Can The Insurance Industry Limit the Right to Independent Counsel?

A cornerstone of California law is that the duty to defend arises whenever the lawsuit against the insured seeks damages on any theory that, if proved, would be covered by the policy.  Indeed the duty to defend is so broad that it is excused only when “the third party complaint can by no conceivable theory raise a single issue which would bring it with the policy coverage.” (Montrose Chem. Corp. v. Superior Court (1993) 6 Cal 4th 287, 295 –applying law first set forth in Gray v. Zurich Ins. Co. (1966) 65 Cal 2d 263.)  It took almost fifty-one years of litigation for the courts to clarify the duty to defend, but with each new case, the Insurers will continue to contest both their duty to defend and if they must defend, whether independent counsel is required.

Back some forty-six years ago in Executive Aviation Inc. v. National Ins. Underwriters (1971) 16 Cal App 3d 799, 810, the appellate court recognized that “the insurer’s desire to exclusively control the defense must yield to its obligation to defend its policyholder” and pay for independent counsel under the facts of that case.  Where the insurer defends under reservations and appoints its panel defense counsel, such counsel may find himself or herself in conflict!  If counsel can favor his or her insurer client when developing evidence or undertaking defense strategy in a way to negate coverage, the courts have fashioned a remedy: the right to independent counsel paid for by the insurer.

The insurer must thus pay for independent counsel where the circumstances demonstrate a disqualifying conflict of interest. San Diego Navy Fed. Credit Union v Cumis Ins. Society (1984) 162 Cal App 3d 358, 364 and later Civil Code Section 2860 (a).  What conflicts create the disqualifying conflict of interest? Here are some examples:

  • The outcome of the coverage dispute can be affected by the manner in which the case is defended.
  • Several insureds are defendants and they have conflicting claims against each other.
  • The same attorney is representing the insurer in a DRA seeking to avoid coverage who the insurer appoints as defense counsel for the insured (!!—this was the circumstance in Executive Aviation).
  • The insurer seeks to settle the claim for more than policy limits exposing their insureds to the excess liability (!! a real case where that happened is Golden Eagle Ins. Co. v. Foremost Ins. Co. (1993) 20 Cal App 4th 1372, 1396)

The “paradigm cases” for disqualifying conflict include the one just cited Golden Eagle Ins. Co. v. Foremost and others, i.e., Long v. Century Indem. Co.  (2008) 163 Cal App 4th 1460, 1471, because the coverage issue in those cases rested on whether the insureds acted negligently or intentionally.  Under those circumstances, the appointed defense counsel could control the production of evidence to disfavor coverage.

There are two strong reasons the Insurers attack these decades of common law and statutory law, however: Cost and Control.  The insurers hope to 1) rein in the costs of litigation only paying their panel counsel negotiated below market bargain rates, and 2) dictate defense strategies to those cheaper counsel;  sometimes they succeed.

It is common for insurers to argue that their beleaguered insureds (who are fighting off underlying lawsuits) must also first prove the disqualifying circumstances to secure the benefits of unconflicted defense. In two recently reported cases, the insurer prevailed where the policyholders did not submit evidence supporting a potential conflict, and the insurers avoided any obligation to pay for independent counsel.  In both cases the insured simply failed to produce any evidence of actual potential conflict of interest. A review of these cases is instructive and demonstrate the pitfalls of over-reaching.

The insurer won a summary judgment affirmed on appeal in Centex Homes v. St. Paul Fire and Marine Ins. Co., 2018 Cal. App. LEXIS 45, just filed on January 22, 2018.  The Centex court determined that the insured did not “establish a triable issue of material fact” to show the St. Paul appointed panel defense counsel Mr. Lee could influence the outcome of the coverage dispute, so St. Paul did not have to pay for independent counsel.  Homeowners brought the underlying suit against Centex and others for damages from construction defects for which Centex may be strictly liable.  Centex tendered the suit for a defense, as an additional insured on its contractor’s policy issued by St. Paul.  There was active coverage litigation pending between St. Paul and Centex, but panel counsel Lee testified that St. Paul did not control what he did, and did not ask him to settle claims against the named insured (to leave Centex without coverage.) Further Lee did not represent St. Paul in the coverage lawsuit. Centex offered no contrary facts or other evidence tending to show any conflict.

