On March 21, 2019, an Illinois appellate court, for the first time, addressed the liability of a futures commission merchant (FCM) or broker-dealer (BD) under Section 4A-105 of the Uniform Commercial Code (UCC). Whitaker v. Wedbush Securities, 2019 IL App (1st) 181455-U. Greenberg Traurig Shareholder Jeffry Henderson and Of Counsel Robert Christie represented Appellee Wedbush Securities.
By way of background, a customer of an FCM dually registered as a BD ostensibly requested a series of wire transfers from his commodity trading accounts. Unbeknownst to the FCM, in reality a third-party hacker had breached the customer’s computer system and thereafter interposed himself as the customer in connection with the request for the wire transfers. The FCM honored the requests and transferred the money to what the FCM thought was the customer’s account, but was really the fraudster’s bank account. When the customer discovered the fraud, he sued the FCM under Article 4A of the UCC, alleging that (notwithstanding the fact that the FCM was not a bank, savings and loan, or trust company) it was "deemed to be in the business of banking" by virtue of its involvement in connection with the handling of the requested wire transfers. The trial court held the FCM was not engaged in the business of banking and therefore not subject to Article 4A.
The core issue on appeal focused on what constitutes being "engaged in the business of banking" under Article 4A, and whether the FCM was engaged in the business of banking. The official comment to Article 4A provides that the definition of "bank" includes institutions that may not be commercial banks, but nonetheless are deemed to be in the business of banking. If deemed to be in the business of banking, even if not a bank, and the subject institution pays out on a forged request, the financial institution would ordinarily be strictly liable.
In dismissing the claims and finding in favor of the entity dually registered both as an FCM and BD, the court found that in acting as an FCM, the entity did not, among other things, offer check writing services or otherwise engage in the business of banking in connection with its intermediary activities, which involved communicating and processing the customer’s request (albeit fraudsters in this case) to wire transfer funds out of the customer’s commodity trading account. Adding to the complexity of the case was the company’s dual registration as an FCM and a BD, a common website, as well as the fact that the entity in its capacity as a BD from time to time offered check writing services for its securities customers.
To minimize potential liability under Section 4A of the UCC, it is critical that the FCM or BD refrain from offering check writing services, or other services akin to check writing services, such as debit card services, as it may expose the FCM or BD to a finding of liability under the catch all phrase "deemed to be engaged in the business of banking." Alternatively, if check writing services are offered by the FCM or BD, customers should be provided with a security procedure to be followed regarding wire transfers. Under 4A the security procedure must be commercially reasonable in providing security against unauthorized payment orders. Whether a security procedure is commercially reasonable is ultimately a question of fact.
In this evolving environment of easy online access to any type of account holding money, and given the potential risk of being deemed to be engaged in the business of banking, an FCM or BD should evaluate whether to offer check writing services. If check writing services are offered, it is imperative to have an agreed upon commercially reasonable security procedure with customers for the remittance of funds. The Federal Financial Institutions Examinations Council has issued specific guidance to banks and financial services firms for adopting reasonable security procedures and security measures to avoid fraudulent transfers. Alternatively, the FCM or BD can engage a third-party service provider to provide a commercially reasonable security procedure.
Click here to read the full paper, "Authentication in an Internet Banking Environment."