What is "Commercially Reasonable?"

*This course is not eligible for AAP or APRP Continuing Education Credits at this time, but will be once additional components are added.

This course is part of a multiple course sequence on the legal phrase “commercially reasonable.” The first course covers the historical background of the use of “commercially reasonable” and the reasons why lawmakers began to use this term to set a standard of behavior specifically for commercial entities. The second course covers the use of the phrase “commercially reasonable” in the Uniform Commercial Code.  Most importantly, this second course closely examines the way that the “commercially reasonable” standard of care is used in section 202 of UCC Article 4A, which protects a bank from being liable for an unauthorized transfer if the bank offers its customer a “commercially reasonable security procedure” and meets some other conditions.  Section 4A-202 is hugely important in the payments business. As the purpose changes, the meaning of “commercially reasonable” continues to evolve.

The course content is relevant for learners in two specific ways and a third more general way. First, every person who touches commercial funds transfers, whether wires or ACH commercial items, or B2B credit transfers in newer payments schemes, needs to develop a clear understanding of the requirement to provide, and get the customer to agree to, up to date security procedures. Second, every person in the banking and payments business is increasingly likely to need to understand the practical impact of a regulation, private sector rule, or contract that requires a bank, a service provider or a customer to act in a commercially reasonable manner. Finally, the case study of “commercially reasonable” security procedures will help the learner understand the wider impacts of digitization and evolving cyber threats.

Prerequisites (if any): None 

Level: Suitable for both beginner and intermediate learners.

Learning Outcomes: 

  • After the first module on “commercially reasonable”, Learners should be able to distinguish the practical differences between three legal standards of care: the reasonable person standard, the commercially reasonable standard, and strict liability.
  • After the second module, Learners should be able to identify all of the parts of the procedures a bank needs to follow to avoid liability for unauthorized funds transfers, and how those procedures will need to be updated to keep up with industry best practices and regulatory guidance.
  • After the second module, Learners should be able to discuss how increasingly sophisticated cyber threats drive the need for improved security measures, specifically to provide “commercially reasonable security procedures” for commercial funds transfers, and more generally with respect to data security and privacy protection.

Skills Covered in this Course: Fraud management, Risk management, Legal compliance, Authentication, Authorization, System and Data Security, Vendor management


Richard M. Fraher, Founder & Principal, Payment Innovation & Regulation LLC


[Recording] Defining Commercially Reasonable
[Recording] Commercially Reasonable in the ACH Network