Aims Insurance v. National Fire ( 2021 )

                      NOTICE: NOT FOR OFFICIAL PUBLICATION.
UNDER ARIZONA RULE OF THE SUPREME COURT 111(c), THIS DECISION IS NOT PRECEDENTIAL
AND MAY BE CITED ONLY AS AUTHORIZED BY RULE.
IN THE
ARIZONA COURT OF APPEALS
DIVISION ONE
AIMS INSURANCE PROGRAM MANAGERS INC.,
Plaintiff/Appellant,
v.
NATIONAL FIRE INSURANCE COMPANY OF HARTFORD, et al.,
Defendants/Appellees.
No. 1 CA-CV 20-0032
FILED 02-04-2021
Appeal from the Superior Court in Maricopa County
No. CV2018-011295
The Honorable Christopher T. Whitten, Judge
AFFIRMED IN PART; REMANDED IN PART
COUNSEL
Galbut Beabeau PC, Scottsdale
By Olivier A. Beabeau, Grant H. Frazier
Counsel for Plaintiff/Appellant
Richards Law Office PC, Phoenix
By Charles F. Richards, Jr.
Co-Counsel for Defendant/Appellee
CNA Coverage Litigation Group, Oakland, CA
By Robert C. Christensen, admitted pro hac vice
Co-Counsel for Defendant/Appellee
AIMS INSURANCE v. NATIONAL FIRE, et al.
Decision of the Court
MEMORANDUM DECISION
Presiding Judge Jennifer B. Campbell delivered the decision of the Court,
in which Judge Lawrence F. Winthrop and Chief Judge Peter B. Swann
joined.
C A M P B E L L, Judge:
¶1            After thieves used a “spoofing” attack to defraud AIMS
Insurance Program Managers, Inc. of more than $300,000, AIMS filed a
claim with its insurer, National Fire Insurance Company of Hartford.
National declined coverage under a forgery endorsement but paid $10,000,
the policy per-occurrence limit, under an endorsement covering computer
fraud. The superior court granted summary judgment to National,
upholding the insurer’s coverage decisions. For the following reasons, we
affirm in part and remand in part for proceedings consistent with this
decision.
BACKGROUND
¶2           Unknown third parties (“the thieves”) secretly accessed an
AIMS employee’s email account in a scheme to fraudulently intercept
payments from AIMS to its vendor, AmWINS Brokerage of Arizona
(“AmWINS”). Having obtained counterfeit domain names nearly identical
to the AmWINS domain name, the thieves created email accounts using the
names of actual AmWINS employees and opened accounts at AmWINS’
bank. The thieves then intercepted emails transmitting insurance binders
and invoices from AmWINS to AIMS and replaced them with fraudulent
emails, attaching the intercepted insurance binders and invoices that
directed AIMS to wire payments to the thieves’ accounts.
¶3            Upon receiving the seemingly legitimate but counterfeit
emails, AIMS authorized three wire transfers, totaling $357,711.64, to the
thieves in partial payment of three invoices. Twenty days after the initial
breach of the employee’s email account, AmWINS notified AIMS that it had
not received payment on the invoices. AIMS immediately alerted both its
bank and AmWINS’ bank of suspected fraud but was able to recover less
than a quarter of the wire-transferred funds.
2
AIMS INSURANCE v. NATIONAL FIRE, et al.
Decision of the Court
¶4           AIMS submitted a claim to National under its business
property insurance policy. National ultimately agreed to pay $10,000, the
policy limit for a single occurrence, under the “Computer Fraud”
endorsement to the policy but declined coverage under the “Forgery and
Alteration Endorsement.”
¶5             AIMS filed a complaint seeking a declaratory judgment that
the policy covered its entire loss and alleging that National breached the
parties’ contract and acted in bad faith. With no factual issues in dispute,
the parties stipulated to dismiss the claim for bad faith and cross-moved for
summary judgment on the coverage claims. After oral argument, the
superior court granted summary judgment in favor of National. The ruling
was reduced to a final judgment and AIMS timely appealed.
DISCUSSION
¶6            AIMS argues its loss from the spoofing falls within the
policy’s forgery endorsement and, in the alternative, that the fraudulently
induced wire transfers constituted three separate occurrences under the
policy’s computer fraud endorsement.1
¶7            We review a superior court’s summary judgment ruling de
novo. Tierra Ranchos Homeowners Ass’n v. Kitchukov, 

