D&O Insurance and the “Capacity” Exclusion

Back in the 80s and 90s, during the environmental insurance coverage wars, each side (insurance companies and policyholders) frequently accused the other of trying to insert imaginary language into insurance policies after losses had happened. Many lawyers put their kids through college arguing about the meaning of the words “sudden” and “accidental,” for example, in the standard-form pollution exclusion.

Both sides were fond of quoting from “Alice in Wonderland” in their legal briefs, and particularly this passage:  “’When I use a word,’ Humpty Dumpty said, in rather a scornful tone, ‘it means just what I choose it to mean—neither more nor less.’ ‘The question is,’ said Alice, ‘whether you can make words mean so many different things.’ ‘The question is,’ said Humpty Dumpty, ‘which is to be master—that’s all.’”

It eventually got to the point where we all declared a moratorium, by agreement, on any future Lewis Carroll references.

I still occasionally quote Lewis Carroll in briefs, though, when insurance companies seem to be engaging in “post-loss underwriting.” I see that pretty often these days in computer fraud claims (where insurance companies argue that their policies required an actual “hack” into their policyholder’s computer systems, even though the policy says nothing of the sort). But you can find post-loss underwriting creeping through many types of coverage disputes, and I often wonder where the insurance industry would be if defense-friendly judges stopped letting carriers get away with it.

In a recent Delaware case, for example, the Court essentially decided to rewrite an exclusion in a Directors & Officers Liability Policy to create a restrictive test as to whether coverage would be provided.

Before I go further, let me discuss what D&O coverage is supposed to do.  This is what the website of a major carrier (The Hartford) says, for example: “Directors and officers (D&O) liability insurance protects the personal assets of corporate directors and officers, and their spouses, in the event they are personally sued by employees, vendors, competitors, investors, customers, or other parties, for actual or alleged wrongful acts in managing a company.  The insurance, which usually protects the company as well, covers legal fees, settlements, and other costs. D&O insurance is the financial backing for a standard indemnification provision, which holds officers harmless for losses due to their role in the company. Many officers and directors will want a company to provide both indemnification and D&O insurance.”

The Hartford website gives many examples of the types of claims for which coverage is supposedly provided, including breach of fiduciary duty resulting in financial losses or bankruptcy; misrepresentation of company assets; misuse of company funds; fraud; failure to comply with workplace laws; theft of intellectual property and poaching of competitor’s customers; and lack of corporate governance.

Anyway, that’s what the people selling this type of insurance generally say.  The people handling claims often have a different point of view, and they sometimes find kindred spirits in the judiciary.

Goggin v. National Union (which you can read here), for example, involved two former directors (Goggin and Goodwin) of a bankrupt entity called U.S. Coal Corporation.  During their terms as U.S. Coal investors and directors, Goggin and Goodwin tried to reinvigorate US Coal through debt purchase and other capital restructuring, in part by forming two investment vehicles, called the ECM Entities.

The reinvigoration efforts didn’t work, and the Bankruptcy Trustee later alleged that Goggin  and Goodwin had engaged in self-dealing with respect to the ECM Entities, diverting assets for personal gain.  For purposes of D&O insurance, the key point to remember here is that Goggin and Goodwin formed the ECM Entities while acting as directors of U.S. Coal, ostensibly in an effort to help resuscitate U.S. Coal.

Goggin and Goodwin duly submitted the claim to National Union, their D & O carrier, requesting a defense.

National Union denied coverage, relying on a so-called “capacity” exclusion.  The exclusion removes coverage for claims “alleging, arising out of, based upon or attributable to any actual or alleged act or omission of an Individual Insured serving in any capacity, other than as an Executive or Employee of a Company, or as an Outside Entity Executive of an Outside Entity.”  (Emphasis mine.) Since Goggin and Goodwin supposedly formed the ECM Entities as part of U.S. Coal’s recovery efforts, while serving as executives of U.S. Coal, the exclusion seems to be irrelevant, right?  Wrong.

Notice that the words “but for” are nowhere to be found in this exclusion. Undeterred, the Court decided that it would employ a “‘but-for’ test to determine if a claim ‘arises out of’ a manufacturer’s product in a product liability suit.” Of course, this was not a product liability suit. It was an insurance coverage suit, and the policyholder is entitled to the benefit of the doubt when it comes to insurance policy language that can be construed in more than one way. The Court wrote, though: “[T]he Trustee Claims – which give rise to this declaratory action – would not have been established ‘but-for’ Goggin and Goodwin’s alleged ECM-related misconduct. Indeed, the alleged formation and use of the ECM Entities to engage in self-interested dealing benefiting themselves and those ECM Entities, all at the expense of U.S. Coal, are no collateral matters but rather the core of the Trustee Claims. ‘But for’ Goggin  and Goodwin’s roles as managers/members of ECM Entities, the…Claims would fail.”

Of course, “but for” Goggin and Goodwin’s roles as directors of U.S. Coal, the claims would also fail.  The Bankruptcy Trustee brought the claims, after all, on behalf of U.S. Coal, for Pete’s sake.

This case nicely illustrates a big problem that policyholders sometimes face.  I’m not singling out the Delaware judge who wrote this decision, but I note from reviewing his bio that he was a government lawyer and prosecutor for 20 years before ascending to the bench. Many judges do not have a background in insurance law, and substitute their own experience and analogies for how policies are supposed to work. Here, the judge used the tenets of product liability law to construe an insurance policy, which is a comparison of apples to oranges.   Viewed through the correct prism of insurance law, the allegations of the underlying case should never cause a forfeiture of coverage unless and until they’re proven to be true, and unless and until the actual misconduct clearly and unequivocally supports the application of a policy exclusion.  Until then, in general, the insurance company should be providing a defense.

I guess the main lesson here is, think carefully before taking a Board position.  If something goes wrong, your carrier may not be there to help you.  And do everything you can to prevent claims from happening in the first place. Honesty is always the best “policy.”  (See what I did there??)

