After a hacker accessed its on-line banking system and wired about $125,000 from its account, a healthcare firm sued its former (and now defunct) bank for breach of contract, negligence and breach of the implied duty of good faith and fair dealing.
The FDIC substituted in as defendant after it was appointed receiver of the closed bank and moved for summary judgment on all complaint counts. The Northern District of Illinois in Envision Healthcare, Inc. v. FDIC, 2014 WL 6819991 (N.D.Ill. 2014) granted summary judgment in favor of the bank on all claims.
Two contracts governed the parties relationship, both of which required the bank to permit withdrawals based on recognized user ID and password credentials and allowed plaintiff’s authorized agents to initiate wire transfers from its account. Other than verifying that the person requesting a withdrawal or wire transfer entered valid log-in data, the bank had no other obligations in either written agreement.
Rejecting the plaintiff’s breach of contract claim, the court noted that banks generally owe a duty of reasonable care to depositors. This duty arises from the position of trust banks occupy vis-a-vis their customers. But in the context of lawsuits lodged by bank customers for unauthorized transfers, UCC Article 4A’s “Funds Transfers” section governs and sets out a detailed scheme of customer rights and remedies. 810 ILCS 5/4A. In cases involving unauthorized withdrawals or funds transfers, this statute takes precedence over any common law obligations owed by a bank to its customer.
The court held that the plaintiff couldn’t show a breach of contract since all the bank was obligated to do was honor any request by someone who supplied recognized log-in data. Since the person requesting the funds transfer had a valid ID and password, and the contract terms didn’t saddle the bank with any additional duties, the plaintiff failed to establish the bank’s breach of contract.
Economic Loss Rule
The plaintiff’s negligence suit was defeated by the economic loss doctrine. This rule posits that where a contract governs the relationship between the parties, the contract defines each side’s rights and responsibilities. A plaintiff cannot recover in tort (i.e., in negligence) where a contract defines the parties’ relationship and the defendant fails to perform his contractual obligations. *6.
Here, the bank-customer relationship was controlled by the two written agreements. In Illinois, the general rule is that a service provider is only responsible for physical harm (and not economic harm ) resulting from a breach of duty.
Since the bank defendant was a service provider, and the plaintiff’s damages were purely economic (the $125K unauthorized wire transfer), the economic loss rule barred plaintiff’s negligence claim. *6.
Another reason the court ruled for the bank on the negligence count was because UCC Article 4A (810 ILCS 5/4A) pre-empted or displaced plaintiff’s negligence count. This Section sets forth in detail a bank’s obligations and a customer’s remedies for honoring an unauthorized payment order. Since the plaintiff didn’t premise its claims under this UCC section, its negligence claim was pre-empted.
Duty of Good Faith and Fair Dealing
The bank also defeated plaintiff’s ‘good faith and fair dealing count. The duty of good faith and fair dealing is implied in every Illinois contract and requires a party who has “contractual discretion” to exercise that discretion reasonably, and not arbitrarily.
The duty does not give rise to a stand-alone cause of action, though. Instead, it’s an interpretive tool employed by the court when assessing the validity of a breach of contract clam. Any reference to the duty of good faith and fair dealing should be alleged as part of a broader breach of contract claim – not a separate cause of action.
In this case, since the plaintiff failed to incorporate its good faith and fair dealing claims into its breach of contract count, the claim failed as a matter of law.
The Court also noted that the bank didn’t have broad “discretion” in deciding whether to honor a funds transfer. The bank had to honor a transfer request so long as it was made by someone with a valid log-in and password.
Since the bank didn’t have the option of refusing a bank customer’s payment request, it lacked contractual discretion and the good faith and fair dealing duty claim failed. **8-9.
– The bank-customer contract will govern the parties’ relationship;
– A service provider (like a bank) owes no extra-contractual duty (a duty that’s not spelled out in the document) to its customer absent physical damage to a customer or his property;
– A plaintiff suing his bank for unauthorized wire transfers should couch his complaint in the language of UCC Section 4A to have the best prospects for recovery.