David Bergenfeld

In the following guest post, David Bergenfeld, a Senior Associate in D’Amato & Lynch’s Fidelity Bond Practice Group, takes a look at the key judicial decisions during the third quarter of 2016 interpreting cyber and commercial crime insurance policies. I would like to thank David for allowing me to publish his article. I welcome guest post submissions from responsible authors on topics of interest to this blog’s readers. Please contact me directly if you would like to submit a guest post. Here is David’s guest post.



During the third quarter of 2016, federal district courts in Georgia and Washington respectively reached contrary results when presiding over cases involving cybercrime insurance.  However, the 5th and the 6th Circuit Courts of Appeal reached similar results in reviewing commercial crime policies.  What is the impact of these varying decisions?


Courts Reach Differing Results When Confronted with Cybercrime Claims 


In Aqua Star (USA) Corp. v. Travelers Casualty and Surety Company of America, the court held that fraudulent wire transfer instructions received by email and then entered into the insured’s computer systems were not covered under a Computer Fraud insurance agreement.[1]


An employee of the insured, Aqua Star (USA) Corp. (“Aqua Star”) received an email purportedly from its vendor, Zhanjiang Longwei Aquatic Products Industry Co. Ltd. (“Longwei”) that requested Aqua Star to change the vendor’s bank account information.  The Aqua Star employee entered the new bank account information into a spreadsheet stored on her local computer and then presented the spreadsheet to Aqua Star management together with other wire transfer requests for approval.  Ultimately, the information from the printed spreadsheet was entered into Aqua Star’s bank’s computer system.  The entry of the fraudulent bank account information resulted in a loss of $713,890 to Aqua Star.


Aqua Star submitted its claim for loss to its insurer, Travelers Casualty and Surety Company of America (“Travelers”) under an insurance policy for Computer Fraud.  Travelers denied Aqua Star’s claim because Exclusion G, related to authorized entry of electronic data by a natural person, was implicated to exclude the claim.[2]


Aqua Star filed suit against Travelers.  Upon summary judgment motions filed by both parties, the court ruled that Exclusion G applied “[b]ecause an indirect cause of the loss was the entry of Electronic Data into Aqua Star’s Computer System by someone with authority to enter the system . . . .”  Aqua Star argued that Exclusion G should not apply because (i) the final entry of the fraudulent electronic data was into a third-party’s computer system; and/or (ii) it is intended to apply where an authorized user is perpetrating the fraud.  The court applied the plain language of the exclusion and noted that (i) the Aqua Star employee entered the electronic data into the computer system and was an indirect cause of the loss; and (ii) while Aqua Star believes that Exclusion G should be limited to frauds by authorized users, the plain language of the exclusion is more expansive.  Necessarily, insureds and insurers need to properly understand and negotiate the exclusions to a computer fraud policy in the context of its issuance so that the appropriate risk transfer is accomplished.


In Principle Solutions Group, LLC v. Ironshore Indemnity, Inc., the court held that the applicable insuring clause in the commercial crime policy was ambiguous or subject to two interpretations regarding whether a fabricated email from a purported employee, together with wire instructions from a third-party, was covered under the policy.[3]


In that case, Principle’s controller received an email purportedly from Josh Nazarian, one of Principle’s managing directors instructing the controller to “work with an attorney, Mark Leach, to ‘ensure that’” a wire transfer is sent out in connection with a company acquisition that is to be “treat[ed] . . . with the utmost discretion.”  Id. at *1.  The controller received another email from Mr. Leach with wire transfer instructions, who then called the controller to urge her that the wire transfer had to be sent out that day.  The controller (i) logged onto the company’s online account to approve the wire transfer; and (ii) called Mr. Leach to confirm the instructions.  The company’s bank asked that the controller speak further with Mr. Leach to verify the method of receiving the instructions.  Mr. Leach confirmed that he received the instructions orally.  Upon learning of the wire transfer the next day, Mr. Nazarian, who had no knowledge of the email, Mr. Leach or the wire, contacted the bank’s fraud department to report the fraud.  No funds were able to be recovered.  Principle suffered a $1.717 million loss which was reported to the insurer under its commercial crime policy.[4]