, 199, ¶ 15
(App. 2007). We likewise review the interpretation of an insurance contract
de novo. Liberty Ins. Underwriters v. Weitz Co., 

, 83, ¶ 7 (App.
2007).
¶8            A court must read an insurance policy’s provisions as a
whole, interpreting each section “in light of the others so as to give effect to
all” provisions. Equity Income Partners v. Chicago Title Ins., 

, 338,
¶ 11 (2017). “Absent a specific definition, terms in an insurance policy are
construed according to their plain and ordinary meaning, and [a] policy’s
language should be examined from the viewpoint of one not trained in the
law or in the insurance business.” Id. at ¶ 13 (internal quotations omitted).
When a clause is “susceptible to different constructions,” we will “attempt
to discern the meaning of the clause” by examining its purpose, relevant
public policy considerations, “and the transaction as a whole.” Keggi v.
Northbrook Prop. and Cas. Ins., 

, 46, ¶ 11 (App. 2000) (internal
1     “Spoofing” is a term used to describe “the practice of disguising a
commercial e-mail to make the e-mail appear to come from an address from
which it actually did not originate.” Medidata Sols., Inc. v. Fed. Ins., 

, 477 n.2 (S.D.N.Y. 2017) (citation omitted).
3
AIMS INSURANCE v. NATIONAL FIRE, et al.
Decision of the Court
quotation omitted); see also Equity Income Partners, 241 Ariz. at 338, ¶ 13. If
a term remains ambiguous after these analyses, we “must construe it in
favor of coverage, that is, against the insurer, given that the insurer is in the
best position to prevent ambiguity in a standard form contract.” Equity
Income Partners, 241 Ariz. at 338, ¶ 13. Finally, “the insured bears the burden
to establish coverage under an insuring clause, and the insurer bears the
burden to establish the applicability of any exclusion.” Keggi, 

.
I.     The Forgery Endorsement Does Not Cover the Fraudulently
Induced Wire Transfers.
¶9            The policy’s forgery endorsement insures against “loss
resulting directly from ‘forgery’ or alteration of, on, or in any check, draft,
promissory note, bill of exchange, or similar written promise, order or direction
to pay a sum certain money, made or drawn by or drawn upon” by AIMS or its
agent (emphasis added). As defined in the policy, a “forgery” is “the
signing of the name of another person or organization with intent to
deceive.”
¶10           The forgery endorsement expressly insures against forgeries
of four specified categories of instruments (“check, draft, promissory note,
bill of exchange”), each of which is independently negotiable. See A.R.S.
§ 47-3104(A)(1) (defining “negotiable instrument,” as applicable here, as
“an unconditional promise or order to pay a fixed amount of money” that
is “payable to bearer or to order at the time it is issued”). Beyond the
specified categories of instruments, the endorsement also covers loss from
forgery of any other “similar written promise, order or direction to pay a
sum certain money.” AIMS argues this provision of the endorsement covers
the invoices and demands for payment the thieves attached to the
fraudulent emails because they are “similar . . . order[s] or direction[s] to pay
a sum certain money.” See Davis v. First Nat. Bank, 

, 631 (1924)
(holding that documents “growing out of the same transaction” must be
“construed together as parts of a single agreement”).
¶11            By its own terms, however, the forgery endorsement only
insures against losses from forgeries of written promises, orders, or
directions to pay a sum certain that are “similar,” meaning of the same nature
as checks, drafts, promissory notes, and bills of exchange, namely,
negotiable instruments made or drawn by AIMS. But neither the emails nor
the attached insurance binders and invoices were endorsable instruments
payable upon tender in the same manner as negotiable instruments. See
A.R.S. § 47-3104(A); see also Statewide Ins. v. Dewar, 

