Forgery or Alteration in the 21st Century

This article provides two hypothetical factual patterns and focuses on the issues associated with the facts presented and the insuring agreement language under both the financial institution bond and the commercial crime policy. This article is meant to provide the claims professional and claims counsel a background on fidelity and crime policies’ forgery or alteration coverage; what these insuring agreements were intended to cover; applications and implications of the policy language and the claimed facts presented; insurers’ response to their insureds’ needs; what guidance the courts are providing on these types of claims; and practical and pragmatic approaches to these claims for the claims professional and coverage counsel.

Hypothetical Claims Based on Actual Cases Litigated

These two hypothetical scenarios are based on actual cases that have been litigated and decided by two different courts. While the facts are loosely based on those cases, these scenarios present claims that are noticed and seen every week by the industry.

The financial institution bond claim. Bank X submitted a claim to its financial institution bond carrier for the following facts. Bank X allows its customers to request wire transfers in person, via a phone call, or by email. When a wire transfer request is conducted via the phone, facsimile, or email, Bank X requires that the customer sign and return a wire transfer authorization form. The form is sent to the requesting customer as an email attachment. After signing the wire transfer authorization form, the requesting customer sends it back as an email attachment. Once Bank X conducts its internal procedures to ensure the validity of the wire transfer request, the wire is executed and completed.

Bank X received a number of wire transfer requests from someone purporting to be Customer A, a valued customer of Bank X. Each request followed the same pattern: The fraudster emailed a branch manager of Bank X pretending to be Customer A and requested international wire transfers from Customer A’s account. The branch manager, after receiving the information necessary to complete the wire transfer authorization form, entered that information and then emailed whom he believed was Customer A the wire transfer authorization form, attached as a PDF to the email. In that email, the branch manager requested Customer A to sign the wire transfer authorization form and remit back the form via email. The fraudster then emailed the wire transfer authorization form as a PDF attachment that contained the forged signature of Customer A. Once the fraud was discovered, it was revealed that over $1 million was transferred from Customer A’s account.

ABC Insurance Company issued a financial institution bond to Bank X. Bank X noticed the claim to ABC Insurance Company and purported, among other things, that these facts triggered coverage under the forgery or alteration insuring agreement, as well as the unauthorized signature insuring agreement.

The commercial crime policy claim. Company B submitted a claim to its commercial crime insurance policy carrier for the following facts. Company B had a controller whose duties included requesting wire transfers from Company B’s bank to pay vendor bills and remit monies to the owners upon request.

The controller received a number of emails from the fraudster purporting to be Owner Y, one of the principal owners of Company B, and each requested that money be transferred from Company B’s bank accounts to Owner Y’s bank accounts. Each time the controller received an email from whom she believed was Owner Y, she executed the wire transfer requested. Upon discovering the fraud, Company B realized it had transferred hundreds of thousands of dollars from Company B’s bank accounts to the fraudster.

XYZ Insurance Company issued a commercial crime policy to Company B. Company B noticed the claim to XYZ Insurance Company and purported, among other things, that these facts triggered coverage under the forgery or alteration insuring agreement.

Policy Language and the Uniform Commercial Code

Now that these hypothetical claims have been submitted, the first step is to review the facts presented and review and analyze the respective policy language. The insuring agreement language under fidelity or financial institution bonds and commercial crime policies is substantially similar, although slightly different. The analysis of whether a claim is covered, however, will focus on, among other issues, whether the proposed loss “results directly from” a forgery or alteration as defined by the bond or policy. The issue of what constitutes a “direct loss” under fidelity bonds and commercial crime policies has been widely discussed and litigated throughout the United States with varying results. Therefore, the jurisdiction that governs the particular claim and policy will impact the treatment of any particular claim. In addition, forgery coverage may also be subject to policy endorsements, which also need to be reviewed.

