Court Rejects Coverage for Phishing Loss Under Financial Institutions Bond, Calls for More Briefing on Computer Systems Fraud Coverage Issue

February 17, 2020
Insights for Insurers: Cyber Coverage

A New Jersey federal district court held last week that losses arising out of a phishing scam were not covered under a bank's Financial Institutions Bond. In Crown Bank JJR Holding Co. v. Great Am. Ins. Co., 2020 U.S. Dist. LEXIS 23136 (D. N.J. Feb. 11, 2020) (New Jersey law), a fraudster impersonated Jackie Rodrigues, the wife of a senior executive of Crown Bank. In a series of 13 emails from a spoofed email address, the impersonator requested wire transfers from the Rodrigues's Crown Bank accounts to accounts in Singapore.

Pursuant to their Customer Agreement with Crown Bank, the Rodrigueses were permitted to request wire transfers by email, and Crown Bank was required to verify each request by calling the account holder at a designated phone number. Upon receipt of each of the fraudulent email requests at issue here, Crown Bank employees requested information needed to complete the transfer and emailed a wire transfer authorization form back to the impersonator. The impersonator would forge Mrs. Rodriguez's signature, and then email a PDF of the completed form back to the bank. Bank employees printed the PDF and then matched the forged signature on the form to the signature the bank had on file for Mrs. Rodrigues. Bank employees never called the designated phone number to verify the requests, even though the wire transfer form indicated that the call was made. By the time the fraud was uncovered, over $2 million had been transferred from the Rodrigues's accounts. Crown Bank sought coverage for the loss under its Financial Institutions Bond and its Computer Crime Policy for Financial Institutions, both issued by Great American Insurance Company. Crown Bank filed suit in New Jersey state court after Great American denied coverage under both policies. The action was removed to federal court, and the parties filed cross motions for summary judgment.

Relevant Bond Provisions

Crown Bank asserted that its claim was covered by Insuring Agreement D of the Financial Institutions Bond. That provision applied to:

Loss resulting directly from the Insured having, in good faith, paid or transferred any Property in reliance on any Written, Original . . . (4) Withdrawal Order . . . (6) Instruction or advice purportedly signed by a customer of the Insured or by a banking institution . . . which (a) bears a handwritten signature of any maker, drawer or endorser which is Forgery; or (b) is altered, but only to the extent the Forgery or [alteration] causes the loss. Actual physical possession of the items listed in (1) through (6) above by the Insured is a condition precedent to the Insured's having relied on the items. [bolding added]

The term "Original" was defined as "the first rendering or archetype and does not include photocopies or electronic transmissions, even if received and printed." "Written" was defined as "expressed through letters or marks placed upon paper and visible to the eye."

Insuring Agreement D was amended by Rider No. 6 – Unauthorized Signature, which applied to:

Loss resulting directly from the Insured having accepted, paid or cashed any check or withdrawal order made or drawn on a customer's account which bears the signature or endorsement of one other than the person whose name and signature is on file with the Insured as a signatory on such account, shall be deemed to be a Forgery under this Insuring Clause. It shall be a condition precedent to the Insured's right of recovery under this Coverage that the Insured shall have on the file signature of all persons who are signatories on such account. [bolding added]

The Court's Analysis

The parties' central dispute was whether Crown Bank had actual physical possession of the "Written, Original" wire transfer forms, a condition precedent to coverage under Insuring Agreement D. Great American argued that the Bank failed to satisfy that condition because printouts of the electronically transferred PDFs from the impersonator did not fall within the Bond's definition of "Original." Crown Bank contended that a PDF itself is not an electronic transmission, and each print out of a wire transfer authorization form from a PDF was a "first rendering" within the definition of "Original." The Court rejected the Bank's arguments because "documents transmitted electronically are not originals, even if received and printed," according to the Bond. The Bank's additional contention that the "first rendering or archetype" language in the definition of Original was ambiguous as applied to PDFs also missed the mark: "Regardless of any ambiguity concerning whether a PDF may qualify as an "Original" without electronic transmission, where a PDF (or any electronic file format) is transmitted electronically, it cannot qualify as an 'Original' as defined in the [Bond.]"

The court then quickly disposed of Crown Bank's argument that Rider No. 6 – Unauthorized Signature applied to the loss. There was no dispute that the completed wire transfer authorization forms contained Mrs. Rodrigues's signature, albeit forged, and that Mrs. Rodrigues was an authorized signatory of the Crown Bank accounts. Rider No. 6 was not triggered because the form did not bear the signature of an unauthorized person. Regardless of that fact, Rider No. 6 was part of Insuring Agreement D, and as noted above, the Bank failed to satisfy the condition precedent of having possession of "Original" wire transfer forms.

Relevant Crime Policy Provisions

Crown Bank also sought coverage under the Crime Policy's Computer Systems Fraud Insuring Agreement, which provided coverage, in relevant part, for:

Loss resulting directly from a fraudulent

(1) entry of Electronic Data or Computer Program into, or

(2) change of Electronic Data or Computer Program within

any Computer System operated by the Insured, whether owned or leased; or any Computer System identified in the application for this policy; or a Computer System first used by the insured during the policy period, as provided by General Agreement A;. . . provided the entry or change causes … (ii) an account of the Insured, or of its customer, to be added, deleted, debited or credited …

In this Insuring Agreement, Fraudulent Entry or change shall include such entry or change made by an employee of the Insured acting in good faith … (b) on an instruction transmitted by Tested telex or similar means of Tested communication identified in the application for this policy purportedly sent by a customer, financial institution or automated clearing house.

The term "Tested" was defined as "a method of authenticating the contents of a communication by placing a valid test key on it which has been agreed upon by the Insured and a customer, automated clearing house, or another financial institution for the purpose of protecting the integrity of the communication in the ordinary course of business."

Great American argued that coverage was precluded because the cause of loss was Crown Bank's failure to follow its verification procedures of calling the accountholder upon receipt of the transfer requests. Crown Bank contended that its loss was caused by the receipt of fraudulent wire transfer forms. It also argued that the Crime Policy was ambiguous and should be construed in favor of coverage. The Bank failed, however, to offer any proposed construction of the policy language that would afford coverage. Because neither party addressed what Crown Bank's objectively reasonable expectations were in the context of the Crime Policy, and how those expectations would affect the court's coverage determination, the court determined the record insufficient to rule on the summary judgment motions. Further briefing was therefore ordered.