On this appeal, which involves an individual who was swindled when she authorized a wire transfer to the account of a fraudster, we are asked to determine whether New Jersey law recognizes a common-law duty on the part of a bank to an existing customer to exercise reasonable care before permitting a potential customer to open an account. I find that a duty to exercise such care exists only when a bank has a "special relationship" with its existing customer from which that duty should be deemed to flow. The amended complaint, however, fails to allege facts suggesting that a special relationship existed between plaintiff and defendant Bank. Therefore, defendant Bank's CPLR 3211(a)(7) motion should have been granted.

The operative facts set forth below are taken from the allegations in the amended complaint.

Plaintiff, a New Jersey resident, began banking with defendant Bank in 2018, and has maintained an account thereat at all relevant times. Plaintiff generally utilizes a New Jersey branch of defendant Bank, which is headquartered in New York.

According to the allegations of the amended complaint, defendant Bank "[a]t all relevant times, . . . was on notice that criminal actors seek to institute sham bank accounts with [the] Bank in order to defraud and steal funds from [the Bank's] customers, like [plaintiff]. [Defendant Bank] was therefore on notice that its customers rely on the [B]ank to vet other customers who open and maintain bank accounts with [the Bank]. Bank-related cybercrimes are widespread and common in the banking industry, and therefore foreseeable. It is also foreseeable that the financial harm to victims would be severe and costly to remedy. And [the defendant] Bank was in the best position, out of anyone, to prohibit fraud by one [Bank] customer against another using a [Bank] account.

"For these reasons, among others, [defendant Bank] had at all relevant times anti-fraud and fraud protection policies and procedures to protect its customers against fraud. [Defendant Bank,] moreover, publicized its anti-fraud and customer protection procedures and regulations. For example, [defendant Bank's] online marketing [*4]materials tout, 'Fraud protection all day, every day' to its customers, whose 'security is our number-one priority,' and proclaim the Bank's supposed '24/7 Fraud Monitoring' and other safeguards to protect its customers from fraud. [Defendant Bank's] parent company has also pronounced in public that it spends over half a billion dollars per year on and dedicates over three thousand employees to antifraud and cybersecurity measures, highlighting the 'enormous effort and resources we dedicate to protect ourselves and our clients.'"

Moreover, "[defendant Bank] publicly advertised and posted on its website that it would not permit a person to open a business account at [the Bank] unless the person opening such an account had proper identification and properly documented corporate records, including in the case of limited liability companies, operating agreements and/or company authorizations designating the managing member or authorized representatives.

"Thus, [defendant Bank's] requirements and guidelines for opening, maintaining, and managing a business account expressly provide that the 'Information Required To Open Account' includes two forms of personal identification and that one form must be a 'Government Issued ID,' such as a 'State Issued Driver's License, State Issued ID card, Passport, etc.,' along with a secondary ID, such as a 'Credit Card/Debit Card with embossed name, Employer ID, Utility Bill, etc.' [Defendant] Bank's own express guidelines, moreover, require a 'Tax Identification Number,' including either a social security number for a single-member LLC or a corporate tax identification number. Additionally, to open a corporate bank account, [defendant] Bank requires specific business documentation, including for example 'Certified Articles of Organization (Certificate of Formation)' that are 'filed with a state agency,' a 'Website Validation,' or an 'Assumed Name Certificate.'"

In September 2020, defendant Tate, a principal of defendant Alchemy Consultant LLC, a New Jersey limited liability company, opened an account with defendant Bank for Alchemy. The account was opened at a New Jersey branch. Defendant Tate did this to perpetrate a fraud against plaintiff, who Tate had learned from unlawfully accessed private financial information, was a customer of defendant Bank and interested in making investments. The employee of defendant Bank who opened the Alchemy account neither required nor recorded defendant Tate's driver's license or other form of personal identification, and the employee did not record Tate's Social Security number. In a space for defendant Tate's taxpayer identification number, the number "00-0000000" was recorded. As for defendant Alchemy, no corporate documentation was provided to defendant Bank.

