The U.S. Court of Appeals for the Ninth Circuit recently reversed the dismissal of a consumer’s claims that a bank violated the federal Electronic Fund Transfer Act by failing to fully reimburse her for losses suffered as result of fraudulent transfers from her account.
In so ruling, the Ninth Circuit concluded that although the consumer failed to report unauthorized withdrawals within 60 days after her bank sent monthly statements reflecting the withdrawal, as required, the trial court erred by overlooking the additional requirement holding the consumer liable for any such transfers only if the bank establishes that those transfers “would not have occurred but for the failure of the consumer” to timely report the earlier unauthorized transfer reflected on her bank statement.
However, the Ninth Circuit affirmed the dismissal of the consumers’ state law breach of contract and breach of the implied covenant of good faith and fair dealing. Here, the Ninth Circuit rejected the consumer’s claim that the bank breached the Privacy Notice appended to the Deposit Account Agreement, finding that the Privacy Notice did not impose any substantive duties on the bank, but merely explained its policies and a consumer’s ability to limit the sharing of personal information.
A copy of the opinion in Widjaja v. JPMorgan Chase Bank, N.A. is available at: Link to Opinion.
A foreign consumer who primarily resided outside the United States but maintained a residence in California (“Consumer”) held several bank accounts at a bank in the United States (“Bank”).
Purportedly unidentified individuals gained access to the Consumer’s checking account in October 2017 and began making unauthorized withdrawals without her knowledge — first in a nominal amount of less than $2 to another bank, followed by a transfer of $29,000 to the same bank two days later. Suspecting fraudulent activity, the bank receiving the transfers contacted the Consumer’s Bank’s fraud department. The two banks jointly determined that the transaction was fraudulent, and refunded the money to the Consumer’s account.
The Consumer’s Bank did not inform the Consumer of this fraudulent activity and took no subsequent action to protect her account from further unauthorized withdrawals. Thereafter, the same individuals purportedly made more than 100 unauthorized withdrawals from the Consumer’s checking account between November 2017 and March 2019, at which time the Consumer reported the fraudulent activity to her Bank upon review of her account statements when she returned to California.
The Consumer was reimbursed by her Bank for some of the unauthorized withdrawals through its internal dispute resolution process, but the Bank refused to reimburse her for $300,000 of the losses she suffered, citing her failure to report the initial unauthorized withdrawals within 60 days of their appearance on her bank statements, as required under the EFTA. See 15 U.S.C. §§ 1693f(a), 1693g(a); 12 C.F.R. § 1005.6(b)(3).
The Consumer filed suit against the Bank, asserting claims for purported (1) violation of the EFTA or, alternatively, California’s EFTA counterpart, Cal. Comm. Code § 11101 et seq.; (2) breach of contract; (3) breach of the implied covenant of good faith and fair dealing; and (4) negligence.
The Bank moved to dismiss Consumer’s complaint for failure to state a claim. The trial court granted the Bank’s motion to dismiss, finding that the EFTA barred the Consumer’s claims as a result of her failure to timely report the withdrawals at issue, and dismissed the Consumer’s EFTA and state law claims with prejudice. The Consumer timely appealed.
On appeal, the Ninth Circuit was tasked with interpreting section § 1693g of the EFTA which limits a consumer’s liability for unauthorized electronic fund transfers to $50 in most instances, subject to two exceptions.
The first exception raises the cap to $500 when the unauthorized transfers occur due to the loss or theft of an access device (such as an ATM card) and the consumer fails to notify her bank within two business days of learning that the device has been lost or stolen. 15 U.S.C. § 1693g(a); see 12 C.F.R. § 1005.6(b)(2).
