Summary
affirming the application of a concurrent-causation exclusion in State Bank of Bellingham v. BancInsure, Inc., 2014 WL 4829184 (D. Minn. 2014)
Summary of this case from Lang Fur Farms, Inc. v. Bird Island-Hawk Creek Mut. Ins. Co.Opinion
No. 14–3432.
05-20-2016
Joseph Arthur Nilan, argued, Joseph Arthur Nilan, Mark J. Johnson, Thomas James Power, on the brief, Minneapolis, MN, for Defendant–Appellant. Jonathan Millea Bye, argued, Jonathan Millea Bye, Bryan R. Freeman, on the brief, Minneapolis, MN, for Plaintiff–Appellee.
Joseph Arthur Nilan, argued, Joseph Arthur Nilan, Mark J. Johnson, Thomas James Power, on the brief, Minneapolis, MN, for Defendant–Appellant.
Jonathan Millea Bye, argued, Jonathan Millea Bye, Bryan R. Freeman, on the brief, Minneapolis, MN, for Plaintiff–Appellee.
Before RILEY, Chief Judge, SMITH and SHEPHERD, Circuit Judges.
SHEPHERD, Circuit Judge.
A computer at the State Bank of Bellingham (Bellingham) became infected with malware, allowing a criminal third party to transfer $485,000 from Bellingham to a foreign bank account. Bellingham sought coverage for the loss under its Financial Institution Bond (Bond) issued by BancInsure, Inc. (BancInsure). BancInsure denied coverage based on exclusions in the Bond. Bellingham filed this action, claiming breach of contract. The district court granted summary judgment in favor of Bellingham, and BancInsure appeals. We affirm.
The Honorable Susan Richard Nelson, United States District Judge for the District of Minnesota.
I.
Bellingham, a Minnesota state bank with five employees, used the Federal Reserve's FedLine Advantage Plus system (FedLine) to make wire transfers. Wire transfers were made through a desktop computer connected to a Virtual Private Network device provided by the Federal Reserve. In order to complete a wire transfer via FedLine, two Bellingham employees had to enter their individual user names, insert individual physical tokens into the computer, and type in individual passwords and passphrases.
On October 27, 2011, Sharon Kirchberg, a Bellingham employee, completed a FedLine wire transfer. She completed the transaction using her token, password, and passphrase as well as the token, password, and passphrase of a second employee. At the end of the work day, Kirchberg left the two tokens in the computer and left the computer running. When she arrived at work the next day, she discovered that two unauthorized wire transfers had been made from Bellingham's Federal Reserve account to two different banks in Poland. Kirchberg was unable to reverse the transfers through the FedLine system. Kirchberg immediately contacted the Federal Reserve and requested reversal of the transfers, but the Federal Reserve refused. The Federal Reserve, however, did contact intermediary institutions to inform them that the transfers were fraudulent, and one of the intermediary institutions was able to reverse one of the transfers. The other fraudulent transfer was not recovered.
In 2010, BancInsure, an Oklahoma company, sold a financial institution bond to Bellingham, which provided coverage for losses caused by such things as employee dishonesty and forgery as well as computer system fraud. On the day of the fraudulent transfer, Bellingham notified BancInsure of the loss and provided a copy of the transaction details of the two transfers. After an investigation, it was determined that a “Zeus Trojan horse” virus had infected the computer and permitted access to the computer for the fraudulent transfers. After its investigation, BancInsure determined the loss was not covered due to certain exclusions in the Bond. Specifically, BancInsure claimed the loss was not covered based on employee-caused loss exclusions in sections 2(h) and 2(bb)(17), exclusions for theft of confidential information in section 2(bb)(4), and exclusions for mechanical breakdown or deterioration of a computer system in section 2(bb)(12).
