Experi-Metal Inc v. Comerica Bank
Filing
26
OPINION AND ORDER denying 13 Motion for Summary Judgment. Signed by District Judge Patrick J Duggan. (MOre)
<![CDATA[
UNITED STATES DISTRICT COURT EASTERN DISTRICT OF MICHIGAN SOUTHERN DIVISION EXPERI-METAL, INC., Plaintiff, v. COMERICA BANK, Defendant. ____________________________/ OPINION AND ORDER DENYING DEFENDANT'S MOTION FOR SUMMARY JUDGMENT On November 17, 2009, Plaintiff Experi-Metal, Inc. ("Experi-Metal") filed a onecount complaint in state court against Defendant Comerica Bank ("Comerica"), alleging a violation of Michigan's Uniform Commercial Code, Michigan Compiled Law Sections §§ 440.4601- 4957. Comerica removed the action to this Court based on diversity jurisdiction on December 17, 2009. See 28 U.S.C. §§ 1332 and 1441. Presently before the Court is Comerica's motion for summary judgment pursuant to Federal Rule of Civil Procedure 56, filed April 2, 2010.1 The motion has been fully briefed and the Court held a motion hearing on June 23, 2010. Following the hearing, both parties filed supplemental pleadings. For the reasons that follow, the Court denies Comerica motion. I. Summary Judgment Standard Summary judgment is appropriate if "the pleadings, the discovery and disclosure Case No. 09-14890 Honorable Patrick J. Duggan
1
Comerica filed an amended motion for summary judgment on April 5, 2010.
materials on file, and any affidavits show that there is no genuine issue as to any material fact and that the movant is entitled to judgment as a matter of law." Fed R. Civ. P. 56(c). The central inquiry is "whether the evidence presents a sufficient disagreement to require submission to a jury or whether it is so one-sided that one party must prevail as a matter of law." Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 251-52, 106 S. Ct. 2505, 2512 (1986). After adequate time for discovery and upon motion, Rule 56(c) mandates summary judgment against a party who fails to establish the existence of an element essential to that party's case and on which that party bears the burden of proof at trial. Celotex Corp. v. Catrett, 477 U.S. 317, 322, 106 S. Ct. 2548, 2552 (1986). The movant has an initial burden of showing "the absence of a genuine issue of material fact." Id. at 323, 106 S. Ct. at 2553. Once the movant meets this burden, the "nonmoving party must come forward with `specific facts showing that there is a genuine issue for trial.'" Matsushita Electric Indus. Co. v. Zenith Radio Corp., 475 U.S. 574, 587, 106 S. Ct. 1348, 1356 (1986) (quoting Fed. R. Civ. P. 56(e)). To demonstrate a genuine issue, the nonmoving party must present sufficient evidence upon which a jury could reasonably find for that party; a "scintilla of evidence" is insufficient. See Liberty Lobby, 477 U.S. at 252, 106 S. Ct. at 2512. The court must accept as true the non-movant's evidence and draw "all justifiable inferences" in the non-movant's favor. See id. at 255, 106 S. Ct. at 2513.
2
II.