The discoverability of insurance company claims files

I once had a coverage case that involved a claim for environmental contamination at a chicken farm. (Yes.  A chicken farm. In New Jersey.)  When we were able to pry the claim file loose in discovery, we noticed that the carrier had spent a grand total of $24 to investigate the complex pollution claim, which involved millions of dollars in cleanup costs. Using that evidence, we were able to get a well-respected judge to hold that the carrier had engaged in bad faith by failing to evaluate fairly the merits of our client’s claim. The win was particularly satisfying because the senior lawyer I worked for at the time (this was a long time ago) had dismissively told me that my argument was, and this is a direct quote, “a lead pipe cinch loser.” Take that, smart guy.

Insurance companies hate to give up their claim files, but claim files are essential to coverage litigation.  As one Court (in Omni Health Solutions v. Zurich, discussed below) put it: “Bad faith actions against an insurer, like actions by client against attorney, or patient against doctor, can only be proved by showing exactly how the company processed the claim, how thoroughly it was considered and why the company took the action it did. The claims file is a unique, contemporaneously prepared history of the company’s handling of the claim; and in [a coverage action] the need for the information in the file is not only substantial, but overwhelming.”  And claim files are useful not only in proving the carrier’s lack of good faith; they sometimes contain useful admissions that can be used to prove coverage, or other comments by the claim handler that you can parade in front of a judge or jury.  (I recently had a case in which the claim handler described my client as an “agitator” for refusing to accept a denial of coverage.  Wonderful stuff.)

Let’s look at a couple of recent cases involving claims files.

Omni Health Solutions v. Zurich, from a federal court in Georgia, involved the question of insurance coverage for hail damage at a business location.  (As an aside, insurance companies hate hail damage claims. They have a stable of experts who will find that any roof damage following a storm was the policyholder’s fault due to poor maintenance. I actually had to try one of these cases to  verdict a couple of years ago.)

The Zurich adjuster (Ferunden) visited the property a month after the storm, and told the policyholder that there was no hail damage to the roof. The policyholder, not taking no for an answer (take note, policyholders!), hired an engineer, who provided a professional opinion that the roof had been damaged by hail. Ferunden later agreed. But the battle then morphed into how much Zurich was obligated to pay, and the policyholder demanded an appraisal under the policy.  Coverage litigation resulted when Zurich refused to pay the full amount of the appraisal. The policyholder then demanded production of Zurich’s claim file, which Zurich tried to withhold based upon the “work product” doctrine, which protects information prepared in anticipation of litigation.  Zurich basically argued that it had anticipated litigation for a very long time.

The Court disagreed with Zurich, ruling that all claim documents prepared up to the point when the policyholder actually demanded an appraisal were fair game. In other words, the “subjective” feelings by the carrier as to when litigation was first anticipated were irrelevant. The Court also held that documents prepared after the demand for appraisal could be relevant to a bad faith claim against the carrier, and might need to be produced if and when the policyholder proved that Zurich had breached the policy.

Pro tip: if the carrier argues that the claim file (or certain documents in the claim file) would only be relevant to a bad faith claim, and need not be produced until the policyholder proves breach of contract, think of other ways to make those documents relevant. If, for example, the insurance company has denied coverage or reserved its rights on the ground of late notice, the documents in the claim file could be relevant to showing that the insurance company would’ve done nothing differently even if earlier notice had been received, and therefore was not prejudiced. Another good argument, of course, is that the claim file may contain nonprivileged admissions as to the existence of coverage.

You can read the Omni Health Solutions decision here.

Another recent decision, Rickard v. Central Mutual (this one out of New York), involved an auto claim. The carrier denied supplementary uninsured motorist benefits. The plaintiff asked for the claim file, and the carrier responded by providing the plaintiff with the contents of the file up until the date the coverage lawsuit had been commenced. That made the plaintiff unhappy, because he wanted the entire file, including the parts generated after the lawsuit had been filed. The trial court agreed, and ordered that all claims documents be produced. The appeals court said that the claim file was fair game, but that, with respect to documents generated after the coverage lawsuit had been commenced, the insurance company should’ve been permitted to prepare a privilege log, followed by an in-camera review by the judge of any documents as to which the carrier claimed privilege.

You can read the Rickard decision here.

The bottom line is that carriers do not like producing their claim files, because their claim files may contain useful admissions or other information that the policyholder can use to prove coverage. And that’s why you, as a policyholder, need to do whatever you can to get the claim file in your case.

Measuring the proper amount of business interruption loss

Earlier this month, I woke up to the sound of sirens and the smell of smoke. My neighbors and friends from around the block suffered a catastrophic fire, and lost their home and all of their belongings, escaping with literally the shirts on their back (and their dogs). Fortunately, no one was injured, but now they have to go through the time-consuming and laborious process of having their insurance claim adjusted. The important thing was (and always is) that everyone was okay.

When you suffer a catastrophe in business, the impact can obviously be similarly enormous, especially if your income flow is cut off while you’re trying to get back up and running. That’s why business interruption and extra expense insurance are so critical. But, like many things insurance-related, they can be as clear as mud.

(Short lesson here for those not familiar with insurance lingo:  Business interruption insurance, also known as business income insurance, is a type of insurance that covers the loss of income that a business suffers after a disaster. The income loss may be due to disaster-related closing of the business facility, or due to the rebuilding process after a disaster. The loss is generally measured over a time known as the “period of restoration,” or the reasonable time it would take to repair the property, although policyholders can add coverage  for loss of income suffered during a specified period of time after the damaged property has been repaired, also.)

Back in September 2013, five years to the date that my neighbors lost their house,  an 11-alarm fire destroyed  a food warehouse down in Burlington County, owned by a company known as Black Bear. At the time, a company called MIMCO had stored a whole lot of dairy products in the warehouse, because it had a five-year distribution contract with a milk marketing cooperative called Dairy Farmers of America.  As a result of the fire, the dairy products and the contract all went up in smoke.  (You can read about the fire here.)

MIMCO terminated its contract with Black Bear, which said it would not be rebuilding the warehouse.  MIMCO then couldn’t find sufficient warehouse space to continue the contract with DFA, so that contract had to be terminated, too.

Travelers paid MIMCO $11.6 million for the loss of business property, business income (approximately $3 million), and extra expense. MIMCO argued, however, that Travelers still owed $7 million in business insurance coverage, and for extended business income loss.

