The Law
Legal Spotlight
Fraudulent Money Transfer Covered Under Policy
In the summer of 2014, Medidata Solutions Inc., was looking at a possible acquisition. The company notified its finance department “to be prepared to assist with significant transactions on an urgent basis.”
In September, finance received an email supposedly sent by Medidata’s president, containing his name, email address and picture.
Unfortunately, a hacker was behind the message.
The hacker — spoofing the company president’s email — told finance he was close to finalizing the acquisition, and an attorney would contact them regarding the next steps. Under the alias of attorney Michael Meyer, the hacker called the finance department and swindled the company out of $4.8 million. When Meyer asked for a second wire transfer, finance realized what had happened.
Medidata filed a claim on its $5 million crime policy with Federal Executive Protection, which covered losses occurring as a result of “fraudulent entry” or changing of data in the policyholder’s computer system.
On December 24, 2014, Federal denied the claim, arguing that there was no hack or “fraudulent entry” into Medidata’s computer system — the wire transfer was performed by Medidata employees, not by the hacker.
Both parties filed cross-motions for summary judgment.
The court held that even though the hacker had not performed the wire transfer directly, the “fraudulent entry” language applied, because the hacker used embedded computer code to trick Medidata’s servers into replacing the displayed email address and profile photo to that of the company president. The judge noted that Medidata’s employees “only initiated the transfer as a direct cause of” the hacker sending the modified emails posing as Medidata’s president.
“Larceny by trick is still larceny,” said the court.
The district court granted Medidata’s motion for summary judgment.
Scorecard: Federal will have to cover Medidata’s $4.5 million loss.
Takeaway: This ruling is a sharp departure from court decisions in similar cases, but the court would likely have still ruled for the insurer if there had been no digital manipulation.
Lack of Information Leads to Insurer Victory
The U.S. Department of Justice and the office of the inspector general for the Department of Housing and Urban Development found First Horizon National Corporation and First Tennessee Bank National Association noncompliant with FHA-insured loan requirements.
The DOJ initially demanded a $610 million settlement in April 2014 after investigators notified the bank it was in violation of the False Claims Act.
The bank held coverage through eight insurance companies and sent a notice of circumstances to each insurer, explaining that the bank was cooperating with the DOJ. The notice concluded that the bank “established no liability for [the eventual outcome] and is not able to estimate a range of reasonably possible loss.” Not once did the bank reference the settlement demand in the notice.
By June 2015, the bank and the DOJ agreed on a settlement of $212.5 million. The bank expected to obtain the collective $75 million limits from its policies. All insurers denied coverage and the bank filed bad faith claims against them.
In June 2017, the court determined that because the bank failed to include the settlement demand in its initial notice, the insurers were not required to pay the $75 million in collective limits. It dismissed the bad faith claims and told the bank that its notice was “not reflective of the state of affairs at the time.”
Scorecard: Eight insurers did not have to pay their combined policy limits due to the omission of key information in the initial notice of circumstances.
Takeaway: An omission of vital information from an insured can lead to a positive court outcome for insurers.
‘Excess by Coincidence’ Policy Not True Excess Policy
In 2015, a property manager took an elderly man on a tour of the Dolce Living apartment complex in Houston via golf cart. The driver took a sudden left turn, throwing the man from the cart. He hit his head and died of his injuries days later. His widow sought $1 million in damages against the complex and the property manager.
Dolce held a $1 million primary commercial GL policy through Lloyd’s of London and a $10 million excess policy through Colony Specialty Insurance Co. Pace Realty Corp., the manager of the complex, held a $1 million primary policy with North American Capacity Insurance Co.
The settlement exhausted Lloyd’s primary policy and left North American to pay the remainder. North American paid but then sued Colony, arguing the complex’s excess policy should have covered the remainder or, at the very least, split the bill with North American.
Because of wording in its policy that stated “… this insurance is excess over any other valid and collectible insurance available to you,” North American said its policy should be looked at as excess insurance only to be utilized after both the Lloyd’s and the Colony policies had been exhausted.
The Colony policy, argued North American, stated that its “excess condition … will not apply to insurance specifically written as excess over the coverage part.” North American said this clause should apply to its own policy, and Colony should be on equal legal footing as North American and split the costs between them.
The court had a different idea, calling Colony’s policy the “true excess” policy and North American the “excess by coincidence” policy. “NAC’s primary coverage limit of $1 million must be exhausted before Colony’s excess coverage is triggered.
“The NAC policy is a primary policy that is ‘excess by coincidence.’ The Colony umbrella policy is a true excess policy,” the judge wrote.
Scorecard: Colony Specialty Insurance Co., acting as an excess policy holder, does not have to pay on the Dolce Settlement.
Takeaway: If an excess policy is in place, all primary limits covering the same risk must be exhausted first, even if those policies are written to be excess in certain circumstances.