More on the Duty to Defend

Recently we wrote about a case which has been argued before the Supreme Court of California and is now awaiting decision (see The Duty to Defend in California).  In that case, Liberty Surplus Insurance Co. v. Ledesma & Meyer Construction Co., Inc., the issue is whether an employer, sued for negligent hiring of a workman who had allegedly molested the plaintiff, is entitled to a defense from his general liability insurer.  That decision has not been handed down yet.

Another interesting defense coverage case is waiting in the wings.  The California Supreme Court recently granted review in Travelers Property & Casualty Co. v. Actavis, Inc., a very unusual case where two counties sued the manufacturers of opiate medicines for allegedly engaging in a “sophisticated and highly deceptive marketing campaign” to increase their sales of opioid products by promoting them to prescribing physicians for uses for which the products were not suited.  Thereby, the counties claimed, the manufacturers opened the door to an opioid epidemic of non-prescription uses which cost them great expense.  The manufacturers sued their liability insurers for a defense, but the court of appeal ruled that the plaintiffs had alleged that the conduct was alleged to have been intentional, so that no coverage was required.

There appears to be no dispute between the parties that even if the manufacturers were aware that the opioid medications were subject to abuse, they had still been approved by government authority and served certain patients’ medical needs.  For this reason,  the defense coverage issue here should come down to whether the marketer’s knowledge of possible abuse of its product by downstream users makes  its efforts to sell the product for use by people with legitimate medical needs an intentional case of tortious conduct, and thus uninsured.  Here as well, the court’s decision should determine whether California will maintain its rule that to obtain a defense,”the insured need only show that the underlying claim may fall within policy coverage; the insurer must prove it cannot.” (Montrose Chemical Corp. v. Superior Court (1933) 6 Cal. 4th 290, 300.)

The policyholders’ side in these cases should find support in a new decision of the California court of appeal.  In Those Certain Underwriters at Lloyd’s London et al. v. Connex Railroad LLC, that court found that the insurer owed a defense to a railroad company whose train operator took his eyes off the rails to engage in private texting – surely more than careless conduct, where 25 people were killed in the ensuing derailment.

The Duty to Defend in California

All primary liability insurance policies require the insurer to defend against claims where potential liability under the policy exists.  California has long been a leader in requiring a broad interpretation of potential liability, appropriately so because liability insurance has been a mainstay of our industrialized society, where accidents are common and the costs of defense and liability can be vast.  Accidents are universal, and volitional conduct is of course insured, so long as harm is unintended, but “willful” conduct is not insured.

The California Supreme Court has famously stated that “[t]o prevail [on the duty to defend], the insured must prove the existence of a potential for coverage, while the insurer must establish the absence of any such potential. In other words, the insured need only show that the underlying claim may fall within policy coverage; the insurer must prove it cannot.” (Montrose Chemical Corp. v. Superior Court (1993) 6 Cal. 4th 290, 300).

Even where the likelihood of an unintentional accident is small as compared to the insured’s intentional conduct or where only one of several claims falls within the policy’s indemnity coverage, the insurer must defend as long as there is any potential of liability on the covered claim.  That, and the duty of the insurer to settle within policy limits if there is a risk of an excess verdict, have greatly contributed to financial stability in our society, which could otherwise encounter much random economic uncertainty.

But their duty to defend and thus to settle is often challenged by insurers if an element of intention appears regarding some of the conduct that led to the insurance claim. The balance between insurer and insured is not as stable as it could be.

For instance, an automobile driver may make a left turn and misjudge the speed of oncoming traffic, and a collision may result. That is an intentional act, but no auto insurer would deny it was an accident. What if the driver ran off the road to avoid a collision? The insurer may argue that intentional conduct was the key event and relieves the insurer from its duty to defend the claim.  From that model, the reader can see that the rule that the insurer must defend any claim which potentially falls within the liability obligation, and try to settle it if the claim exceeds the policy’s liability limit, is a great force for social stability.

That duty to defend is currently under attack in two cases before the Supreme Court of California, one of which has been argued and may be decided at any time.  In that case, Liberty Surplus Insurance Co. v. Ledesma & Meyer Construction Co., Inc., a plaintiff claimed to have been a victim of a sexual assault and sued (among others) the alleged assailant’s employer for negligent hiring of that person, claiming that if the aggressor had been properly screened he would not have been hired and would not have had the opportunity to attack her at the job site.