The Centex opinion recites the applicable standards and accepted the evidence offered by St. Paul (Lee deposition testimony), and rejected the Centex argument that a potential conflict may arise without more detail as to what constitutes the actual conflict.  The Court was unimpressed with the Centex theoretical argument and its reliance on its legal briefing, and noted the absence of admissible evidence of any potential conflict.  The opinion contains an excellent overview of most of the law on these issues and demonstrates the pitfalls of relying on purely theoretical arguments to show potential conflicts.

In Illinois, another opinion confirmed the insured had no right to independent counsel in Bean Products, Inc. v. Scottsdale Ins. Co. filed January 22,2018, as case no 16 CH 7504. Again the policyholder lost a summary judgment motion by not submitting sufficient admissible evidence demonstrating the conflict and it was affirmed on appeal. A competitor brought a trademark and copyright infringement suit against the insured Bean, and Bean’s counsel Gauntlett & Associates (“G&A”) tendered it to Scottsdale for a defense. G&A was attempting to be Bean’s “independent counsel” but Scottsdale agreed to defend under a very limited reservation of rights (only denying coverage for punitive damages), appointed counsel, and contested any conflict. Scottsdale demanded cooperation and that G&A relinquish control of the defense.  G&A refused and instead argued for independent counsel rights, refused to provide documents requested (including with regard to settlement discussions with plaintiff and the insured’s evaluation of the merits of the suit.)

Despite the foregoing, Scottsdale’s appointed counsel managed to settle the case very economically for $30,000.  Bean then demanded Scottsdale pay G&A’s fees in the amount of just over half–$15,373.75.  Bean’s argument was that the appointed counsel was not as expert as G&A and that G&A did more to bring about the settlement. Under Illinois law, the allegations of the complaint determine the duty to defend, which includes the right to control the litigation.  The insured failed to show any actual conflict existed, however, that would somehow impair the defense Scottsdale was providing. Scottsdale declined coverage for punitive damages, but that did not create a conflict under Illinois law nor would it under California law.

The Bean opinion cited to cases where the facts presented an actual conflict: 1) the driver of the insured company was aligned with the plaintiff in the accident suit, whereas the insurer would seek to separate the driver from the insured company and 2) a builder was being sued for mold damage—the insured seeks to prove no liability but the insurer would be protected if the mold damage occurred before the policy inception regardless of the insured’s liability.

Bean was unable to submit any such conflict facts.  The court ultimately determined the insured voluntarily assumed the G&A bills, and had no right to secure reimbursement from Scottsdale.

Policyholders must pick their fights carefully.  Bad facts make for bad law and these most recent cases are great examples of coverage suits that should not have been litigated.

AIG Must Defend Additional Insureds

That it took an appellate court to order AIG’s Lexington Insurance to honor its additional insured obligations is a measure of how frequently insurers attempt to dodge this important contractual obligation. The case of McMillin Management Services v. Financial Pacific Insurance, et al., in the Fourth District of the California Court of Appeal, was decided just a few days ago, on November 14, 2017.  The Court reversed the trial court, finding that Lexington had to defend McMillin, a general contractor because of the construction defects potentially caused by the operations of the Lexington insureds, two subcontractors.

Lexington argued that since the homeowners’ claims arose after the subcontractors’ work was done, these claims could not have “arisen out of” the subcontractors’ on-going operations and fit into the exclusion for completed operations. However, the additional insured endorsements were not so limited, and provided coverage for liability arising out of such operations as damage may well have occurred during the construction operations.

McMillin had used a number of subcontractors to work on the subject development, two of whom, Martinez and Rozema, purchased insurance with Lexington and included additional insured endorsements. This may be the first published decision specifically construing such “arising out of” language, which commonly appears in such endorsements.  Although there was a completed operations exclusion, it was not clear when the alleged damages occurred, therefore there was a potential for a defense.

