Written by David Pick

The Alberta Court of Queen’s Bench considered the availability of coverage for a social engineering fraud claim in The Brick Warehouse LP v Chubb Insurance Company of Canada. This is the first decision of its kind in Canada.

Take away: This case confirms that funds transfer fraud coverage will not cover an insured giving instructions to transfer funds when the insured’s employees are acting on fraudulent information. It is very important to remind employees to ask questions and make independent confirmations when asked by anyone to do anything out of their usual routine, particularly when asked to change banking information for suppliers.

In August 2010, the Brick’s accounts payable department was contacted by someone claiming to be from Toshiba. They had Toshiba’s contact information updated to include a false Toshiba email address that was purportedly the Controller of Toshiba Canada. The Brick then received an email from this false email address indicating that Toshiba had changed banks and all further payments were to be sent to this new account.

No one at the Brick took any independent steps to verify the change in bank accounts or contact Toshiba.

The Brick’s accounts payable department was then contacted by someone supposedly from Sealy Canada.  They told the same story about Sealy changing banks, but they provided the Brick with the same bank account number as Toshiba.  The Brick’s payment system would not accept this duplicate number.

The Brick called a phone number on the false Toshiba email. The person who answered the call said that Toshiba Canada and Sealy Canada had merged, but details could not be provided until after the weekend.

A few days later, a real Toshiba Canada employee contacted the Brick to ask why they hadn’t been paid. This started an investigation that uncovered a fraudulent bank account held by a man who had been convinced to use the account to accept money from a business investment and transfer it to someone in Dubai.

The Brick transferred $338,322.22 to the fraudulent Toshiba bank account.  They recovered $113,847.18, making their ultimate loss in this fraud $224,475.04. The Brick submitted the loss to their Crime insurer, Chubb, who denied the claim.

The Brick argued its loss should be covered under its umbrella of funds transfer fraud coverage. However, the Court disagreed based on the definition of “funds transfer fraud” in the policy, which was defined as follows:

Funds transfer fraud means the fraudulent written, electronic, telegraphic, cable, teletype or telephone instructions issued to a financial institution directing such institution to transfer, pay or deliver money or securities from any account maintained by an insured at such institution without an insured's knowledge or consent.

The Court interpreted this definition to mean that the loss will only be covered when a financial institution receives instructions from a third party impersonating a Brick employee. Losses would not be covered if the Brick knew about, or consented to, the instructions given to the bank. As there was no definition of “knowledge” or “consent” in the insurance contract, the Court gave the words their ordinary meaning. The Court found that a Brick employee gave instructions to the bank to transfer funds to a different account and this amounted to the Brick’s consent for transferring funds, even though that Brick employee was acting on fraudulent information.

The Brick directed the Court’s attention to clause 1 (e) of the policy provision, which states Chubb will pay for direct losses resulting from funds transfer fraud by a third party.  The Brick argued that the focus should be on the fraud itself and not on the fraudulent instructions. However, the Court was of the view that this provision must be examined in conjunction with the definition of “fund transfer fraud” contained in the policy. Even if the Court had found that the Brick did not consent to the transfer of funds, the actual fund transfer instructions were from a Brick employee who was not under duress.  Therefore, the Court concluded the transfer was not done by a third party. 

The Court supported Chubb’s denial of coverage.