Insured’s Knowledge and Consent Key to Decision
The VP of Finance/CFO of a company wired monies totaling over a million dollars purportedly to its Russian supplier but fell victim to a fraud scam. The company’s insurer, AXIS, provided fidelity/crime coverage. The company sought coverage under computer transfer fraud (policy limits of $1,000,000) or funds transfer fraud (policy limits of $1,000,000). The insurer determined the loss was covered only under social engineering fraud and tendered the policy limits of $100,000. The federal district court in Mississippi agreed with the carrier. It found the fraudulent email did not manipulate the insured’s computer system to automatically transfer the funds. Even if the direct causation requirement was met, there would be no coverage because the company had knowledge of and consented to the transfer, the money was not obtained through a hack. In fact three employees had approved the wire transfers. Similarly, the court found the “no knowledge or consent” requirement was not met to implicate the funds transfer fraud coverage. This case offers a different perspective on these coverages for cyber crime than other courts.