The appellate court relied on the holding of another decision that held the term “arising out of” in this context is to be broadly construed: “… it broadly links a factual situation with the event creating liability, and connotes only a minimal causal connection or incidental relationship.” Acceptance Ins. Co. v. Syufy Enterprises (1999) 69 Cal.App.4th 321, 328.

Lexington argued that McMillin could not have faced liability for the homeowners claims during its insureds’ operations (as there were no damages then—the project was just being built), but the appellate court noted “arising out of” is simply broader than “during.” This court concluded that: “The term “arising out of” in the endorsements granting McMillin coverage for ” ‘liability arising out of [Martinez’s or Rozema’s] ongoing operations,’ ” provides only that McMillin’s liability must be “linked,” through a “minimal causal connection or incidental relationship”…, with Martinez’s or Rozema’s ongoing operations.”  Since it was entirely possible that property damage occurred while the operations were on-going, there was a potential for coverage and a duty to defend.  In effect, the duty to defend continues until Lexington can establish with undisputed and conclusive facts that there were no damages until after the subcontractors’ work was completed.

This opinion establishes for developers and their counsel the importance of carefully reviewing additional insured endorsements to ensure the broadest possible protections against claims arising from the work of the subcontractors.


Travelers Fails to Pull a Rabbit out of its Hat and Must Defend its Insured

In a recent federal court decision out of Colorado, Travelers failed to convince the Court that it had no duty to defend its insured based on its IP exclusion (barring coverage for patent infringement claims).  Travelers’ subsidiary, Charter Oak, attempted to dodge coverage for its insured, Minute Key, Inc., under a liability policy.  Minute Key was sued by a competitor, Hillman Group, who claimed that Minute Key falsely accused Hillman of patent infringement, and in doing so sought to steal business from it.  There was no patent infringement claim against the insured!

The Charter Oak/Travelers policy provided “Personal and advertising injury” coverage.  Advertising injury was defined as “…injury, other than “personal injury,” caused by one or more of the following offenses: (1) oral or written publication … in your “advertisement” that “disparages a person’s or organization’s goods, products or services… .”  Likewise “Personal injury” was defined as “… Oral or written publication … that … disparages a person’s or organization’s goods, products or services… .”

The IP Exclusion states that the “insurance does not apply “Personal injury or advertising injury arising out of …Patent…[infringement]”.

The underlying lawsuit began as a declaratory judgment action where Hillman sought a declaration of non-infringement and invalidity under the Patent Act against Minute Key.  Then its suit was amended to add a claim of damages for product disparagement under the Lanham Act and state law.

So the coverage issue raised by Travelers was whether Hillman’s disparagement action’s genesis, in patent infringement allegations made by Minute Key against Hillman, brings the action into the exclusion.  Ordinarily, insurers (whose policies exclude coverage for patent infringement claims) deny coverage for patent infringement claims made against their insureds!

Thus, Travelers’ counsel took a creative leap on this one!  Even in Colorado, which applies the “four corners rule” determining duty to defend just on the allegations in the Complaint as against the Policy, it is evident Travelers had to defend.  This is because the duty to defend arises when the underlying complaint alleges any facts that might fall within coverage.  The district court readily decided in favor of the policyholder because while Travelers broad reading of its exclusion was “colorable,” it was not conclusive.  The coverage grant expressly included the obligation to defend the underlying claims of product disparagement—and coverage grants are to be applied broadly—Colorado law is to construe the duty to defend “liberally with a view toward affording the greatest possible protection to the insured.” (Thompson v. Maryland Cas. Co., 84 P. 3d 496, 502 (Col. 2004)).

The Court found the IP Exclusion ambiguous in the context of the facts of the case (which seems generous), but that ambiguity finding meant the Court was required to rule against Travelers.  Travelers’ effort to argue for a broad interpretation of its exclusion also runs counter to California law, which requires exclusions to be interpreted narrowly as they seek to limit coverage grants which are, in contrast, to be interpreted broadly.  This does not stop aggressive insurer counsel from continuing to flaunt the rules of interpretation—arguing the very opposite of what the rules of construction allow.