Within two months of the opening of the Alchemy account, plaintiff was duped by defendant Tate (or one or more persons acting in concert with him) into instructing defendant Bank to wire $300,000 from her account to [*5]the Alchemy account; defendant Bank effected the transfer. Soon thereafter, defendant Tate emptied the Alchemy account of plaintiff's funds, and abandoned the account. Plaintiff realized that she had been defrauded and notified defendant Bank of the nefarious transaction, demanding a reversal of the wire transfer or some other corrective action. Defendant Bank took no steps to recover plaintiff's funds, and plaintiff's money has not been returned.

Plaintiff commenced this action against the defendants to recover damages for the loss of the $300,000. As against defendant Bank, plaintiff asserted a cause of action for common-law negligence under New Jersey law.

According to the allegations in the amended complaint, the theft of plaintiff's money by defendants Alchemy and Tate "was enabled by defendant [Bank's] gross negligence and dereliction of duty to its own customer, [plaintiff], who entrusted [defendant] Bank with significant sums on deposit." "In violation of its own internal policies and safeguards for its customers — including customers like [plaintiff] — defendant Bank opened . . . the fraudulent Alchemy bank account without confirming the bona fides of Alchemy by requiring Alchemy to submit corporate authorization and without obtaining a government-issued identification of 'David Tate,' the person purporting to be an Alchemy officer who opened the corporate account." In addition to failing to require or obtain corporate documentation or identification from the individual who opened the Alchemy account, defendant Bank allowed the account to be opened with a negligible deposit of $100. Defendant Bank was "on notice that criminal elements have sought and continue to seek to open fraudulent bank accounts with [the Bank] as a major reputable United States bank in order to defraud [the Bank's] customers. [Defendant Bank's] customers, like [plaintiff], reasonably rely on [the Bank's] fraud protection policies and programs and are encouraged by the bank to have confidence that intra-bank transfers to other . . . accounts [of the Bank] like the transfers induced by Alchemy, are to legitimate, properly vetted bank accounts, not fraudulent ones." Because of the prevalence of cybercrimes in the banking industry, such offenses are foreseeable, as is the significant financial harm to the defrauded. Plaintiff insists that defendant Bank owed her, "as its customer[,] a duty of care to ensure that its fraud protection policies and programs were implemented and enforced." This duty was violated because defendant Bank failed to exercise reasonable care before allowing defendant Alchemy to open its account; defendant Bank failed to conduct due diligence and violated its own publicly-stated standard of care to its customers. Defendant Bank's breach of its duty of care proximately caused plaintiff's loss, because the Alchemy account was used to facilitate the fraudulent transfer.

After the joinder of issue and some discovery, defendant Bank moved, [*6]among other things, to dismiss the complaint as against it under CPLR 3211(a)(7). Defendant Bank asserted, as is relevant here, that it owed no duty of care to plaintiff, and, therefore, plaintiff's negligence claim against it must be dismissed. Plaintiff opposed the motion, insisting that defendant Bank owed her a duty of care under New Jersey law.

In a thorough decision (2023 NY Slip Op 31401[U] [Sup Ct, NY County 2023]), Supreme Court denied defendant Bank's motion. As is pertinent to this appeal, the court concluded that defendant Bank owed plaintiff, as a customer, a duty of care under New Jersey law to exercise due diligence before permitting the opening of the Alchemy account (id. at *5, citing LD Mgt. LLC v First Republic Bank, Inc., 2022 WL 4536297, *7, 2022 US Dist LEXIS 175925, *17 [D NJ Sept. 27, 2022, No. 21-18427 (KM)]; Remtek Servs., Inc. v Wells Fargo Bank, N.A., 2020 WL 241332, *2-3, 2020 US Dist LEXIS 7678, *6-7 [D NJ Jan. 16, 2020, No. 19-12790 (RBK/KMW)]; Gilson v TD Bank, NA, 2011 WL 294447, 2011 US Dist LEXIS 7805 [SD Fla Jan. 27, 2011, No. 10-20535-CIV]).^[FN2]

