Breaking Up Over Fraud

Banks are no longer taking responsibility for proliferating check fraud. Is it a ploy to push positive pay?

Treasury & Risk Management Magazine - November/December 1998

By Richard Gamble

Jim Barlow is in a bad mood. As treasurer and controller of $321 million Wynn's International, an automotive parts and supplies manufacturer based in Orange, Calif., he was caught by surprise last March when he looked at his bank statement and realized he had been burned by check fraud artists. But what really chafed him was that his bank tried to make Wynn's responsible for the losses, which added up to $12,170.82. "Banks are not bothering to check signatures," Barlow says. "They have chosen speedier customer service over security, and they expect us to change our procedures or absorb the losses."

It was the first time in Barlow's eight years at Wynn's that fraud involving fake checks had occurred. It was also the first time he learned that the Uniform Commercial Code (UCC) had introduced revisions in 1990--ratified by all but two states by 1993--that sometimes shift check fraud liability from banks to corporate account holders.

Crooks, armed with sophisticated reproduction technology, cranked out $12.6 billion worth of bogus checks in 1996, up from $5 billion in 1993, according to Frank Abagnale, who heads his own Washington, D.C.-based secure document consulting firm. (Some believe today's amount could be as high as $20 billion; figures are unreliable since most fraud goes unreported.)

Abagnale is frequently called as an expert witness by both banks and corporations at check fraud trials. He is a reformed forger who cashed $2.5 million worth of fraudulent checks in every state--and 26 foreign countries--over a five-year period. He subsequently spent five years in prison.

Meanwhile, banks, which have traditionally absorbed fraud losses, are moving aggressively to use the revised UCC rules, which outline shared liability, as well as to introduce clauses into their deposit agreements to transfer much of the fraud burden to company treasurers.

The Positive Pay Pitch
Historically, banks have been reluctant to quarrel with corporate customers. But the dramatic increase in fraud, plus the banks' need for profitable corporate relationships, has led to a tougher stance with regard to UCC compliance. Banks now suggest that customers take advantage of their anti-fraud service known as "positive pay."

Under positive pay, the corporation issuing checks sends its disbursing bank a copy of its issue files (check number, account number, date, payee and amount). When checks are presented for payment, only those that match authorized, issued checks are paid. The service is free, but to many, it's just a way for banks to avoid responsibility.

Just ask Barlow. He received a what-are-we-going-to-do-about-our-problem call from his banker, who wanted Wynn's to institute positive pay on the accounts or accept liability for future fraud losses. "In a polite way, he tried to make me look like the bad guy," Barlow observes. He would not be suckered into any deal that made him jointly responsible for preventing fraud.

"If I do nothing, the bank has two choices," he declares. "Keep our accounts and eat the losses or close our accounts. So far, they have taken the losses, but that doesn't mean they will continue to do so. Positive pay is very cumbersome for a small or unsophisticated business to use, and it makes no sense at all if you don't use it religiously."

To implement positive pay, a company has to send the bank a full issue file every time it writes checks. If the company has subsidiaries writing their own checks, consolidating a complete file becomes onerous.

The goal of the UCC revisions was to make banks and disbursing corporations allies in the war against check fraud. But proportional liability, which the banks are pushing and which divvies up the responsibility for fraud between the two parties, is making banks and corporate treasurers adversaries. The result: finger-pointing battles--and sometimes court cases--over who is to blame when fraud occurs.

Legally, it is now a bank's duty to provide "ordinary care," which does not necessarily include inspecting signatures. "Given the volumes involved, there is no way on God's earth that banks can be expected to check signatures," argues Stephanie Sturgis-Griffin, a vice president at $93 billion (in assets) Wells Fargo Bank in San Francisco.

Indeed, more than 64 billion checks are cleared each year in the U.S., a task long performed by high-speed reader/sorters that process 2,400 items a minute--just slow enough to prevent the checks from catching fire due to friction. Only a handful of high-dollar checks are subject to "sight examination."

The revisions also introduced the concept of contributory negligence, assigning liability to whichever party was in the best position to prevent fraud. "[The revisions] leveled the playing field," claims banker Sturgis-Griffin. "If the maker contributed to the fraud, why should the bank bear the loss alone? Furthermore, how can you take a $100,000 hit for a customer when the relationship is only worth $50,000 to the bank?"

According to consultant Abagnale, the average U.S. bank starts to check signatures and payee data on checks above $10,000, and many of the biggest banks set the threshold as high as $25,000 or $40,000.

Large corporations can collect for fraud losses under their errors and omissions insurance policies, once the deductible is satisfied. But smaller companies, Abagnale adds, could be bankrupted by a single fraudulent check loss.

