify Northern Trust and LaSalle for losses "indirectly" caused by Security First's breach of warranty. Thus, an ODFI must indemnify an RDFI for any and all resulting harms, even if the

ODFI's breach was only a partial, concurrent, or indirect cause of that harm. The resulting chain of events and harm in this case stemmed from Security First's original breach. Thus, Security First, at least, indirectly caused the resulting losses and must indemnify Northern Trust and LaSalle for those losses.

Security First also argues that Northern Trust and LaSalle should have mitigated the losses resulting from the transactions. Security First is correct that the beneficiary of a warranty has a duty to mitigate its damages rather than blindly rely on a warranty when in possession of contrary knowledge. See, e.g., Hays v. General Elec. Co., 151 F. Supp.2d 1001, 1015 (N.D. Ill. 2001); Cedar Rapids Iowa City Ry. Light Co. v. Sprague Elec. Co., 117 N.E. 461, 463 (Ill. 1917). However, Security First has failed to raise a genuine issue of material fact as to whether Northern Trust and LaSalle had "contrary knowledge" at the time they could have mitigated damages. Security First has presented no evidence that it alerted Northern Trust or LaSalle that the transactions at issue were fraudulent during any of the phone calls it made to the two banks. The Security First employee who made the phone calls stated explicitly in his deposition that he did not indicate to the Northern Trust employee that he was calling about an ACH transaction nor indicate to the LaSalle employee that he was trying to authenticate or verify that Goldman was authorized to debit the account at issue. Security First has presented no evidence that Northern Trust and LaSalle investigated the transactions, discovered that they were unauthorized, and failed to act to mitigate the losses to their customers. Thus, Security First has failed to raise a genuine issue of material fact regarding mitigation of damages.

f. Indemnity for the Indemnitees' Own Negligence

Finally, Security First argues that, under Illinois law, it is not required to indemnify Northern Trust and LaSalle for their own negligence. Security First points out that "the intention to indemnify another for its own negligence is unusual and extraordinary, and there can be no presumption that an indemnitor intends to assume the responsibility unless the contract by express stipulation provides for such beyond doubt. "Karsner v. Lechters III., Inc., 331 Ill. App.3d 474, 476-77, 771 N.E.2d 606, 608 (3d Dist. 2002). The indemnification provision in Karsner provided that the warrantor shall indemnify and "hold [the beneficiary] harmless from and against any and all claims, actions [sic] damages, liability and expense." Id. Security First argues that this language closely tracks that of NACHA Rule § 2.2.3.

To the extent that Security First claims that the plain language of the contract fails to expressly indemnify Northern Trust and LaSalle for their own negligence, its argument is without merit. While it is true that an intent to indemnify a party for its own negligence must be clearly stated, "[i]t is not necessary that specific reference to indemnification against liability arising out of the indemnitee's negligence be provided for in the agreement." Ahlvers v. Terminal R.R. Assoc. of St. Louis, 31 Ill. App.3d 166, 171, 334 N.E.2d 329, 333 (1975); Duffield v. Marra, Inc., 166 Ill. App.3d 754, 765, 117 Ill. Dec. 587, 520 N.E.2d 938, 945 (1988). NACHA Rule § 2.2.3 provides that an ODFI will indemnify an RDFI against "any and all" claims resulting "directly or indirectly from the breach of warranty or the debiting or crediting of the entry to the Receiver's account." The "directly or indirectly" language, which was not present in the Karsner indemnification provision, requires an ODFI to indemnify an RDFI against losses resulting from any unauthorized debiting of a Receiver's account, even if the RDFI-the party that actually debits the Receiver's account-is negligent. Thus, this court finds that the NACHA Rules clearly require Security First to indemnify Northern Trust and LaSalle against any and all claims resulting from Security First's breach of its warranty and the unauthorized debiting of C.A.P.S.' and Saks' account, even if Northern trust and LaSalle were negligent in processing the transactions.

ORDER

For the reasons set forth above, the court grants Northern Trust's motion for partial summary judgment and LaSalle Bank's motion for summary judgment [#128, #132]. A status hearing is set for Monday, November 3, 2003, at 9:30 am.


Summaries of

Security First Network Bank v. C.A.P.S., Inc.

United States District Court, N.D. Illinois
Oct 7, 2003
No. 01C 342 (N.D. Ill. Oct. 7, 2003)
Case details for

Security First Network Bank v. C.A.P.S., Inc.

Case Details

Full title:SECURITY FIRST NETWORK BANK, Plaintiff, v. C.A.P.S., INC., ABN AMRO, INC.…

Court:United States District Court, N.D. Illinois

Date published: Oct 7, 2003

Citations

No. 01C 342 (N.D. Ill. Oct. 7, 2003)

Citing Cases

Holden Metal Aluminum Works Ltd. v. Wismarq Corp.

Fed.R.Civ.P. 56(c). The party seeking summary judgment bears the initial burden of proving there is no…

Fridman v. NYCB Mortg. Co.

The ACH process described in NYCB's briefs and statement of facts is consistent with the ACH process as…