The sexual attack is clearly an intentional act.  No one sought insurance coverage for that action.  The employer tendered the negligent hiring claim to its insurer, which rejected coverage arguing that the hiring was too remote from the assault to constitute an “occurrence,” which would have triggered the duty to defend. The lower court agreed and ruled for the insurer.  But the Supreme Court has held that actions collateral to sexual misconduct may require an insurer to provide a defense (Horace Mann Ins. Co. v. Barbara B. (1993) 4 Cal. 4th 1076, 1078), and that if an insurer has to defend one of several claims in a single complaint, it must defend the entire suit (Hogan v. Midland National Ins. Co. (1970) 3 Cal. 3d 553).  But it has also held that allegations of intentional conduct by the insured remove any duty for its insurer to defend the claim.

In Delgado v. Interinsurance Exchange of Automobile Club of  Southern California (2009) 47 Cal. 4th 302, the court denied a duty to defend “when all of the acts, the manner in which they were done, and the objective accomplished occurred as intended by the actor,” and because there “the conduct which gave rise to the suit was done with the intent to cause injury” – a decision the court reached because “there is no allegation in the complaint that the acts themselves were merely shielding or the result of a reflex action. Therefore, the injuries were not as a matter of law accidental, and consequently there is no potential for coverage under the policy.”

Delgado has become a beacon for insurers seeking to avoid a duty to defend although as Witkin states, “any extrinsic facts known from any source can trigger a duty to defend, even where the complaint does not facially indicate a potential for coverage. [Citation.] This includes all facts, both disputed and undisputed, that the insurer knows or becomes aware of from any source…” (2 Witkin, Summary of California Law, 11th ed., Insurance, ¶ 390).  Thus, in California, unlike in some other states, an insurer’s duty to defend is not determined only from the “four corners” of the complaint but also involves exploration of other events about the incident.

Thus, California has two divergent rules about insurers’ duty to provide a defense even where a valid indemnity claim may be hard to discern because the complaint may have concentrated on (or may be limited to) charging intentional actions; or the coverage-seeking event may be just one in a chain of events leading up to the final injury-causing action.  The Montrose line of cases requires a defense even where indemnity coverage may be very remote or improbable, while the Delgado line looks skeptically at what a complaint may actually allege.  The Ledesma & Myer decision should end this duality.  Let’s hope that it will restore California’s leadership in requiring a defense even where the covered conduct is a peripheral or remote part of the claim against the insured.

Can The Insurance Industry Limit the Right to Independent Counsel?

A cornerstone of California law is that the duty to defend arises whenever the lawsuit against the insured seeks damages on any theory that, if proved, would be covered by the policy.  Indeed the duty to defend is so broad that it is excused only when “the third party complaint can by no conceivable theory raise a single issue which would bring it with the policy coverage.” (Montrose Chem. Corp. v. Superior Court (1993) 6 Cal 4th 287, 295 –applying law first set forth in Gray v. Zurich Ins. Co. (1966) 65 Cal 2d 263.)  It took almost fifty-one years of litigation for the courts to clarify the duty to defend, but with each new case, the Insurers will continue to contest both their duty to defend and if they must defend, whether independent counsel is required.

Back some forty-six years ago in Executive Aviation Inc. v. National Ins. Underwriters (1971) 16 Cal App 3d 799, 810, the appellate court recognized that “the insurer’s desire to exclusively control the defense must yield to its obligation to defend its policyholder” and pay for independent counsel under the facts of that case.  Where the insurer defends under reservations and appoints its panel defense counsel, such counsel may find himself or herself in conflict!  If counsel can favor his or her insurer client when developing evidence or undertaking defense strategy in a way to negate coverage, the courts have fashioned a remedy: the right to independent counsel paid for by the insurer.