Factual Background Experi-Metal is a Michigan corporation with its principal place of business in
Macomb County, Michigan. It began banking with Comerica since incorporating in September 2000. Experi-Metal entered into agreements with Comerica to permit ExperiMetal to access its bank accounts via the Internet using Comerica's online banking system. On November 21, 2003, Experi-Metal's President, Valiena A. Allison, signed an agreement with Comerica "to send payment order[s] or receive incoming funds transfers" using Comerica's NetVision Wire Transfer Service i.e. "Treasury Management Services Agreement Comerica NetVision Wire Transfer." (Def.'s Mot. Ex. 1.) At this time, Experi-Metal designated Valiena Allison and Keith Maslowski (its Controller) as authorized users to initiate monetary transfers through Comerica's wire transfer service.2 (Def.'s Reply Ex. 9 ¶ 8; Doc. 24 Ex. 13.) Debra Nosanchuk, a Comerica Vice President, trained Allison on the use of the service. (Def.'s Reply Ex. 9 ¶ 9.) According to Nosanchuk, she informed Allison at this time that Experi-Metal's account could be set up to require the approval of one or two individuals for each wire transfer or wire transfers
There is an issue of fact as to whether Experi-Metal initially authorized Maslowski to execute transfers through Comerica's online service or by phone, only. (Compare Def.'s Reply Ex. 9 ¶ 8; Doc. 24 Ex. 13 with Pl.'s Resp. Ex. 1 ¶ 17; Doc. 25 Ex. 1 ¶ 5.) There also is an issue of fact as to whether Maslowski was an authorized user as of December 1, 2007. (Compare Def.'s Reply Ex. 9b ¶¶ 12-13 with Pl.'s Resp. Ex. 3 (document executed by Allison on 12/1/07 listing Allison and Gerald King, only, as authorized users).) 3
2
above a specified dollar amount. (Id. ¶ 10.) Allison did not request this feature. (Id.) Beginning January 23, 2006, Comerica's NetVision Wire Transfer Service ("NetVision") became known as TM Connect Web. (Def.'s Reply Ex. 9 ¶ 3.) This was a change in name only; the program remained the same. (Id.) For example, users accessed TM Connect Web the same way that they previously accessed NetVision. (Id. ¶ 4.) From 2001 until May 2008, Comerica employed a security process known as "digital certificates" for its wire transfer service. Users had to routinely "renew" these "digital certificates" in order to initiate monetary transfers for their accounts. (Def.'s Reply Ex. 9 ¶ 8.) Comerica sent e-mails to the users, requiring the users to click on a link specified in the e-mail. Once on the linked website, users were required to log in and enter certain information to obtain the renewal of the digital certificate. In April 2008, Comerica notified the administrators for all online banking accounts that, though it still would be providing online banking services through TM Connect Web, it was switching its security process from digital certificates to "secure token technology." (Id. ¶ 11; Compl. ¶¶ 10-11.) Under this system, a user accesses the Comerica Business Connect website by entering his or her user ID, his or her confidential 4-digit PIN, and a six-digit code from a secure token. (Def.'s Mot., Ex. 2 ¶ 3.) The code displayed on the secure token is a randomly generated number that changes every 60 seconds. (Id.) Comerica thereafter sent account administrators a list of the users for their accounts who had been active for the last six months, user IDs, and a secure token for 4
each user. (Def.'s Reply Ex. 9b.) Comerica asked account administrators to notify Comerica if the registration for any user should be removed. (Id.) Experi-Metal received this information from Comerica on April 25, 2008. Apparently Comerica listed Maslowski as an authorized user of the TM Connect Web service and provided a secure token for his use; however, Experi-Metal never notified Comerica that Maslowski should be removed as an authorized user.3 (Def.'s Reply Ex. 9 ¶ 13.) Comerica instituted the secure token technology in May 2008. On January 22, 2009, Maslowksi received an e-mail that purported to be from Comerica. (Pl.'s Resp. Ex. 4 ¶ 4.) According to Maslowski, the e-mail was similar to previous e-mails that he had received from Comerica when it utilized digital certificate technology, prompting him to renew Experi-Metal's digital certificates.4 (Id.; Exs. 5-6.) Like those previous e-mails, Maslowski was directed to click on a link specified in the email. (Id. Ex. 4 ¶¶ 5-6.) After clicking on the link, Maslowski was diverted to a website
It appears from the evidence that Maslowski was authorized to conduct some transactions for Experi-Metal on Comerica's TM Connect Web service (if not the initiation of wire transfers) as Comerica presents evidence to show that he in fact was doing so. (See Def.'s Reply Ex. 11.) Comerica disputes the similarity of the e-mails, indicating that the renewal e-mails were sent in April or May of each year and not January, the renewal e-mails directed users to the website of their security vendor VeriSign and not a Comerica website, and when users entered the VeriSign website they were instructed to enter a one time Renewal ID/PIN that Comerica supplied to them for the sole purpose of renewing their certificate. (See Pl.'s Resp. Exs. 5-6.) As Comerica informed customers in an April 28, 2008 e-mail warning them about recent "phishing" scams for confidential information, it would never initiate an unsolicited e-mail asking customers for their confidential information such as IDs and passwords. (Def.'s Mot. Ex. 3.) 5
4
3
that appeared to be a Comerica website. He was then prompted to log in and enter his confidential customer ID number and password and Experi-Metal's confidential customer ID number and password. When he did this, Maslowski unknowingly gave an unauthorized third party access to Experi-Metal's account through Comerica's wire transfer service from which this third party began transferring funds out of Experi-Metal's account to various accounts in Russia, Estonia, Scotland, Finland, and China, as well as domestic accounts. Forty-seven wire transfers were initiated from Experi-Metal's account between 7:30 a.m. and 10:50 a.m. on January 22, 2009. Sometime between 11:39 a.m and 12:04 p.m. on that date, Comerica's wire transfer room contacted its Treasury Management Relationship Center by telephone regarding the activity in Experi-Metal's account. (Def.'s Mot. Ex. 6 ¶ 3.) Denise Ling, Comerica's Treasury Management Services Implementation Specialist, handled the call. (Id.) After reviewing the activity, Ling telephoned Allison at Experi-Metal at approximately 12:05 p.m. (Id. ¶ 4.) Allison informed Ling that Experi-Metal had not made any wire transfers that day and instructed that Comerica should not honor any requested wire transfers or other transfers until further notice. (Id. ¶ 5; Pl.'s Resp. Ex. 1 ¶ 21.) After speaking with Allison, Ling immediately sent an e-mail to Comerica's wire transfer room and asked that all wires out of Experi-Metal's account be recalled and future wires stopped. (Def.'s Mot. Ex. 6 ¶ 5.) Within twenty-four minutes of Ling's call, most wire transfer activity on ExperiMetal's account was stopped and Comerica began recalling the wire transfers that it was 6
able to recall. (Def.'s Mot. Ex. 5 ¶ 5.) Between 10:53 a.m. and 2:02 p.m., however, forty-six additional wire transfers were initiated from Experi-Metal's account. (Pl.'s Resp. Ex. 4 ¶ 9.) All wire transfer activity was stopped shortly thereafter. In total, $1,901,269 was wire transferred from Experi-Metal's account. Comerica was able to recover all but $560,000, which amount was charged to Experi-Metal's account. Experi-Metal filed this lawsuit to recover the amount it was charged. ExperiMetal contends that the wire transfers from its account on January 22, 2009 were not effective as payment orders of the company under Michigan Compiled Law Section 440.4702(2) in that Comerica did not act in compliance with the written agreements between it and Experi-Metal and/or Allison's instructions when contacted by Ling that Comerica should not honor any further wire transfer requests. Experi-Metal also seeks interest, costs, statutory interest, attorneys' fees, and such other relief as the Court deems appropriate. (Compl. at 7.) III. Applicable Law and Analysis Whether the risk of loss for an unauthorized wire transfer order falls upon the bank or its customer is governed by Sections 440.4702 and 440.4703 of Michigan's Uniform Commercial Code Funds Transfers, which are adopted from Sections 4A-202 and 4A203 of the Uniform Commercial Code ("U.C.C.").5 Pursuant to Section 440.4702, wire
The official comments to the U.C.C. are therefore appropriate and useful aids to interpret Michigan's U.C.C. See Prime Financial Services LLC v. Vinton, 279 Mich. App. 245, 260 n.6, 761 N.W.2d 694 (2008); Yamaha Motor Corp., U.S.A. v. Tri-City (continued...) 7
5
transfer orders are effective as orders of the customer, even though the customer did not authorize the payment orders, if: (1) the bank and customer agreed that the authenticity of payment orders would be verified pursuant to a security procedure; (2) the security procedure is commercially reasonable; and (3) the bank proves that it accepted the orders in good faith and in compliance with the security procedure and any written agreement or instruction of the customer. Mich. Comp. Laws § 440.4702(2). Even if these conditions are satisfied, the risk of loss nevertheless may shift to the bank if "the person committing the fraud did not obtain the confidential information [facilitating the breach of the security procedure] from an agent or former agent of the customer or from a source controlled by the