Two Court Rulings Show Coverage Difficulties for “Fake President” Fraud

A few weeks back, the Insurance Recovery report posted a blog about the difficulty obtaining insurance coverage for “fake president” fraud, which is also known as business e-mail compromise, or social engineering fraud.   Two courts have recently reached opposite holdings on this exact topic, which highlight the difficulty policyholders face when they have been victimized by Fake President Fraud.

The policyholder-favorable of those rulings came out of a New York District Court, where the judge found in favor of coverage for this type of fraud under a crime policy issued by Federal Insurance Company.  Medidata Solutions, Inc. v. Federal Ins. Co., Case No. 15-CV-907 (S.D.N.Y. July 21, 2017). Docket No. 32.  The case was typical of fake president fraud.  In 2014, a fraudster imitating the president of Medidata Solutions, Inc. directed an employee in the accounts payable department to wire money overseas for a company acquisition.  The e-mail included the president’s e-mail address and picture, and copied a fake attorney.  The employee performed some degree of due diligence, corresponding with the fake attorney by e-mail and phone before wiring the money.  However, that employee ultimately wired $4.8 million dollars to a fraudulent account.  Fortunately, the company discovered the fraud before a request to wire another $4.8 million was completed.  Medidata sought coverage under its Federal Insurance Company crime policy, but Federal denied the claim.  Medidata filed suit in February 2015.

The scope of coverage under the policy turned on a computer fraud provision in the crime policy that covered losses that occurred as a result of the “fraudulent entry” or changing of data in the policyholder’s computer system.”  The question then arose: was this a fraudulent entry?  Some courts had previously determined that fake president fraud does not result in a fraudulent entry or act because the company employee voluntarily makes those changes (although at the direction of a fraudulent actor).  Here, though, Judge Andrew Carter Jr. disagreed, holding that the entry was indeed fraudulent because the fraudster used a computer code to alter a series of email messages to make them appear as if they originated from the company’s president.   In that regard, Judge Carter followed the decision in Universal American Corp. v. National Union Fire Ins. Co. of Pittsburgh, Pa., which found such entries to be fraudulent because they violated the integrity of the computer system.  To Judge Carter, it seemed implausible that one would ever find coverage under the narrow view other courts have taken because it would require the fraudster to break into the computer system and wire the money.

But then yesterday, a Michigan District Court reached the exact opposite ruling in American Tooling Center Inc. v. Travelers Casualty and Surety Co., Case No. 5:16-cv-12108, 2017 U.S. Dist. LEXIS 120473 (E.D. Mich. Aug. 1, 2017).  There, the fraudster sent e-mails posing as a vendor of the Michigan-based company, asking to forward payments due under a contract between the parties.  The company sent the money, only to discover the money was lost forever.  American Tooling Center sought coverage under its Travelers’ crime policy because it constituted computer fraud, but Travelers denied the claim, arguing that there was not a “direct loss” that was “directly caused by” the use of a computer.

The relevant policy definition defined computer fraud as the use of “any computer” to “fraudulently cause” a “direct loss” by money transfer.  American Tooling and Travelers obviously disagreed about those terms, but the Judge found in favor of Travelers because the term “direct loss” was synonymous with the term immediate, and there were steps in between the fraudulent e-mails and the wiring of money.  In short, the Michigan court would require the exact thing – a fraudster hacking into the computer and sending the money directly – that the New York court found implausible.

What are the major takeaways from these rulings?  First, it is always critical to carefully review the language in insurance policies.  The American Tooling Center court distinguished the ruling in Medidata by contrasting the policy language because the Medidata policy did not include the term “direct loss” in its definition of fraud.  To many people, that would be a minor distinction.  But to the Michigan court it meant the difference between there being coverage or not.  We believe that the Medidata court had the proper holding, that the Michigan court should have followed suit, and that Judge Carter’s belief that a computer fraud coverage requirement that a fraudster perform a transfer for there to be coverage is too draconian. And because rulings on this subject have come down all over the place, policyholders that frequently conduct transfers via computer should consider contacting insurance professionals, be it an attorney to interpret the policy, or a broker to determine whether there might be a policy endorsement available specifically aimed at this type of event.

