Patco Construction Co., Inc. v. People's United Bank
684 F.3d 197
| 1st Cir. | 2012

Background

  • Patco's account at Ocean Bank (a division of People's United) experienced six fraudulent ACH withdrawals in May 2009 totaling $588,851.26, with $243,406.83 recovered, leaving Patco out $345,444.43.
  • Patco claimed Ocean Bank's security system was not commercially reasonable under UCC Article 4A and that Patco did not consent to all procedures.
  • Patco and Ocean Bank implemented a Jack Henry NetTeller Premium multi-factor system with features including device cookies, risk profiling, challenge questions, and an adjustable dollar-amount rule; the rule was lowered to $1 in 2008, triggering challenge questions for virtually all transactions.
  • The bank's risk-scoring system identified several high-risk indicators (unrecognized device, IP anomaly, high amount) for the May 7–11, 2009 transfers but bank personnel did not monitor high-risk transactions or notify Patco; alerts and monitoring practices were disputed.
  • Patco disputes receiving e-mail alerts and argues the bank failed to implement or inform about available alerts and other security measures like tokens; Ocean Bank argues it complied with 4A and that the security procedure was commercially reasonable overall.
  • The district court granted summary judgment for the bank on all counts, but the First Circuit reversed in part, vacating certain dismissals and remanding to consider obligations of commercial customers under Article 4A when a bank's security system is found not commercially reasonable.

Issues

Issue Plaintiff's Argument Defendant's Argument Held
Whether bank security procedures were commercially reasonable under 4A Patco contends security was unreasonable due to $1 threshold and lack of additional controls Patco agreed to procedures; bank implemented FFIEC-compliant multi-factor protections No; reversed—security not commercially reasonable in aggregate
Whether 4A preempts common law claims Common law claims may coexist with 4A where not inconsistent 4A displacement applies where claims are inconsistent with 4A duties Partially; negligence dismissed, contract and fiduciary claims left open on remand; others displaced to extent inconsistent
What obligations, if any, do commercial customers have under 4A when security is unreasonable 4A imposes some duties on customers to exercise ordinary care Customer duties are limited and not clearly defined when security is unreasonable Open on remand for further briefing and fact development
Role and effectiveness of customer alerts and monitoring practices Bank failed to notify or implement alerts given high-risk transactions Alerts were available and not necessarily required; monitoring was in place per agreement Material factual disputes; remand to resolve whether alerts/monitoring affected liability

Key Cases Cited

  • Valley Forge Ins. Co. v. Field, 670 F.3d 93 (1st Cir. 2012) (records deference in summary judgment review; favorable-inference standard)
  • Ma v. Merrill Lynch, Pierce, Fenner & Smith, Inc., 597 F.3d 84 (2d Cir. 2010) (displacement of common-law claims by Article 4A where conflict arises)
  • Regions Bank v. Provident Bank, Inc., 345 F.3d 1267 (11th Cir. 2003) (interrelationship of 4A with other law; fraud considerations)
  • Donmar Enters., Inc. v. S. Nat'l Bank of N.C., 64 F.3d 944 (4th Cir. 1995) (negligence claims displaced by Article 4A)
  • Anderson v. Hannaford Bros. Co., 659 F.3d 151 (1st Cir. 2011) (Maine law limits certain damages; context for preemption discussion)
Read the full case