The insurer must thus pay for independent counsel where the circumstances demonstrate a disqualifying conflict of interest. San Diego Navy Fed. Credit Union v Cumis Ins. Society (1984) 162 Cal App 3d 358, 364 and later Civil Code Section 2860 (a).  What conflicts create the disqualifying conflict of interest? Here are some examples:

  • The outcome of the coverage dispute can be affected by the manner in which the case is defended.
  • Several insureds are defendants and they have conflicting claims against each other.
  • The same attorney is representing the insurer in a DRA seeking to avoid coverage who the insurer appoints as defense counsel for the insured (!!—this was the circumstance in Executive Aviation).
  • The insurer seeks to settle the claim for more than policy limits exposing their insureds to the excess liability (!! a real case where that happened is Golden Eagle Ins. Co. v. Foremost Ins. Co. (1993) 20 Cal App 4th 1372, 1396)

The “paradigm cases” for disqualifying conflict include the one just cited Golden Eagle Ins. Co. v. Foremost and others, i.e., Long v. Century Indem. Co.  (2008) 163 Cal App 4th 1460, 1471, because the coverage issue in those cases rested on whether the insureds acted negligently or intentionally.  Under those circumstances, the appointed defense counsel could control the production of evidence to disfavor coverage.

There are two strong reasons the Insurers attack these decades of common law and statutory law, however: Cost and Control.  The insurers hope to 1) rein in the costs of litigation only paying their panel counsel negotiated below market bargain rates, and 2) dictate defense strategies to those cheaper counsel;  sometimes they succeed.

It is common for insurers to argue that their beleaguered insureds (who are fighting off underlying lawsuits) must also first prove the disqualifying circumstances to secure the benefits of unconflicted defense. In two recently reported cases, the insurer prevailed where the policyholders did not submit evidence supporting a potential conflict, and the insurers avoided any obligation to pay for independent counsel.  In both cases the insured simply failed to produce any evidence of actual potential conflict of interest. A review of these cases is instructive and demonstrate the pitfalls of over-reaching.

The insurer won a summary judgment affirmed on appeal in Centex Homes v. St. Paul Fire and Marine Ins. Co., 2018 Cal. App. LEXIS 45, just filed on January 22, 2018.  The Centex court determined that the insured did not “establish a triable issue of material fact” to show the St. Paul appointed panel defense counsel Mr. Lee could influence the outcome of the coverage dispute, so St. Paul did not have to pay for independent counsel.  Homeowners brought the underlying suit against Centex and others for damages from construction defects for which Centex may be strictly liable.  Centex tendered the suit for a defense, as an additional insured on its contractor’s policy issued by St. Paul.  There was active coverage litigation pending between St. Paul and Centex, but panel counsel Lee testified that St. Paul did not control what he did, and did not ask him to settle claims against the named insured (to leave Centex without coverage.) Further Lee did not represent St. Paul in the coverage lawsuit. Centex offered no contrary facts or other evidence tending to show any conflict.

The Centex opinion recites the applicable standards and accepted the evidence offered by St. Paul (Lee deposition testimony), and rejected the Centex argument that a potential conflict may arise without more detail as to what constitutes the actual conflict.  The Court was unimpressed with the Centex theoretical argument and its reliance on its legal briefing, and noted the absence of admissible evidence of any potential conflict.  The opinion contains an excellent overview of most of the law on these issues and demonstrates the pitfalls of relying on purely theoretical arguments to show potential conflicts.

In Illinois, another opinion confirmed the insured had no right to independent counsel in Bean Products, Inc. v. Scottsdale Ins. Co. filed January 22,2018, as case no 16 CH 7504. Again the policyholder lost a summary judgment motion by not submitting sufficient admissible evidence demonstrating the conflict and it was affirmed on appeal. A competitor brought a trademark and copyright infringement suit against the insured Bean, and Bean’s counsel Gauntlett & Associates (“G&A”) tendered it to Scottsdale for a defense. G&A was attempting to be Bean’s “independent counsel” but Scottsdale agreed to defend under a very limited reservation of rights (only denying coverage for punitive damages), appointed counsel, and contested any conflict. Scottsdale demanded cooperation and that G&A relinquish control of the defense.  G&A refused and instead argued for independent counsel rights, refused to provide documents requested (including with regard to settlement discussions with plaintiff and the insured’s evaluation of the merits of the suit.)

Despite the foregoing, Scottsdale’s appointed counsel managed to settle the case very economically for $30,000.  Bean then demanded Scottsdale pay G&A’s fees in the amount of just over half–$15,373.75.  Bean’s argument was that the appointed counsel was not as expert as G&A and that G&A did more to bring about the settlement. Under Illinois law, the allegations of the complaint determine the duty to defend, which includes the right to control the litigation.  The insured failed to show any actual conflict existed, however, that would somehow impair the defense Scottsdale was providing. Scottsdale declined coverage for punitive damages, but that did not create a conflict under Illinois law nor would it under California law.