, 556 (1984)
4
AIMS INSURANCE v. NATIONAL FIRE, et al.
Decision of the Court
(explaining an insurance binder “is simply a contract made in
contemplation of the issuance of a later, formal agreement of insurance”).
Taken together, the fraudulent emails and their attachments demanded
payment by AIMS; they were not unconditional promises by AIMS to pay.
¶12           Finally, AIMS argues that the policy defines negotiable and
nonnegotiable instruments together as “securities.” But nothing in the
forgery endorsement implicates the policy’s definition of “securities.”
Moreover, had the parties intended to include nonnegotiable instruments
in the forgery endorsement coverage, they would have done so.
II. The Fraud Constituted Three “Occurrences” under the Computer
Fraud Endorsement.
¶13           As noted, the superior court held the policy’s computer fraud
endorsement covered the loss but ruled that the underlying events
constituted just one “occurrence,” thereby limiting AIMS’ recovery to
$10,000, the applicable per-occurrence limit under the policy. AIMS argues
the superior court erred because the series of fraudulent emails constituted
three separate occurrences.
¶14          As relevant here, the computer fraud endorsement insures
against “loss . . . resulting directly from the use of any computer to
fraudulently cause a transfer” from inside an AIMS’ building or its bank to
a person or place “outside those premises.” The policy limits recovery
under the endorsement to $10,000 “in any one occurrence,” but does not
define “occurrence” for purposes of the endorsement.
¶15           AIMS contends that each distinct “act of fraud,” namely, each
of the three counterfeit demands for payment that caused AIMS to execute
a wire transfer, constituted a discrete “occurrence” of covered fraud under
the endorsement. For its part, National contends there was just one
occurrence under the policy because the cause of AIMS’ loss was a single
“fraudulent scheme.”
¶16            “Ordinarily, if an insurance policy uses ‘occurrence’ without
defining the term,” the court must determine “whether there was but one
proximate, uninterrupted, and continuing cause which resulted in all of the
injuries and damages.” Ariz. Prop. and Cas. Ins. Guar. Fund v. Helme, 

, 134 (1987) (internal quotations omitted). Under that principle, “if
a cause is interrupted or replaced by another cause, the chain of causation
is broken and more than one occurrence has taken place.” 

 (citing 8A J.
Appleman, Insurance Law and Practice § 4891.25, at 16–19 (1981)).
5
AIMS INSURANCE v. NATIONAL FIRE, et al.
Decision of the Court
¶17           Applying those principles, we conclude the thieves’
fraudulent actions resulted in three occurrences under the policy, not just
one. Each email package represented a separate fraudulent payment
demand, and each resulted in a separate wire transfer by AIMS, the victim
of the fraud. In the language of the computer fraud endorsement, each of
the three wire transfers “result[ed] directly from” a separate and distinct
fraudulent payment demand by the thieves.
¶18            National argues we should construe “occurrence” to include
a “continuing condition,” namely, the thieves’ master scheme. As support,
it cites Cincinnati Indemnity Co. v. Southwestern Line Constructors Joint
Apprenticeship and Training Program, 

, 548, ¶ 6 (App. 2018), but
the policy at issue in that case defined “occurrence” to include “continuous
or repeated exposure to substantially the same general harmful
conditions.” The computer fraud endorsement in the policy National sold
AIMS contains no such definition.
¶19            National also cites EOTT Energy Corp. v. Storebrand
International Insurance, 