Under Insuring Agreement (H) of the Bond, BancInsure agreed to indemnify Bellingham for:
Loss resulting directly from a fraudulent
(1) entry of Electronic Data or Computer Program into, or
(2) change of Electronic Data or Computer Program within
any Computer System operated by the Insured, whether owned or leased, or any Computer System identified in the application for this Bond, or a Computer System first used by the Insured during the Bond Period, provided the entry or change causes
(1) property to be transferred, paid or delivered,
(2) an account of the Insured or of its customer to be added, deleted, debited or credited, or
(3) an unauthorized account or fictitious account to be debited or credited.
In this Insuring Agreement (H), fraudulent entry or change shall include such entry or change made by an employee of the Insured acting in good faith
(1) on an instruction from a software contractor who has a written agreement with the Insured to design, implement or service programs for a Computer System covered by this Insuring Agreement (H), or
(2) on an instruction transmitted by Tested telex or similar means of Tested communication identified in the application for this Bond purportedly sent by a customer, financial institution, or automated clearing house.
BancInsure cites the following sections of the Exclusions clause of the Bond as applicable to the facts here:
This Bond does not cover
....
(h) loss caused by an Employee, except when covered under Insuring Agreement (a) or when covered under Insuring Agreement (B), (C), or (R) and resulting directly from misplacement, mysterious unexplainable disappearance or destruction of or damage to Property;
....
(bb) under Insuring Agreement[ ](H) ..., in addition to all of the other Exclusions
....
(4) loss resulting directly or indirectly from theft of confidential information,
....
(12) loss resulting directly or indirectly from
(a) mechanical failure, faulty construction, error in design, latent defect, fire, wear or tear, gradual deterioration, electrical disturbance or electrical surge which affects a Computer System,
(b) failure or breakdown of electronic data processing media, or
(c) error or omission in programming or processing,
....
(17) loss caused by a director or Employee of the Insured or by a person in collusion with any director or Employee of the Insured ... except when the loss is caused by an Employee and covered under Insuring Agreement (L) or (M)....
Bellingham initiated this diversity action in federal court, alleging BancInsure breached the contract when it denied coverage under the Bond. BancInsure counterclaimed. In its counterclaim, BancInsure (1) sought a declaratory judgment that it owes no duty under the Bond to provide coverage, (2) claimed Bellingham breached the contract when it failed to provide a complete and accurate Proof of Loss and failed to cooperate with BancInsure, and (3) claimed that Bellingham engaged in malicious prosecution when it complained about BancInsure's actions to the Minnesota Department of Commerce.
Both parties moved for summary judgment. The district court granted summary judgment to Bellingham on its breach of contract claim. The district court held “that the computer systems fraud was the efficient and proximate cause of [Bellingham's] loss,” and “neither the employees' violations of policies and practices (no matter how numerous), the taking of confidential passwords, nor the failure to update the computer's antivirus software was the efficient and proximate cause of [Bellingham's] loss.” (Order at 39.) Further, the district court held “it was not then a ‘foreseeable and natural consequence’ that a hacker would make a fraudulent wire transfer. Thus even if those circumstances ‘played an essential role’ in the loss, they were not ‘independent and efficient causes' of the loss.” (Order at 39.) The district court awarded Bellingham $620,187.36, which included prejudgment interest. It denied summary judgment to BancInsure on its counterclaims for breach of contract and malicious prosecution. The court also awarded attorneys' fees to Bellingham based on the denial of summary judgment on the malicious prosecution claim.
BancInsure appeals, challenging only the district court's grant of summary judgment on Bellingham's breach of contract claim.
II.
We review the district court's grant of summary judgment de novo, viewing the record and drawing all reasonable inferences in the light most favorable to the nonmoving party. Shrable v. Eaton Corp., 695 F.3d 768, 770 (8th Cir.2012). Summary judgment is appropriate if “there is no genuine dispute as to any material fact and the movant is entitled to judgment as a matter of law.” Fed.R.Civ.P. 56(a).