The Bean opinion cited to cases where the facts presented an actual conflict: 1) the driver of the insured company was aligned with the plaintiff in the accident suit, whereas the insurer would seek to separate the driver from the insured company and 2) a builder was being sued for mold damage—the insured seeks to prove no liability but the insurer would be protected if the mold damage occurred before the policy inception regardless of the insured’s liability.

Bean was unable to submit any such conflict facts.  The court ultimately determined the insured voluntarily assumed the G&A bills, and had no right to secure reimbursement from Scottsdale.

Policyholders must pick their fights carefully.  Bad facts make for bad law and these most recent cases are great examples of coverage suits that should not have been litigated.

AIG Must Defend Additional Insureds

That it took an appellate court to order AIG’s Lexington Insurance to honor its additional insured obligations is a measure of how frequently insurers attempt to dodge this important contractual obligation. The case of McMillin Management Services v. Financial Pacific Insurance, et al., in the Fourth District of the California Court of Appeal, was decided just a few days ago, on November 14, 2017.  The Court reversed the trial court, finding that Lexington had to defend McMillin, a general contractor because of the construction defects potentially caused by the operations of the Lexington insureds, two subcontractors.

Lexington argued that since the homeowners’ claims arose after the subcontractors’ work was done, these claims could not have “arisen out of” the subcontractors’ on-going operations and fit into the exclusion for completed operations. However, the additional insured endorsements were not so limited, and provided coverage for liability arising out of such operations as damage may well have occurred during the construction operations.

McMillin had used a number of subcontractors to work on the subject development, two of whom, Martinez and Rozema, purchased insurance with Lexington and included additional insured endorsements. This may be the first published decision specifically construing such “arising out of” language, which commonly appears in such endorsements.  Although there was a completed operations exclusion, it was not clear when the alleged damages occurred, therefore there was a potential for a defense.

The appellate court relied on the holding of another decision that held the term “arising out of” in this context is to be broadly construed: “… it broadly links a factual situation with the event creating liability, and connotes only a minimal causal connection or incidental relationship.” Acceptance Ins. Co. v. Syufy Enterprises (1999) 69 Cal.App.4th 321, 328.

Lexington argued that McMillin could not have faced liability for the homeowners claims during its insureds’ operations (as there were no damages then—the project was just being built), but the appellate court noted “arising out of” is simply broader than “during.” This court concluded that: “The term “arising out of” in the endorsements granting McMillin coverage for ” ‘liability arising out of [Martinez’s or Rozema’s] ongoing operations,’ ” provides only that McMillin’s liability must be “linked,” through a “minimal causal connection or incidental relationship”…, with Martinez’s or Rozema’s ongoing operations.”  Since it was entirely possible that property damage occurred while the operations were on-going, there was a potential for coverage and a duty to defend.  In effect, the duty to defend continues until Lexington can establish with undisputed and conclusive facts that there were no damages until after the subcontractors’ work was completed.

This opinion establishes for developers and their counsel the importance of carefully reviewing additional insured endorsements to ensure the broadest possible protections against claims arising from the work of the subcontractors.

 

Travelers Fails to Pull a Rabbit out of its Hat and Must Defend its Insured

In a recent federal court decision out of Colorado, Travelers failed to convince the Court that it had no duty to defend its insured based on its IP exclusion (barring coverage for patent infringement claims).  Travelers’ subsidiary, Charter Oak, attempted to dodge coverage for its insured, Minute Key, Inc., under a liability policy.  Minute Key was sued by a competitor, Hillman Group, who claimed that Minute Key falsely accused Hillman of patent infringement, and in doing so sought to steal business from it.  There was no patent infringement claim against the insured!

The Charter Oak/Travelers policy provided “Personal and advertising injury” coverage.  Advertising injury was defined as “…injury, other than “personal injury,” caused by one or more of the following offenses: (1) oral or written publication … in your “advertisement” that “disparages a person’s or organization’s goods, products or services… .”  Likewise “Personal injury” was defined as “… Oral or written publication … that … disparages a person’s or organization’s goods, products or services… .”