Financial institution bond Insuring Agreement (D). A financial institution bond (also known as a fidelity bond) is a form of insurance protection that covers losses as a result of fraudulent acts by individuals. It is used by an institution to insure losses caused by the dishonest acts of the institution’s employees, board members, or officers, as well as burglary, robbery, forgery, and similar crime exposures. The bond can also provide coverage for costs defending against claims by a third party (e.g., customers) alleging responsibility on the part of the institution for certain losses suffered by the third party.

The first step in any coverage analysis is to review the insuring agreement. It is important to review the entire policy, as there may be more than one insuring agreement.

Under a financial institution bond, Insuring Agreement (D) provides coverage for forgery or alteration as follows:

(D) Loss resulting directly from the Insured having, in good faith, paid or transferred any Property in reliance on any Written, Original:

(1) Negotiable Instrument (except an Evidence of Debt),

(2) Certificate of Deposit,

(3) Letter of Credit,

(4) Withdrawal Order,

(5) receipt for the withdrawal of Property, or

(6) instruction or advice directed to the Insured and purportedly signed by a customer of the Insured or by a banking institution which (a) bears a handwritten signature which is a Forgery; or (b) is altered, but only to the extent the Forgery or alteration causes the loss.

Actual physical possession of the items listed in (1) through (6) above by the Insured is a condition precedent to the Insured’s having relied on the items.

A reproduction of a handwritten signature is treated the same as the handwritten signature. An electronic or digital signature is not treated as a reproduction of a handwritten signature.

The financial institution bond may also contain an insuring agreement, rider, or endorsement that provides coverage for unauthorized signatures:

Loss resulting directly from the Insured having accepted, paid or cashed any check or withdrawal order made or drawn on a customer’s account which bears the signature or endorsement of one other than the person whose name and signature is on file with the Insured as a signatory on such account, shall be deemed to be a Forgery under this Insuring Clause. It shall be a condition precedent to the Insured’s right of recovery under this Coverage that the Insured shall have on the file signature of all persons who are signatories on such account.

In order to fully apply the terms of the insuring agreement, defined terms must be analyzed. The financial institution bond will usually contain the following relevant definitions:

(j) Forgery means:

(1) affixing the handwritten signature, or a reproduction of the handwritten signature, of another natural person without authorization and with intent to deceive; or

(2) affixing the name of an organization as an endorsement to a check without authority and with the intent to deceive.

Provided, however, that a signature which consists in whole or in part of one’s own name signed with or without authority, in any capacity, for any purpose is not a Forgery. An electronic or digital signature is not a reproduction of a handwritten signature or the name of an organization.

. . . .

(p) Negotiable Instrument means any writing:

(1) signed by the maker or drawer; and

(2) containing any unconditional promise or order to pay a sum certain in Money and no other promise, order, obligation or power given by the maker or drawer; and

(3) payable on demand or at a definite time; and

(4) payable to order or bearer.

(q) Original means the first rendering or archetype and does not include photocopies or electronic transmissions even if received and printed.

. . . .

(v) Written means expressed through letters or marks placed upon paper and visible to the eye.

Commercial crime policy. The forgery or alteration insuring agreement of a commercial crime policy may provide in relevant part:

a. We will pay for loss resulting directly from “forgery” or alteration of checks, drafts, promissory notes, or similar written promises, orders or directions to pay a sum certain in “money” that are:

(1) Made or drawn by or drawn upon you; or

(2) Made or drawn by one acting as your agent;

or that are purported to have been so made or drawn.

For the purposes of this Insuring Agreement, a substitute check as defined in the Check Clearing for the 21st Century Act shall be treated the same as the original it replaced.

Uniform Commercial Code. The Uniform Commercial Code (U.C.C.) can provide guidance as well to some defined terms.

Under U.C.C. § 1-201(41), “‘[u]nauthorized signature’ means a signature made without actual, implied, or apparent authority. The term includes a forgery.”