BancInsure challenges the district court's application of Minnesota's concurrent-causation doctrine in this circumstance. First, BancInsure argues the concurrent-causation doctrine does not apply to financial institution bonds. Second, assuming the concurrent-causation doctrine does apply, BancInsure claims that the parties here contracted around the doctrine in the language of this Bond. Finally, BancInsure argues the district court erred in determining that the fraudulent conduct of hacking into the computer system was the efficient and proximate cause of the loss.
A.
In this diversity action, both parties agree that Minnesota law governs the interpretation of the Bond. Concerning insurance contracts, Minnesota has adopted the concurrent-causation doctrine, which directs that “[a]n insured is entitled to recover from an insurer when cause of the loss is not excluded under the policy. This is true even though an excluded cause may also have contributed to the loss.” Campbell v. Ins. Serv. Agency, 424 N.W.2d 785, 789 (Minn.Ct.App.1988) (citing Henning Nelson Const. Co. v. Fireman's Fund Am. Life Ins. Co., 383 N.W.2d 645, 653 (Minn.1986) ; Fawcett House, Inc. v. Great Cent. Ins. Co., 280 Minn. 325, 159 N.W.2d 268, 270 (1968) ; Anderson v. Connecticut Fire Ins. Co., 231 Minn. 469, 43 N.W.2d 807, 812 (1950) ).
BancInsure insists that despite the general applicability of the concurrent-causation doctrine to Minnesota insurance contracts, the doctrine is not similarly applicable to financial institution bonds because a financial institution bond requires the insured to initially show that its loss directly and immediately resulted from dishonest, criminal, or malicious conduct. This, BancInsure argues, is a higher standard of proof than that provided for under the concurrent-causation doctrine. Further, according to BancInsure, if courts allow the concurrent-causation doctrine to be applied to financial institution bonds, it would be impossible for an insurer to show a financial institution bond's exclusions were the overriding cause of the loss.
Minnesota generally treats financial institution bonds as insurance policies. See Alerus Fin. Nat'l Ass'n v. St. Paul Mercury Ins. Co., No. A11–680, 2012 WL 254484 at *2 (Minn.Ct.App. Jan. 30, 2012) (unpublished) (“Courts have treated [financial institution bonds] as insurance policies, applying general rules of contract construction to derive their meaning.”); see also In re Guardianship of Hampton, 359 N.W.2d 740, 743 (Minn.Ct.App.1984) (explaining that fidelity bonds issued by bonding companies “are now regarded as insurance policies, in substance, and are governed for the most part by insurance law rather than suretyship law”), aff'd in part and rev'd in part, 374 N.W.2d 264 (Minn.1985). No Minnesota case precludes application of the concurrent-causation doctrine to financial institution bonds. We find that Minnesota courts would adhere to the general rule of treating financial institution bonds as insurance polices and interpreting those bonds in accordance with the principles of insurance law. See Friedberg v. Chubb & Son, Inc., 691 F.3d 948, 951 (8th Cir.2012) (holding that where there are no cases on point, we “must predict how the Supreme Court of Minnesota would rule”). Furthermore, we reject BancInsure's argument that the Bond imposes a higher standard-of-proof than the concurrent-causation doctrine. Bellingham still had to show that its loss was directly caused by the fraudulent transfer, and the application of the concurrent-causation doctrine did not interfere with that requirement.
B.
