This article is a shortened version of a legal memorandum published on the NC Bankers Association website. Click here to read the full version.

Criminal schemes to steal funds through fraudulent wire transfers are increasing in frequency and sophistication. Funds stolen from small business accounts, for example, total more than $2 billion, according to a recent estimate by Gartner. A recent string of court cases have resulted in unfavorable rulings for banks that failed to prevent fraudulent transfers from business accounts. These cases and recent guidance from the Federal Financial Institutions Examination Council (FFIEC) create onerous security requirements for banks to ensure that electronic transactions are actually being made by their customers and not fraudsters. In the recent court cases, potential liability for the three defendant banks ranged from about $345,000 to $460,000. (The damages issue has not been resolved in two of the cases.) Therefore, financial institutions should address these security requirements by, at a minimum, implementing a layered security program that includes: (1) processes designed to detect and respond effectively to anomalies in the initial login and initiation of electronic funds transfers; and (2) for business accounts, enhanced controls for system administrators who are allowed to set up or change system configurations, such as setting access privileges. Financial institutions should strongly consider the following in order to respond to the new case law and FFIEC guidance:

Elizabeth Johnson, an attorney no longer with Poyner Spruill, was the original author of this article.

◀︎ Back to Thought Leadership