Renewal Notices Must Warn of Major Changes in Coverage

California Insurance Code §678 provides as to personal lines policies (such as homeowners, auto or personal liability): “(a) At least 45 days prior to policy expiration, an insurer shall deliver to the named insured…(1) an offer of renewal of the policy contingent upon payment of premium…stating…(A) Any reduction of limits or elimination of coverage…”

Insurance Code §675.5 makes the same law applicable to commercial policies issued for delivery to California insureds. Insurance Code §676.2(c)(1) provides as to policies of commercial insurance that upon renewal no reductions or changes in the conditions of coverage shall be effective unless a written notice is mailed at least 30 days before the effective date of the change, and such changes can only be made where there are specific reasons for the change (such as willful or grossly negligent acts by the insured or failure to institute loss control measures, or change in use materially adding to the risk).  These Insurance Code provisions protect insureds from surprise exclusions which materially reduce the coverage being renewed.

It is very common to find California Changes Endorsements on policies issued in California to reflect these legal requirements.  They are usually entitled:  “California Changes—Cancellation and Nonrenewal” followed by a promise to adhere to these time limits of Notice and other provisions of the Insurance Code regarding renewal or cancellation of the policy.

What if at renewal time, the insurer simply sends a general “Notice of Policy Conditional Renewal” which is a boiler plate Notice reserving the right to make any kind of change in terms, premium or deductibles?  Is that sufficient Notice to allow major reductions in coverage to be enforceable?  We think not.

The case law makes these contractual obligations to notify explicit.  The California Supreme Court has held that “no change may be made in the terms of the renewal policy without notice to the insured.”  (Industrial Indemnity Co. v. Industrial Accident Commission of California (1949) 34 Cal. 2d 500, 506.)  California law requires that when an insurance company changes, reduces, or limits the coverage or benefits of a policy upon renewal, the notice of such change must “be provided in a ‘plain, clear and conspicuous writing.’” (Everett v. State Farm General Ins. Co. (2008) 162 Cal. App. 4th 649, 663.)  To be conspicuous, the notice must be “displayed or presented” in a way that it would be “noticed” by a reasonable person.  (Broberg v. Guardian Life Ins. Co. of Am. (2009) 171 Cal. App. 4th 912, 922-23.)  Examples of conspicuous notice “includes . . . a heading in capitals . . . larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size . . ..”  (Id. at 923.)  Moreover, the notice of reduction in coverage must be “specific.”  (Davis v. United Services Auto Ass’n (1990) 223 Cal. App. 3d 1322, 1332.)  Thus, “a general admonition to read the policy for changes is insufficient.”  (Id.)  The failure to provide “adequate notice” renders the attempted reduction or limitation in coverage “ineffective.”  (Id. at 1333.)

A major reduction in coverage in the Renewal terms should be disclosed to the insured so that the insured has an opportunity to make an informed decision to renew with the same insurer or seek coverage elsewhere.  Certainly an insured must have a reasonable notice of the renewal terms, if the insurer plans a major reduction in coverage.  The failure of the insurer and/or the broker to disclose major reductions in coverage in the renewal terms, has serious consequences including making that surprise and deadly exclusion unenforceable. So buyer beware and be forewarned!  If you find your renewal policy has surprise holes in the coverage, you might consult coverage counsel as the insurance law may afford some remedies.

The Remedy for the New Cyber Threat Posing Major Coverage Problems: “Fake President” E-mails

In the last few weeks, we have seen yet another widespread ransomware attack that hit nearly one hundred companies around the world.  It reminded me of a recent request from a client, made just after news broke of the WannaCry ransomware attacks, to review its insurance portfolio to confirm that it was covered for ransomware attack.   The client had that coverage, but I noticed that there was a gaping hole in the policy for another type of common attack that goes by a variety of names – business e-mail compromise, social engineering fraud, and fake president fraud.  What is critical for companies to understand, and few do, is that they must purchase a specific endorsement to obtain this kind of coverage.