The second exception, which is relevant to the case at bar, provides that the cap on liability will be lifted if: (1) an unauthorized transfer appears on the monthly statement that banks must send to consumers under 15 U.S.C. § 1693d(c); (2) the consumer fails to report the unauthorized transfer to her bank within 60 days after the statement is sent to her; and (3) the bank can establish that unauthorized transfers made after the 60-day period would not have occurred but for the consumer’s failure to provide timely notice of the earlier unauthorized transfer. 15 U.S.C. § 1693g(a).
In the latter scenario, the consumer’s liability for unauthorized transfers that occur within the 60-day period cannot exceed $50 or $500 (depending on the circumstances), but the consumer faces unlimited liability for unauthorized transfers occurring outside the 60-day period. See 12 C.F.R. § 1005.6(b)(3); 12 C.F.R. pt. 1005, Supp. I, 6(b)(3). The bank bears the burden of proving that the conditions of liability set forth in the aforementioned subsections have been met. 15 U.S.C. § 1693g(b).
Here, the Consumer did not dispute that she failed to report the unauthorized withdrawals within the 60-day period set by the EFTA, but argued that she was excused from the 60-day reporting requirement because: (1) her limited access to banking records and extended international travel constituted “extenuating circumstances” under 1693g(a), and (2) she was not required to report the unauthorized withdrawals because the Bank was already aware of the initial fraudulent transfers by virtue of its communications from the bank which it received.
The Ninth Circuit agreed that the trial court properly rejected these arguments, noting that Section 1693g(a) plainly requires “the consumer” — and not a third party — to timely report an unauthorized withdrawal to avoid facing potentially unlimited liability for subsequent withdrawals occurring after that period.
However, the Ninth Circuit noted that although the EFTA requires a consumer to notify her bank of unauthorized transfers within the prescribed 60-day reporting period, a consumer who fails to do so is not automatically liable for all subsequent losses — liability is placed upon the consumer for unauthorized transfers occurring after the 60-day period only if the bank establishes that those transfers “would not have occurred but for the failure of the consumer” to timely report the earlier unauthorized transfer reflected on her bank statement. 15 U.S.C. § 1693g(a).
The trial court’s analysis overlooked this requirement, and the Ninth Circuit determined that its error was not harmless.
Here, the Ninth Circuit noted that the Consumer’s allegations that her Bank took no further action to protect her account after it became aware of the initial fraudulent transfers gave the Bank a strong financial incentive to take immediate corrective action, regardless of the source of its notice of fraudulent activity, and giving rise to a reasonable inference that the Bank would not have taken action to prevent subsequent losses even if she had reported the initial unauthorized withdrawals within the 60-day period.
As such, the Appellate Court concluded that the Consumer met her pleading burden to survive a motion to dismiss by plausibly suggesting that even if she had reported an unauthorized transfer within the 60-day period, the subsequent unauthorized transfers for which she seeks reimbursement would still have occurred. See Nayab v. Capital One Bank (USA), N.A., 942 F.3d 480, 495–97 (9th Cir. 2019) (holding in a similar context that the plaintiff must allege facts giving rise to a reasonable inference that a statutorily available affirmative defense does not apply).
As to the Consumer’s remaining state claims for purported breach of contract and breach of implied covenant of good faith and fair dealing raised on appeal, which the trial court held were foreclosed due to the Consumer’s failure to provide notice within the EFTA’s 60-day reporting period, the Appellate Court affirmed dismissal but for different reasons.
The Ninth Circuit rejected the Consumer’s claim that the Bank breached the Privacy Notice appended to the Deposit Account Agreement (DAA), finding that it did not impose any substantive duties on the Bank, but merely explained its policies and a consumer’s ability to limit the sharing of personal information. The Ninth Circuit further held that the Consumer’s claim for breach of the implied covenant of good faith and fair dealing failed because the DAA expressly permitted the Bank to close the Consumer’s accounts.
In sum, because the Ninth Circuit concluded that the trial court erred in dismissing the Consumer’s EFTA claims, but properly dismissed the state court claims, the dismissal was reversed in part, and affirmed in part, and remanded to the lower court for further proceedings.