Jeffrey Steinberg’s article entitled “What Your Liability Insurance Might Be Missing: Coverage From Internet Scams” has been published in the New York State Bar Association Journal. In the article, Jeff discusses the importance of ensuring that insurance agreements provide adequate protections for the insured for claims of misappropriation.

A pervasive problem in the internet age involves so-called “spoofing” in connection with real estate transactions and, specifically, scenarios where a third-party fraudster induces a purchaser’s attorney to transmit sale proceeds to a phony account. Typically, large sums of money are lost, and by the time the attorney realizes that he or she has been duped, the perpetrator and the money are long gone. A claim by the purchaser generally ensues, wherein it is alleged that the attorney committed malpractice by, inter alia, failing to take appropriate precautions to ensure the validity of the wiring instructions. This, in turn, leads the attorney to submit the claim to his or her professional liability insurer, whose coverage analysis might begin with the determination of the existence of a claim for malpractice falling within the scope of the policy insuring agreements. The insurer’s analysis does not end there: specifically, a growing number of policies also have exclusions barring coverage, in substance, for claims arising out of misappropriation of any asset in the insured’s care, custody or control. The issues are how those provisions interact and whether there is any resultant obligation for the insurer to defend or indemnify the insured under those circumstances. Increasingly, the courts in New York have been ruling in favor of the insurers on these facts, finding no such duty.[1]

In Huang v. Hanover Ins. Co., the court had no doubt that funds were misappropriated, but focused its decision almost entirely on the question of whether the exclusion applied because the fraudster, rather than the insured, was the perpetrator. Notwithstanding the requirement to construe exclusions narrowly, the court granted the insurer’s motion to dismiss the declaratory judgment complaint because the underlying claim did indeed arise out of the misappropriation, regardless of who was responsible.

In Kavanagh v. P&C Ins. Co. of Hartford, the court found no ambiguity in the exclusion even though the term “misappropriation” was not defined in the policy but, instead, relied upon the Black’s Law Dictionary definition thereof (“the application of another’s property or money dishonestly to one’s own use”). It went on to hold that “[t]he fact that plaintiff did not intend to deprive her clients of their sale proceeds or that she was fraudulently induced to do so is irrelevant. . . . The claim thus falls squarely within exclusion 14 of the professional liability policy.”[2] The court ultimately denied the insured’s motion for summary judgment, granted the insurer’s cross-motion for summary judgment and declared that the insurer was “not obligated to provide coverage to [the insured] under the policy for the clients’ malpractice and negligence claims against [the insured].”[3]

And most recently, in Oliveras v. Greco, the insured asserted that there was a duty to defend not only because of the existence of a claim for malpractice but also because the exclusion was inapplicable where there was a third-party – a fraudster – involved. However, the insurer argued that it is well settled that what is covered

“is not merely what is found under the heading ‘insuring agreement.’ Just as this clause affirmatively indicates the coverage which is included, so does the ‘exclusion’ clause tell us expressly what is not. In policies so drawn, the protection the insured has purchased is the sum total or net balance, however one labels it, of a coming together of the two. For it is not either alone, but the combination of both which defines the scope of the protection afforded – no more and no less.”[4]

Thus, the existence of the claim for malpractice falling within the scope of the insuring agreements does not determine coverage absent an examination of any applicable exclusion(s). The insurer also argued that the misappropriation exclusion applied despite the involvement of a fraudster, and pointed to a number of decisions both in and outside of this state uniformly agreeing with that principle.[5] The court granted the insurer’s motion to dismiss the third-party declaratory judgment complaint and denied the insured’s cross-motion for declaratory relief but did not address any of the aforementioned issues, focusing instead solely on the question of whether the wired funds constituted an “asset” within the meaning of the exclusion.

Of course, not all legal malpractice policies contain misappropriation exclusions, and in the absence thereof, the outcome of the coverage analysis could be different. However, where such an exclusion is present, the lesson is now clear in that insured attorneys would be well-advised to purchase separate cyber liability insurance to fill any gaps that may otherwise exist in their malpractice coverage.

This article is also on New York State Bar Association Journal: What Your Liability Insurance Might Be Missing: Coverage From Internet Scams

Reprinted with permission from the New York State Bar Association © 2023