 (Cal. Ct. App. 1996), and
Patterson v. American Economy Insurance, 

 (E.D. Calif. June
9, 2016), but both cases are distinguishable. EOTT involved a “systematic”
scheme to steal fuel from the insured by disabling the meters on the
insured’s fuel pumps. 45 Cal. App. 4th at 569–70. Although the thieves
struck more than 650 times, causing the insured more than $1.5 million in
losses, none of the individual instances resulted in a loss that exceeded the
policy’s $100,000 per-occurrence deductible. Id. at 570. As here, the policy
did not define “occurrence,” but it did specify that “all claims for loss,
damage or expense arising out of any one occurrence . . . shall be adjusted
as one claim.” Id. at 575 (emphasis added). The court ruled for the insured,
concluding that the term “occurrence” in the policy “reasonably
contemplates that multiple claims could, in at least some circumstances, be
treated as a single occurrence or loss.” Id.; see PECO Energy Co. v. Boden, 

, 857 (3d Cir. 1995) (ruling for the insured in a similar fuel-theft
scheme, finding “the entire scheme of thefts constituted a single
occurrence”). National, however, points to no language in the policy at
issue suggesting that multiple “claims” were to be treated as a single
occurrence.
¶20            In Patterson, the insureds were merchants who stored their
inventory offsite. 

 at 1. A thief broke in several times over
a 12-day period and, altogether, drove off with truckloads of merchandise.

 at 1–2. The per-occurrence limit of the policy was less than the insureds’
loss, and the insureds argued the separate thefts constituted separate
6
AIMS INSURANCE v. NATIONAL FIRE, et al.
Decision of the Court
occurrences. Id. at 1. The court ruled there was just one occurrence because
all the thefts were part of the same scheme. Id. at 4, 7. The court likened
“occurrence” to an “incident or event” and concluded it was more
reasonable to conclude that the “incident or event” was the removal of the
items, even over time, “by the same person (with or without help), without
interruption from the proprietor or change in the circumstances of the
property.” Id. at 5.
¶21           In considering the series of acts here, rather than adopt the
Patterson court’s characterization of “occurrence” as an “incident or event,”
we apply the Helme standard and consider “whether there was but one
proximate, uninterrupted, and continuing cause which resulted in all of the
injuries and damages.” 

 (internal quotation omitted). While
each case National relies upon involved a string of thefts that occurred
without interruption or involvement by the insured, here, the thieves sent
separate counterfeit email packages to AIMS that induced the company to
make three wire transfers in payment of three distinct invoices. Thus, the
three fraudulent email packages were not “one proximate, uninterrupted,
and continuing cause” that resulted in “all of the injuries and damages” that
AIMS suffered. See 

 Rather, each fraudulent demand for payment of one
of the invoices was a distinct “causative act” that constituted a separate
occurrence under the policy. See 

.
¶22            This construction and application of the term “occurrence” in
the policy is consistent with the rule that we give the terms of an insurance
policy their plain and ordinary meaning. Equity Income Partners, 241 Ariz.
at 338, ¶ 13. Moreover, even if the term “occurrence” is arguably ambiguous
under the policy, we construe insurance contracts “in favor of coverage,
that is, against the insurer, given that the insurer is in the best position to
prevent ambiguity on a standard form contract.” Id.
¶23          Accordingly, we hold that the circumstances here constitute
three occurrences under the computer fraud endorsement of the policy,
each of which entitles AIMS to recover the per-occurrence limit of $10,000.
CONCLUSION
¶24          For the foregoing reasons, we affirm the superior court’s
summary judgment except insofar as it concluded that the circumstances
presented a single occurrence under the policy’s computer fraud
endorsement. We therefore remand for entry of a modified judgment
consistent with this decision. Both parties request their attorneys’ fees on
appeal pursuant to A.R.S. § 12-341.01. In our discretion, we decline to award
7
AIMS INSURANCE v. NATIONAL FIRE, et al.
Decision of the Court
attorneys’ fees. We award AIMS its costs incurred on appeal, conditioned
upon compliance with ARCAP 21.
AMY M. WOOD • Clerk of the Court
FILED:    HB
8