The IP Exclusion states that the “insurance does not apply “Personal injury or advertising injury arising out of …Patent…[infringement]”.

The underlying lawsuit began as a declaratory judgment action where Hillman sought a declaration of non-infringement and invalidity under the Patent Act against Minute Key.  Then its suit was amended to add a claim of damages for product disparagement under the Lanham Act and state law.

So the coverage issue raised by Travelers was whether Hillman’s disparagement action’s genesis, in patent infringement allegations made by Minute Key against Hillman, brings the action into the exclusion.  Ordinarily, insurers (whose policies exclude coverage for patent infringement claims) deny coverage for patent infringement claims made against their insureds!

Thus, Travelers’ counsel took a creative leap on this one!  Even in Colorado, which applies the “four corners rule” determining duty to defend just on the allegations in the Complaint as against the Policy, it is evident Travelers had to defend.  This is because the duty to defend arises when the underlying complaint alleges any facts that might fall within coverage.  The district court readily decided in favor of the policyholder because while Travelers broad reading of its exclusion was “colorable,” it was not conclusive.  The coverage grant expressly included the obligation to defend the underlying claims of product disparagement—and coverage grants are to be applied broadly—Colorado law is to construe the duty to defend “liberally with a view toward affording the greatest possible protection to the insured.” (Thompson v. Maryland Cas. Co., 84 P. 3d 496, 502 (Col. 2004)).

The Court found the IP Exclusion ambiguous in the context of the facts of the case (which seems generous), but that ambiguity finding meant the Court was required to rule against Travelers.  Travelers’ effort to argue for a broad interpretation of its exclusion also runs counter to California law, which requires exclusions to be interpreted narrowly as they seek to limit coverage grants which are, in contrast, to be interpreted broadly.  This does not stop aggressive insurer counsel from continuing to flaunt the rules of interpretation—arguing the very opposite of what the rules of construction allow.

Two Court Rulings Show Coverage Difficulties for “Fake President” Fraud

A few weeks back, the Insurance Recovery report posted a blog about the difficulty obtaining insurance coverage for “fake president” fraud, which is also known as business e-mail compromise, or social engineering fraud.   Two courts have recently reached opposite holdings on this exact topic, which highlight the difficulty policyholders face when they have been victimized by Fake President Fraud.

The policyholder-favorable of those rulings came out of a New York District Court, where the judge found in favor of coverage for this type of fraud under a crime policy issued by Federal Insurance Company.  Medidata Solutions, Inc. v. Federal Ins. Co., Case No. 15-CV-907 (S.D.N.Y. July 21, 2017). Docket No. 32.  The case was typical of fake president fraud.  In 2014, a fraudster imitating the president of Medidata Solutions, Inc. directed an employee in the accounts payable department to wire money overseas for a company acquisition.  The e-mail included the president’s e-mail address and picture, and copied a fake attorney.  The employee performed some degree of due diligence, corresponding with the fake attorney by e-mail and phone before wiring the money.  However, that employee ultimately wired $4.8 million dollars to a fraudulent account.  Fortunately, the company discovered the fraud before a request to wire another $4.8 million was completed.  Medidata sought coverage under its Federal Insurance Company crime policy, but Federal denied the claim.  Medidata filed suit in February 2015.

The scope of coverage under the policy turned on a computer fraud provision in the crime policy that covered losses that occurred as a result of the “fraudulent entry” or changing of data in the policyholder’s computer system.”  The question then arose: was this a fraudulent entry?  Some courts had previously determined that fake president fraud does not result in a fraudulent entry or act because the company employee voluntarily makes those changes (although at the direction of a fraudulent actor).  Here, though, Judge Andrew Carter Jr. disagreed, holding that the entry was indeed fraudulent because the fraudster used a computer code to alter a series of email messages to make them appear as if they originated from the company’s president.   In that regard, Judge Carter followed the decision in Universal American Corp. v. National Union Fire Ins. Co. of Pittsburgh, Pa., which found such entries to be fraudulent because they violated the integrity of the computer system.  To Judge Carter, it seemed implausible that one would ever find coverage under the narrow view other courts have taken because it would require the fraudster to break into the computer system and wire the money.

