Three recent insurance coverage cases arising from fraudulent email/funds transfer schemes in the Eastern District of Virginia arrived at different results.
In Midlothian Enter., Inc. v. Owners Ins. Co., 2020 U.S. Dist. LEXIS 30237 (E.D. Va. Feb. 5, 2020), hackers obtained access to a business owner’s email and directed a fraudulent email to an employee to send a $42,000 wire. The insured sought coverage under policy endorsements for “money and securities” and “forgery or alteration.” The court held the first “does not cover a loss caused by an employee . . . voluntarily wiring money to another account due to a fraudulent email,” finding its “voluntary parting exclusion” applicable. Id. at *9-10. As to the latter, the court found “an email from a business owner telling an employee to wire money to a bank account does not have the same form or legal effect as a check, draft, or promissory note” and “does not constitute a ‘covered instrument’ under the explicit terms of the endorsement.” Id. at *11.
Weeks before another judge found emails covered in Quality Plus Services, Inc. v. Nat’l Union Fire Ins. Co., 2020 U.S. Dist. LEXIS 7337 (E.D. Va. Jan. 15, 2020). There an insured’s employee sent five wires totaling $1.6 million to overseas accounts based on fraudulent emails ostensibly from its CEO. The court held coverage otherwise existed under the policy’s Funds Transfer Fraud Provision, which covered “loss of Funds resulting directly from a Fraudulent Instruction directing a financial institution to transfer, pay or deliver Funds from the Insured’s Transfer Account.” Id. at *8. Though the emails were not payment orders (i.e. under UCC Article 4A), the court appeared to find them covered under the policy’s partial definition of Fraudulent Instruction as “an electronic, computer . . . or written instruction initially received by the Insured” which was “fraudulently transmitted by someone else without the Insured’s or the Employee’s knowledge or consent,” and thus constituted an “Occurrence” or an “act or event” that “directly” causes the insured’s loss. Id. at *20. Applying a but-for test, the court concluded: “Without the emails, Quality Plus would not have suffered the losses.” Id. at *21. Ultimately, the court denied cross-motions for summary judgment, given fact disputes over (1) the location from which the fraudulent emails were sent, implicating the policy’s territory condition that was limited to the United States and Canada, and (2) the number of individuals who sent them, implicating the $1 million per Occurrence limit of liability. Id. at *22-28. The case then settled, weeks before trial.
Similarly, in Cincinnati Ins. Co. v. Norfolk Truck Ctr., Inc., 2019 U.S. Dist. LEXIS 220076 (E.D. Va. Dec. 20, 2019), an insured sent a wire transfer of $333,724.00 in response to an imposter’s email with fraudulent payment instructions for legitimate invoices. The commercial crime policy’s “Computer Fraud” provision covered “loss of . . . money . . . resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises . . . [t]o a person . . . outside those premises.” Id. at *2-3. The court defined “directly” as “something that is done in a ‘straightforward’ or ‘proximate’ manner and ‘without deviation’ or ‘without intervening agency’ from its cause,” citing various dictionaries. Id. at *31. Relying primarily on American Tooling Ctr., Inc. v. Travelers Cas. & Sur. Co. of Am., 895 F.3d 455 (6th Cir. 2018), and noting contrary appellate authority is unreported, the court concluded:
the Imposter here somehow learned of the [legitimate] invoices, created a false Internet domain to mimic [the] vendor, impersonated [the] vendor, learned about [the] balance due, and sent e-mail messages . . . with false payment information. Upon receiving that fraudulent e-mail, [the insured] immediately communicated with its bank through a series of e-mails to initiate a transfer by computer as requested. Since the wire transfer involved a loan requiring documentation, it continued in a straightforward and proximate manner, uninterrupted, until the money was wired to the Imposter.
Id. *32.
Each case involved different policy provisions, which may superficially explain the varying outcomes, but coverage results in email funds transfer claims continue to be unpredictable. The computer fraud and funds transfer fraud policies in Norfolk Truck and Quality Plus were not designed to cover fraudulent emails, but rather computer hacking or unauthorized payment orders from an insured to its bank. This essential point was lost in both cases, and absent it being more effectively developed and presented, similar results may be expected to continue.
For further information, contact Salvatore Scanio at sscanio@ludwigrobinson.com or 202-289-7605 or Robert Ludwig at rludwig@ludwigrobinson.com or 202-289-7603.