customer source." U.C.C. § 4A-203(1)(b), cmt. 5; Mich. Comp. Laws § 440.4703(1)(b). As Comerica argues in its motion, there can be no dispute in this case that the third-party that caused the wire transfers from ExperiMetal's account on January 22, 2009, obtained Experi-Metal's confidential information from Experi-Metal's Controller, Maslowski. Section 440.4702 therefore is determinative of which party is responsible for the loss at issue in this case and the Court will focus on that section. Comerica relies on the Services Agreement and Master Agreement to show that Comerica and Experi-Metal agreed that secure token technology would be used to verify the authenticity of payment orders and that this security procedure was commercially
(...continued) Motors and Sports, Inc., 171 Mich. App. 260, 270-71, 429 N.W.2d 871 (1988). 8
5
reasonable. As an initial matter, although acknowledging that it agreed to use Comerica's wire transfer service and that it entered into an agreement with respect to NetVision, Experi-Metal argues that it never entered into an agreement with respect to Comerica's TM Connect Web service. Experi-Metal therefore argues that it is not bound by the terms of the Services Agreement or Master Agreement. Experi-Metal also argues that it never identified Maslowski as an authorized user with respect to TM Connect Web. Comerica establishes, however, that NetVision and TM Connect Web are the same program and that the change from one to the other signified a change in name only. (Def.'s Reply Ex. 9 ¶ 3; Ex. 9b.) Comerica also establishes that Experi-Metal, including Maslowski, used Comerica's wire transfer service after it became known as TM Connect Web (even if it did not use the service to send wire transfers). (Id. Ex. 11.) Further, when Comerica began using secure token technology, it sent its customers' account administrators a list of the users for their accounts who had been active for the past six months and a secure token for that user. (Id. Ex. 9 ¶ 12.) Comerica asked the account administrators to notify Comerica if the registration for any user should be removed. (Id.) Although the list sent to Experi-Metal's account manager, Allison, identified Maslowski as an authorized user and a secure token was sent for his use, Allison never advised Comerica that Maslowski no longer was authorized to utilize Comerica's wire transfer service with respect to Experi-Metal's account. (Id. ¶ 13.) Pursuant to the U.C.C., a security procedure is deemed reasonable if: (i) the security procedure was chosen by the customer after 9
the bank offered, and the customer refused, a security procedure that was commercially reasonable for that customer, and (ii) the customer expressly agreed in writing to be bound by any payment order, whether or not authorized, issued in its name and accepted by the bank in compliance with the security procedure chosen by the customer. Mich. Comp. Laws § 440.4702(3). Comerica contends that Experi-Metal chose the security procedure after Comerica offered, and Experi-Metal refused, a security procedure that was commercially reasonable for Experi-Metal (i.e. requiring authorization of additional individuals at Experi-Metal before a payment order is processed). Further, Comerica points out that Experi-Metal agreed in the Master Agreement to be bound by any payment order issued in its name that complied with the security agreement. (Def.'s Mot. Ex. 2 Att. B § 7F.) In this Court's view, however, requiring confirmation by additional users simply is an option or element within a security procedure. The "security procedure" is the secure token technology. Furthermore, Comerica informed ExperiMetal of this option when Experi-Metal initially signed on to use Comerica's wire transfer service. At that time, Comerica was using digital certificates for its security procedure. Nevertheless, when it agreed to use Comerica's wire transfer service, Experi-Metal signed the Service Agreement and, by signing that agreement, agree[d] that the Service provided by [Comerica] . . . shall be governed by, and acknowledge[d] receipt of the Comerica Treasury Management Services Master Agreement (publication date as set forth below [i.e. August 2002]) . . . and any applicable implementation documents and user guides as such documents are amended from time to time. 10