Travelers contended that the period of restoration for the business interruption coverage was based on the reasonable time it would have taken Black Bear to rebuild the facility, which Travelers said was 23 months. MIMCO, on the other hand, argued that the proper method to determine the period of restoration was based on its unfulfilled contract term with DFA – 48 months, plus an additional 24 months in extended business interruption coverage – because Travelers shouldn’t be allowed to measure the loss by using a hypothetical restoration period, when MIMCO had no control over the rebuilding process.

The Court didn’t buy what MIMCO was selling, writing:  “The Court is not unsympathetic to MIMCO’s observation that it is ultimately entitled to less coverage for a more severe loss over which it had no control. Perhaps there is [a type of available] insurance to cover the total cessation of business or a contract that cannot be fulfilled, but that is not what the Travelers’ Policy provides to MIMCO. The Policy affords BI based on a period of restoration from the date MIMCO suspended operations until ‘[t]he date when the property at the described premises should be repaired, rebuilt or replaced with reasonable speed and similar quality’… The [period of restoration] based on an estimation of rebuilding governs the amount of BI MIMCO is entitled to.”

So, “poof” went MIMCO’s claim for addition business interruption coverage.

You can read the Court’s decision here.

Especially in the federal court system, judges tend to read insurance policies very restrictively, and tend to look for the most conservative position on coverage that they can find. (There are exceptions, depending upon the case.) Stuff happens in life, and it would be a good idea, when your policies come up for renewal (or sooner), to review your business interruption coverage, and to consider whether, in the event of a catastrophe, you’d be in a position to keep the “milk” flowing.

Arbitration clauses in insurance policies

In our last post, I talked a bit about the dangers of arbitration clauses in insurance policies.  I wanted to continue to develop that topic. Joseph Stalin supposedly once said: “Those who vote decide nothing. Those who count the vote decide everything.”  He was talking about manipulated voting, Soviet-style, not insurance.  But one thing’s for sure:  Control the procedural “rules” in any endeavor, and you have much more control over the outcome (fairly or unfairly).

That’s why, when reviewing any contract – including, but not limited to, an insurance policy – you should pay particular attention to arbitration clauses, alternative dispute resolution clauses, choice-of-law clauses, and choice-of-forum clauses.  So many risk managers and executives focus only on the main points of a proposed contract, and not what happens if there’s a dispute.  Mistake.  You could end up with a prohibitively expensive three-arbitrator war on your hands, or a requirement to litigate disputes in a galaxy far, far away (figuratively speaking).

Let’s take a look at a few recent cases in which people learned harsh lessons.

Fin Associates, LP v. Hudson Specialty Insurance Co., from the Third Circuit, involved a land developer that was unhappy with the way the insurance company had adjusted Hurricane Sandy claims. The policy contained a New York choice-of-law clause, and an arbitration clause. The damaged properties were in New Jersey, and the policyholder wanted to litigate on its home turf.  The policyholder tried to argue that the language of the arbitration clause did not specifically waive the right to litigate a dispute in Court. Unfortunately, New York law requires no such waiver. So, the District Court, seeing an opportunity to punt a case from its crowded docket, did so.

In affirming the District Court’s decision to compel arbitration, the Third Circuit wrote: “The District Court properly found that Appellants are owned and managed by ‘a sophisticated commercial entity with insurable interests in over 20 different properties,’ one of which…was valued at $9 million. The Insureds obtained their policies…by employing the use of a commercial insurance broker. While the insured properties were primarily located in New Jersey, a provision designating a governing body of law was reasonable given that the policy also insured property in Pennsylvania and potentially insured mortgages originating in other states as well… Given that the terms of the policy were negotiated by a policyholder with relatively equal bargaining power, the District Court correctly found the policy’s choice of law provision [and arbitration provision] enforceable.”

You can read the Third Circuit decision here.

Having represented many entities of all sizes in disputed insurance claims over the years, I always think it’s funny when a court refers to the “equal bargaining power” of any person or company and a large insurance company. That’s just malarkey. But, so be it.

VVG Real Estate Investments v. Underwriters at Lloyd’s, London is a hurricane Irma case. The policyholder argued that, due to wind damage, he had suffered about $250,000 in lost income, which was continuing to accrue.  The carrier disagreed. Unfortunately for the policyholder, the insurance policy contained a three-arbitrator dispute resolution clause, which, of course, can be prohibitively expensive. The Court, given the chance to punt, grabbed the football and sent it as far downfield as possible. The interesting argument in the case involved the policyholder’s assertion that Lloyd’s had waived the right to arbitrate by basically ignoring the claim for months. Nah, said the Court: “A motion to stay filed several months after the original suit was filed should not be grounds for a waiver of right to arbitration.” Bye-bye.

Since my firm represents policyholders against insurance companies, and we primarily deal with large insurance defense law firms, I often worry about going to arbitration or mediation for another reason.  Arbitrators and mediators know that they’re far more likely to get substantial repeat business from a large defense firm then they are from me.  Honeycutt v. J.P. Morgan, a non-insurance-coverage case out of California that you can read here,  shows that my paranoia is not without foundation. (Hey, just because I’m paranoid doesn’t mean everyone isn’t against me…)

Honeycutt involved an employment discrimination case against J.P. Morgan Chase that went to arbitration before a retired judge. (It’s interesting that the opinion doesn’t name the retired judge.  If a mere lawyer had fouled up this badly, you can bet his or her name would be in the opinion.) The arbitrator conducted a six-day arbitration, ruling in favor of the employer on all counts. Honeycutt’s lawyer was surprised at the bad loss, because she had gone into the arbitration thinking she had a decent case. She then asked AAA whether the arbitrator had ever handled cases for J.P. Morgan before. The answer came back “yes.”  In fact, the arbitrator had handled eight other employment cases in which J.P. Morgan’s lawyers were involved, and two other cases (one of which was an employment case) involving J.P. Morgan itself.  He had not properly disclosed this on the pre-arbitration questionnaire.

Presented with this information, plaintiff’s counsel was, how shall I put it…perturbed.  She was even more perturbed when AAA refused to disqualify the arbitrator and re-do the arbitration.  Fortunately, a California appeals court found that the arbitrator had violated the ethics rules by failing to make full disclosure of potential conflicts.  Now the case is back at Square One.  Oof.

And, let’s face it:  Given the whims of judges exercising their discretion, that decision could’ve gone either way.