On appeal, defendant Bank argues that, under New Jersey law, a bank owes its customer those duties that arise from the parties' banking agreements and independent communications between those parties that create an affirmative obligation on the part of the bank. According to defendant Bank, the amended complaint identifies no provision in the parties' banking agreement and no independent communication between the parties that created an obligation on its part in favor of plaintiff to exercise reasonable care before permitting a third party to open an account. That is to say, no special relationship existed between the parties. Defendant Bank also makes a policy argument: that imposing on banks a duty of the type advanced by plaintiff would be unreasonable and unduly burdensome, and would greatly expand the liability of banks.

In response, plaintiff generally contends that New Jersey law imposes on a bank a duty of reasonable care to its own customers with respect to the opening of third-party accounts. More specifically, plaintiff contends that defendant Bank, by virtue of widely disseminated public advertisements and webpage statements regarding its antifraud procedures and safeguards, undertook the obligation to plaintiff to adhere to its safeguards and to exercise due diligence to prevent its accounts from being used to perpetrate frauds on its customers. With regard to public policy, plaintiff maintains that the common-law duty she seeks to impose on defendant Bank is limited, and the duty would only expose banks to liability based on their failure to enforce their own publicized standards of care. Finally, plaintiff presses a theory covered in the amended complaint but not addressed by Supreme Court: that the amended complaint asserts a cognizable claim for common-law negligence based on defendant Bank's failure to take remedial action once plaintiff notified [*7]it that the Alchemy account was being used to perpetrate fraudulent activities.

A.

On a CPLR 3211(a)(7) motion to dismiss for failure to state a cause of action, we give the pleading a liberal construction, accept the allegations as true, and accord the plaintiff every favorable reasonable inference (Leon v Martinez, 84 NY2d 83, 87-88 [1994]; see Moore Charitable Found. v PJT Partners Inc., 40 NY3d 150, 153 [2023]; Connaughton v Chipotle Mexican Grill, Inc., 29 NY3d 137, 141-142 [2017]). Because defendant Bank's CPLR 3211(a)(7) motion challenges the facial sufficiency of the amended complaint, we determine only whether the facts alleged, viewed through the lens formed by the Leon principles, fit within any cognizable legal theory (see Leon, 84 NY2d at 88; see also Miglino v Bally Total Fitness of Greater NY, Inc., 20 NY3d 342, 351 [2013]).

B.

Under New Jersey law, the question of whether a duty exists is a matter of law for the court, entailing the weighing of the relationship of the parties, the nature of the risk, the opportunity and ability to exercise care, and the public interest in the proposed solution (Estate of Desir v Vertus, 214 NJ 303, 322, 69 A3d 1247, 1258 [2013]; see Wang v Allstate Ins. Co., 125 NJ 2, 15, 592 A2d 527, 534 [1991]). The imposition of a duty of care derives from considerations of public policy and fairness, particularly the latter (Estate of Desir, 214 NJ at 322, 69 A3d at 1258). The fact-specific, principled analysis of whether a duty ought to be recognized "must lead to solutions that properly and fairly resolve the specific case and generate intelligible and sensible rules to govern future conduct" (Brunson v Affinity Fed. Credit Union, 199 NJ 381, 403, 972 A2d 1112, 1124 [2009]). The Supreme Court of New Jersey has cautioned courts to refrain from treating questions of duty in a conclusory fashion (Estate of Desir, 214 NJ at 322, 69 A3d at 1258).

Certain duty principles have emerged specifically relating to banks.

