(Article from Insurance Law Alert, February 2022)
For more information, please visit the Insurance Law Alert Resource Center.
The Ninth Circuit ruled that a California district court erred by dismissing Computer Fraud and Funds Transfer Fraud coverage claims arising out of an email phishing scheme. Ernst and Haas Management Co., Inc. v. Hiscox, Inc., 23 F.4th 1195 (9th Cir. 2022).
The coverage dispute arose after an employee of the insured management company wired payments to a fraudulent actor who had presented himself as her supervisor in spoofed emails. Hiscox denied coverage, arguing that the loss was caused by the intervening actions of the employee and not “directly” by computer fraud, as required by the Computer Fraud provision. The insurer also argued that coverage under a Funds Transfer Fraud provision was unavailable because the loss did not result directly from “fraudulent instructions.” A California district court agreed and dismissed the coverage suit. The Ninth Circuit reversed.
The Ninth Circuit ruled that the Computer Fraud provision covered the company’s loss because it “resulted directly” from use of a computer to fraudulently cause a transfer of property, notwithstanding the employee’s actions in effectuating the transfer. The court relied on American Tooling Center, Inc. v. Travelers Cas. & Sur. Co. of Am., 895 F.3d 455 (6th Cir. 2018) (discussed in our July/August 2018 Alert), in which the Sixth Circuit ruled that fraudulently induced wire transfers were a “direct loss” and that the insured company’s multi-step authorization process did not qualify as an intervening action sufficient to break the causal chain. The court distinguished Ninth Circuit precedent that held there was no coverage for losses stemming from an authorized user’s embezzlement of funds, deeming that factual scenario “materially different” from fraudulently-induced wire transfer losses.
In addition, the Ninth Circuit ruled that coverage was available under a Funds Transfer Fraud provision, which applied to “loss of Money and Securities resulting from a Fraudulent Instruction directing a financial institution to transfer, pay or deliver Money and Securities.” The court emphasized that the policy defined “instruction” to include an instruction “initially received by You which purports to have been transmitted by an Employee but which was in fact fraudulently transmitted by someone else.” As the court noted, the Eleventh Circuit, faced with nearly identical policy language, reached the same conclusion in Principle Solutions Group, LLC v. Ironshore Indemity, 944 F.3d 886 (11th Cir. 2019) (discussed in our December 2019 Alert).