When Wynn's International's Barlow noticed the checking account discrepancies, he immediately notified his bank, a big West Coast one with a large branch network, and filled out the required affidavits and reports. To Barlow's eye, the first check--and the flurry of 16 or so that followed over the next four months, all for amounts under $1,000--looked like a simple case, a regrettable but avoidable loss for the bank. The bank had chosen less than stringent security procedures for business reasons and would bear the consequences, he assumed.

After all, the stock used for the bogus checks didn't look like that of Wynn's. The two accounts that were robbed required two signatures on checks while the bogus checks had only one. Furthermore, the counterfeiters had made no attempt to match the signatures or even the names of the authorized signers that were on file at the bank.

Kaiser's Victory
Is Barlow just a naive treasurer who failed to keep up with complex legal changes? Perhaps. But similar disputes have cropped up in sophisticated circles as well. In 1996, $2.4 billion Kaiser Aluminum, based in Pleasanton, Calif., was hit with two forged checks worth almost $262,000. Its disbursing bank, $48 billion (in assets) Mellon Bank, based in Pittsburgh, which had been pitching positive pay to Kaiser, argued that Kaiser was partly responsible for the losses for not having implemented the anti-fraud device. Kaiser threatened to change banks, but Mellon clung to its decision not to make good on the bad checks.

So Kaiser, after 40 years as a Mellon customer, moved its disbursing accounts to Bank of America and sued Mellon. In a June 1997 courtroom showdown, Kaiser won. It didn't help Mellon's case that the forgeries were sloppy and that the bank's sight review clerk had never read the security manual, says Abagnale, an expert witness for Kaiser at the trial. Kaiser, on the other hand, could show that its internal security procedures were solid.

The court dismissed Mellon's argument that under the UCC, Kaiser had contributed to the forgeries by not using positive pay. The jury also decided that Kaiser had never agreed to the liability-shifting agreements Mellon had tried to write into the deposit agreements. Mellon was ordered to reimburse Kaiser for the bad checks and pay $26,000 in interest.

Despite the Kaiser case, banks today are edging toward the position that refusing positive pay will make the corporate depositor liable for all fraud losses, except for instances when the bank fails to use ordinary care, says Dave Kurrasch, a former banker.

"The corporation may be liable unless it can show that the bank was negligent," explains Kurrasch, "and failure to verify signatures and payees no longer is considered negligence. This is a hard pill for many treasurers to swallow; most of them are not fully informed about the changes."

The confrontation between banks and treasurers over fraud liability is likely to grow. Banks are going well beyond the UCC changes in the way they write their deposit agreements, says Paul Turner, a Los Angeles attorney who represented the Treasury Management Association during the drafting of the UCC revisions.

Sharp bank lawyers have salted their deposit agreements with aggressive statements that absolve their banks of practically all liability. Once signed by corporations, these agreements become contracts that have the force of law, Turner warns.

UCC rules don't prevent parties from agreeing to shift even more liability from bank to account holder, and that is exactly what is happening. Few corporate lawyers have caught on, so many treasurers routinely sign bank-drafted agreements, thinking that they are simply conforming to the new UCC provisions. "Banks count on your ignorance, and it almost always works," Turner says.

Robert Ballen, a partner at Schwartz & Ballen in Washington, D.C., is seeing an increasing amount of check fraud litigation between corporations and their disbursing banks, although he notes that "a lot of the cases get settled along the way and don't go to a final decision." Among the cases decided by courts, he cites Knight Publishing v. Chase Manhattan Bank and National Union Fire Insurance of Pittsburgh v. Riggs Bank, from 1997 and 1996, respectively. In both cases, the corporations won.

"Technology that facilitates communication between banks and their corporate customers provides tools that should be able to prevent a lot of check fraud," says Ballen. "Unfortunately, the fraud meisters also are getting more sophisticated in using technology. I'm afraid the fraud losses will get worse."

Mounting A Defense
To help prevent check fraud--and to contest claims of contributory negligence when check fraud does occur--treasurers should make sure their security procedures are state-of-the-art and that they can demonstrate that there were no lapses on their end. To mount a solid treasury defense, take the following precautions:

• Keep your check stock locked up, restrict access to those who need it and audit inventory frequently.
• Keep your facsimile signature devices locked up and restrict access to those who need it.
• Use checks that incorporate state-of-the-art security features--watermarks, "void" pantographs, microprinting, safety and chemically reactive papers, laid lines, warning bands and holograms.
• Corporations are responsible for the acts of employees, so make hiring--with adequate background checks and training--your first line of defense.
• Separate duties so that different people authorize checks, sign them and reconcile statements.
• Use lawyers to scrutinize all bank agreements governing checking accounts, and negotiate the narrowest definitions of corporate responsibility and negligence that you can get. Once the facts are established, the agreement usually will determine how much of the loss you have to bear.
• Reconcile your accounts when you get your statements and notify the bank quickly--certainly within 30 days--when you find items that appear to be fraudulent. When disbursements are decentralized, make sure all your field offices follow this procedure. --R.G.