A bank and its depositor-customer generally have an arms'-length, debtor-creditor relationship (see All Am. Auto Salvage v Camp's Auto Wreckers, 146 NJ 15, 24, 679 A2d 627, 631 [1996]; Lor/Mar Toto, Inc. v 1st Constitution Bank, 376 NJ Super 520, 536, 871 A2d 110, 120 [Super Ct App Div 2005]). Thus, as the Bankruptcy Court of the Southern District of New York has stated in reviewing New Jersey law, "banks do not owe a duty to a plaintiff — even if the plaintiff is one of the bank's depositors — to prevent, warn, or otherwise protect the plaintiff from the malfeasance of a third party with whom the bank transacted business" (Pereira v United Jersey Bank, N.A., 201 BR 644, 669 [SD NY 1996]).

A bank does, however, owe its customer those duties that arise from the parties' banking agreement and any additional communications that create an obligation on the part of the bank (see City Check Cashing v Manufacturers Hanover Trust Co., 166 NJ 49, 62-63, 764 A2d 411, 418-419 [2001]; Harry Kuskin 2008 Irrevocable [*8]Trust v PNC Fin. Group, 2023 WL 4693141, *8, 2023 NJ Super Unpub LEXIS 1277, *20-21 [App Div July 24, 2023, No. A-1937-21]; Pereira, 201 BR at 671).^[FN3] A duty of care on the part of a bank will be imposed "where a special relationship has been established from which a duty can be deemed to flow" (City Check Cashing, 166 NJ at 59, 764 A2d at 417). That special relationship arises in one of three distinct ways (see id. at 59-60, 764 A2d at 26).

First, a special relationship may be created by an agreement between the bank and its customer. "An agreement is essentially a meeting of the minds between two or more parties on a given proposition" (id. at 62, 764 A2d at 418). Second, a special relationship will be recognized where the bank undertakes a particular obligation. That is to say, the bank willingly assumes an obligation to the customer or otherwise pledges to take a particular act (166 NJ at 62, 764 A2d at 418). An agreement and an undertaking will give rise to a duty only with respect to the subject agreed upon or undertaken (id. at 62, 764 A2d at 418). Third, "contact" between the parties may, under the nature and surrounding circumstances, give rise to a special relationship on the part of a bank. "Contact" occurs where communication between the parties implies to the customer that the bank has incurred a particular obligation to the customer (id. at 62, 764 A2d at 418).^[FN4]

C.

Giving the amended complaint a liberal construction, accepting plaintiff's allegations as true, and according her every favorable reasonable inference, I conclude that the allegations do not fit within any cognizable legal theory under New Jersey law and that the amended complaint fails to state a cause of action. The allegations in the amended complaint do not allege a specific relationship.

Plaintiff does not assert that there was an agreement between the parties establishing an obligation on the part of defendant Bank to adhere to and enforce its publicized antifraud procedures and safeguards (cf. In re Clear Advantage Title, Inc., 438 BR 58, 65 [D NJ 2010]). Rather, plaintiff maintains that the amended complaint pleads that, by virtue of defendant Bank's publicized antifraud procedures and safeguards, a special relationship existed between her and defendant Bank pursuant to the undertaking and contact principles of City Check Cashing.

With respect to an undertaking, the amended complaint does not plead that defendant Bank willingly assumed an obligation to plaintiff to adhere to or enforce its antifraud procedures and safeguards (see City Check Cashing, 166 NJ at 62, 764 A2d at 418). Instead, plaintiff alleges that defendant Bank made representations to the public at large. "[T]he critical undertaking," therefore, was lacking, as was a special relationship based on that undertaking (id. at 63, 764 A2d at 419).

