Navy Fed. Credit Union v. Lentz, Record No. 1115-22-2 (Va. Ct. App. Aug. 15, 2023)
Can a financial institution be held liable for failing to detect a wire transfer scam?
Facts. Seventy-four-year-old Delores Lentz was scammed out of almost $140,000 when a hacker convinced her to make two wire transfers through her Navy Federal Credit Union (NFCU) account. When she realized she had been scammed, she sued NFCU for negligently failing to detect the scam based on purported violations of the Bank Secrecy Act (BSA) and Code § 63.2-1606. NFCU demurred, arguing that it had no duty to prevent the transfer under the UCC, and that the UCC superseded the common law and statutory duties that Lentz had pled. The circuit court overruled the demurrer.
NFCU then filed motions for summary judgment and certification of the court’s order overruling the demurrer for interlocutory review. The circuit court granted in part and denied in part NFCU’s summary judgment motion but certified its ruling on both the demurrer and partial denial of summary judgment for interlocutory review.
Issues. (1) Whether the BSA creates a private right of action. (2) Whether Lentz properly pled that NFCU owed her a common law duty or statutory duty under Code § 63.2-1606 related to wire transfers. (3) Whether the UCC preempts statutory or common law duties related to wire transfers.
Holdings. (1) No. Congress did not create a private right of action to enforce the BSA. (2) No. Code § 63.2‑1606 is a permissive statute that imposes no duty on financial institutions to report suspected exploitation of adults. (3) Yes. The UCC rules are the exclusive means of determining the rights, duties, and liabilities among parties related to wire transfers.
Notes. (1) The legislature must expressly create a private right of action to enforce a federal statute. The duties created by the BSA are owed only to the federal government, not to any private party. Nowhere in the text of the BSA did Congress create a private cause of action.
(2) Code § 63.2‑1606 is a permissive statute that provides a “safe harbor” to banks from violating privacy laws if they report suspected elder exploitation. It establishes a reporting procedure for suspected elder abuse. While there are eight classifications of mandatory reporters under the statute, financial institutions are only permissive reporters. And, since they are under no statutory duty to report suspected elder exploitation, the Court declines to impose a common law duty to do so.
(3) The UCC’s Article 4A, which governs wire transfers, has been adopted by Virginia, and it alone establishes a financial institution’s duties to consumers. Banks owe no duty to any party to a fund transfer except as provided by Article 4A, and Article 4A does not require that a financial institution take any action or refrain from taking any action with respect to a wire order.