In a seemingly illogical decision, the Fifth Circuit Court of Appeal Apache Corp. v. Great American Ins. Co. No. 15-20499 (October 5, October 18, 2016), the loss arising from a fraudulent email did not trigger coverage during a crime policy's "anti-fraud" coverage because the loss was not "direct result" of computer use.
Apache involved a fraudulent involvement of the policyholder Apache Corporation to pay $ 7 million in billing payments to a fraudulent bank account believing that the account was for a seller, Petrofac. The induction was canceled by a telephone call and was confirmed by a fraudulent email allegedly on Petrofac letterhead. The false letter also includes a false telephone number, which Apache staff used to confirm the change request. Shortly after the transfers, Apache was notified that Petrofac had not received its payments made on the new and fraudulent bank account. Apache recovered some, but not all, of the payments. Apache tried to recover the balance from its insurer.
The Court was given a summary judgment in favor of Apache. On appeal, the fifth cycle re-examined that the loss did not directly result from the use of any computer. Rather, as the court explained, the e-mail was part of the order, but the e-mail was only temporary for the existence of authorized money transfer. The Court thus concluded that, in interpreting the anti-fraud provisions as reaching a fraudulent system in which e-mail communication was part of the process, converting the provision of anti-fraud into a generalized fraud. Not only is Apache indicative of how simple impostors can fraudulently induce the payment of millions of dollars by unreasonable policyholders, but the decision illustrates the significant gaps in coverage that still exist for cyber and other technically related losses. A review of Apache's so-called computer fraud control by experienced coverage boards would likely have identified that Apache's narrow coverage is only applied where the loss was directly attributable to the use of a computer, giving Apache an opportunity to negotiate a broadening of its coverage so that it actually protected its payables.