McGuireWoods Insurance Recovery Blog

McGuireWoods Insurance Recovery Blog

Insights for Policyholders

Crime Insurance, Cyber Insurance, Policy Interpretation

Sixth Circuit Finds Coverage Under Crime Policy for Business Email Compromise

For the second time in ten days, a federal appeals court ruled a crime insurance policy provides coverage for losses arising from a business email compromise.  In American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America, No. 17-2014, 2018 WL 3404708 (Sixth Circuit July 13, 2018), the Sixth Circuit held that Travelers was obligated to provide coverage for a loss the insured suffered when it wired $834,000 to a thief’s bank account, believing that it was transmitting a payment to one of its Chinese subcontractors.

Losses arising from business email compromise exceeded $12.5 billion between October 2013 and May 2018. Business email compromise is a form of social-engineering fraud that targets both businesses and individuals who make payments by wire transfer. Thieves accomplish business email compromise by accessing e-mail accounts of vendors or customers of the insured or by invading the computer system of the insured. The thief then provides fraudulent instructions to the insured to wire funds to the thief’s bank account, usually for the stated purpose of paying legitimate invoices.

The Loss: ATC hired a Chinese company, YiFeng Automotive Die Manufacturer, Co., to make stamping dies. To receive payment for its work, YiFeng sent invoices to ATC, and ATC paid by wire transfer. Prior to making the wire transfers, ATC completed several steps to confirm that the payment amount was correct and going to the proper bank account.

In 2015, an unidentified person intercepted an email from ATC to YiFeng. This person then impersonated an employee of YiFeng and told ATC that because of an audit, ATC should wire payment to YiFeng for several outstanding invoices to a new bank account. ATC complied with the instruction, which resulted in wire transfers of over $800,000 to the thief’s bank account. ATC learned of the theft when YiFeng inquired about payment of its invoices. ATC agreed to pay 50% of the amount that it owed to YiFeng, and the parties agreed that the remaining 50% would be contingent on ATC’s insurance claim.

The Insurance Claim and the Trial Court Decision: ATC made a claim under its Wrap+ business policy with Travelers, which included “Computer Fraud” coverage. Travelers refused to pay the claim. ATC filed suit, and the district court granted summary judgment for Travelers.

The Sixth Circuit’s Ruling: Travelers argued that the loss was not covered because ATC did not suffer a loss until it paid the outstanding YiFeng invoices, and therefore, the insured did not suffer a “direct loss” as required by the policy. In making its direct loss argument, Travelers relied on cases interpreting employee-fidelity bonds. The Sixth Circuit rejected Traveler’s argument and held that under Michigan law (which applied in this case), the term direct loss means a loss resulting from an “immediate” or “proximate” cause as distinguished from a remote cause. The court found that ATC immediately lost money when it made the wire transfer to the thief. “There was no intervening event,” the court stated, and therefore, the loss was direct.

The Sixth Circuit then addressed whether the thief’s conduct amounted to Computer Fraud, which the policy defined as “[t[he use of any computer to fraudulently cause a transfer of Money inside the Premises or Financial Institute Premises . . . to a person outside the Premises or Financial Institute Premises.” Travelers argued that this definition required a computer to “fraudulently cause the transfer” and that it was not sufficient “to simply use a computer and have a transfer that is fraudulent.” The court rejected this argument stating that the policy definition did not require that the fraud “cause any computer to do anything.” The court further stated that it was not proper to limit the definition of computer fraud to hacking or other actions by which the thief gains access to the insured’s own computer.

The court also rejected Traveler’s reliance on exclusions in the policy. Two of these arise regularly in coverage disputes arising from social engineering fraud. First, the court held that the exclusion for losses arising from the “giving or surrendering of Money . . . in any exchange or purchase” did not bar coverage. The court found that ATC did not “give or surrender money to the impersonator in an exchange or purchase.” Second, the court rejected Travelers’ argument that the claim was barred by an exclusion for loss or damage resulting “from the input of Electronic Data” into the insured’s computer system. Travelers argued that when the ATC employee entered the name and address of the thief into its computer system to wire the money, ATC caused the loss. The court also rejected this argument, because the policy defined Electronic Data to exclude “instructions or directions to a Computer System.”

Impact: United States courts of appeals have reached different conclusions regarding whether coverage exists under crime policies for business email compromise. This decision follows on the heels of a July 6 decision in which the Second Circuit also ruled in favor of a policyholder in a phishing coverage dispute – Medidata Sols. Inc. v. Fed. Ins. Co., No. 17-2492, 2018 WL 3339245, (2d Cir. July 6, 2018).