Next, we reject BancInsure's argument that the parties successfully drafted around the concurrent-causation doctrine in the Bond. BancInsure argues that the language in Bond exclusions 2(bb)(4) and 2(bb)(12) contracted around the concurrent-causation doctrine because those exclusions also apply to “indirect” causation. Parties may include “anti-concurrent causation” language in contracts to prevent the application of the concurrent-causation doctrine; however, in those cases where courts have found the contract contains an anti-concurrent causation clause, the language used is clear and specific. See Ken Johnson Props., LLC v. Harleysville Worcester Summary Ins. Co., No. 12–1582, 2013 WL 5487444, at *12 (D.Minn. Sept. 30, 2013) (recognizing language that an exclusion applies “regardless of any other cause or event that contributes concurrently or in any sequence to the loss” constitutes an adequate “anti-concurrent causation” provision and “evidences the parties' intent to contract around the concurrent causation doctrine”). As a matter of law, the Bond's reference to “indirectly” is not a sufficient invocation of the “anti-concurrent causation” provision, and thus the Bond at issue in this matter does not contain such a provision.
C.
Finally, BancInsure argues that even if the district court was correct to apply the concurrent-causation doctrine to the Bond, it erred in concluding that the fraudulent hacking of the computer system by a criminal third party was the overriding, or efficient and proximate, cause of the loss. Instead, BancInsure contends the district court should have left that question to the jury.
BancInsure also argues the covered conduct could not have independently occurred absent the excluded conduct of the Bellingham employees' intentional and reckless disregard of Bellingham and Federal Reserve policies. Thus, because there are not two independent events, BancInsure argues the concurrent-causation doctrine cannot apply to this circumstance. BancInsure relies upon dicta in Bolin v. Hartford Life & Acc. Ins. Co., 28 F.Supp.3d 915, 919 n. 4 (D.Minn.2014), to support its argument. Bolin, however, cites Minnesota cases that concern Minnesota's “divisible, concurrent-cause doctrine,” which is not the same as the concurrent-causation doctrine at issue here, and this argument therefore is not relevant to this case.
--------
We reviewed Minnesota's concurrent-causation doctrine in Friedberg, 691 F.3d at 951–53. The Friedbergs built their house in 1989. Id. at 950. In 2006, they discovered extensive water damage to the house, and a subsequent investigation determined that defective construction of the home had allowed water to enter the home and cause the damage to accumulate over the course of several years. Id. The Friedbergs claimed their policy covered “the water damage to their home because the loss resulted from the combination of both faulty construction and the presence of water.” Id. at 951. The policy contained an exclusion for losses caused by faulty construction. Id. at 950–51. After examining Minnesota cases applying the concurrent-causation doctrine, we explained
where an excluded peril “contributed to the loss,” an insured may recover if a covered peril is ... “the efficient and proximate cause” of the loss. Conversely, it follows that if an excluded peril is the efficient and proximate cause of the loss, then coverage is excluded. An “efficient and proximate cause,” in other words, is an “overriding cause.”
Id. at 952. We reasoned that “[a]lthough water intrusion played an essential role in the damage to the Friedbergs' house,” “[o]nce the house was plagued with faulty construction, it was a foreseeable and natural consequence that water would enter.” Id. Applying Minnesota's concurrent-causation doctrine, we held that the policy did not cover the Friedbergs' loss. Id. at 952–53.
We agree with the district court's conclusion that “the efficient and proximate cause” of the loss in this situation was the illegal transfer of the money and not the employees' violations of policies and procedures. In Friedberg, the district court noted that based on “the climate of Minnesota, water infiltration is certain when not prevented by proper construction,” and therefore the water damage to the Friedberg's home was “the inevitable physical loss.” Friedberg v. Chubb & Son, Inc., 832 F.Supp.2d 1049, 1058 (D.Minn.2011). Unlike the water damage in Friedberg, an illegal wire transfer is not a “foreseeable and natural consequence” of the bank employees' failure to follow proper computer security policies, procedures, and protocols. Even if the employees' negligent actions “played an essential role” in the loss and those actions created a risk of intrusion into Bellingham's computer system by a malicious and larcenous virus, the intrusion and the ensuing loss of bank funds was not “certain” or “inevitable.” The “overriding cause” of the loss Bellingham suffered remains the criminal activity of a third party. Therefore, the district court properly granted summary judgment to Bellingham.
III.
Accordingly, we affirm.