Under U.C.C. § 3-407(a), “‘[a]lteration’ means (i) an unauthorized change in an instrument that purports to modify in any respect the obligation of a party, or (ii) an unauthorized addition of words or numbers or other change to an incomplete instrument relating to the obligation of a party.”

Under U.C.C. § 3-104(a),

“negotiable instrument” means an unconditional promise or order to pay a fixed amount of money, with or without interest or other charges described in the promise or order, if it:

(1) is payable to bearer or to order at the time it is issued or first comes into possession of a holder;

(2) is payable on demand or at a definite time; and

(3) does not state any other undertaking or instruction by the person promising or ordering payment to do any act in addition to the payment of money, but the promise or order may contain (i) an undertaking or power to give, maintain, or protect collateral to secure payment, (ii) an authorization or power to the holder to confess judgment or realize on or dispose of collateral, or (iii) a waiver of the benefit of any law intended for the advantage or protection of an obligor.

Practical Issues and Guidance on Forgery Claims

Does the claim involve a covered instrument? To answer this question, determine whether the instrument is a negotiable instrument, certificate of deposit, letter of credit, withdrawal order, receipt, or instruction or advice, or checks, drafts, promissory notes, or directions to pay a sum certain under the terms of the policies.

In the financial institution bond hypothetical above, Bank X received emails requesting international wire transfers. The actual and formal requests were contained in PDFs attached to emails that contained a forged signature. These emails were not negotiable instruments but rather could arguably be instructions directed to the insured, purportedly signed by a customer of the insured which bore a signature that is a forgery.

In the commercial crime policy hypothetical above, Company B’s controller, relying on emails purportedly from Owner Y requesting that money be wire transferred to his account, executed wire transfers from Company B’s accounts to the fraudster.

Typically, affidavits of forgery should be requested by the carrier and provided by the insured. The affidavit can be helpful in many cases and not just to establish a forgery. It can also provide some guidance on who had authority to sign the document and protect against other claims. The affidavit, however, is not the end of the inquiry. The investigation should focus on the instrument involved and whether the forgery or alteration directly caused the loss. It is also important to know what law applies in the venue and jurisdiction where the claim will be litigated.

In Ryeco, LLC v. Selective Insurance Co., the plaintiff’s vice president of operations forwarded Ryeco’s signed resolution to its bank, authorizing the bank to honor facsimile and nonmanual signatures and honor and charge Ryeco for all negotiable instruments if signed by the vice president or two others. Ryeco had a wire transfer agreement in place with the bank as well. Subsequently, a fraudster hacked into the Ryeco system and gained access to the vice president’s email account. The fraudster sent emails to the bank directing the bank to execute wire transfers consistent with the wire transfer authorization forms attached to the emails. The forms attached to the emails allegedly contained the signatures of those authorized to request the transfers. It was clear that the vice president did not send the emails and the signatures on the authorization forms were forgeries. The court found that the wire authorization forms were most like emails and not similar to checks, drafts, or promissory notes and thus were not “negotiable.”

In Metro Brokers, Inc. v. Transportation Insurance Co., the plaintiff, a real estate brokerage firm, maintained accounts at a bank and used the bank’s online system to make payments from Metro’s accounts. Fraudsters logged onto the system using a Metro employee’s access ID and password and authorized payments from Metro accounts to the fraudsters’ accounts. The court found that the electronic fund transfers did not involve checks, drafts, or promissory notes and that Metro also failed to demonstrate that the theft involved a signing of a name that was a forgery. The court held under “both federal and Georgia law, electronic fund transfers are distinguished from—and treated differently from—fund transfers made by check, draft, or bill of exchange.”

