The U.S. District Court for the Central District of California dismissed the majority of claims brought by a business owner against a national bank, finding that many of the asserted federal and state law causes of action were legally deficient or unsupported by the facts as pled. However, the court granted the plaintiff leave to amend most claims.
Key Allegations
The plaintiff, a business owner operating over thirty accounts with the defendant bank, alleged that a former employee orchestrated an embezzlement scheme, misappropriating millions of dollars through unauthorized transactions. The complaint asserted that the bank’s deficient internal controls and failure to act on reports of fraud enabled the scheme, resulting in substantial business losses.
Dismissal of Federal Statutory Claims
The court dismissed, with prejudice, all claims based on federal statutes that do not provide a private right of action, including those under the Identity Theft Enforcement and Restitution Act, the Anti-Money Laundering Act, Know Your Customer regulations, and the Bank Secrecy Act. The court emphasized that only statutes explicitly granting a private remedy can support such claims.
The claim under the Electronic Fund Transfer Act (EFTA) was also dismissed, but with leave to amend. The court noted that while the EFTA does provide a private right of action, the plaintiff failed to allege facts showing that the disputed transactions involved consumer accounts, as required by the statute.
Analysis of State Law Claims
Negligence: The court found that banks generally owe only limited duties to customers, and that the plaintiff’s negligence claim was both insufficiently specific and barred by the economic loss rule, as it arose from the parties’ contractual relationship.
“Courts have generally held that banks have a limited duty of care or no duty of care beyond the duties created by the bank-depositor relationship.” Gray v. Ben, No. CV 22-03090 DSF (PVCx), 2022 WL 16859609, at *4 (C.D. Cal. Nov. 9, 2022); see Freedom Gold USA LLC v. Bank of Am., N.A., No. 2:24-CV-08360-WLH (ASX), 2024 WL 5368652, at *7 (C.D. Cal. Nov. 15, 2024) (“As a general matter, the ordinary bank-customer relationship is not a “special relationship” giving rise to tort remedies.”). California law is clear that a bank is under no duty to supervise the activity of account holders or inquire into the purpose for which funds are being used. See Das v. Bank of Am., N.A., 186 Cal. App. 4th 727, 741 (2010); Hawkins v. Bank of Am., N.A., No. 17-cv-01954-BAS-AGS, 2018 WL 1316160, at *2 (S.D. Cal. Mar. 14, 2018) (stating that “BOA owed ‘no duty to monitor fiduciary accounts for irregular transactions, to prevent improper disbursements from the accounts, or to conduct an investigation of possible misappropriation of funds’ ” and concluding that “Plaintiff has not and cannot plausibly plead that BOA owed a duty to initially investigate Hawkins’ transfers when they were made” (citation omitted)). More generally, California law imposes no duty of care to protect a plaintiff from harm caused by third party fraud or other wrongdoing or to aid the plaintiff in mitigating or recovering from such harm. Brown v. USA Taekwondo, 11 Cal. 5th 204, 214–15 (2021). Banks do, however, have a duty to investigate potential fraud when the fraud is brought to their attention. See Sun ‘n Sand v. United Cal. Bank, 21 Cal. 3d 671, 695–96 (1996) (holding that a bank has a limited duty of inquiry when a check presented for deposit bears some objective signs of fraud); Hawkins, 2018 WL 1316160, at *3 (“A duty of care may also arise when [an] individual notifies a bank of potential fraud occurring with respect to bank accounts.” (citation omitted)).
Fraud and Related Claims: Claims for fraud, aiding and abetting, and misrepresentation were dismissed for failure to plead with the particularity required by federal rules. The court noted the lack of detail regarding the alleged misrepresentations and the circumstances of the fraud.
Breach of Contract: The breach of contract claim was dismissed because the plaintiff failed to identify specific contractual terms that were allegedly breached, a necessary element under California law.
Conversion: The court held that, under California law, a depositor cannot claim conversion against a bank for funds deposited, as the bank owns the funds once deposited. The plaintiff also failed to identify specific sums or establish ownership of the allegedly converted property.
Unjust Enrichment: The court reiterated that unjust enrichment is not a standalone cause of action in California and, in any event, is unavailable where a contract governs the parties’ relationship.
CCPA and UCL Claims: Claims under the California Consumer Privacy Act and Unfair Competition Law were dismissed for lack of factual support. The court found no allegations of a data breach or actionable unfair business practices, and noted that the plaintiff’s reliance on general statements of customer care amounted to non-actionable puffery.
The CCPA provides a limited civil remedy for any “consumer whose nonencrypted and nonredacted personal information … is subject to an unauthorized access and exfiltration, theft, or disclosure as a result of the business’s violation of the duty to implement and maintain reasonable security practices.” Shah v. Cap. One Fin. Corp., No. 24-cv-5985, 2025 WL 714252, at *8 (N.D. Cal. Mar. 3, 2025) (quoting Cal. Civ. Code § 1798.150(a)(1)). Subdivision (c) of the same statute provides: “The cause of action established by this section shall apply only to violations as defined in subdivision (a) and shall not be based on violations of any other section of this title. Nothing in this title shall be interpreted to serve as the basis for a private right of action under any other law.” Cal. Civ. Code § 1798.150(c).
The Complaint does not allege facts constituting a CCPA violation. It avers that “Defendant unlawfully mishandled Plaintiff’s personal and financial information, violating the [CCPA] and exposing Plaintiff to identity theft,” but those allegations do not support an actionable claim. Compl. ¶ 76; see Danfer-Klaben v. JPMorgan Chase Bank, N.A., No. 2:12-cv-62, 2022 WL 3012528, at *7 (C.D. Cal. Jan. 24, 2022) (dismissing CCPA claim where plaintiff failed to allege that defendant’s disclosures to third parties was the result of a failure to “to implement and maintain reasonable security measures”). The Complaint further alleges that Defendant denied Plaintiff’s request for information that “the embezzler” had used, which also falls short. Compl. ¶ 78; see McCoy v. Alphabet, Inc., No. 20-CV-05427-SVK, 2021 WL 405816, at *8 (N.D. Cal. Feb. 2, 2021) (dismissing claim where “there are no allegations of a security breach”). Plaintiff fails to address Defendant’s challenge to the CCPA claim. See MTD Opp.
Accordingly, the Court GRANTS Defendant’s motion to dismiss Count No. 8.
Matthew Kenney v. Bank of Am., N.A., No. 2:25-CV-02726-MWC-PVC, 2025 WL 1489549 (C.D. Cal. May 23, 2025).