The decision in ATC is significant because it rejects two arguments that carriers typically make to avoid coverage for business email compromise claims. First, the court found that to trigger the computer fraud coverage, the thief does not have to hack into or otherwise gain access to the insured’s own computer system. It is sufficient for the fraud to be caused by emails originating from a distant computer system to cause the insured to send money to the thief. Second, insurers typically argue, as Travelers did here, that a business email compromise is not a direct loss because the insured “voluntarily” wired the money to the perpetrator after receiving the instruction. Insurers claim that the insured’s voluntary act makes the fraudulent email from the perpetrator an “indirect” cause of the loss. The court also rejected this argument.

The terms of cyber insurance policies and grants of cyber coverage within other policies, like the Traveler’s Wrap+ policy in this case, are quickly evolving. Decisions like ATC have caused underwriters to change policy language to exclude this risk or to grant affirmative “social engineering” coverage for these losses, which is almost always offered with low sublimits. Policyholders should review carefully the terms of their cyber and crime policies and take steps to ensure that coverage exists, with appropriate limits, for this regularly-occurring criminal activity.




Hurricane Irma – Commercial Property Damage and Business Interruption Insurance Checklist

Hurricane Irma was one of the most devastating storms in United States history, with sustained winds of over 190 miles per hour. Insurance industry experts have estimated the insured damages arising from this storm may reach $50 billion.  These losses include both direct property damage as well as business interruption losses.  In addition, many businesses outside of the areas of storm damage may experience lost revenue as a result of damage suffered by suppliers or customers whose operations were damaged by the storms.

As businesses begin the process of cleanup and recovery in the aftermath of these hurricanes, insurance must be a priority.  The following are key steps that businesses should take to ensure that they take full advantage of the insurance they purchased to protect them from catastrophic losses.

     1.     Review all potentially applicable insurance policies and assess the potential for coverage. An important first step is to collect and analyze your policies to assess the scope of coverage available.  The most common policies providing coverage will be first-party property policies, including commercial property, marine property and event cancellation policies.  Most property policies are sold on an all-risk basis, meaning that the policy provides coverage for all risks of loss unless the loss is specifically excluded.  The key step in evaluating coverage for a hurricane loss under an all-risk policy is to evaluate the policy exclusions.

     2.     Consider coverage for contingent business interruption losses. Many businesses outside of the storm’s direct impact will experience lost income caused by damage to the operations of suppliers to and customers of the firm. These losses may be covered under your property policy as a contingent business interruption loss.   

     3.     Provide notice of the loss to all insurance companies. Prompt notice to all carriers is essential.

     4.     Once it is safe to do so, visit the damaged property and record the extent of damage. Photographs and video are crucial.

     5.     Take steps to mitigate losses and protect property from further loss or damage. Standard property policies require the insured to mitigate the physical damage and business interruption arising from a catastrophic storm.  Ensure that your firm takes these steps.

     6.     Form a claim team. It is essential to form a team involving company employees and outside experts, including outside counsel, independent adjusters and forensic accountants. Claims from catastrophic storms often raise significant coverage issues, and it is important to retain counsel early in the process. Forensic accountants also can be essential in developing and presenting a business interruption claim to a carrier.

     7.     Document carefully your communications with insurers and their agents. Resolution of catastrophe claims can be slow, and the Wall Street Journal reported last week that there is an acute shortage of qualified insurance adjusters in Florida.  This shortage is caused in part by the high demand for adjusters in Texas following Hurricane Harvey.  It is essential to keep timely, detailed records of all communications with insurance companies and their representatives in order to discourage delays and to position the company to make a bad faith claim later if necessary.

     8.     Be cautious about internal and external communications about your claim. Policyholders should be careful with both internal communications and with communications to third parties, including brokers, about your losses and claims.  These communications may be discoverable by the insurance company in litigation, and the way the company characterizes its loss may be used by the carrier against the insured.  An important principle is for the company to have one point of contact with the broker and with the insurer.

     9.     Collect and maintain accounting records and documents related to property damage and business interruption. Key documents to include are:  (a)  production and sales records; (b) records of cost of goods sold; (c) business forecasts and budgets; (d) inventory records; (e) cost accounting records; and (f) payroll records.

     10.   Collect and maintain records of costs incurred to avoid or reduce the loss. Key documents to include are:  (a) overtime records related to maintaining production at pre-loss levels; (b) price premiums and extra shipping charges to expedite delivery of machinery or inventory; (c) relocation costs; (d) costs incurred in the purchase of generator or replacement power; and (e) costs of notifying customers of a relocation or to maintain customer relationships during down-time.

