11th Cir./IT Crime Policy

Email Scheme Losses Covered Despite Assertions That “Fraudulent Instructions” Didn’t Directly Cause Loss

In December 2019, the Eleventh Circuit Court of Appeals, applying Georgia law, affirmed a decision by the U.S. District Court for the Northern District of Georgia, which granted summary judgment to Principle Solutions Group L.L.C. (“PSG”), an information technology company.  The Eleventh Circuit held that Ironshore Indemnity, Inc.’s (“Ironshore”) commercial crime policy must cover PSG’s $1.7 million loss due to a fraudulent email scam.

The loss resulted from a fraudulent email-based theft scheme initiated by a still unknown perpetrator who wrote a series of emails to an employee at PSG, purporting to be one of the executives of PSG.  The series of communications instructed the employee of PSG to wire the money to an overseas bank.  The Ironshore commercial crime policy provided coverage for a variety of fraudulent and criminal acts, including computer and funds transfer fraud.  The policy covered those losses resulting directly from a “fraudulent instruction,” which was defined as a computer, phone, or other instruction purporting to have been issued by a company employee.

Ironshore denied payment of the claim, resulting in PSG suing Ironshore for breach of contract and bad faith. The District Court ruled in PSG’s favor.

Ironshore appealed to the Eleventh Circuit, arguing (1) none of the communications between the employee and the imposter met all of the requirements of the policy’s definition of “fraudulent instruction, and (2) even if the emails did qualify as “fraudulent instructions,” the email messages didn’t directly cause PSG’s loss.

The majority of the Eleventh Circuit disagreed with Ironshore and upheld the District Court’s opinion.  It concluded that the commercial crime insurance policy “unambiguously” covered PSG’s claim.  The Eleventh Circuit said it didn’t need to look any further than the fraudulent initial email to find “fraudulent instruction.”  The Eleventh Circuit said that, even though the initial email needed additional details before the court could construe it as “directing” a wire transfer, it found the contents of the initial email significant, pointing out that the initial email included the amount of the wire transfer, the recipient bank, and the purported beneficiary of the transfer.

Ironshore also claimed that intervening events between the initial email and the wire transfer broke the chain of causation, arguing the email did not directly cause PSG’s loss.  The Eleventh Circuit also rejected that argument, pointing out that, under Georgia law, the phrase “resulting directly from,” is synonymous with “proximate causation,” which does not require an “immediate link” between an event and a loss, as Ironshore argued.  Furthermore, pursuant to Georgia law, proximate cause encompasses “all of the natural and probable consequences” of an action, unless there is a “sufficient and independent intervening cause.”  The Eleventh Circuit found that the employee’s additional communications with the imposter and conversations with PSG’s bank were the “natural and probable consequences” of the initial email.

Judge Gerald Tjoflat authored a lengthy dissenting opinion, arguing that there were several intervening events that occurred between the initial email from the imposter and the actual wire transfer that “arguably short-circuited” the chain of causation.  Judge Tjoflat opined that the case should have been sent to a jury to decide if the initial email was the proximate cause of PSG’s loss.  Principle Solutions Group, LLC v. Ironshore Indem., Inc., No. 17-11703 (11th Cir. Dec. 9, 2019).