The insurer denied the claim and Principle brought suit.  In their cross-motions for summary judgment, the parties argued as follows:  (i) the insured argued that the loss resulted from the initial email purportedly from Mr. Nazarian; and (ii) the insurer argued that the loss was not the direct result of the email purportedly from Mr. Nazarian because there was additional information received from Mr. Leach and the insured’s employees set up and approved the wire transfer.  The court held that the policy language was ambiguous and subject to more than one interpretation.  Therefore, the court interpreted the policy in the light most favorable to the insured and ruled that the policy provides coverage for the insured’s loss.  Considering that in reaching its holding the court relied upon Apache Corporation v. Great American Insurance Company, which was overturned on appeal, Principle Solutions may be subject to reversal.[5]


Courts Strictly Interpret Commercial Crime Policies to Deny Insurance Coverage


In Construction Contractors Employer Group, LLC v. Federal Insurance Company, the court held that two patterns of theft by the same employee constituted a single loss under the crime coverage insurance policy.[6]  Considering that the insured knew of one of the theft schemes prior to the policy’s execution, the second theft was excluded from coverage under the policy.


The first discovered theft scheme involved wire fraud committed by a contractor to the insured.  The investigation of the wire fraud and missing funds uncovered an additional $30,000 misappropriation and an also $1 million which was missing.  In the application for the insurer’s crime coverage insurance policy (the “Policy”), the insured disclosed that its contract with the contractor was terminated and pending an ongoing and potential criminal investigation due to  failure of the contractor to report, and reconcile certain payroll taxes, unauthorized transfers.


After the Policy execution, the insured discovered the “check theft” method by which the contractor’s employee stole the missing $1 million.  The insured submitted its claim for the $1 million loss.  The insurer denied the claim based upon the fact that the $1 million loss was part of the same loss related to the wire fraud discovered prior to the inception of the Policy.


The insured brought suit to recover under the Policy.  Both the insured and the insurer filed summary judgment motions.  The district court granted the insurer’s summary judgment motion.


On appeal, the insured argued that its claim was covered because (i) the insured’s contractor’s employee is a covered employee under the Policy, (ii) the insured did not discover the “check theft” method with respect to the missing $1 million prior to the inception of the Policy, and (iii) the single loss provision contained in the Limits of Liability section did not apply because “it is only triggered . . . if the policy already covers the loss.”[7]  The insurer argued that the claim was not covered because (i) the contractor’s employee was not a covered employee under the Policy, and (ii) the “check theft” of the $1 million was treated as part of the wire fraud that was discovered prior to the Policy inception since it was perpetrated by the same actor.


The 6th Circuit held that the “check theft” and the wire fraud losses constituted a single loss.  Considering that the wire fraud loss was discovered prior to the inception of the Policy, the check theft loss of the $1 million was excluded from coverage under the Policy.  In reaching its holding, the 6th Circuit reasoned that the single loss provision contained in the Limits of Liability section “directly implicates coverage considerations” for the Policy.  Id. at *4.  In light of this 6th Circuit decision, insureds should carefully review their policy in connection with claims and investigations that are ongoing at the time of the issuance of the insurance policy.


In Tesoro Refining and Marketing Company, L.L.C. v. National Union Fire Insurance Company of Pittsburgh, Pennsylvania, the court held that a crime insurance policy did not provide coverage for unpaid fuel sales that were purportedly based upon fabricated letters of credit.[8] The insured, Tesoro, sold fuel to Enmex Corporation on credit.  In 2005 Enmex’s credit line was unsecured with a limit of $25 million.  Between 2007 and 2008, Tesoro’s employee in charge of credit, Calvin Leavell, provided purported letters of credit to Tesoro’s auditors and consultants when they inquired, regarding the increasing balance for the Enmex credit account.  In September 2008, the letters of credit expired.  Leavell then created a new fabricated letter of credit purportedly from Bank of America and emailed it to Tesoro’s risk manager.  In December 2008 with Enmex’s balance at $90 million, Tesoro’s risk management officer reviewed the letter of credit which was presented to Bank of America, which said it was not valid.  Tesoro ceased selling fuel to Enmex and brought suit against Enmex; that lawsuit settled.