In Sanderina, LLC v. Great American Insurance Co., an unknown third party sent a series of emails to Sanderina’s controller that appeared to be from the company’s majority owner. The fraudster asked the controller to make six transfers to the fraudster’s bank accounts. The forgery or alteration provision covered losses “resulting directly from forgery or alteration of checks, drafts, promissory notes, or similar written promises, orders, or directions to pay a sum certain in money.” Sanderina argued that the policy covered “forgery . . . or . . . directions to pay a sum certain in money” and that the emails contained directions to pay money. The court concluded that the emails containing directions to pay money were not similar to checks or drafts.

Another inquiry is whether the insured had in its possession a “Written, Original” document as defined by the policy. The financial institution bond policy above mandates that the insured be in actual physical possession of an “original” instrument. The definition of “original” typically does not include “photocopies or electronic transmissions even if received and printed.” The hypothetical demonstrates that the wire transfer requests came via emails or electronic transmissions. It is important for the claims professional to seek the actual original document that is being claimed to be an “original” document containing the forgery or alteration. The examination of the original document can be used to analyze alterations to the documents involved and assist in ascertaining whether the document claimed to be an “original” is actually an “original.” In the hypothetical, whether a PDF attached to an email is an “original” has been litigated in at least two cases.

In Crown Bank JJR Holding Co. v. Great American Insurance Co., the bank received a series of emails from someone purporting to be a customer who was also the wife of the CEO and a director of the bank herself. These emails requested that money be transferred from her account. As part of the procedure, the fraudster “executed” wire authorization forms and emailed those forms to the bank as PDFs attached to emails. The authorization forms contained the forged signature of the customer. In fact, the customer executed an affidavit of forgery. The court found that these authorization forms sent to the bank in PDFs attached to the emails were not “originals” as defined by the policy as they were electronically sent.

Can the claim involve an “unauthorized signature”? Claimants may also argue that the forged document allegedly causing the loss also triggers coverage under an unauthorized signature insuring agreement or endorsement. The unauthorized signature endorsement is a typical amendment or addition to the financial institution bond. This endorsement provides coverage for loss “resulting directly from the Insured having accepted, paid or cashed any check or withdrawal order made or drawn on a customer’s account which bears the signature or endorsement of one other than the person whose name and signature is on file with the Insured as a signatory on such account.”

With respect to this endorsement, the inquiry is whether the name on file matches the signature on the covered instrument. It has been found that the endorsement does not provide coverage where someone other than the signatory signs the name of the actual signatory. Rather, the endorsement provides coverage where someone signs their own name, as if they were a signatory or had endorsement authority, but actually is not an authorized signatory.

In Citibank Texas, N.A. v. Progressive Casualty Insurance Co., Citibank, for a period of time, allowed Todd Lindley, an authorized signatory on GoldenLife’s account as well as on another Citibank account in the name of Lindley Properties, to endorse and deposit into his personal Lindley Properties account 16 checks payable to GoldenLife totaling over $1 million. Lindley used these GoldenLife funds in an unauthorized manner. After Citibank and GoldenLife settled their dispute, Citibank sought reimbursement from Progressive. Under the fidelity bond’s unauthorized signature rider, Insuring Agreement (D) was modified as follows: “Accepting, paying or cashing any Negotiable Instruments or Withdrawal Orders that bear unauthorized signatures or endorsements shall be deemed to be a Forgery under this Insuring Agreement.” Lindley’s endorsements of the GoldenLife checks had been held unauthorized by the state court, so Citibank contended that these checks were “unauthorized endorsements” and thus forgeries for purposes of Insuring Agreement (D), as modified by the rider. The U.S. Court of Appeals for the Fifth Circuit held that Lindley was not an “unauthorized endorser” on GoldenLife’s accounts for purposes of the bond, and thus his abuse of endorsement authority did not come within the bond’s coverage. The rider defined an “unauthorized endorsement” as an “endorsement not reflected on the appropriate signature card or named in the Insured’s records for the account or accounts in question.”²⁴ The court applied the general rule that an endorsement is unauthorized “if the person signing either (1) had no authority whatsoever to endorse negotiable instruments for the named payee (i.e., the person was not authorized to endorse and thus is an unauthorized endorser per se), or (2) had some authority to endorse for the named payee but exceeded the scope of his endorsement authority.” The court found that the bond covered the former situation but not the latter.