These types of attacks are as much identity fraud as they are a cyberattack.  In these kinds of cases, an impostor will pose as a high ranking executive at a company, and command a lower level employee via email to wire money to a client or vendor account.  The employee, so diligently trained to follow orders, will then complete the transaction, unwittingly transferring company funds into a fake account.  After all, what employee would question the company’s CEO, CFO, President, or other superior?

This crime poses significant challenges from a coverage perspective.  The act does not fit cleanly within the typical first party coverages included in cyber policies – it isn’t a data breach, in which information is stolen or compromised and needs to be repaired, and it isn’t a ransomware attack, in which a company has its business shut down.  These types of attacks also aren’t covered by modern crime policies because the action taken – the wiring of money by an employee – is voluntary.  There is no extortion, and no money is stolen.

Courts recently confronted with these situations have routinely denied coverage.  One example can be seen in Aqua Star (USA) Corp. v. Travelers Cas. & Sur. Co. of Am., No. C14-1368RSL, 2016 U.S. Dist. LEXIS 88985 (W.D. Wash. July 8, 2016).  There, a hacker impersonating a vendor of the policyholder directed an employee to change the bank account for future payments to that vendor.  The employee dutifully did so, and the policyholder lost over $700,000 when money was wired to the fraudster’s account.  The crime policy covered computer fraud, but contained an exclusion for “loss resulting directly or indirectly from the input of Electronic Data by a natural person having the authority to enter the Insured’s Computer System.”  Travelers denied coverage because the employee had authorization to input the new bank information to the account, and the District Court agreed, finding that the loss – the transfer of money to the new account – indirectly resulted from the inputting of the new bank information.

In Taylor & Lieberman v. Fed. Ins. Co., 2017 U.S. App. LEXIS 4205 (9th Cir. Mar. 9, 2017), the Ninth Circuit was faced with a similar situation.  There, an accounting firm handled payments and transfers for its clients.  An impostor took control of a client’s e-mail account and sent multiple wire payment instructions to the accounting firm.  The employee wired the money, and did not discover the fraud until the third request to wire money.  The accounting firm sought coverage under its crime policy, which provided coverage for “direct loss sustained by an Insured.”  The Court denied coverage because it determined the accounting firm was seeking recovery for third party losses – those of its clients – and not its own.  That the company might have to indemnify that client for the fraudulent payments was immaterial.

Fortunately, not all cases end with an insurer victory.  But the uncertainty of these results begs the question: how do you insure for these attacks?  The answer is a policy endorsement targeted at these types of attacks.  It is usually added to a company’s crime policy, and will include language such as “the Company will reimburse the Insured for Loss sustained by the Insured Person as a direct or indirect result of Business E-mail Compromise.”  The Policy will then define Business E-mail Compromise, and within that definition it should include reference to coverage for voluntary actions of the insured (who is wiring money under false pretenses).  The policy limits for these endorsements tend to be lower than the policy it is attached to, but any coverage an insured can obtain for this kind of fraud is better than none.

There are a few important takeaways on this issue.  First, check your insurance policies for language that may suggest coverage in this area, and read the language closely.  You will want to make sure your company is covered when money is sent by employees as a result of fraud.  If you do not see such language, ask your broker to get you options to add this endorsement to one of your policies.  Second, confirm that the policy endorsement you obtain is broad enough to subsume the acts you are seeking to cover.  The worst case scenario would be purchasing an endorsement that fails to cover the fraudulent actions for which you are hoping to obtain insurance.  Finally, train your employees for these types of situations.  A simple 30 minute training on how to identify tells that reveal these schemes may help your company avoid hundreds of thousands of dollars in losses by avoiding this situation altogether.

