CLOSE X
RSS Feed LinkedIn Instagram Twitter Facebook
Search:
FMG Law Blog Line

Posts Tagged ‘Wire Transfer’

The Sixth Circuit Finds Coverage For Fraudulent Wire Transfer Under Crime Policy

Posted on: September 12th, 2018

By: Allen Sattler

Business email compromise (“BEC”) claims consist of incidents where cyber criminals access or use a company’s email system to commit a crime, usually for financial gain and often including the use of trickery to convince an employee to wire transfer corporate funds to the criminal’s account.  According to statistics reported by the FBI,  BEC claims are on the rise, especially in the last three years.  In 2016, there was a 2,370% increase in email account compromise attacks, involving losses of nearly $346 million, and the frequency of BEC claims continues to rise.

Several insurers offer coverage for BEC claims, including for losses sustained as the result of fraudulent wire transfer.  In American Tooling Center, Inc. v. Travelers Casualty and Surety Co. of Am., 5:16-cv-12108 (6th Cir 2018), the Sixth Circuit became the latest federal appeals court to interpret an insurance policy that included coverage for fraudulent wire transfers.  In a decision dated July 13, 2018, the Sixth Circuit ruled that the crime policy provides coverage for the loss incurred by the insured.

American Tooling Center (“ATC”), a Michigan manufacturer in the automobile industry, hired a Chinese company to manufacture stamp dies.  To receive payment for its work, the Chinese company would send invoices to ATC, and ATC would route payment to its vendor via wire transfer.  In 2015, a person outside the company intercepted an email from ATC to its vendor.  That person impersonated an employee of the vendor and told ATC that because of an audit, ATC should wire transfer payment on its outstanding invoices to a different bank account.  ATC complied with the instructions and wired over $800,000 to the thief’s bank account.  The thief was never identified, and the money was not recovered.

ATC made a claim to its insurer pursuant to a “Computer Fraud” provision of its crime policy to recover the money lost.  The insurer denied coverage, arguing that ATC did not suffer a loss until it eventually paid the outstanding invoices to the Chinese vendors, and that ATC therefore did not suffer a “direct loss” as required by the policy wording.  The insurer also argued that the acts by ATC in changing the bank account information without verification constituted intervening acts that break the chain of causation.  The Sixth Circuit disagreed, holding that ATC immediately lost the money when it wired the money to the thief, and that the thief’s instructions to ATC directly caused the loss.  The Court also rejected an argument by the insurer that the policy required that the thief first gain access to ATC’s computer systems prior to triggering coverage, and that here, the thief did not hack into the email system to commit the fraud.  The Court ruled that the policy language was not so limited.

The insurer sought reconsideration of the ruling, which the Sixth Circuit recently denied.

If you have any questions or would like more information, please contact Allen Sattler at [email protected].

Wire Fraud. Who Bears the Risk?

Posted on: November 2nd, 2017

By: Allison S. Hyatt

Wire fraud is on the rise in recent years. Finding out that escrow funds were mistakenly wired into the wrong hands is every broker, banker, consumer or escrow agent’s worst nightmare. Article 4A of the Uniform Commercial Code governs wire transfers and the unique issues raised by this method of payment commonly used in commercial transactions. The purpose of Article 4A was to define precise and detailed rules to assign responsibility, allocate risks, and establish limits on liability with respect to the complex claims that may result when a wire transfer goes awry. Critical consideration was given with respect to each party’s need to predict risk with certainty, insure that risk, adjust operational and security procedures, and to price wire transfer services appropriately, especially given the substantial amounts of money commonly involved in these transactions.

One of the liabilities balanced by Article 4A is the risk that a third party will steal a customer’s identity and issue a fraudulent payment order to the bank. Usually the bank bears the risk for unauthorized wire transfers. However, in a real estate transaction, whether the bank, broker, or escrow agent employed commercially reasonable security procedures in the transaction may shift this liability. For instance, as the Eighth Circuit found in Choice Escrow & Land Title, LLC v. BancorpSouth Bank, if a bank’s security procedures are commercially reasonable and it complies with those procedures along with its customer’s wiring instructions, the loss of funds resulting from an unauthorized wire transfer will fall on the customer if the bank is found to have accepted the fraudulent payment order in good faith. 754 F.3d 611, 625 (8th Cir. 2014).

In Choice Escrow, an employee of the escrow company fell prey to a phishing scam causing the company to contract a computer virus that led to a series of fraudulent transactions. 754 F.3d at 615. Choice Escrow maintained a trust account with BankcorpSouth. The bank received a request for a wire transfer of $440,000.00 from Choice Escrow’s trust account via the bank’s internet wire transfer system. Because the request was made using Choice’s User ID and Password, the bank approved the fraudulent transfer request even though the account lacked sufficient funds to cover the transfer. Id. at 616.

In its analysis, the Eighth Circuit evaluated BankcorpSouth’s security procedures, which provided its customers with four different security measures. Choice Escrow had declined two of these measures. 754 F.3d at 617-622. Looking to a recommendation report published by the Federal Financial Institutions Examination Council (FFIEC), the court found that BankcorpSouth’s security procedures complied with the FFIEC’s guidance. In addition, the bank had also expanded its security procedures to address security threats that arose after the report was issued. Taking these factors into consideration, the court found that BankcorpSouth’s security procedures were commercially reasonable. Id.

Next, the court analyzed whether BankcorpSouth acted in good faith, finding that “[w]here, as here, a bank’s security procedures do not depend on the judgment or discretion of its employees, the scope of the good-faith inquiry under Article 4A is correspondingly narrow.” 754 F.3d at 623. The court reasoned that because the bank had promptly executed a payment order that had cleared the bank’s commercially reasonable security procedures and the bank had no independent reason to suspect the order was fraudulent, the bank met its burden of establishing it had acted in good faith. Id. at 624. Thus, Choice Escrow was left liable for its customer’s loss. The fact that the escrow company had declined two of the security procedures offered by the bank appears to have been a significant factor in the court’s reasoning.

The lesson to glean from the Choice Escrow opinion is that to protect against liability, escrow companies, brokers, and other parties involved in commercial transactions, should all continually assess the commercial reasonableness of their security measures, which may include: 1) the use of email accounts that require additional forms of authentication; 2) the use of digital signatures for messages; 3) the use of encryption to communicate with clients; and 4) the frequency of password changes, among others. In addition, if a breach occurs resulting in an unauthorized wire transfer, courts will likely evaluate the reasonableness of the company’s wiring procedures, including steps taken to review wiring instructions to verify their authenticity. Strict adherence to commercially reasonable security measures is key.

If you have any questions or would like additional information, please contact Allison S. Hyatt at [email protected] or (916) 472-3302.