Ernst & Haas Mgmt. Co. v. Hiscox, Inc.

(Insured Entitled to Coverage Under Crime Policy’s "Computer Fraud" and "Funds Transfer Fraud" Provisions for Employee’s Wiring of Funds in Response to Fraudulent Actor’s Email Request)

(April 2022) - In Ernst & Haas Mgmt. Co. v. Hiscox, Inc. (9th Cir. Jan. 26, 2022, No. 20-56212) 2022 U.S. App. LEXIS 2372, the United States Court of Appeals for the Ninth Circuit reversed the district court’s dismissal of insured property management company Ernst & Hass’ coverage action seeking coverage under a Crime policy for a mistaken wire transfer caused by fraudulent impersonation of a managing broker. An accounts payable clerk for the insured who regularly disbursed funds according to protocol received an email purporting to be from her superior, a managing broker, directing her to make wire transfers. The sender was an imposter. However, the clerk, under the mistaken belief that the sender was her superior, effectuated two wire transfers totaling $200,000 before becoming suspicious and requesting verification.

When the bank declined to reverse the transactions, the insured sought coverage under a Crime Insurance Policy. Hiscox denied coverage under a 2019 policy in whose period the loss occurred. The insured filed suit against the carrier for breach of contract and bad faith among others. The court granted the Hiscox’s motion to dismiss and entered judgment against the plaintiff, finding that the loss did not fall within the applicable policy’s “Computer Fraud” and “Funds Transfer Fraud” coverages.

The Computer Fraud coverage provided:

1. Computer Fraud

[The insurer] will pay for loss of or damage to [currency, coins, bank notes, bullion, checks, money orders], [negotiable or nonnegotiable instruments or contracts representing either currency, [etc.], or property], and/or [any other tangible property] resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the [interior of any building Ernst or a subsidiary occupies in conducting Ernst's business] or [the interior of that portion of any building containing a financial institution or similar safe depository]:

i) To a person (other than [Ernst, a Partner, a Member, or an Employee]) outside [the interior of any building Ernst or a subsidiary occupies in conducting Ernst's business] or [the interior of that portion of any building containing a financial institution or similar safe depository]; or

ii) To a place outside [the interior of any building Ernst or a subsidiary occupies in conducting Ernst's business] or [the interior of that portion of any building containing a financial institution or similar safe depository].

The Funds Transfer Coverage provided:

2. Funds Transfer Fraud

[The insurer] will pay for loss of [currency, coins, bank notes, bullion, checks, money orders] and [negotiable or nonnegotiable instruments or contracts representing either currency, [etc.], or property] resulting directly from a [Fraudulent Instruction] directing a financial institution to transfer, pay or deliver [currency, coins, bank notes, bullion, checks, money orders] and [negotiable or nonnegotiable instruments or contracts representing either currency, [etc.], or property] from [an account maintained by Ernst at a financial institution from which Ernst can initiate the transfer, payment, or delivery of [currency, coins, bank notes, bullion, checks, money orders] or [negotiable or nonnegotiable instruments or contracts representing either currency, [etc.], or property]]. (Emphasis added.)

The policy defined “Fraudulent Instruction” to include “electronic” instructions from a sender fraudulently purporting to be “you” or an “Employee.”

The district court found that neither provision applied. First, the district court treated the case if it involved theft of funds authorized for payment, citing the unpublished opinion in Pestmaster Servs., Inc. v. Travelers Cas. & Sur. Co. of Am., 656 Fed. App'x. 332 (9th Cir. 2016). See also Pestmaster Servs., Inc. v. Travelers Cas. & Sur. Co. of Am., No. CV 13-5039-JFW, 2014 U.S. Dist. LEXIS 108416, 2014 WL 3844627, at *1 (C.D. Cal. July 17, 2014). Second, the district court interpreted the Computer Fraud provision to require that unauthorized computer use (such as hacking) directly causes the loss. Third, the district court interpreted Funds Transfer Fraud to exclude fraudulent instructions to an Ernst & Haas employee.

In each of these respects, the Ninth Circuit held that the district court erred.

