Hunton Insurance Recovery Blog

On December 9^th, the Eleventh Circuit held that a loss of over $1.7 million to scammers was covered under a commercial crime insurance policy’s fraudulent instruction provision.

In Principle Solutions Group, LLC v. Ironshore Indemnity, Inc., the loss resulted from a “sophisticated phishing scheme” where a scammer posed as an executive of Principle and persuaded an employee to wire the money to a foreign bank account.  The fake executive emailed the employee that “he had been secretly working on a ‘key acquisition’ and asked her to wire money.”  The scammer instructed the employee that the details of the wire transfer would be provided from a purported outside attorney.  Just five minutes later, the employee received an email from the supposed outside attorney instructing her to wire the money.  This “outside attorney” then called the employee and reiterated that Principle’s executive had approved the transfer.

The employee then created and approved the transfer, but a fraud prevention service from Wells Fargo asked for verification that the wire transfer was legitimate.  The employee confirmed with the “outside attorney” that this was legitimate and relayed that information to Wells Fargo, which then released the funds to the scammers.

Unable to recover the funds, Principle sought coverage for the loss under its commercial crime insurance policy with Ironshore under an insuring agreement covering “loss resulting from a fraudulent instruction directing a financial institution to debit [Principle’s] transfer account and transfer, pay or deliver money or securities from that account.” Ironshore denied coverage.

Ironshore argued that there was no coverage for two reasons.  First, it asserted that the first email the employee received did not constitute a fraudulent instruction because it did not direct a financial institution to debit Principle’s account, but only told the employee to await further instruction.  Second, Ironshore contended that the loss did not “result directly from” a fraudulent instruction because there were two intervening events between the instruction and the loss:  (1) the purported outside attorney conveying the necessary details to Principle’s employee, and (2) Wells Fargo’s holding the transaction.

The District Court concluded that the fraudulent instruction provision was ambiguous because both Principle’s and Ironshore’s interpretation of it were reasonable.  At the trial court level, Principle argued that the fraudulent instructions caused the loss, thus triggering coverage under the fraudulent instruction provision.  Ironshore argued that the term “directly,” as used in the fraudulent instruction provision, required an immediate causal link between the fraud and the loss.  The court found both interpretations to be reasonable and, thus, under Georgia law, construed the policy in favor of Principle.  The Eleventh Circuit affirmed but on different grounds.

First, the Eleventh Circuit held that the emails from the purported Principle’s executive and the second email from the purported outside attorney must be read together.  When read together, the emails were a fraudulent instruction; the sole purpose of the email from the outside attorney was to provide the necessary details to make the wire transfer.  Accordingly, the court held that the “fraudulent instruction from the scammer purporting to be [Principle’s executive] unambiguously falls within the coverage provision.”

Second, the Eleventh Circuit held that only a proximate cause between the covered event and the loss was required, not the immediate link Ironshore sought.  The court went on to say that proximate cause “encompasses ‘all of the natural and probable consequences’ of an action, ‘unless there is a sufficient and independent intervening cause.’” (emphasis in original).  The Court rejected Ironshore’s argument that the emails from the purported outside attorney or the bank holding the money were a “sufficient and independent intervening cause” because the emails from the purported outside attorney and Wells Fargo were foreseeable consequences of the first email.

The Eleventh Circuit also rejected the dissent’s conclusion, among others, that the “suspicious nature of the entire transaction” severed the causal chain because Principle was on notice that the transfer may be fraudulent. The majority held that whether the events were suspicious was not the relevant question but instead the relevant question was whether the employee’s failure to verify the transfer was foreseeable—the majority held it was.  Finally, the Eleventh Circuit rejected the dissent’s conclusion that proximate causation is a question for the jury because “the evidence. . . leads to only one reasonable conclusion:  no unforeseeable causes intervened between [Principle’s executive’s email] and Principle’s loss.”

The Eleventh Circuit’s holding is important because it interprets a fraudulent instruction provision in a manner that effects the intent of such provisions to provide coverage for ever-increasingly innovative and sophisticated phishing schemes.  The dissent’s causation argument has no basis in the policy language and in most instances would defeat the purpose of fraudulent instruction coverage, so the majority opinion reached the correct result.