1. Obligations of sender of payment order

20. The sender of a payment order may be the originator of the credit transfer, since the originator sends a payment order to the originator's bank, or it may be a bank, since every bank in the credit transfer chain, except the beneficiary's bank, must send its own payment order to the next bank in the credit transfer chain.

21. Article 5(6) sets out the one real obligation of a sender, i.e., "to pay the receiving bank for the payment order when the receiving bank accepts it". There is a special rule for payment orders that contain a future execution date; in that case the obligation to pay arises when the receiving bank accepts the payment order, "but payment is not due until the beginning of the execution period".

22. But what if there is a question as to whether the payment order was really sent by the person who is indicated as being the sender? In the case of a paper-based payment order the problem would arise as the result of an alleged forged signature of the purported sender. In an electronic payment order, an unauthorized person may have sent the message but the authentication by code, encryption or the like would be accurate.

23. The Model Law answers the question in three steps. The first step is described in article 5(1): "A sender is bound by a payment order ... if it was issued by the sender or by another person who had the authority to bind the sender." The question as to whether the other person did in fact and in law have the authority to bind the sender is left to the appropriate legal rules outside the Model Law.

24. The second step described in article 5(2) is the most important:

"When a payment order ... is subject to authentication [by agreement between the sender and the receiving bank], a purported sender ... is ... bound if

(a) the authentication is in the circumstances a commercially reasonable method of security against unauthorized payment orders, and

(b) the receiving bank complied with the authentication."

25. The assumption is that, in the case of an electronic payment order, the receiving bank determines the authentication procedures it is prepared to implement. Therefore, the bank bears all the risk of an unauthorized payment order when the authentication procedures are not at a minimum "commercially reasonable". The determination of what is commercially reasonable will vary from time to time and from place to place depending on the technology available, the cost of implementing the technology in comparison with the risk and such other factors as may be applicable at the time. Article 5(3) goes on to say that article 5(2) states an obligation that the receiving bank cannot avoid by agreement to the contrary. Article 5(2) does not apply, however, when the authentication procedure is "a mere comparison of signature", in which case the otherwise applicable law on the consequences of acting on a forged signature must be applied.

26. If the authentication procedure was commercially reasonable and the bank followed the procedure, the purported sender is bound by the payment order. This reflects two judgments. The first is that the bank has no means to distinguish the authorized use of the authentication from the unauthorized use of the authentication. Banks would be unable to offer electronic credit transfers at an acceptable price if they bore the risk that payment orders that were properly authenticated were nevertheless unauthorized. The second is the judgment that if the authentication procedure is commercially reasonable and the bank can show that it followed the procedure, the chances are that it was the sender's fault that someone unauthorized learned how to authenticate the payment order.

27. That introduces the third step in the analysis as described in article 5(4). The sender or the receiving bank, as the case may be, would be responsible for any unauthorized payment order that could be shown to have been sent as a result of the fault of that party. For the rule as to who bears the burden of proof, see article 5(4).