Ninth Circuit Reaffirms Policyholder Right to Sue Recalcitrant Excess Insurer

A new opinion published on March 21, 2017 from the Ninth Circuit (Teleflex Medical Inc. v National Union, Case no 14-56366 ) affirmed a $6+ M judgment against AIG subsidiary National Union, who was excess a primary policy issued by CNA.  This is an excellent result for policyholders, and a warning to recalcitrant excess insurers.

The Insured purchased two insurance policies that covered disparagement claims – a primary policy issued by CNA, and an excess policy issued by National Union.  The Insured was defended by CNA in an underlying lawsuit, and the Insured and primary insurer kept National Union informed throughout the litigation.  The underlying lawsuit finally developed to the point settlement was advisable, and the claimant, Insured, and CNA all agreed to a settlement that would require about $3.75 million from the $14 million National Union excess policy.

National Union not only refused to consent to the settlement – which, of course, the Insured, claimant and CNA all agreed to make—but also refused to undertake the defense of the Insured.  The court found the Insured was entitled to sue National Union for breach of contract and bad faith and was entitled to the rebuttable presumption that the settlement was reasonable because National Union failed to undertake the defense when it refused to consent to the settlement.  Under the decision in Diamond Heights HOA v National Am. Ins. Co. 227 Cal. App. 3d. (1991), the Court held an excess insurer only has three choices in that context: 1) approve the settlement; 2) reject it and take over the defense, or 3) reject it and decline to defend, but face a potential lawsuit by the insured seeking contribution and bad faith damages. The Diamond Heights court also found an excess insurer who rejects a settlement and refuses to defend thereby waives of the “no action” (and “voluntary payments”) clauses in their contracts.

Since National Union refused to undertake the defense—i.e., breached the contract and violated the Insured’s rights under the implied covenant of good faith and fair dealing—it was vulnerable to this later suit brought by the Insureds.  That case went to trial and the jury found the settlement reasonable and National Union liable for breach of contract and bad faith—the ultimate judgment exceeded $6 million.  The Ninth Circuit decision, which affirmed the trial court, contains an excellent discussion of the public policy behind the Diamond Heights decision, and later decisions applying it post-WallerWaller v. Truck Ins. Exchange, 11 Cal 4th 1 (1995) held that an insurance company does not waive coverage defenses it fails to mention in its correspondence with the insured—and in its decision did not address the Diamond Heights decision.

National Union argued the Waller Supreme Court decision – which held that an insurer does not waive coverage defenses if not in their coverage letters – somehow overruled Diamond Heights.  This argument was soundly rejected by the trial court and Ninth Circuit.  Among the arguments National Union made were that the Insured should have had to prove waiver of the “no action” and “voluntary payments” clauses by clear and convincing evidence –not by a preponderance of the evidence!  This argument was also soundly rejected by the Ninth Circuit.  Of course, as all insurers will do, National Union also argued for a “genuine dispute” instruction—which the Ninth Circuit also rejected for good reason –not only because it really does not apply in the context of a liability policy, but also because it is subsumed in the standard CACI instruction.  The jury had to determine the settlement was reasonable as part of that instruction.  The opinion makes for good reading because it lays out the extreme arguments National Union made before a jury (who fortunately did not buy any of them).  The opinion also affirms the insured’s recovery of Brandt fees, and that the trial court reasonably apportioned only 10% of the fees to the bad faith claims thus allowing a 90% recovery!

California Supreme Court Endorses the Insurance Commissioner’s Authority to Regulate Wayward Insurers

On Monday, the California Supreme Court revived a 2011 insurance regulation designed to protect homeowners from underinsurance because of the insurance company’s use of potentially misleading estimates for home replacement costs.  This was a big win for consumers, and will be particularly important for those who lose their homes in natural disasters (in particular fire) where there are few coverage disputes other than the cost to repair or replace.