Moreover, the amended complaint does not plead that there was contact between defendant Bank and plaintiff that, under the nature and surrounding circumstances [*9]of the parties' relationship, implied to plaintiff that defendant Bank incurred the obligation to her to adhere to or enforce its antifraud procedures and safeguards. As discussed above, plaintiff and defendant Bank had a creditor-debtor relationship, and their contact, which is to say their communications, relating to defendant Bank's antifraud procedures and safeguards were limited to materials and information disseminated to the public through defendant Bank's website.^[FN5] Plaintiff identifies no direct contact between her and an employee or officer of defendant Bank regarding its antifraud procedures and safeguards (see id. at 63, 764 A2d at 419; see also id. at 62, 764 A2d at 418 ["Contact" occurs where communication between the parties implies to the customer that the bank has incurred a particular obligation to the customer]).

Ultimately, defendant Bank represented to its existing and potential customers that it had and would employ various antifraud measures; it did not, however, warrant to plaintiff that it would enforce or adhere to those measures. Publicly disseminated materials and information, mainly marketing materials and website statements, publicizing defendant Bank's antifraud measures do not, without more, equate to a commitment to individual customers that defendant Bank, under the pains of tort liability, will enforce or adhere to those measures. To find that a duty exists here is to eliminate the requirement that a special relationship exist between the customer and the bank. Instead, we are imposing on banks a duty of care to their customers at large.

LD Mgt. LLC (2022 WL 4536297, 2022 US Dist LEXIS 175925) and Remtek Servs., Inc. (2020 WL 241332, 2020 US Dist LEXIS 7678) do not warrant a different conclusion. Neither of those decisions contains a meaningful analysis of the common-law duty issue presented by this appeal, and, relatedly, neither acknowledges the special relationship principle that drives the inquiry into whether a bank owes a duty of care to another.^[FN6] The authority relied on by plaintiff from outside New Jersey is not persuasive, given that it does not address the special relationship requirement demanded by New Jersey law (see e.g. Eisenberg v Wachovia Bank, N.A., 301 F3d 220, 224 [4th Cir 2002]; Attisha Enters. v Capital One, N.A., 2021 WL 698200, *2, 2021 US Dist LEXIS 33321, *4-5 [SD Cal Feb. 22, 2021, No. 3:20-cv-01366-BEN-RBB]).

Given the long history of the consumer banking industry and the omnipresence of customer-bank relationships, it is telling that plaintiff cannot point to any New Jersey appellate precedent directly supporting her position that defendant Bank owed her the duty of care she seeks to impose on it. A finding of a duty in this case would represent an expansion of banks' exposure to common-law negligence liability. And a significant expansion at that: plaintiff's position that defendant Bank owes an extra-contractual duty of care to its customers to enforce its publicly published or [*10]otherwise announced anti-fraud procedures would expose banks to considerable liability that they have not previously faced. Moreover, presumably all consumer banks will be subject to the new duty we recognize today for all of their customers.

I appreciate the desire to make plaintiff whole in this action; however, "the function of the common law is not to achieve a result in a particular case, but to establish generally applicable rules to govern societal behaviors. Craft a rule that is inherently fact-specific and we risk creating an outcome that reaches only the particular circumstances and parties before the Court today; create a broadly worded duty and we run the risk of unintentionally imposing liability in situations far beyond the parameters we now face" (Estate of Desir, 214 NJ at 323, 69 A3d at 1258).

The unfortunate facts underlying this particular lawsuit are producing an extraordinary rule of tort liability under New Jersey law, and our decision will, for now, serve as the guiding precedent on this important subject.

VI.

Despite the regrettable loss of plaintiff's money to a fraudster's scheme, no common-law duty existed under New Jersey law on the part of defendant Bank to plaintiff to exercise reasonable care before permitting defendant Tate to open the

Alchemy account. Therefore, the order denying defendant Bank's CPLR 3211(a)(7) motion should be reversed, the motion granted, and the amended complaint as against defendant Bank dismissed.^[FN7]

THIS CONSTITUTES THE DECISION AND ORDER OF THE SUPREME COURT, APPELLATE DIVISION, FIRST DEPARTMENT.

ENTERED: July 11, 2024