No Crime Coverage for Social Engineering Fraud

The United States Court of Appeals for the Ninth Circuit, applying California law, has held that a crime policy did not afford coverage for a loss caused by an insured’s initiation of wire transfers based on fraudulent email instructions.  Taylor & Lieberman v. Federal Ins. Co., 2017 WL 929211 (9th Cir. Mar. 9, 2017) .

The insured, an accounting firm, received several emails from a client’s email address with instructions for transferring client funds.  Believing the instructions to be genuine, the insured initiated the transfers.  The insured subsequently learned that a third party had gained access to the client’s email address and sent the payment instructions as part of a fraudulent scheme.  It then sought coverage for the loss under its crime policy, but the insurer denied coverage and coverage litigation ensued.  The district court granted summary judgment in favor of the insurer after concluding, as a threshold matter, that the insured could not show a “direct loss” because there were intervening causes between the initial fraudulent emails and the resulting loss.  (For the district court opinion, see here.)

On appeal, without addressing the “direct loss” issue, the court affirmed the decision on alternative grounds.

First, the court determined that the loss did not result “from Forgery or alteration of a Financial Instrument by a Third Party.”  The insured had contended that the words “financial instrument” only limited coverage for an alteration, and that a covered Forgery need not be of a financial instrument.  The court disagreed, holding that “under a natural reading of the policy, forgery coverage only extends to forgery of a financial instrument.”

Second, the court rejected the insured’s argument that the computer fraud coverage applied because the emails constituted an unauthorized “entry into” its computer system or “introduction of instructions” that “propogate[d] themselves” through the insured’s computer system.  The court reasoned that unwanted emails, without more, could not be considered an “unauthorized entry” into the recipient’s computer system.  In addition, “under a common sense reading of the policy,” the court found that the fraudulent emails were “not the type of instructions that the policy was designed to cover, like the introduction of malicious computer code.”  The court found the computer fraud coverage to be inapplicable on those grounds.

Third, the court ruled that the insured was not entitled to coverage for the “fraudulent written, electronic, telegraphic, cable, teletype or telephone instructions issued to a financial institution directing such institution to transfer, pay or deliver Money or Securities from any account maintained by an Insured Organization at such Institution, without an Insured Organization’s knowledge or consent.”  The court reasoned that, because the insured requested the wire transfers, the transfers were made with both its “knowledge” and “consent.”  The court also ruled that the coverage did not apply for the independent reason that the insured accounting firm was not a “financial institution.”

Tags

Wiley Executive Summary

Sign up for updates

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek