8 minute read
LEGAL MATTERS
How Often Do You Check Your Bank Statement? It Should Be Every Day
Jeffrey W. King Legal Counsel for the WFCA Jeffrey King has more than 35 years’ experience in complex litigation with a focus on contracts, employment, construction, antitrust, intellectual property and health care. He serves as legal counsel for WFCA and other trade associations, and is a LEED Accredited Professional. For more information, contact him at (561) 278-0035 or jeffw@jkingesq.com.
Advertisement
You or your company’s bookkeeper review your business’s bank statements every month. This month you noticed some unusual activity. There are wire transfers listed a week earlier that you do not recognize. You call the bank, only to be told that it is too late to have the bank reverse the transfers. The bank explains that you had to report the unauthorized transfer within 24 hours. Is the bank correct? Is there anything you can do to avoid the loss? And what can you do in the future to avoid such theft? The answer to each question, as explained below, is yes, the bank is correct. However, there may be something you can do to minimize the loss, and there are steps you can take to avoid such fraud in the future.
ACH Fraud
There are many types of fraud that affect businesses. One of the biggest concerns is Automated Clearing House (“ACH”) fraud. ACH is a system that enables the exchange of funds between businesses and individuals by using checks, wire transfers, and direct deposits. Criminals need only two pieces of information to commit ACH fraud: Your business checking account number and your bank routing number. This means that anyone who has a check from your business may have all the information needed to steal money from your account through an ACH transfer, either by phone or online. Criminals are increasingly targeting small and mid-sized companies, because they often have less-sophisticated security systems than larger companies.
Many business owners assume the same rules of personal banking apply to commercial business accounts, but this is not the case. The law protecting electronic transfers apply only to personal bank accounts, not business accounts. For a personal account, the individual may have up to 60 days to report any fraud. In contrast, a commercial business has much less time to report cases of fraud. Many commercial claims must be reported within 24 hours. The burden is on the business owner to notify the bank immediately if there is a disputed transaction.
Steps to Safeguard Your Business Bank Accounts.
Fortunately, there are precautions that a flooring retailer or contractor can take to guard against ACH fraud.
■ You need to be aware of unauthorized transactions in banking accounts. Given that your business has only one day to report possible ACH fraudulent activity, you should consider using online banking, and check your bank statements every day.
■ It is not uncommon for the fraud to be committed by an employee who has access or authority over the business’s bank accounts. You do not want to be a victim of internal fraud by allowing the individual who is checking the accounts to also be able to hide their own fraud. Accordingly, it is recommended that the person reviewing the bank statements does not have authority to sign checks or transfer money
■ If you find any improper or suspicious activity, immediately report it to your bank.
■ You also need to know your bank’s policy for reporting fraud. The bank may require a written notice with specific information. Also check the actual amount of time you have to report suspicious activity on your accounts. Set up the reporting system ahead of time to avoid any delay in reporting the suspicious activity, and thereby miss the reporting deadline.
■ Consider minimizing the use of checks in dealing with your business. Think about using credit cards, which typically have better protection in the event of a theft, for your business expenses.
■ Review your general liability insurance policy and discuss adding coverage for loss due to bank fraud with your insurance broker.
■ Educate your staff of the potential ACH fraud and establish steps to prevent it. For example, there are “low tech” tools such as shredding financial data, and more sophisticated Internet and email safe practices. It is important that your business take steps to minimize the risk of being a victim of fraud. You cannot rely just on your bank’s antifraud measures.
■ Report any theft to your insurance broker. Most policies have deadlines for reporting a claim. You may also want to contact legal counsel who can advise on what steps you need to take to protect your business and possibly recover the stolen funds.
■ Report the fraud to appropriate law enforcement agencies. This may be a required step for the bank to recover the money, and for the insurance company to cover your losses.
■ Consider contacting the company that received the fraudulent funds if you know to whom the funds were sent. This puts them on notice that the funds are stolen and may allow you to recover some if not all of the money stolen from your business’s account.
You should also check your bank’s antifraud measures to ensure they provide the protection you need. The law requires a bank to use a “commercially reasonable” security measures to protect against fraud. This does not require a foolproof system, or even the best system available. Rather, the procedures must be reasonable based upon the circumstances of the bank and its customer. The number of transactions, the amounts typically transferred, and the prevailing good banking practice, will all be considered. Fewer transactions with lower dollar amounts will not require as much expensive measures. This puts small businesses at greater risk.
You can establish some procedures with your bank to reduce the risk of ACH fraud. Your business should consider requesting that the bank institute the following security measures if practical:
■ An ACH Block: One of the simplest ways to help prevent ACH fraud is to place an ACH block on your accounts. This block will automatically hold transactions until you have reviewed and approved the transaction. Such a block effectively eliminates the possibility of automatic, or non-reviewed transactions. An ACH block works only if you have a limited number of ACH transactions.
■ Authorized-User: If your business has ACH transactions that occur on a regular basis, you can provide the bank with a list of authorized-users. You can also specify dollar limits, and the number of ACH transaction per week or month. If a request is received from a company not on the list or seeks money over the limit or more frequently than usual, the transaction will be placed on hold for you to review.
If you find your business a victim of ACH fraud, your first step is to contact the bank and report the fraud. Your business should also work with the bank to recover the stolen funds. The bank must institute commercially reasonable antifraud procedures and any of the procedures the bank agreed to implement, like an ACH block. If the bank failed to implement or follow the agreed antifraud procedures, they may be responsible for the entire amount stolen from your business account.
You may have an argument that the bank’s procedures were inadequate. For example, a construction company had $588,851 of fraudulent ACH transfers taken from its account that it ultimately was able to recover. Patco Construction Co. v. People’s United Bank, 684 F.3d 197 (1st Cir. 2012). Initially, the construction company with its bank’s help was able to recover $243,406 of the stolen funds, leaving a net loss of $345,444. The company sued the bank to recover that loss. The crucial issue on appeal was whether the bank’s security system was commercially reasonable. The court found several flaws in the way the bank implemented its security system. Although the court also found the construction company did not implement its own adequate security measures, the bank ultimately agreed to pay the full $345,444 plus interest. Accordingly, if you find yourself a victim of ACH fraud, work with you bank to try and recover the money, and to ensure each party pays its fair share of any loss.
Conclusion
The bottom line is that every business should check its account every day to ensure that there is not suspicious activity. The other suggested measures will provide significant safeguard, but a daily check of your business still provides one of the best ways to avoid being a victim of ACH fraud. It is also recommended that you consult with competent legal counsel and accountants to ensure that your business is taking all appropriate steps to protect itself from fraud. ❚
Notice: The information contained in this article is abridged from legislation, court decisions, and administrative rulings and should not be construed as legal advice or opinion and is not a substitute for the advice of counsel.