     11.    Seek partial payments. Carriers often seek to delay full payment of the loss by making a minimal “good faith” payment and claiming that it cannot make full payment until all coverage and claim value issues are resolved. Challenge this approach by insisting that the insurer provide a coverage position in writing, by submitting partial proofs of loss when portions of the claim are quantified, and by demanding payment for the undisputed portion of the claim.

     12.   Comply with policy requirements. Standard property policies impose a number of requirements on the policyholder, including deadlines for submitting proofs of claim and for filing suit if there is a dispute regarding the claim. It is essential to comply strictly with all policy requirements unless the insurer agrees to an extension in writing.

Our insurance recovery team at McGuireWoods has extensive experience in advising our business clients regarding disputes with insurers regarding property damage and business interruption losses arising from hurricanes. We have secured over $1.5 billion in recoveries for our clients since 2009 and welcome the opportunity to work with you to secure the maximum recovery for your insured losses following the devastation of Hurricane Irma. 


Best Practices, Property Insurance

Hurricane Harvey: Texas Property Owners Should File Written Claims Before Friday, Sept. 1, 2017

Hurricane Harvey has devastated many parts of Texas. As Texans deal with the impact of the storm, policyholders need to be mindful of their rights.

Effective Friday, Sept. 1, 2017, a new law under House Bill 1774 takes effect that governs Texas insurance claims. Specifically, there are differences in this new law that could affect Texas policyholders who suffer claims involving “forces of nature.” The new law lessens penalties against insurance companies that fail to pay valid claims, pay less than amounts owed, or fail to timely pay such claims.

To take advantage of the enhanced penalties of the current law, no later than Thursday, Aug. 31, 2017, policyholders must (1) file claims in writing (which includes electronic mail), and (2) advise the insurance company of the facts relating to the claim.

Telephone calls will not suffice. It is important that policyholders provide notice to their insurance companies in writing. Make sure that the claim notice is dated before September 1, 2017, and keep a copy of the notice.

For additional information concerning House Bill 1774 and your rights and coverage under your policies, please contact Mark Lawless or Pamella Hopper.

Reps & Warranties Insurance

Maximizing the Value of Your R&W Insurance Policy

The global M&A boom has spurred an increase in the use of representation and warranty insurance (“RWI”), which is designed to protect the insured party against breaches of a sellers’ representations and warranties in a corporate acquisition or merger agreement. RWI is increasingly used by buyers to differentiate their bids in an ultracompetitive marketplace, as well as by sellers look to maximize returns and minimize post-closing risk.  A purchase agreement that incorporates a RWI policy can influence a seller’s ultimate decision when selecting a buyer.

For private equity-backed portfolio companies, incorporating RWI in a deal allows sellers to pass profitable returns to the fund’s limited partners and can reduce or eliminate claw back distributions from the LPs when indemnification claims are subsequently made.  RWI also gives sellers the full value of the sale without tying proceeds up in escrows, holdbacks, and can reduce or eliminate entirely future indemnification claims.

For buyers, a RWI policy helps to eliminate the need to decide whether to make claims against “friendly” indemnitors (e.g., management), and can often result in a buyer-favorable purchase agreement in a seller-favorable climate.  RWI can provide additional indemnification limits above the terms of the purchase and an extended period of time to recover for any breaches beyond the survival period.

Yet at each stage of the acquisition, buyers regularly fail to maximize the value that the RWI policy can provide.  By utilizing the RWI policy at each stage of an acquisition, a buyer can add value to its acquisition.

How to Maximize the Value of the RWI Policy

Continue Reading

Cyber Insurance

Friday’s Massive Malware Attack – Cyber Insurance and the Importance of IMMEDIATE Notice to Insurers

On Friday, May 12, 2017, a massive ransomware attack swept across the globe. As of the date of this post, the attack reportedly had infected more than 100,000 organizations in 150 countries. The attack continues to propagate in different and more malicious forms and it is likely some of our clients have been impacted.

This malware, called “WannaCry,” locks out users and threatens to destroy data unless the victim pays a ransom to decrypt the data. The initial ransom demand was $300, to be paid in Bitcoin, and it is reported that the demand is increasing. It is unclear whether the ransom payment will buy the freedom of a single computer or an entire network. If the former, the attack may prove very expensive if companies agree to pay the ransom.

Impacted companies should immediately review their cyber insurance policy if they have purchased one. Many cyber policies offer ransom or extortion coverage, which includes the cost of the ransom payment. Cyber policies also typically provide coverage for the cost of investigating and responding to a ransomware attack and for lost business income arising from the attack.