As background, the Insurance Commissioner enacted the insurance regulation, which laid out detailed guidelines to ensure adequate replacement cost coverage in homeowners policies, with the intent of eliminating the practice by insurers of providing homeowners policies with insufficient limits based in inadequately estimated costs of repair.  The effect of the insurers practice was to leave homeowners only partially insured and holding the bag if they wanted to rebuild their homes after an insured loss.  This issue was becoming increasingly problematic because of the prolonged droughts suffered in many California communities, and the increasing prevalence of major wildfires.  But with the passage of this rule, the Insurance Commissioner hoped to give homeowners some piece of mind by requiring insurers to  properly calculate rebuilding estimates.  If the insurers violate the regulation, and an insured suffers a loss (because their policy had insufficient limits to actually cover the repair or replacement costs) the remedies include both an enforcement action and also a potential private lawsuit based on this now more precisely defined unfair business practice.

The insurance industry objected that the regulation fell outside of the Commissioner’s delegated authority, and also argued that the regulation restricted their underwriting and violated their rights of free speech.  The trial court and appellate court threw out the new regulation on the first ground, that the Insurance Commissioner exceeded his authority in promulgating this new regulation.  However, the California Supreme Court reversed, finding that the Commissioner was well within his authority, and sent the case back to for the lower courts to address the other two grounds.  The Court rejected gave deference to the Commissioner after a careful review of all the reasons agencies have such authority.  In particular, the Supreme Court focused on the public policy behind the enabling statute at issue, Insurance Code 790.03 (b), which bars Unfair Practices in the form of false or misleading statements issued by insurers, and delegates to the Commissioner the authority to issue regulations to enforce the statute.

From a practical perspective, this is a fantastic outcome for consumers.  The Supreme Court emphatically endorsed the authority of the California Insurance Commissioner to issue regulations to enforce the Unfair Practices in the business of insurance law.

Losing a home is bad enough, but having to haggle with an intransigent insurance company who issued a homeowners policy with insufficient limits for the replacement costs in the aftermath is even worse.  It will be interesting to see if the insurance industry will now provide more accurate, but more expensive limits for replacement cost coverage in homeowners policies.

Beazley Report Details Increase in Ransomware Attacks

A report issued last week by Beazley, one of the prominent insurance companies in the cyber field, revealed what industry experts predicted earlier in the year – ransomware is an increasingly prevalent menace.  That report is a reminder to everyone that there is no time like the present to review backup and incident response plans, and to take a close look at your insurance policies.

Beazley has been a prominent cyber insurance player since the inception of that specialized coverage. As an early presence in this area, Beazley started its data breach response unit in 2009.  During that time, it has been tracking its incident response figures based on claims from its policyholders.  And the early reports from 2016 reveal ransomware to be a growing threat.  While the percentage of ransomware attacks as part of the broader data breach universe stayed proportional to the figures seen in 2015, there was a huge uptick in the total number of ransomware incidents.  As Beazley noted, cyber thieves have apparently determined that it is easier to get payment in bitcoins via ransomware than selling information on the dark web.

But all is not lost in this grim report.  There are easy lessons to take away that can help prevent or minimize the risk or damage from a potential ransomware attack.

  • First, ensure you have robust backup practices. A thief stealing your company’s data is a bad outcome.  But Ransomware can cripple a company.  Backup processes are no sure solution, but the absence of a solid backup plan will certainly result in catastrophic results because the ransomware will leave you at the mercy of the attackers.
  • Second, prepare or update your incident response plan. Whatever that plan may be, you do not want an actual data breach attack to be the first time you have practiced your plan.
  • Third, educate your employees. Over 80% of data attacks resulted from human error – when your employee opens the wrong attachment, it is utterly meaningless if you have the Fort Knox of cyber defenses.
  • Finally, review your insurance portfolio. Ransomware is somewhat unique in its mode of attack, and the “damage” that it does to your system. Does it actually do damage your data?  Your computers?  Insurers will certainly argue to the contrary.  An important takeaway is that you should understand where your potential cyber coverage might lie, and determine if you need additional coverage.  Cyber insurance may or may not be cost effective for your company, but you need to understand your insurance portfolio to better evaluate your risk profile.