So let me end where I started.  When you’re presented with an insurance policy (or contract), don’t just review the “main” provisions and ignore the “boilerplate” (like dispute resolution clauses). If there’s an arbitration clause, you’d better make sure you’re OK with it before you sign on the dotted line.

Appraisal Provisions in Insurance Policies

According to the American Arbitration Association’s website, “arbitration—the out-of-court resolution of a dispute between parties to a contract, decided by an impartial third party (the arbitrator)—is faster and more cost effective than litigation.”

Yeah…don’t be too sure about that.  Insurance companies are slipping arbitration clauses into more and more policies, and many of these clauses can make life very difficult for policyholders. Often, the arbitration clauses require disputed claims to be arbitrated before a three-arbitrator panel (which can be extremely expensive), and sometimes the clauses provide that the arbitrators must be current or former insurance company executives. Any good trial lawyer will tell you that most cases are decided once the jury has been selected, so you can guess how that works out. Risk managers and brokers reviewing insurance policies often fail to notice these kinds of onerous arbitration provisions, I guess on the theory that “we’ll cross that bridge if we ever get to it.” Pro tip: don’t be that guy or gal.

But there’s one type of arbitration clause that’s been included in property insurance policies for many years, that insurance companies sometimes seem to hate. Specifically, standard property insurance policies include an “appraisal” clause, which typically reads as follows:

“If we and you disagree on the value of the property or the amount of the ‘loss,’ either may make written demand for an appraisal of the ‘loss.’ In this event, each party will select a competent and impartial appraiser. You and we must notify the other of the appraiser selected within twenty days of the written demand for appraisal. The two appraisers will select an umpire. If the appraisers do not agree on the selection of an umpire within 15 days, they must request selection of an umpire by a judge of a court having jurisdiction. The appraisers will state separately the value of the property and the amount of the ‘loss.’ If they fail to agree, they will submit their differences to the umpire. A decision agreed to by any two will be the appraised value of the property or amount of ‘loss.’ If you make a written demand for an appraisal of the ‘loss,’ each party will: a. Pay its chosen appraiser; and b. Bear the other expenses of the appraisal and umpire equally.”

The purpose of this provision, of course, is to cut through the argle-bargle and the legal maneuvering and get the claim resolved quickly and efficiently. Cynical me says that’s why many insurance claims people hate it. Insurance companies, after all, operate on float. The great Oracle of Omaha, Warren Buffett, has repeatedly admitted this in the media. So, in the event of a contested claim, insurance companies may try to derail the appraisal process.

One way they do this is by arguing that, if there are coverage questions (as opposed to questions about the amount of loss), the appraisal process cannot be used. There’s not a lot of New Jersey law on that subject, but what law there is favors the policyholder. In Ward v. Merrimack Mut. Ins. Co., 332 N.J. Super. 515, 528 (App. Div. 2000), for example, the Court held: “The fact that Merrimack had disputed coverage did not necessarily preclude either party from invoking the appraisal process.”   You can read the Ward case here.

But whether a court will allow the appraisal when coverage is disputed is by no means clear, even in New Jersey. We’ve had requests for appraisal denied several times by New Jersey courts, irrespective of the ruling in Ward. And, in a recent federal Connecticut case, Ice Cube Bldg v. Scottsdale Ins. Co., which you can read here, the Court denied appraisal in a case involving building damage from a snowstorm, writing: “Where, such as here, coverage is in dispute, the [coverage] issue is ‘an antecedent question for the court,’ and not an issue for arbitration… Accordingly, [the policyholder’s] motion [to compel an appraisal] is premature and will be denied.” This ruling probably means that there will never be an appraisal, because the Court may later hold that by litigating the coverage issues, the policyholder waived its right to the appraisal process. The message for insurance companies is clear: If you don’t want to go to appraisal, simply dispute coverage. That’ll buy you some time, at least. From the policyholder side, though, review your appraisal clause carefully, and decide whether it makes sense to try to enforce it. It may get you to a claim resolution sooner rather than later.

Another battle can revolve around appointment of the appraisers.  In Allstate Indemnity Co. v. Gaworski, which you can read here,  the insurance company was unhappy that the policyholder appointed an appraiser who had engaged in “unprofessional conduct, aggressive rhetoric, and ominous emails.” (Isn’t that the way the insurance claim process generally works?  Kidding…) The carrier contended that the appraiser wasn’t “disinterested” as required by the law and the insurance policy. Specifically, the appraiser had sent “emails challenging the qualifications and potential bias of Allstate’s original appraiser, as well as the same for the second appraiser Allstate appointed.”

The Court disagreed with the carrier and permitted the policyholder to use the selected appraiser, noting: “An appraiser is not required to be entirely impartial. Instead, they may act as advocates for their respective parties without violating their commitments. Here, while [the appraiser’s] communications are certainly ‘aggressive,’ as noted by the trial court, they do not evidence a disqualifying bias against Allstate. Instead, [the appraiser’s] emails evidence his advocacy on behalf of the [policyholder] and his strong desire to be presented with an impartial, unbiased appraiser appointed by Allstate.”

The bottom line is that the appraisal process can an effective weapon in the policyholder’s arsenal. The insurance company, however, may not be thrilled about getting the claim resolved promptly and efficiently, so there may be a fight. Some courts, however, view any form of arbitration favorably, because it helps to get cases off their docket. So, this may be a fight worth fighting if you’re a policyholder.

Insurance coverage (or maybe not) for computer fraud

In the world of insurance, computers are the new “environmental.”

Let me explain. Back in the 1980s, the insurance industry, recognizing the magnitude of exposure it faced for environmental liabilities, embarked on a public relations campaign to convince courts and policyholders that no coverage existed for environmental problems under comprehensive general liability insurance policies. (The industry later changed the name of “comprehensive general liability policies” to “commercial general liability policies,” apparently concerned about the way judges and juries might view the word “comprehensive.”) Part of the public relations campaign involved the marketing and sale of a product called “environmental impairment liability insurance,” which provided coverage on a claims-made bases for certain environmental issues. The pitch was, “Look, although our CGL policies don’t cover pollution liability, we’ve now developed a new product specifically for that purpose, which you can buy for a reasonable premium!  Aren’t we awesome?”