First, the district court’s reliance on Pestmaster was misplaced. In Pestmaster, the insured’s third-party payroll contractor, which the insured authorized to pay payroll taxes, essentially embezzled some of the money it was authorized to pay. The Ninth Circuit found Pestmaster distinguishable from Ernst & Haas’ loss because, unlike the insured in Postmaster, no one working for Ernst & Haas embezzled any money and the clerk lacked actual authorization to send the money to anyone. The email sender’s instructions were fraudulent. The Ninth Circuit stated:

The facts in this case are materially different. Ernst did not authorize Zang to pay its bills and Zang did not steal funds it was ever authorized to receive. Instead, Fake David sent an email fraudulently authorizing an Ernst employee (Allen) to pay Zang based on a fraudulent invoice. The district court held that because Allen requested a wire transfer to Zang, the transfer was "authorized" in the same way as the payments in Pestmaster. But initiating a wire transfer is not the same as authorizing a payment. Unlike in Pestmaster, neither Zang nor Allen was ever properly authorized to pay anyone the $200,000 that Ernst lost. To the contrary, the entire purpose of Fake David's email invoice was to provide fraudulent authorization.

If Ernst had authorized Allen to pay a third party $200,000 and Allen then stole some of that money, then this case might be analogous to Pestmaster. But no party alleged those facts, nor does Ernst allege Allen acted dishonestly or somehow embezzled the money. Given that this case is about an email fraud scheme, the district court erred by relying on Pestmaster to interpret the policy as if the case were about embezzlement.

Second, the Ninth Circuit found that the language of the Computer Fraud coverage could not reasonably be limited to losses resulting directly from unauthorized use of the insured’s computers. Relying on the fiction that the clerk herself “authorized” the transfers on behalf of the Ernst & Haas, the district court’s interpretation improperly “eliminate[d] the possibility of coverage whenever an employee is defrauded into taking an action.”

In this connection, the Ninth Circuit found the Sixth Circuit’s decision in Am. Tooling Ctr., Inc. v. Travelers Cas. & Sur. Co. of Am. (6th Cir. 2018) 895 F.3d 455 ("ATC”), persuasive. In ATC, the insured (ATC) received a series of emails, purportedly from its Chinese vendor, claiming that the vendor had changed its bank accounts and ATC should wire transfer its payments to these new accounts. ATC then went through a multi-step authorization process on three different occasions, ultimately transferring more than $800,000 in funds. Upon learning that the emails from the vendor were actually fraudulent emails from an imposter, ATC sought coverage for the loss under a Traveler's insurance policy whose computer fraud provision of ATC's policy stated: “The Company will pay the Insured for the Insured's direct loss of, or direct loss from damage to, Money, Securities and Other Property directly caused by Computer Fraud.” The ATC court found that ATC "immediately lost its money when it transferred the approximately $834,000 to the impersonator; there was no intervening event." Therefore, ATC had suffered a direct loss within the policy’s computer fraud provision. The Ninth Circuit analogously held:

Here, the computer fraud provision provides that Ernst's loss must "result directly" from the fraud. In other words, like ATC, Ernst must suffer a direct loss. And like ATC, Ernst immediately lost its funds when those funds were transferred to Zang as directed by the fraudulent email. There was no intervening event—Allen acting pursuant to the fraudulent instruction "directly" caused the loss of the funds. Thus, taking the pleaded facts as true, Ernst suffered a loss resulting "directly" from the fraud, arguably entitling Ernst to coverage under the policy. So here, as in [ATC], we cannot conclude that Ernst's alleged immediate loss of funds based on the fraudulent email was not "direct." Accordingly, we reverse the district court and remand with instructions to reconsider the case with the recognition that, under the facts as alleged by Ernst, Ernst's loss falls within the computer fraud provision of the policy.

Last, the Ninth Circuit held that Ernst & Haas’ loss held the loss “likely” also fell under the policy coverage for Funds Transfer Fraud. Hiscox argued that because the fraudulent emails had been sent to the insured rather than directly to a financial institution without Ernst's knowledge, Ernst is not covered under the policy. The definition of “fraudulent instruction” included the language, “instruction initially received by You which purports to have been transmitted by an Employee … .” This obviously contemplated an instruction received by the insured before the bank. Relying on the Eleventh Circuit’s decision in Principle Sols. Grp., LLC v. Ironshore Indem., Inc. (11th Cir. 2019) 944 F.3d 886, the Ninth Circuit held that an email directing an employee recipient to initiate a wire transfer through a bank satisfied the requirement that a fraudulent instruction "direct a financial institution" to transfer the funds.

Accordingly, the Ninth Circuit reversed and remanded for further proceedings consistent with its opinion.