The New York Attorney General (“NYAG”) filed a lawsuit that may ultimately clarify whether banks are liable for fraudulent consumer wire transfers.

Generally, wire transfers are governed by Article 4A of the Uniform Commercial Code (“UCC”). Under the UCC, a bank that validates the identity of the sender of a wire transfer using a commercially reasonable security procedure generally avoids liability if it is later determined the wire transfer was unauthorized.

There is no question non-consumer accounts are subject to  UCC Article 4A rules. Banks can shift liability to accountholders for unauthorized wire transfers if the bank and accountholder use a commercially reasonable security procedure to validate the authenticity of the transfer. However, there has been an unanswered question regarding whether consumer wire transfers are governed by Article 4A’s liability shifting framework.

The Electronic Funds Transfer Act (“EFTA”), 15 U.S.C. § 1963, et. seq., generally insulates consumers from certain types of electronic fund transfer fraud losses. The EFTA generally limits consumers’ liability for fraudulent financial transactions if consumers notify the financial institution within prescribed deadlines.

However, the EFTA does not apply to an “electronic funds transfer.” The EFTA defines an “electronic funds transfer” as:

The term ‘electronic fund transfer’ … does not include … any transfer of funds, other than those processed by automated clearinghouse, made by a financial institution on behalf of a consumer by means of a service that transfers funds held at either Federal Reserve banks or other depository institutions and which is not designed primarily to transfer funds on behalf of a consumer.

For a long time, courts and commentators have interpreted this exception to the EFTA to mean that the EFTA’s rules do not apply to wire transfers involving consumer funds.

The NYAG disagreed with this seemingly settled principle. The NYAG filed a lawsuit against Citibank claiming Citibank failed to protect consumers from an avalanche of fraud, thus violating the EFTA. According to the NYAG, consumers lost over $1 billion to financial fraud in 2021 alone. The NYAG blamed Citibank for making wire transfers easily accessible but doing little to protect consumers from financial fraud.

According to the NYAG, the prevalence of phishing and SIM swapping scams have allowed fraudsters to take advantage of consumers. Fraudsters may harvest bank-app credentials through phishing schemes or transfer a consumer’s phone number to a new device in a SIM swap scheme. In either case, fraudsters are then able to initiate wire transfers from consumer accounts.

Citibank moved to dismiss the NYAG’s complaint, arguing the EFTA did not apply to any consumer wire transfer. On January 21, 2025, the United States District Court for the Southern District of New York ruled in a 65-page opinion in favor of the NYAG. The Court determined that the EFTA does apply to wire transfers for consumers.

The Court reviewed the text and history of the EFTA and concluded that “the EFTA was almost singularly concerned with consumer protection in the face of rapid technological change in electronic payment mechanisms.” Thus, according to the Court, it would be incompatible with the text and history of the EFTA to find that it did not apply to consumer-initiated wire transfers.

The Court also noted that until recently, consumer wire transfers were relatively uncommon. However, recent technological developments have changed that. Now, consumers can initiate a number of financial transactions through their phone. Therefore, many commentators and courts mistakenly assumed that the EFTA was not intended to apply to consumer wire transfers:

As interest in and access to mobile banking increases, financial institutions have begun to market and provide electronic payment options directly to consumers, including the ability to seamlessly transfer money among bank accounts online or using mobile devices.

In other words, according to the Court, people incorrectly believed the EFTA did not apply to consumers because there were few consumer-initiated wire transfers. This has changed now that consumers can easily move funds using financial institution apps and fraudsters have figured out how to compromise those apps.

The ruling would make Citibank, and banks generally, liable under the EFTA for unauthorized consumer wire transfers, even if the bank otherwise followed UCC Article 4A.

There is still a long way to go before this case concludes. The decision here was on Citibank’s motion to dismiss the NYAG’s complaint. The case will now proceed to discovery and potentially a trial. Citibank will undoubtedly continue to challenge the ruling and scope of the EFTA. In the meantime, the case suggests that the safest course for banks is to treat the EFTA as applicable to consumer-initiated wire transfers.