But then yesterday, a Michigan District Court reached the exact opposite ruling in American Tooling Center Inc. v. Travelers Casualty and Surety Co., Case No. 5:16-cv-12108, 2017 U.S. Dist. LEXIS 120473 (E.D. Mich. Aug. 1, 2017).  There, the fraudster sent e-mails posing as a vendor of the Michigan-based company, asking to forward payments due under a contract between the parties.  The company sent the money, only to discover the money was lost forever.  American Tooling Center sought coverage under its Travelers’ crime policy because it constituted computer fraud, but Travelers denied the claim, arguing that there was not a “direct loss” that was “directly caused by” the use of a computer.

The relevant policy definition defined computer fraud as the use of “any computer” to “fraudulently cause” a “direct loss” by money transfer.  American Tooling and Travelers obviously disagreed about those terms, but the Judge found in favor of Travelers because the term “direct loss” was synonymous with the term immediate, and there were steps in between the fraudulent e-mails and the wiring of money.  In short, the Michigan court would require the exact thing – a fraudster hacking into the computer and sending the money directly – that the New York court found implausible.

What are the major takeaways from these rulings?  First, it is always critical to carefully review the language in insurance policies.  The American Tooling Center court distinguished the ruling in Medidata by contrasting the policy language because the Medidata policy did not include the term “direct loss” in its definition of fraud.  To many people, that would be a minor distinction.  But to the Michigan court it meant the difference between there being coverage or not.  We believe that the Medidata court had the proper holding, that the Michigan court should have followed suit, and that Judge Carter’s belief that a computer fraud coverage requirement that a fraudster perform a transfer for there to be coverage is too draconian. And because rulings on this subject have come down all over the place, policyholders that frequently conduct transfers via computer should consider contacting insurance professionals, be it an attorney to interpret the policy, or a broker to determine whether there might be a policy endorsement available specifically aimed at this type of event.

Renewal Notices Must Warn of Major Changes in Coverage

California Insurance Code §678 provides as to personal lines policies (such as homeowners, auto or personal liability): “(a) At least 45 days prior to policy expiration, an insurer shall deliver to the named insured…(1) an offer of renewal of the policy contingent upon payment of premium…stating…(A) Any reduction of limits or elimination of coverage…”

Insurance Code §675.5 makes the same law applicable to commercial policies issued for delivery to California insureds. Insurance Code §676.2(c)(1) provides as to policies of commercial insurance that upon renewal no reductions or changes in the conditions of coverage shall be effective unless a written notice is mailed at least 30 days before the effective date of the change, and such changes can only be made where there are specific reasons for the change (such as willful or grossly negligent acts by the insured or failure to institute loss control measures, or change in use materially adding to the risk).  These Insurance Code provisions protect insureds from surprise exclusions which materially reduce the coverage being renewed.

It is very common to find California Changes Endorsements on policies issued in California to reflect these legal requirements.  They are usually entitled:  “California Changes—Cancellation and Nonrenewal” followed by a promise to adhere to these time limits of Notice and other provisions of the Insurance Code regarding renewal or cancellation of the policy.

What if at renewal time, the insurer simply sends a general “Notice of Policy Conditional Renewal” which is a boiler plate Notice reserving the right to make any kind of change in terms, premium or deductibles?  Is that sufficient Notice to allow major reductions in coverage to be enforceable?  We think not.

The case law makes these contractual obligations to notify explicit.  The California Supreme Court has held that “no change may be made in the terms of the renewal policy without notice to the insured.”  (Industrial Indemnity Co. v. Industrial Accident Commission of California (1949) 34 Cal. 2d 500, 506.)  California law requires that when an insurance company changes, reduces, or limits the coverage or benefits of a policy upon renewal, the notice of such change must “be provided in a ‘plain, clear and conspicuous writing.’” (Everett v. State Farm General Ins. Co. (2008) 162 Cal. App. 4th 649, 663.)  To be conspicuous, the notice must be “displayed or presented” in a way that it would be “noticed” by a reasonable person.  (Broberg v. Guardian Life Ins. Co. of Am. (2009) 171 Cal. App. 4th 912, 922-23.)  Examples of conspicuous notice “includes . . . a heading in capitals . . . larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size . . ..”  (Id. at 923.)  Moreover, the notice of reduction in coverage must be “specific.”  (Davis v. United Services Auto Ass’n (1990) 223 Cal. App. 3d 1322, 1332.)  Thus, “a general admonition to read the policy for changes is insufficient.”  (Id.)  The failure to provide “adequate notice” renders the attempted reduction or limitation in coverage “ineffective.”  (Id. at 1333.)