Of course, it came to light that CGL policies were designed to cover long-term pollution related liabilities all along, as was confirmed by insurance industry representatives both in internal memoranda and in representations made to state regulators. You can read a lot of this history in Morton Int’l v. General Accident Ins. Co., 134 N.J. 1 (1993), available here.

Similarly, many business owners’ policies contain coverage for “computer fraud.”  As commonly understood (and as can be seen in this summary of “computer fraud” from the Legal Information Institute at Cornell Law School), computer fraud can take many forms, including, for example, “emails requesting money in return for small deposits, also known as an advance-fee scam, such as the infamous Nigerian prince scam.”  The federal Computer Fraud and Abuse Act, 18 U.S.C. §1830 (“CFAA”), also defines certain types of computer fraud, including “knowingly and with intent to defraud, access[ing] a protected computer without authorization, or exceed[ing] authorized access, and by means of such conduct further[ing] the intended fraud and obtain[ing] anything of value.”  The CFAA defines “protected computer” broadly, to include any computer “which is used in or affecting interstate or foreign commerce or communication.”

But, according to the insurance industry, the term “computer fraud,” as used in standard business policies, actually means something other than “computer fraud.” So, if you really want “computer fraud” coverage that’s worth anything, you need to buy one of the newer cyber-insurance policies designed for that purpose.  (Kind of like the environmental impairment liability insurance marketing tactic.)

As one example of this unfortunate (for policyholders) phenomenon, in InComm Holdings v. Great American, holders of prepaid debit cards exploited a coding error in the policyholder’s computer system and fraudulently increased the balances on the cards, which caused InComm to incur a loss of $11.4 million.  (You can read the District Court opinion here.) That sure sounds like “computer fraud”…right? The Court, now affirmed by the U.S. Court of Appeals for the Eleventh Circuit (which handles cases from Alabama, Florida, and Georgia) said “no.”

The intellectual gymnastics used by the panel to get around coverage are quite impressive.  Basically, the Court held that, because a telephone was used to break into the computer system, the computer itself wasn’t actually “used” to commit the fraud. Also, according to the Court, the loss did not “result directly” from the initial computer fraud. The Court wrote: “Far from being immediate, the result was temporally remote: days or weeks – even months or years – could pass between the fraudulent chit retention and the ultimate disbursement of fraud-tainted funds from InComm’s [bank] account.”  Of course, there is no requirement in the policy that the loss of funds be “immediate,” and if the insurance company had wanted such a qualification, it could have included one.  It reminds me of Paul Newman’s comment to the difficult judge in The Verdict (1982):  “Your Honor, with all due respect, if you’re going to try my case for me, I wish you wouldn’t lose it.”

But insurance companies don’t always win computer-related cases under standard (non-cyber) policies.  In another recent decision, WoodSpring Hotels LLC v. National Union (which you can read here), for example, employees of a hotel chain, Extended State America (ESA), went to work for a competitor, WoodSpring.  ESA contended that the employees stole its electronic information, including a customer database, and ESA sued both the employees and WoodSpring.  National Union, which had sold Directors’ and Officers’ liability insurance to WoodSpring, denied coverage. The underlying case eventually settled, with WoodSpring paying ESA $1,160,000, and one of the employees (Ruby) paying ESA $40,000 from her own assets.

One of the claims in the underlying case alleged a violation of the CFAA, contending that the former employees had unlawfully accessed the ESA computer system. But National Union disclaimed coverage for the entire case, including the CFAA claim, based upon an exclusion for the misappropriation of trade secrets.

Wrong, said the Court, applying the proper standard relating to the duty to defend (namely, whether there is any ultimate possibility of coverage). The Court noted that the CFAA count “depends on unlawful access to ESA’s computers and obtaining anything of value – i. e., [ESA’s former employee] may have violated the CFAA by using a computer to take anything of value – not just trade secrets.” Therefore, National Union should have provided a defense.

The bottom line here is that enforcing coverage for alleged computer-related offenses is far from a sure thing. Especially if the amounts involved are large, you can bet that your insurance company will comb its policy for reasons to avoid paying. With computer fraud on the rise every day (because, to analogize to what Willie Sutton supposedly said about robbing banks, “that’s where the money is”), preventing computer-related insurance claims from ever happening is Job One.  And, yes, you should buy stand-alone cyber-insurance coverage.  It’ll increase your chances of insurance recovery if, despite your best efforts, a problem happens.

Insurance Coverage for Employee Theft

Sadly, it’s a scenario I’ve seen far too many times in the past 30 years of doing insurance coverage work. A trusted employee in the bookkeeping or accounting department isn’t properly supervised or audited, and begins siphoning off cash to support gambling debts, a drug habit, or expensive tastes.  Sometimes, the employee starts taking cash simply because he or she feels underappreciated.  Sometimes, corporate credit cards are the tool of choice. By the time the fraud gets discovered, the amount of loss can be staggering.  And people end up going to jail.  It’s why, when my wife worked for a major financial institution on Wall Street years ago, she was required to take two consecutive weeks of vacation every year, so auditors could go through all of her books and records with a fine-toothed comb.  Trust but verify, as President Reagan said.

The recent case of Wescott Electric Company v. Cincinnati Insurance Co. (which you can read here, and can read about in this newspaper report) involved the typical scenario.  A former City Councilman in Collingdale, Pennsylvania, who aspired to become a judge, was convicted of stealing nearly $3 million from his employer over the course of 10 years, to finance a long-time gambling habit and a lifestyle that extended beyond his means.   During the last year of the scheme, he stole $700,000 of copper wire and sold it for scrap.

The thief (James Bryan) stole so much from his employer (Wescott Electric Company) that he put the future of the company in doubt. Faced with the staggering loss, Wescott turned to its insurance company, Cincinnati, for some relief and protection.

But, as you can probably guess if you’re a frequent reader of this blog, relief and protection was not forthcoming. There were four 3-year policies that provided employee theft coverage to Wescott. Cincinnati sold the policies in 2004, 2007, 2010 and 2013. All four of the policies were discovery-based policies, meaning that coverage depended on when the Wescott discovered a given loss. To compound the problem, in the third policy, Cincinnati changed the operative language. The 2004 and 2007 policies provided coverage for any loss discovered up to a year after the policy period, but the 2010 and 2013 policies required a loss to be discovered during the policy period. While Bryan had been stealing money from the company from 2003 to 2013, his thievery was not discovered until July 2013, after the end of the 2010 policy.  As a result, Wescott was only able to trigger one per occurrence limit, for $100,000.

