Friday, May 08, 2020

Kurtz-Ahlers LLC v. Bank of America (Cal. Ct. App. - May 8, 2020)

It's not surprising (at all) that this case came out the way it did.  Both in the trial court and in the Court of Appeal.

The law's pretty clear.  We don't impose a duty on banks to monitor accounts for fraud.  Period.  So the bookkeeper here stole $700,000 from her employer by writing checks on the firm's bank account, but the bank isn't liable.  She goes to prison, the employer loses all the money, end of story.

Yes, that's the law.

But you could imagine a world (or jurisdiction) in which the law was marginally different.  And, perhaps, that world is a better one than the one in which we currently reside.  Maybe the rule should instead be:  "Banks generally don't have a duty to be on the lookout for fraud, but when the fraud is pretty much obvious, and the bank could easily discover it, then a jury may potentially hold it liable."

This case is a poster child for that alternative universe.  The firm and the bookkeeper have separate accounts at Bank of America.  Which is fine.  But then, one day, to her personal account, the bookkeeper inexplicably adds the "d/b/a" of "Income Tax Payments" to her personal account.

Let me ask you this:  Why do you think the bookkeeper suddenly said she ran a business called "Income Tax Payments?"  And do you think anyone in the world actually runs a business that's entitled "Income Tax Payments?"

Of course it's a scam.  Of course she's just going to start having her employer write checks for "Income Tax Payments" and then deposit them to her personal account.  Any idiot would know that.

The Court of Appeal nonetheless says that banks don't have a duty to "monitor" accounts.  On the theory that doing so would "invade the privacy" of account holders and increase costs.

Which is a tiny bit true.  But let's fully recognize how tiny that burden is.

Already, when you open a bank account, you've got to give them identification, if it's a business show 'em incorporation and bylaw statements, etc.  You can't just walk into a bank and say "I'd like to open up a deposit account in the name of 'Donald Trump' and another in the name of 'Microsoft'." No way they're going to let you.

Yet, as far as I can tell, when the bookkeeper here adds a d/b/a to her account in the name of "Income Tax Payments," Bank of America does nothing.  Can I similarly open a Bank of America account in the name of United Sales Treasury -- which I'll call "U.S. Treasury" for short?  Or how about "FTB" (which stands for "Free Tech Bundles," of course)?  Of course not.  Only an idiot would let you open such an account.  (Or someone in on the fraud.)

Let's see how much it would take to "monitor" accounts for such conduct.  I suspect the only thing you'd have to do is to have an employee who's job it was to look at any new accounts (or accounts with a new name added) and see whether the name on the account is something that looks obviously fraudulent -- and, if it does, to veto the name and/or briefly follow up.  Sort of similar to what the DMV does with "offensive" personalized license plates.

The overwhelming majority of accounts would have obviously okay names.  Maybe one in ten thousand or so might be worth investigating.  Maybe it takes 10 seconds to look at a name (e.g., "Shaun P. Martin") and decide "Okay, that's fine" and hit the "approved" button.  Do that 8 hours a day and you can review 6 a minute, 360 an hour, 2880 a day, 14,400 a week, and 720,000 accounts a year.  Even if you have a second person, full time, to investigate anything suspicious, that's not much money at all.  Two employees for huge bank with millions of accounts.  It'd have cost $100,000 or so tops, and would have saved $700,000 in this case alone.  Seems like a decent cost-benefit exchange.

The Court of Appeal says that it's more efficient for employers to police themselves by hiring good bookkeepers etc.  But I'm not really sure that's true.  It takes a lot of effort to investigate individual bookkeepers (both initially and as they practice) -- much more than just to police account names for obvious fraud.  And the banks are able to monitor thousands of account collectively (thus spreading the cost) whereas an individual firm can only review one account.  Plus, it's not mutually exclusive; the firm can (and undoubtedly will) monitor its bookkeeper, but the bank can also be a backstop to that.  And if an embezzlement is 80 percent the firm's fault and only 20 percent the bank's fault, any jury award will presumably reflect that fact.

To the degree that banks already monitor accounts for obvious fraud -- which they should, if only to protect the bank itself (e.g., I suspect that the legal fees in this case alone were more than it'd cost the bank to check for obviously fraudulent account names) -- then imposing a duty won't add additional out-of-pocket expense beyond what they already do.  And to the degree that banks don't monitor for obvious fraud, that seems to me a market failure.  If you were opening a business bank account, and it cost you, say, $1 more per year to go with a bank that monitors for fraud, wouldn't that choice be a no-brainer?  Yet I suspect that banks neither aggressively compete on this level and that the relevant information market on this point is far from robust.  A decent argument for regulation; or, at least, the imposition of traditional duties that we ordinarily impose on people who hold your funds (bailees).

I'm not sure I'd impose much of a legal duty on banks.  (If any; again, I understand the rationale for existing precedent, even though I don't think the arguments are nearly as conclusive as they might seem to others.)  But it doesn't seem all that absurd to me to say that banks shouldn't register accounts with names that appear, even to me, facially fraudulent, at least without at least some supplemental inquiry.  Tiny burden, big benefit.

To be clear:  Not the law in California, however.