If you wanted clarity on the law of wire transfers, you'll have to wait.
Judge Kaplan yesterday denied Wells Fargo's motion to dismiss a lawsuit brought by Banco del Austro. That suit arises out of one of the recent "SWIFT hacks". (For everything lawyers need to know about SWIFT hacks in less than five minutes, check out our recent video on the topic here; if you have a little longer, read my earlier posts here and here.) In short, a hacker got into Banco del Austro's computers and sent fraudulent wire transfer orders to Wells Fargo, where Banco del Austro held an account. Wells Fargo honored the orders and sent Banco del Austro's money to the hacker.
Banco del Austro faulted Wells Fargo for failing to detect the fraud. Wells Fargo defended itself by noting that it had followed the authentication procedures to which Banco del Austro had agreed in its banking contract—that is, the SWIFT authentication system. But Banco del Austro replied that, notwithstanding its previous agreement, the SWIFT authentication protocol isn't good enough under the law of wire transfers, the Uniform Commercial Code Article 4-A.
Of course, whether the SWIFT authentication system is good enough has massive implications for the worldwide financial system. But yesterday, Judge Kaplan decided that he can't answer that question just yet.
In other words, stay tuned.
The Court cannot now determine the commercial reasonableness of the agreed-upon security procedure . . . . In defining that procedure, the Agreement incorporates wholesale the SWIFT user manual, a document outside of the complaint. Further, both parties in their memoranda urge upon the Court news articles and industry publications detailing the security bonafides and vulnerabilities of the SWIFT system. Resort to these extra-complaint sources illustrates the fact-intensive nature of the commercial reasonableness inquiry, one that courts typically address at summary judgment. At bottom, the facts alleged in the complaint and its exhibits do not permit the Court to rule as a matter of law that use of the SWIFT system, with nothing more, constituted a commercially reasonable security procedure in the context of this particular customer-bank relationship.