- Emergency Consultation Services
- Risk Management Services
- Who We Are
- Our People
- What We Do
- Why We Are Different
- What’s New
- Where We Are
By: Bill Buechner
In a closely-watched case involving the scope of coverage under a commercial crime policy, the Eleventh Circuit issued a decision in December holding that an insurer’s commercial crime policy provided coverage for an all-too-familiar email spoofing scheme that resulted in the loss of more than $1.7 million.
In Principle Solutions, Grp., LLC v. Ironshore Indem., Inc., 944 F.3d 886 (11th Cir. 2019), an imposter posing as the company’s managing director (Nazarian) sent an email to the company’s controller (Lien) in July 2015 informing her that the company had been secretly working on a “key acquisition” and instructed her to wire money to consummate the transaction as soon as possible that day. The email informed Lien that an attorney (Leach) would contact her shortly to provide additional details and instructed Lien to work with Leach to complete the wire transfer. The email instructed Lien to “treat [the] matter with the upmost discretion and deal solely with” Leach. Id. at 889. Sure enough, Leach, who purported to be a partner with the London-based law firm of Bird & Bird, contacted Lien via email and phone shortly thereafter. After Lien confirmed with Leach that the company’s bank (Wells Fargo) could process an international wire transfer in different forms of currency, Leach emailed to Lien the specific wiring instructions for a bank in China providing for the wire transfer. Leach later reiterated to Lien over the phone that Nazarian had approved the wire transfer. With the assistance of a co-worker, Lien transmitted the wiring instructions to the company’s bank, Wells Fargo. Lien did not any point confirm these instructions by phone with the real Nazarian, who was out of the office that day.
However, Wells Fargo’s fraud department notified Lien in two emails and by voicemail that the requested wire transfer was being put on hold as a security measure and that additional approval was required. Lien spoke with an employee in Wells Fargo’s fraud department, who inquired into the purpose of the proposed wire transfer and asked her to confirm with Leach how he had received the wire instructions. After additional phone calls and emails with Leach, Lien informed Wells Fargo that Leach received the wire instructions verbally from Nazarian via telephone. Wells Fargo then approved the requested wire transfer and released the funds. When the real Nazarian returned to the office the next day, Lien informed him that she had completed the wire transfer as requested, at which point the company discovered the fraud. By then, however, it was too late to recover the more than $1.7 million in wired funds from the Chinese bank.
The company purchased a commercial crime policy from Ironshore Indemnity, Inc., which among other coverages, provided Computer and Funds Transfer Fraud coverage for “Loss resulting directly from a ‘fraudulent instruction’ directing a ‘financial institution’ to debit your ‘transfer account’ and transfer, pay or deliver ‘money’ or ‘securities’ from that account.” The policy defined “fraudulent instruction” in relevant part, as an instruction “initially received by you, which instruction purports to have been issued by an ‘employee’ but which in fact was fraudulently issued by someone else without your or the ‘employee’s’ knowledge or consent.”
The initial email purportedly from Nazarian did not contain any specific wiring instructions, and the emails and phone calls purportedly from Leach did not purport to be from a company employee, but rather from an outside attorney representing the company. Nevertheless, the Eleventh Circuit panel considered the communications purportedly from Leach and Nazarian together and construed these emails as being part of the same fraudulent instruction. Principle Solutions, 944 F.3d at 891.
More significantly, the panel, citing several dictionary definitions, held that the phrase “resulting directly from” means proximate cause rather than an immediate link to the loss. Principle Solutions, 944 F.3d at 891-92. In doing so, the panel did not cite or discuss an unpublished Eleventh Circuit decision that held that “one thing results ‘directly’ from another if it follows straightaway, immediately, and without any intervention or interruption.” Interactive Communs. Int’l, Inc. v. Great Am. Ins. Co., 731 F. App’x 929, 934 (11th Cir. 2018). The panel noted that proximate cause is not necessarily the last or nearest act to the injury. Id. at 892. The panel then concluded that the fraudulent instruction was the proximate cause of the loss as a matter of law because the involvement of Wells Fargo’s fraud department was foreseeable. Principle Solutions, 944 F.3d at 892-93. A dissenting opinion asserted that there were triable issues of fact as to whether the fraudulent instruction was the proximate cause of the loss.
As recently as 2012, a clear majority of jurisdictions held that “resulting directly from”, “direct loss” and similar policy language does not mean proximate cause, but rather requires an immediate link between the alleged fraudulent conduct and the loss. However, along with the Eleventh Circuit’s Principle Solutions decision applying Georgia law, a growing number of more recent decisions, including a 2018 decision issued by the Second Circuit (applying New York law), have held that the broader proximate cause standard applies. Another 2018 decision from the Sixth Circuit (applying Michigan law) declined to resolve this issue, but held that the loss was covered even though there were multiple steps between the receipt of the fraudulent emails and the wire transfers that resulted in the loss.
Many commercial crime policies and similar policies provide computer fraud and funds transfer fraud coverage for losses “resulting directly from” a covered event, or similar language. Insurers providing such coverages should recognize that the case law is sharply divided as to whether this policy language is triggered when the loss is the proximate cause of the covered event, or if a more immediate link is required. Insurers who receive these claims should confer with their coverage counsel regarding the developing law on this question in the jurisdiction in which the policy was delivered.
If you have questions or would like more information, please contact Bill Buechner at email@example.com.