A major reduction in coverage in the Renewal terms should be disclosed to the insured so that the insured has an opportunity to make an informed decision to renew with the same insurer or seek coverage elsewhere.  Certainly an insured must have a reasonable notice of the renewal terms, if the insurer plans a major reduction in coverage.  The failure of the insurer and/or the broker to disclose major reductions in coverage in the renewal terms, has serious consequences including making that surprise and deadly exclusion unenforceable. So buyer beware and be forewarned!  If you find your renewal policy has surprise holes in the coverage, you might consult coverage counsel as the insurance law may afford some remedies.

The Remedy for the New Cyber Threat Posing Major Coverage Problems: “Fake President” E-mails

In the last few weeks, we have seen yet another widespread ransomware attack that hit nearly one hundred companies around the world.  It reminded me of a recent request from a client, made just after news broke of the WannaCry ransomware attacks, to review its insurance portfolio to confirm that it was covered for ransomware attack.   The client had that coverage, but I noticed that there was a gaping hole in the policy for another type of common attack that goes by a variety of names – business e-mail compromise, social engineering fraud, and fake president fraud.  What is critical for companies to understand, and few do, is that they must purchase a specific endorsement to obtain this kind of coverage.

These types of attacks are as much identity fraud as they are a cyberattack.  In these kinds of cases, an impostor will pose as a high ranking executive at a company, and command a lower level employee via email to wire money to a client or vendor account.  The employee, so diligently trained to follow orders, will then complete the transaction, unwittingly transferring company funds into a fake account.  After all, what employee would question the company’s CEO, CFO, President, or other superior?

This crime poses significant challenges from a coverage perspective.  The act does not fit cleanly within the typical first party coverages included in cyber policies – it isn’t a data breach, in which information is stolen or compromised and needs to be repaired, and it isn’t a ransomware attack, in which a company has its business shut down.  These types of attacks also aren’t covered by modern crime policies because the action taken – the wiring of money by an employee – is voluntary.  There is no extortion, and no money is stolen.

Courts recently confronted with these situations have routinely denied coverage.  One example can be seen in Aqua Star (USA) Corp. v. Travelers Cas. & Sur. Co. of Am., No. C14-1368RSL, 2016 U.S. Dist. LEXIS 88985 (W.D. Wash. July 8, 2016).  There, a hacker impersonating a vendor of the policyholder directed an employee to change the bank account for future payments to that vendor.  The employee dutifully did so, and the policyholder lost over $700,000 when money was wired to the fraudster’s account.  The crime policy covered computer fraud, but contained an exclusion for “loss resulting directly or indirectly from the input of Electronic Data by a natural person having the authority to enter the Insured’s Computer System.”  Travelers denied coverage because the employee had authorization to input the new bank information to the account, and the District Court agreed, finding that the loss – the transfer of money to the new account – indirectly resulted from the inputting of the new bank information.

In Taylor & Lieberman v. Fed. Ins. Co., 2017 U.S. App. LEXIS 4205 (9th Cir. Mar. 9, 2017), the Ninth Circuit was faced with a similar situation.  There, an accounting firm handled payments and transfers for its clients.  An impostor took control of a client’s e-mail account and sent multiple wire payment instructions to the accounting firm.  The employee wired the money, and did not discover the fraud until the third request to wire money.  The accounting firm sought coverage under its crime policy, which provided coverage for “direct loss sustained by an Insured.”  The Court denied coverage because it determined the accounting firm was seeking recovery for third party losses – those of its clients – and not its own.  That the company might have to indemnify that client for the fraudulent payments was immaterial.

Fortunately, not all cases end with an insurer victory.  But the uncertainty of these results begs the question: how do you insure for these attacks?  The answer is a policy endorsement targeted at these types of attacks.  It is usually added to a company’s crime policy, and will include language such as “the Company will reimburse the Insured for Loss sustained by the Insured Person as a direct or indirect result of Business E-mail Compromise.”  The Policy will then define Business E-mail Compromise, and within that definition it should include reference to coverage for voluntary actions of the insured (who is wiring money under false pretenses).  The policy limits for these endorsements tend to be lower than the policy it is attached to, but any coverage an insured can obtain for this kind of fraud is better than none.