(Def.'s Mot. Ex. 1.) The Service Agreement and Master Agreement both provide that by using Comerica's wire transfer service, Experi-Metal agreed that the Security Procedures that Comerica utilized (at that time, digital certificate technology) were commercially reasonable. (Id. Ex. 1 ¶ 3; Def.'s Mot. Ex. 2 Att. B ¶ 4a.) Paragraph 3 of the Services Agreement states that Comerica offers "[c]ommercially reasonable security procedures . . . to each customer that is authorized to send Fund[] Transfers" and the "Customer agrees that the selected Security Procedures are commercially reasonable for the type of entries which Customer may transmit to the Bank . . ." (Def.'s Mot. Ex. 1.) Similarly, Experi-Metal agreed in the Master Agreement that "[b]y utilizing the Service and employing the Security Procedure, . . . the Security Procedure is commercially reasonable for the type, size and volume of transactions [Experi-Metal] will conduct using the Service." (Id. Ex. 2, Att. B ¶ 4a.) Further, in the Master Agreement Comerica "reserve[d] the right to change, implement or require new and/or additional Security Procedures or features thereof by giving oral or written notice to Customer" and Experi-Metal agreed that its "use of the Service after [Comerica] provides notice of any such described changes, will be deemed [Experi-Metal]'s acceptance of the new Security Procedure." (Id. ¶ 4c.) While Experi-Metal establishes that it did not send any wire transfers after Comerica instituted the secure token technology, it did continue to receive funds through the service. (Def.'s Reply Ex. 11 at 3.) Experi-Metal also accessed TM Connect Web using the secure token technology to access its accounts and perform other tasks. (Id. at 11
1.) Moreover, the Master Agreement provides that, if a customer does not agree to changes in the service after Comerica provides the customer written notice of those changes, the customer must discontinue use of the service and follow the procedures set forth in the agreement i.e. sending written notification of termination to Comerica to effectuate its termination of the agreement. (Def.'s Mot. Ex. 2 Att. B at ¶¶ 16, 17.) Experi-Metal never complied with these requirements. Whether the security procedure that Comerica employed for its wire transfer service was commercially reasonable is a question of law. Mich. Comp. Laws § 440.4702(c). Based on the plain and unambiguous terms of the Service Agreement and Master Agreement, the Court finds as a matter of law that Comerica's secure token technology was commercially reasonable. Experi-Metal agreed that this security procedure was commercially reasonable. While Experi-Metal provides a contrary opinion from its expert, Lance James (see Pl.'s Resp. Ex. 2), such parol evidence is not effective to contradict the plain language of the Service Agreement and Master Agreement. See Zurich Ins. Co. v. CCR and Co., 226 Mich. App. 599, 603-04, 576 N.W.2d 395 (1997) (citing Michigan Chandelier Co. v. Morse, 297 Mich. 41, 49, 297 N.W. 64 (1941)). Nevertheless, the January 2009 unauthorized wire transfer orders from Experi-Metal's account are not effective as orders of Experi-Metal unless the bank proves that it accepted the payment order in good faith and in compliance with the security procedure and any written agreement or instruction of the customer restricting acceptance of payment orders issued in the name of the customer." Mich. Comp. Laws 12
§ 440.4702(2). As noted earlier, there is a genuine issue of fact with regard to whether Maslowski was authorized to initiate wire transfer orders using Comerica's online service as of January 2009. See supra at n. 2. For this reason, the Court finds a genuine issue of fact with respect to whether Comerica complied with the security procedure when it accepted the wire transfer orders initiated with Maslowski's user information on January 22. The Court also finds a genuine issue of material fact with respect to whether Comerica acted in "good faith." Article 4A of the U.C.C. defines "good faith" as "honesty in fact and the observance of reasonable commercial standards of fair dealing." Mich. Comp. Laws § 440.4605(1)(f). The same definition appears in other articles of the U.C.C. See, e.g., U.C.C. §§ 1-201, 3-103. With respect to the second half of the definition, the Comment to U.C.C. § 1-201 explains: Although fair dealing is a broad term that must be defined in context, it is clear that it is concerned with the fairness of conduct rather than the care with which an act is performed. Failure to exercise ordinary care in conducting a transaction is an entirely different concept than failure to deal fairly in conducting the transaction. Id. Neither the Sixth Circuit nor Michigan courts have elaborated on the meaning of the phrase "the observance of reasonable commercial standards of fair dealing." The Third Circuit has explained that "good faith," as defined in the U.C.C., "has both a subjective prong `honesty in fact' and an objective prong observance of `reasonable standards of fair dealing.'" In re Jersey Tractor Trailer Training, Inc., 580 13