Wescott tried various arguments to increase its recovery, including that Cincinnati had changed the language in the policy in 2010 without warning Wescott, but to no avail.  In the end, the judge – who had been a partner with a large law firm that represented insurance companies before becoming a judge – essentially ruled that Wescott should’ve read the 2010 and 2013 policies more carefully and understood how the “discovery” provisions worked.  (By the way, I don’t mean to suggest that the judge did anything improper.  But judges are people too, and their worldview is formed by their life experience.)

One interesting issue in the case involved the number of occurrences during the 2013 policy period (and therefore, the number of $100,000 “per occurrence” limits that could be triggered). The policy defined “occurrence” as “(1) an individual act, or (2) the combined total of all separate acts whether or not related; or (3) a series of acts whether or not related, committed by an employee acting alone or in collusion with other persons.”  In considering this language, remember that Bryan did not steal one giant heap of copper wire.  He committed a series of smaller thefts. (It calls to mind the old song by the great Johnny Cash, “One Piece at a Time.”)

In restricting Wescott’s recovery to only $100,000, the Court wrote: “This definition is unambiguous: Mr. Bryan’s ‘series of acts’ in stealing the copper wire qualify as a single ‘occurrence’ because they were ‘committed’ by a single employee – Mr. Bryan – both before and during the policy period.”  And, as the Court noted, Wescott appears to have conceded the point: “Even Wescott agrees that this definition ‘limits the amount of courage for all thefts during the 2013 policy to $100,000.’”

I believe that this conclusion is questionable (but 20/20 hindsight is a wonderful thing and, unfortunately, I’m not wearing a black robe). It’s at least arguable that the “series of acts” contemplated by the policy language must lead to a single theft. Here, if there were separate and distinct results (that is, separate thefts of wire), then separate per occurrence limits should apply. Suppose, for example, the employee had stolen a truck in addition to stealing copper wire. Wouldn’t the policyholder reasonably expect these to be considered separate thefts, and therefore separate occurrences? Why should the result be any different if there’s more than one theft of wire? Otherwise, the limits should apply “per employee,” not “per occurrence.”

But you can see the numerous problems. If you’re making these policy interpretation arguments to a Court, you’ve already given up control of the situation to a trier of fact who may have a background working with insurance companies.  And the judicial idea that policyholders should read hundred-page policies and comprehend every word and how those words may be applied in a variety of circumstances is an unfortunate fiction. As one (enlightened) Kentucky Court wrote years ago: “Ambiguity and incomprehensibility seem to be the favorite tools of the insurance trade in drafting policies.  Most are a virtually impenetrable thicket of incomprehensible verbosity.  It seems that insurers generally are attempting to convince the customer when selling the policy that everything is covered and convince the court when a claim is made that nothing is covered.  The miracle of it all is that the English language can be subjected to such abuse and still remain an instrument of communication.”   Universal Underwriters Ins. Co. v. Travelers Ins. Co., 451 S.W.2d 616, 622-23 (Ky. Ct. App. 1970).

The bottom line is that you can’t always rely on your insurance to protect you when things go sideways.  While insurance is a critical part of any risk management program, attention to proper controls is far more important.  Without going into great detail about preventing theft by employees, here are just a few suggestions or reminders:

  1. Be alert to changes in employee behavior. If your bookkeeper, office manager, or any employee with private access to the company’s books, products or property suddenly acquires new habits, such as coming to the office on weekends, working through vacation time or working longer hours, it’s important to take notice. Any of these red flags may be reason enough to keep a closer watch on the books and the employee.
  1. Enforce the clear separation of duties. The principle of separation (or segregation) of duties is the cornerstone of a solid internal control system. In fraud prevention, separation of duties involves dividing critical duties among two or more employees or departments. Ensure that you distribute financial duties and responsibilities among your employees. The roles must be well defined and divided; an employee who makes the bank deposits should not collect checks and cash from the clients and vice-versa. And, the person reconciling the bank statements should never be the person writing the checks.
  1. Be diligent about internal controls. One of the best ways to prevent embezzlement is to limit a bookkeeper’s access to signature stamps, blank checks and cash. Requiring a countersignature on all checks is another precaution to prevent fraudulent behavior. Conduct occasional surprise audits to detect theft earlier, or prevent it from occurring in the first place. Your accounting program (such as QuickBooks) may also contain obstacles to fraud.  Never default everyone to full administrator rights, share logins and passwords, or give account access to employees who really have no need for it.

Understanding business interruption insurance

Math has never been my strong suit. My wife, who has an M.B.A., sometimes shakes her head at my unsuccessful attempts to balance our checkbook. And I still remember sitting in my 10th Grade Algebra class with Ms. Babiak at Watchung Hills Regional High School back in the ‘70s and wishing that I could somehow transport myself to the Black Hole of Calcutta. (Sorry, Ms. Babiak, if you’re out there.)

But at least that kind of math has an objective answer that I can usually understand if I apply myself hard enough. Accounting projections that veer into gray areas, on the other hand, can be frustrating.  And I’m sure many jurors and judges feel the same way.  (In fact, I know they do, from monitoring mock jury trials.)

Business interruption claims involve projections of lost revenue, and can sometimes get a bit squirrelly.  The basic concept seems simple enough. A fire or other disaster damages your business premises, making them temporarily unusable. So, business interruption coverage reimburses you for the lost income. Your policy may also cover operating expenses, like electricity, that continue even though business activities are temporarily shut down.  And “extra expense” insurance reimburses your company for the reasonable sum of money that it spends, over and above normal operating expenses, while your property is being restored. Usually, the carrier will pay extra expenses if they help to decrease business interruption costs.

(By the way, in reviewing your coverage. make sure the policy limits are sufficient to cover your company for more than a few days. After a major disaster, it can take more time than many people anticipate to get the business back on track. And note that there’s generally a 48-hour waiting period before business interruption coverage kicks in.)

Easy peasy, right? The problem is that reasonable minds can disagree on the proper calculation of the numbers, which often involves assumptions. I’ve written several times over the years on some of the issues that can arise. (Just type “business interruption” in the search bar of this blog to find the posts.)