There are a few important takeaways on this issue.  First, check your insurance policies for language that may suggest coverage in this area, and read the language closely.  You will want to make sure your company is covered when money is sent by employees as a result of fraud.  If you do not see such language, ask your broker to get you options to add this endorsement to one of your policies.  Second, confirm that the policy endorsement you obtain is broad enough to subsume the acts you are seeking to cover.  The worst case scenario would be purchasing an endorsement that fails to cover the fraudulent actions for which you are hoping to obtain insurance.  Finally, train your employees for these types of situations.  A simple 30 minute training on how to identify tells that reveal these schemes may help your company avoid hundreds of thousands of dollars in losses by avoiding this situation altogether.

Ninth Circuit Reaffirms Policyholder Right to Sue Recalcitrant Excess Insurer

A new opinion published on March 21, 2017 from the Ninth Circuit (Teleflex Medical Inc. v National Union, Case no 14-56366 ) affirmed a $6+ M judgment against AIG subsidiary National Union, who was excess a primary policy issued by CNA.  This is an excellent result for policyholders, and a warning to recalcitrant excess insurers.

The Insured purchased two insurance policies that covered disparagement claims – a primary policy issued by CNA, and an excess policy issued by National Union.  The Insured was defended by CNA in an underlying lawsuit, and the Insured and primary insurer kept National Union informed throughout the litigation.  The underlying lawsuit finally developed to the point settlement was advisable, and the claimant, Insured, and CNA all agreed to a settlement that would require about $3.75 million from the $14 million National Union excess policy.

National Union not only refused to consent to the settlement – which, of course, the Insured, claimant and CNA all agreed to make—but also refused to undertake the defense of the Insured.  The court found the Insured was entitled to sue National Union for breach of contract and bad faith and was entitled to the rebuttable presumption that the settlement was reasonable because National Union failed to undertake the defense when it refused to consent to the settlement.  Under the decision in Diamond Heights HOA v National Am. Ins. Co. 227 Cal. App. 3d. (1991), the Court held an excess insurer only has three choices in that context: 1) approve the settlement; 2) reject it and take over the defense, or 3) reject it and decline to defend, but face a potential lawsuit by the insured seeking contribution and bad faith damages. The Diamond Heights court also found an excess insurer who rejects a settlement and refuses to defend thereby waives of the “no action” (and “voluntary payments”) clauses in their contracts.

Since National Union refused to undertake the defense—i.e., breached the contract and violated the Insured’s rights under the implied covenant of good faith and fair dealing—it was vulnerable to this later suit brought by the Insureds.  That case went to trial and the jury found the settlement reasonable and National Union liable for breach of contract and bad faith—the ultimate judgment exceeded $6 million.  The Ninth Circuit decision, which affirmed the trial court, contains an excellent discussion of the public policy behind the Diamond Heights decision, and later decisions applying it post-WallerWaller v. Truck Ins. Exchange, 11 Cal 4th 1 (1995) held that an insurance company does not waive coverage defenses it fails to mention in its correspondence with the insured—and in its decision did not address the Diamond Heights decision.

National Union argued the Waller Supreme Court decision – which held that an insurer does not waive coverage defenses if not in their coverage letters – somehow overruled Diamond Heights.  This argument was soundly rejected by the trial court and Ninth Circuit.  Among the arguments National Union made were that the Insured should have had to prove waiver of the “no action” and “voluntary payments” clauses by clear and convincing evidence –not by a preponderance of the evidence!  This argument was also soundly rejected by the Ninth Circuit.  Of course, as all insurers will do, National Union also argued for a “genuine dispute” instruction—which the Ninth Circuit also rejected for good reason –not only because it really does not apply in the context of a liability policy, but also because it is subsumed in the standard CACI instruction.  The jury had to determine the settlement was reasonable as part of that instruction.  The opinion makes for good reading because it lays out the extreme arguments National Union made before a jury (who fortunately did not buy any of them).  The opinion also affirms the insured’s recovery of Brandt fees, and that the trial court reasonably apportioned only 10% of the fees to the bad faith claims thus allowing a 90% recovery!

LexBlog