Tesoro submitted a claim under the commercial crime policy issued by the insurer who declined coverage under the employee theft and forgery insuring agreements[9] and then brought suit.  The district court ruling on summary judgment that the policy “did not cover forgery losses independent of a theft . . . and that Tesoro could not show such a taking had occurred.


Tesoro timely appealed, arguing that the employee theft insuring agreement provides for coverage for employee forgery in the absence of theft.  National Union argued that only employee forgery that is “theft-like” would be covered.  The 5th Circuit held that “[b]ecause Tesoro’s interpretation would ignore the express definition of ‘theft’ under the policy and apply the ‘Employee Theft’ insuring agreement to conduct that is not theft, we find such an interpretation unreasonable. . . . To trigger coverage under the policy, Tesoro must show that an ‘unlawful taking’ occurred.”  Id at *4.


In determining what constitutes an unlawful taking, the 5th Circuit looked at Texas caselaw and reasoned that “theft by deception requires ‘that the owner of the misappropriated property  [be] induced to consent to its transfer because of [the] deceptive act of the’ wrongdoer.”  Id. at *5.  The court further reasoned that “as a matter of common sense, those who consent to the transfer [of their property] must be aware of the deceptive representation in order to be induced [and that such] inducement requires that the decision-makers would have acted differently had they known the truth.  Id. at *6.  In interpreting the policy against to the facts, the court ruled that the insured could not show that the fabricated letters of credit “affected its decision to continue to sell fuel to Enmex.”  Id. at *7.  Therefore, the court held that the claim did not fall within the policy coverage.  In negotiating policy terms, insurers and insureds need to fully understand how defined terms such as “theft” and illustrative provisions regarding “forgery” are interpreted to give meaning to the whole policy.


Other than the Principle Solutions case, which may be reversed, courts appear to have been siding with insurers in strictly interpreting insurance policies.  Insureds and insurers need to better understand the policies as written, because courts are not likely to deviate from the plain meaning of the policy language.  Therefore, in negotiating policy language, the parties better make sure that the insurance policy properly transfers the relevant risks and is clear and precise in articulating the agreed upon terms and conditions.



[1] No. C14-1368RSL, 2016 WL 3655265 (W.D. Wash. July 8, 2016).

[2] Exclusion G states that the Policy, “will not apply to loss resulting directly or indirectly from the input of Electronic Data by a natural person having the authority to enter the Insured’s Computer System . . . .”  Id. at *2.

[3] Civil Action No. 1:15-CV-4130-RWS, 2016 WL 4618761 (N.D. Ga. Aug. 30, 2016).

[4] The insuring agreement states:

[The insurer] will pay for . . . Loss resulting directly from a “fraudulent instruction” directing a “financial institution” to debit your “transfer account” and transfer . . . “money” . . . from that account.

* * *

“Fraudulent Instruction” means . . . [a] computer . . . or written instruction initially received by [the insured], which instructions purports to have been issued by an “employee”, but which in fact was fraudulently issued by someone else without [the insured’s] or the “employee’s” knowledge or consent.

[5] Civ. Act. No. 4:14–CV–237, 2015 WL 7709584 (S.D. Tex. Aug. 7, 2015), rev’d by No. 15-20499 (5th Cir. Oct. 18, 2016)

[6] No. 15-4352, 2016 WL 3675572 (6th Cir. July 11, 2016).

[7] The single loss provision states:

All loss resulting from a single act or any number of acts of the same Employee or Third Party, and all loss whether such act of acts occurred before or during the Policy Period, will be treated as a single loss . . . .  Id. at *2.


[8] No. 15-50405, 2016 WL 4166173 (5th Cir. July 29, 2016).

[9] The employee theft insuring agreement states:

[the insurer] will pay for loss of . . . “money . . . and “other property” resulting directly from “theft” committed by an “employee”, whether identified or not . . . .For purposes of this Insuring Agreement, “theft” shall also include forgery.

* * *

“theft” [is defined as] the unlawful taking of property to the deprivation of the Insured