Here’s an interesting curveball. What if you have a business in which income can fluctuate fairly wildly from year to year?  How do you calculate projected future earnings? What if, for example, you have a law firm that operates largely on a contingency-fee model, like a plaintiffs’ personal injury firm, as opposed to on an hourly billing rate model? Since your firm doesn’t get paid unless it wins or settles, and that can be difficult to predict, how do you calculate future earnings?

In a recent New York case, a law firm, Bernstein Liebhard LLP, suffered a fire that destroyed the floor of its office that housed its mass tort law practice, including files, firm-wide computer servers, and telephone switches, knocking the practice out of business for a lengthy period. Bernstein submitted an insurance claim for $27 million, which the firm said represented lost income from several hundred mass tort clients who failed to retain the firm during the 12-month period after the fire.

The carrier, Sentinel, denied the claim, contending that the policy’s definition of “Business Income” precluded coverage. The policy defined “Business Income” as “Net Income (Net Profit or Loss before income taxes) that would have been earned or incurred if no direct physical loss or physical damage had been incurred.”  Sentinel argued that the claim was too speculative, because it was impossible to determine when Bernstein would’ve “earned” fees from clients that hadn’t even retained the firm.  (The policy covered income that would’ve been “earned” in the 12 months after the fire.)

A cynic (not me, of course) might say that Sentinel was actually relying on the “too many zeroes” exclusion (in other words, too many zeroes on the end of the claim).

The Court disagreed with Sentinel, writing: “Recovery is not precluded where there is a certain loss within the applicable period, even if the loss cannot be quantified until sometime thereafter. Here, an economist or other expert could identify the relevant existing mass tort cases during the 12-month period [that the policy covered] and opine as to the present value of those cases, even though the amount of loss may not have been determinable until years after the fire.… To deny Bernstein coverage would be to punish it for its business model; that is, a mass tort business that is paid on a contingent-fee basis, as opposed to a traditional hourly basis.”

You can read the full decision here.

(Pro tip, by the way:  If you’re in the business of selling insurance policies, you probably shouldn’t argue that figuring out when they apply is impossible.  Not a good look.)

The bottom line is that large business interruption claims, like many other large insurance claims, often result in a fight.  The reason why isn’t a mystery. Warren Buffett has been pretty straightforward about how the insurance industry uses the concept of “float” to its advantage.  (You can read an article about that here.)  So, faced with a large business interruption loss, you’re going probably going to need a solid expert to calculate damages…and a lot of patience.

Insurance coverage for allegations of fraud

Few things are certain in life. Death. Taxes. The ineptitude of New York Mets management. And also, the fact that if you sue an insurance company in state court, and the carrier has a basis upon which to remove the case to federal court, they’re going to do it. Insurance companies think that federal judges tend to be more defense-oriented and carrier-friendly. Also, they think they’re more likely to get summary judgment on the coverage issues in federal court, since summary judgment has become the preferred method of adjudicating disputes by the federal bench (often without oral argument).

Of course, rules are meant to be broken, and being in federal court is no guarantee for an insurance company.

Example; A lawyer here in New Jersey with some past disciplinary issues, Karim Arzadi, recently got sued by Allstate. Allstate also sued Arzadi’s law firm.  According to Allstate, Arzadi had “engaged in a continuing fraudulent scheme” that was designed to defraud Allstate “by inducing the payment of PIP [personal injury protection] healthcare benefits . . . pursuant to an unlawful practice. . . .”

Arzadi filed a claim for defense and indemnification with his professional liability insurance carrier, Evanston Insurance Company.  Evanston said, no, we’ll pass on that, arguing that policyholders who commit fraud forfeit their coverage.  According to Allstate, fraudulent conduct did “not fall under the [p]olicy’s definition of Professional Legal Services.”

So, Arzadi sued Allstate to enforce coverage, and the case wound up in federal court.

A word or two of background here:  Liability policies generally contain “conduct” exclusions that remove coverage for harm caused by acts that are fraudulent, criminal, or are intended to cause damage.  But those exclusions don’t preclude a defense for allegations of fraud, if there’s any possibility of ultimate coverage.  So, fraud exclusions typically won’t apply until there’s been a final adjudication, on the merits, that the policyholder actually committed fraud. (There also may be “severability” provisions that protect innocent policyholders from losing their coverage rights due to the actions of their guilty co-defendants.)

In the Arzadi decision (which you can read here), Judge Susan Wigenton rejected Evanston’s arguments. As to the “professional services” argument, the Court wrote: “The Allstate suit contains allegations that Arzadi advised clients how to proceed with their personal injury claims, which falls squarely within the policy’s definition of Professional Legal Services…The acts complained of – advising his clients that they ‘had valid bodily injury claims,’ ‘encouraging them to continue to undergo [unnecessary] treatment’ or making referrals for treatment – are acts that allegedly occurred in the context of Arzadi’s representation of his clients.”

With respect to the fraud contention, the Court wrote: “Defendant argues that under Exclusion F (the Fraudulent Acts Exclusion), Plaintiffs are barred from coverage because the Allstate suit alleges that Plaintiffs ‘committed intentional, willful, dishonest and fraudulent acts.’ While it is true that the Allstate suit contains fraud allegations, Exclusion F only bars coverage for fraudulent acts if a final judgment or adjudication is entered against Plaintiffs. The Allstate suit is in the preliminary stages of litigation and the underlying allegations have not been substantiated by any court. Therefore, this court finds that Exclusion F does not bar Plaintiffs from coverage.”  (Emphasis mine.)

The fraud coverage issue also recently came up in a federal case in California, Hanover v. Zagaris, involving an alleged kickback scheme, in which a brokerage firm recommended that its customers use a specific vendor to draft their natural hazard disclosure reports, without disclosing that the brokerage took a cut of the fee for preparing the documents. The policy in that case contained two potentially relevant exclusions. The first barred coverage for litigation over an act of fraudulent conduct, but that provision could only be invoked if the policyholder lost the underlying case. The other exclusion, dealing with a fraudulent “pattern of conduct,” was broader. The trial court agreed with the broker, though, finding that fiduciary duty and constructive fraud claims in the underlying case did not require an element of deception, only negligence or omission, and therefore, a possibility of coverage existed, requiring Hanover to defend. The judge also noted his frustration with the policy’s “undue complexity and convolution.”  You can read the trial court’s decision in Hanover here.