F.3d 147, 156 (3d Cir. 2009); see also U.C.C. § 1-203, cmt. 20. The court also adopted the following two-part test established by the Maine Supreme Court for evaluating the second component: "First, whether the conduct . . . comported with industry or `commercial' standards applicable to the transactions and, second, whether those standards were reasonable standards intended to result in fair dealing." In re Jersey Tractor Trailer Training, Inc., 580 F.3d at 157 (citing Maine Family Fed. Credit v. Sun Life Assurance Co. of Canada, 727 A.2d 335, 343 (Me. 1999)). In response to Comerica's motion, Experi-Metal argues "that reasonable commercial standards of fair dealing would not entail allowing forty-seven (47) fraudulent wire transfers to be initiated from [its] bank account, particularly with respect to a customer which had made only two wire transfers in the prior two years, with those transfers being made in 2007."6 (Pl.'s Resp. at 17.) Experi-Metal appears to also argue that, had Comerica been acting in good faith, it would have been alerted to the fraudulent nature of the wire transfers based on the unusual destinations where the money was being directed (such as Moscow, Estonia, and China), particularly in light of Experi-Metal's
As part of its argument that Comerica did not act in good faith, Experi-Metal contends that Comerica could have instituted additional security procedures which would have enabled it to detect unusual activity in customers' accounts. In this Court's view, this argument is relevant to whether Comerica's security procedure was commercially reasonable and not the good faith issue. Experi-Metal also argues that Comerica cannot show that it acted in compliance with an agreed upon security procedure or written agreement or instruction of Experi-Metal because there was no agreement between the parties with respect to the TMC Web wire transfer service and because Maslowski was not authorized as a user with respect to that service. As indicated earlier, those arguments lack merit. 14
6
limited prior wire transfer activity. (Id.) Experi-Metal further argues that Comerica did not engage in reasonable commercial standards of fair dealing when it allowed the initiation of forty-six (46) additional fraudulent wire transfers after the activity in ExperiMetal's account was detected, Ling at Comerica contacted Allison at Experi-Metal, and Allison instructed Ling that Comerica should not honor any further transfers. (Id.) As emphasized earlier, Comerica has the burden of proving that it accepted the wire transfer orders in good faith and in compliance with commercially reasonable security procedures and any instruction by Experi-Metal restricting acceptance of payment orders issued in the company's name.7 Mich. Comp. Laws § 440.4702(2). Comerica states in its reply brief: "Had Comerica been acting in bad faith, it would not have called Experi-Metal [in response to the atypical number of transfers being made on January 22, 2009]." (Def.'s Reply at 5 (emphasis added).) Comerica, however, provides no evidence to rebut Experi-Metal's claim that the bank should have questioned the transfer orders more quickly in light of Experi-Metal's minimal prior wire transfer activity and the destinations of the payments. Notably, as set forth in Section II above, the fraudulent wire transfer orders began at 7:30 a.m. and forty-seven transfers were made before Comerica contacted Experi-Metal at 10:50 a.m. As to the forty-one additional transfers that occurred from that point until 2:02 p.m., the U.C.C. provides that a bank must be given a "reasonable opportunity to act" in
There does not appear to be any dispute that Comerica accepted the wire transfer orders in compliance with the security procedures in place. 15
7
response to a customer's instruction. Mich. Comp. Laws § 440.4702(2). Nevertheless, Comerica fails to present evidence from which this Court can conclude that it could not reasonably have stopped the transfers before it did. Comerica claims that "[t]hough it was physically impossible to instantly stop the transfers, [it] did so as quickly as it could, initiating this process immediately after talking to Experi-Metal." (Def.'s Reply at 5.) Comerica, however, offers no evidence to support this statement. While it cites to Ling's affidavit, Ling only states that after being informed that Experi-Metal had not initiated the wire transfers, she "immediately emailed the wire transfer room and asked that all wires be recalled and future wires stopped." (Def.'s Mot. Ex. 6 ¶ 5.) The Court therefore finds a genuine issue of material fact with respect to whether Comerica accepted the wire transfer orders in Experi-Metal's name on January 22, 2009 in "good faith." Accordingly, IT IS ORDERED, that Defendant's motion for summary judgment is DENIED. s/PATRICK J. DUGGAN UNITED STATES DISTRICT JUDGE Copies to: Richard B. Tomlinson, Esq. Daniel R. Boynton, Esq. Joseph W. Thomas, Esq. Todd A. Holleman, Esq. Lara Lenzotti Kapalla, Esq.
16
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
