By Chris McKibbin and Devra Charney
On September 6, 2022, the Eleventh Circuit Court of Appeals released its decision in Star Title Partners of Palm Harbor, LLC v. Illinois Union Insurance Company. In deciding that a social engineering fraud (SEF) loss did not fall within the coverage afforded under a Deceptive Transfer Fraud insuring clause, the Court construed the terms “employee,” “customer,” “client” and “vendor” according to their ordinary meanings. As the entity impersonated by the fraudster did not qualify as an employee, customer, client or vendor of Star Title, no coverage was available. The decision is notable as one of the first to interpret a first-party SEF coverage grant under a cyber policy.
Star Title, a settlement agent, was hired to close a residential real estate transaction. For each sale, it typically divided the tasks among two employee representatives: a Processer, who is responsible for clearing title for the property; and a Closer, who is responsible for distributing funds at closing.
The seller of the home identified CMS as his lender and the lienholder on the property. The Processor confirmed that CMS had a lien on the home and requested payoff information. The Processor initially contacted CMS at the phone number the seller provided and was able to speak to a representative who told her to submit a request for the information to payoffs_at_capitalmort.com. The Processor obliged and sent an email requesting a “Mortgage Loan Payoff Letter.” She also provided the names of the sellers/mortgagors, the address of the property, the loan number and the closing date, and attached a copy of the seller’s authorization form.
The Processor then received what turned out to be a fraudulent email from an unknown actor who claimed to be a CMS payoff representative named “Kaitlyn Holt.” The Processor did not suspect that the email was fraudulent and simply verified that it correctly referenced the information she initially provided via email. The email contained a copy of the requested Payoff Statement, along with instructions for how to transfer payoff funds.
The Processor proceeded to initiate Star Title’s two-person authentication protocol. She set up the wire transfer so that, upon approval by the Closer, the payoff funds from Star Title’s escrow account would be transferred to the account provided in the Payoff Statement. The Closer was tasked with cross-refencing the hard copy of the wiring instructions, provided by the Processor, with the information in the software system. The Closer confirmed that the wiring information in the hard copy matched the writing information in Star Title’s system and proceeded to release the wire to the (fraudulent) account.
The Illinois Union Coverage
Star Title maintained a Cyber Protection Insurance Policy with Illinois Union. The Policy contained a Cybercrime Endorsement which included a Deceptive Transfer Fraud insuring agreement. This insuring agreement provided:
We will pay for Your loss of Funds resulting directly from Your having transferred, paid or delivered any Funds from Your Account as the direct result of an intentional misleading of Your employee, through a misrepresentation of a material fact (“Deceptive Transfer”) which is:
- relied upon by an employee, and
- sent via a telephone call, email, text, instant message, social media related communication, or any other electronic instruction, including a phishing, spearphishing, social engineering, pretexting, diversion, or other confidence scheme, and,
- sent by a person purporting to be an employee, customer, client or vendor; and,
- the authenticity of such transfer request is verified in accordance with Your internal procedures.
Illinois Union concluded that Star Title could establish neither element 3 nor element 4 of the insuring agreement. In Illinois Union’s view, CMS was not an employee, customer, client or vendor of Star Title, and Star Title also failed to verify the transfer request in accordance with its procedures. Star Title commenced an action seeking coverage under the Policy. The United States District Court for the Middle District of Florida held that Illinois Union had correctly denied coverage on both bases.
The Eleventh Circuit’s Decision
On appeal, the Eleventh Circuit confined itself to the issue of whether CMS was an “employee, customer, client or vendor”. The Policy did not define these terms, so the Court looked to dictionary definitions, reasoning that:
Here, the fraudster who sent the email and subsequent fax identified himself/herself as “Kaitlyn Holt,” a representative of CMS. But CMS is a mortgage lender, not an employee, customer, client, or vendor of Star Title. Star Title does not employ CMS for any purpose or control CMS’ work performance in any manner. Nor does Star Title sell CMS any particular product or provide it any particular service. Star Title argues that in holding the payoff funds in its escrow account and delivering those funds to CMS on behalf of the seller, Star Title is providing a service to CMS. In the same vein, in receiving the payoff funds and applying them to the seller’s account, CMS provided a service to Star Title. But we are unconvinced by this creative reframing of the relationship between CMS and Star Title. As CMS’ Chief Executive Officer explained, CMS provides “services to consumers related to all elements of a mortgage transaction, including the funding of loans[.]” In this case, CMS’ consumer (i.e., customer or client) was the seller of the residential home who had obtained the loan, not Star Title. Similarly, Star Title’s client (and customer) — by explicit contract — was also the seller of the residential home. The reality is that CMS did not have any sort of contract or agreement with Star Title. CMS only owed an obligation to the seller, with whom it had a lien on the subject property. Star Title was tasked by the seller to function as a settlement agent. Among its responsibilities was identifying any liens and executing payoff funds if necessary. Star Title did just that (though it wired the payoff funds to the wrong account) on behalf of the seller. We therefore cannot construe CMS to be a customer, client, or vendor of Star Title. [citations omitted]
Star Title asserted that the term “employee, customer, client or vendor” should be read to include anyone connected to a real estate transaction. The Eleventh Circuit rejected this contention:
Star Title argues that Florida law requires coverage clauses to be construed as broadly as possible to provide the greatest amount of coverage. With that assumption as a backdrop, it contends that the Deceptive Transfer Fraud clause should be “understood” to include “persons and entities involved in the real estate transaction.” As attractive as that proposition may be, it is simply not what the clause provides. It limits coverage to misleading communications “sent by a person purporting to be an employee, customer, client or vendor.” If we read the provision as broadly as Star Title would like us to, we would essentially omit specific terms included in the contract or expand them beyond recognition. … Although we understand that cybercrime is on the rise, and that it makes sense to provide (and obtain) coverage for situations like this one, the relevant provision does not provide coverage for this fraudulent transfer. [citations omitted]
In our view, the same result should be reached if the matter were to be litigated in a Canadian court. As the Supreme Court of Canada held in Progressive Homes v. Lombard, the first step in interpreting an insurance contract is that, when the language of the policy is unambiguous, the court should give effect to clear language, reading the contract as a whole. This first step takes precedence over other interpretive principles such as interpreting insuring clauses broadly and exclusionary clauses narrowly, which only come into play in the event that language is first found to be ambiguous (Progressive Homes, paras. 22-24).
Star Title Partners is notable in that the Eleventh Circuit expressly refused to “broaden” the specific categories of entities identified in the Deceptive Transfer Fraud coverage to encompass other types of entities which might typically be involved in the insured’s business. This is significant insofar as it places a practical onus on insureds (and their brokers) to carefully think through the nature of the insured’s operations and to ensure that the coverage procured for the insured fits with the insured’s operations. Proper analysis at the risk assessment and brokering stage might have identified third-party lenders as entities to which Star Title, as a settlement agent, routinely directed large payments in the course of its business. That was not done here, and the Eleventh Circuit declined to rewrite the Deceptive Transfer Fraud coverage to extend coverage to such circumstances.
Star Title Partners of Palm Harbor, LLC v. Illinois Union Insurance Company, 2022 WL 4075048 (11th Cir.)