Hanover appealed to the Ninth Circuit, and as I write this, oral argument has just been held. One of the judges on the panel asked: “How do you jive the two different exclusions? Why doesn’t that not just, looking at this contract in general, create a level of confusion about what it really means, which warrants a suggestion that the contract has to be viewed in a light most favorable to the insured?”

An excellent question.

The liability of insurance brokers and agents

The fine people who wrote the Federal Rules of Civil Procedure (and their state equivalents) certainly had a sense of humor. FRCP 1, for example, says: “These rules govern the procedure in all civil actions and proceedings in the United States district courts…They should be construed, administered, and employed by the court and the parties to secure the just, speedy, and inexpensive determination of every action and proceeding.” (Emphasis mine.)

If you’ve had the pleasure of experiencing our court system, “just,” “speedy” and “inexpensive” may not be the first three adjectives that pop into your mind.  And after reading about the recent decision by the Second Circuit in Cammeby’s v. Alliant Insurance Services, which you can access here, they really may not be.

As one of the lawyers at our firm, Ryan Milun, put it, suppose you’re driving down the New Jersey Turnpike with your six-year-old in the backseat, and he (or she) says: “Dad (or Mom), can we go to Six Flags?”  (I’m going to refer to this as the “Six Flags Question.”)

How would you interpret the Six Flags Question? Would you think your kid was asking a philosophical question, like: “Assume for the purposes of argument that I were to ask you to go to Six Flags. Would that be physically possible for us to do, as human beings, with free will, in this place and time?”

Or, would you think your kid was actually asking: “Hey, can we go to Six Flags right now?”

That’s sort of what the Cammeby’s case, spawned (like many other broker liability cases) by Superstorm Sandy, involved. Cammeby’s is a real estate investment company. It had property coverage with a flood sub-limit of $10 million. At the request of its insurance consultant, its insurance broker (Alliant) got the carrier (Affiliated FM) to increase the flood sub-limit to $30 million.

Of course, an additional $20 million in flood coverage means a large increase in premium, as Cammeby’s soon learned. That resulted in unhappiness. So, a few weeks later, the Cammeby’s insurance consultant sent an email to the broker reading: “if requested, will Affiliated cancel the $20 million of additional flood coverage at the Brooklyn locations to inception? Also, can we cancel the additional NFIP coverage and receive a pro-rata refund?”  And here, we have the Six Flags Question once again. Namely, did this mean: (1) Cancel the extra $20 million in coverage right now, or (2) Can we cancel the extra $20 million in coverage at some point in the future if we want?

I should pause here to say that I’ve worked with the people at Alliant in the past. I’ve found them to be bright, inquisitive, and service-oriented. So, they immediately selected Door No. 1. They complied with what appeared to be the client’s request, and got the additional flood coverage canceled. Affiliated FM issued an endorsement showing that the coverage sub-limit had been reduced to $10 million (although, unfortunately and confusingly, a separate endorsement, which modified the list of addresses covered by the policy, indicated that the coverage sub-limit was still $30 million). Alliant sent the new endorsement to Cammeby’s, and Cammeby’s later accepted a refund on the additional premium ($121,795). An internal email by a Cammeby’s Vice-President, sent shortly after the policy reduction in July 2011, read: “We have $10 million of flood coverage.”

But then along came Sandy, in October 2012, causing damage to Cammeby’s properties in excess of $30 million. Cammeby’s filed a claim with Affiliated FM, and Affiliated FM responded that the flood coverage was limited to only $10 million. This being America, Cammeby’s sued Alliant for malpractice, contending that no one with actual authority had authorized the reduction in limits.

Now, I can tell you from long experience that there are many judges who might have laughed this case out of Court.  But here, the judge denied summary judgment and conducted a jury trial. During the trial, Alliant argued in part that Cammeby’s had ratified the reduction in flood insurance limits, by its acceptance of the endorsement, its internal emails recognizing that the flood limit was now $10 million, and its acceptance of the reduction in premium. The jury rejected the ratification argument, though, and returned a verdict against Alliant for $20 million. Allied then argued that a new trial was necessary, because the judge had bungled the jury instructions.

The jury instruction with respect to ratification stated: “To establish its defense of ratification, Allied must prove, by a preponderance of the evidence, that even if Allied acted behind beyond the scope of its actual authority from Cammeby’s and that, as a result, the coverage was reduced to $10 million, Cammeby’s had full knowledge that Allied had taken these actions and clearly manifested its intent to approve these actions.”

The jury was confused by this instruction, because during deliberations, they sent notes out to the judge, asking what “full knowledge” and “clearly manifest” meant. (This is what happens when we speak Law Professor-ese.) But the bigger problem was that ratification can be proven by silence.  It does not require an affirmative act.

Realizing that the instructions were faulty, the judge ordered a second  jury trial  on the issue of ratification only.  Alliant objected, arguing that the entire case had to be retried, including the issue of negligence, because the negligence and ratification issues were inextricably intertwined. But the Court disagreed. As a result, a second trial was held, in which a jury was instructed that Alliant had been negligent to the tune of $20 million, and the only question was whether Cammeby’s had ratified the negligence. (If normal human beings can’t comprehend what the legal system means by “full knowledge” and “clearly manifest,” guess the confusion that results when the judge essentially says, “Hey, those guys screwed up, and your only job is to determine whether the plaintiff actually liked it.”)  Not surprisingly given the way the second trial was structured, the second jury found for Cammeby’s, also.

But this is why we have appeals courts, right?  Well, statistics show that reversal rates are between 8% and 14%.  And Alliant fell into the unhappy 86% to 92%.

A few takeaways:

  1. A less-than-favorable settlement is almost always better than a protracted litigation (except for the lawyers, I mean).
  1. In any business situation, make sure you’re dealing with a person with authority to enter into the agreement. Apparent authority may not be enough.  20/20 hindsight is a wonderful thing, but Alliant could’ve avoided a ton of trouble by asking for clarification on the Six Flags Question; namely, “Are we being requested by an officer with authority to go ahead and make the change?”
  1. Related to (2): Sloppy paperwork will kill you in litigation. The change endorsements that conflicted as to the actual limits didn’t help Alliant, for sure.

 

LexBlog