A property management company that fell victim to a scheme where a clerk mistakenly sent $200,000 to a criminal based on supposed directions from her boss is entitled to coverage under its Hiscox Inc. crime policy, said a federal appeals court Wednesday, in reversing a lower court ruling.

In 2019, a clerk for Long Beach, California-based Ernst & Haas Management Co. Inc. received an email purportedly from her superior directing her to make a $50,000 payment in a wire transfer, according to the ruling by the 9th U.S. Circuit Court of Appeals in San Francisco in Ernst and Haas Management Co., Inc. v. Hiscox, Inc.

She subsequently responded to another email and sent another $150,000 but became suspicious after receiving an email that requested an additional $470,000 and the crime was revealed. The company could not recover the $200,000 already sent.

Ernst sought coverage under its Hiscox crime insurance policy, but the insurer denied coverage on the basis that the employee had initiated the wire transfer.

The company filed suit against the insurer in U.S. District Court in Pasadena, charging Hiscox with breach of contract and bad faith, among other charges.

The court ruled in the insurer’s favor, but was overturned by a unanimous three-judge appeals court panel.

Contrary to the lower court’s ruling conclusion, there was coverage available under both the “computer fraud” and “funds transfer fraud” provisions of its policy, the panel said.

The district court “analyzed this case as if it involved the theft of funds authorized for payment,” based on an earlier ruling, but “the facts in this case are materially different,” it said. Ernst did not authorize payment.

Furthermore, the policy’s computer fraud provision “provides that Ernst’s loss must ‘result directly’ from, the fraud,” which was the case here, “arguably entitling Ernst to coverage under the policy,” the ruling said, concluding there is coverage as well under the policy’s funds transfer fraud clause.

The case was remanded for further proceedings.

Ernst’s attorneys, Robert L. Bastian Jr. and Marina R. Dini of the
Law Offices of Bastian & Dini in Beverly Hills, said in a statement that the ruling “brings needed clarity and authority for the Ninth Circuit and, specifically, for California, regarding interpretation of direct loss in the context of Computer Fraud and Funds Transfer Fraud clauses.”

Hiscox’s attorneys did not respond to a request for comment.

In December, American International Group Inc. and Beazley PLC units prevailed in litigation filed by a property management software company that was victimized by a phishing scheme, with an appeals court concluding the company was not entitled to coverage because it never held the stolen funds.