Timing is very important. Most cyber insurance policies provide coverage only for costs incurred after the insured notifies the insurance company. Therefore, the costs that businesses are incurring this weekend to respond to the WannaCry attack, including ransom payments, will not be covered unless the business provides notice to the insurance company prior to incurring the payment. Some policies also require that the policyholder inform the applicable law enforcement agency and obtain the insurer’s consent before making any ransom payment. Therefore, despite the urge to move swiftly in response to this crisis, we recommend policyholders understand and comply with the notice provisions of their policies to insure they preserve their right to insurance coverage.

In addition to these insurance considerations, there are a number of critical decision points facing affected companies right now, including whether to pay the ransom, how to comprehensively assess and remediate any damage done, which other parties to include in this process, and what actions may need to be taken to comply with applicable law. Actions that companies take today may have lasting consequences long into the future.

Please contact us if we can assist in responding to these malware attacks.

Crime Insurance, Policy Interpretation

Federal Court: Computer Fraud Provision Does Not Cover Fraudulent Debit Card Transactions Conducted Over the Telephone

Last month, the Northern District of Georgia issued a strongly pro-insurer decision holding that a policy insuring computer fraud did not provide coverage for $11.4 million in fraudulent debit card redemptions made over the telephone.  In InComm Holdings, Inc. v. Great Am. Ins. Co., No. 1:15-cv-2671-WSD, 2017 WL 1021749 (N.D. Ga. Mar. 16, 2017), the court granted summary judgment for the insurer, Great American, concluding that the insured’s losses did not result “directly” from the “use” of a computer. Continue Reading

Reps & Warranties Insurance

Reps & Warranties Insurance In M&A Deals – Getting the Deal Done

Note:  This is the first in a series of posts that will discuss the use of RWI in Mergers & Acquisitions.

Essential to a buyer’s and seller’s evaluation of the purchase and sale of a company is the allocation of exposure between them for unknown risks and liabilities associated with the breach of representations and warranties in the purchase agreement, such as inventory reporting or products liability exposures. Less than two decades ago, very few considered purchasing Representations and Warranties Insurance (“RWI”), a product designed for the express purpose of providing insurance for the breach of a representation (“rep”) or warranty contained in the purchase or merger agreement. Recently, however, these policies have emerged as an important tool to allocate risk to an insurer. RWI has also been recognized as an enhancement to the value of the deal, as well as critical to closing deals that might not otherwise get done.

Continue Reading

Best Practices, Employment Practices Liability Insurance, Notice

Law School Wins First Round in Fight Under EPLI Policy

Claims-made issues are often complicated in employment practices liability insurance (EPLI) cases because of the nature of discrimination claims. As a prerequisite to filing suit, a claimant must first submit a charge to the EEOC or other administrative body for investigation.  Because of this, a claimant may file an EEOC charge in one policy period but file the subsequent lawsuit in a later policy period.  In most EPLI policies, the event triggering coverage is a claim for an employment wrongful act which is first made during the policy period.  Since both the administrative charge and the lawsuit usually fall within the policy’s definition of a claim, a dispute may arise over when the claim was first made.

Continue Reading

Best Practices, Risk Management

Four Questions to Ask Before Renewing Your Policy

Most business insurance policies are issued with one-year policy terms, creating a natural opportunity for businesses, their counsel and risk managers to re-evaluate coverage each year at renewal time. Many companies fail to take advantage of this opportunity and simply renew their policies each year without considering whether their insurance needs – or the coverages available – may have changed.  Here are four questions to ask when your policies come for renewal:

Continue Reading

Best Practices, Duty to Defend, Duty to Indemnify, Notice

Eleventh Circuit: Insurer Not Required to Reimburse Pre-Tender Defense Costs

It may seem obvious that policyholder defendants should immediately notify their liability insurance carrier whenever they are faced with potentially covered litigation.  Among other things, policyholders want the benefit of the insurer-paid defense their policy provides.  But for a variety of reasons, this does not always happen, and in some cases policyholders find themselves funding their own defense for a period of time before their insurance carrier is aware of the litigation and has agreed to accept the defense.  Frequently, this leads to dispute about whether such “pre-tender” defense costs are covered under the policy.

The Eleventh Circuit faced this situation in, Inc. v. Travelers Property Casualty Company of America, and on January 9 held that under Florida law, Travelers was not required under Florida’s Claims Administration Statute (CAS) to reimburse its policyholder,, for pre-tender defense costs incurred in an underlying copyright infringement suit.

Continue Reading

We use cookies to enhance your experience of our website. By continuing to use this website, you agree to the use of these cookies. For more information and to learn how you can change your cookie settings, please see our policy.