Does combining or bundling the documents trigger coverage? Claims may also arise where the claimant asserts that while a noncovered instrument has a forgery or alteration, when analyzing for coverage, this document should be considered interconnected with a covered instrument and therefore coverage applies. The following cases provide some guidance.

In Success Healthcare, LLC v. Zurich American Insurance Co., Success Healthcare and related entity Promise Healthcare decided to consolidate services, such as human resources, employee benefits, payroll, and accounting. One of Promise’s employees who performed work on Success’s behalf was payroll director Sonny Ramdeo. Ramdeo recommended that Success and Promise use an outside payroll processing company, PayServ Tax, which was actually a fictitious company created and owned by Ramdeo. Success and Promise transferred funds to PayServ through “reverse ACH” transactions, which require corporate authorization by an authorized signatory on the payee’s accounts, after which the vendor has unilateral access to those accounts. Ramdeo fraudulently obtained the electronic signature of the entities’ comptroller needed to set up the accounts and initiated weekly reverse ACH transactions into PayServ. Over a two-year period, Ramdeo stole more than $10 million of Success’s funds through PayServ. Success sought recovery under its commercial crime policy, which afforded coverage for losses involving covered instruments, including “[c]hecks, drafts, promissory notes, or similar written promises, orders, or directions to pay a sum certain.” Success contended that the forged authorization fit the policy’s definition of “covered instrument” when coupled with the ACH transactions. The court determined that Ramdeo was only able to initiate the weekly ACH transactions because of the fraudulently obtained authorization and found that Success had adequately stated a claim under the policy.

In Harvard Savings Bank v. Security National Insurance Co., fraudsters engaged in a $179 million loan scam through their company, First Farmers Financial LLC. They created financial documents that looked authentic but were fake and submitted this false information to the U.S. Department of Agriculture (USDA) to become a certified nontraditional lender of USDA-guaranteed loans. First Farmers then started to issue loans that seemed to have originated under the USDA’s loan program. These loans appeared to be guaranteed by the USDA, but the loans were fake and no one actually was loaned any money. Each packet of the fake loans included loan note guarantees and assignment guarantee agreements that contained forged signatures. Coverage was provided for forgery or alteration of negotiable instruments, and the “negotiable instrument” definition in the financial institution bond was similar to the definition in the U.C.C. Under applicable Illinois law, documents are construed as a “single agreement” where the documents are executed at the same time. The court, in viewing the documents together (both the forged and non-forged documents), found that the insurer, on its motion for summary judgment, did not meet its burden as to the forgery and alteration insuring agreement.

Did the loss result directly from the forgery or alteration? Courts have addressed this issue and have found that the phrase “loss resulting directly from a forgery or alteration” requires that the financial loss “be due to the forgery or alteration itself.” When a loss stems from worthless collateral, for example, loss would have occurred whether or not documents were fabricated.

In Great Southern Bank v. Hartford Fire Insurance Co., individuals executed a promissory note secured by property bonds in favor of Great Southern Bank, and the individuals executed a commercial pledge agreement granting the bank a security interest in the bonds. Subsequently, the individuals defaulted on the note. Following the default, it was revealed that the collateral bond relied upon by the bank bore a forged signature and the bonds were not legitimate. A plain reading of the bond language at issue would indicate a loss resulting from the bank’s reliance on the forged signatures; however, the insuring agreement provided coverage for loss “resulting directly from a forgery or alteration.” The court found that the bank’s loss did not stem from the forged signature but rather from its reliance on bonds with no intrinsic value.

In Forcht Bank, N.A. v. Bancinsure, Inc., loans made to a company were secured by a life insurance policy issued to the principal of the company. The principal provided a letter purportedly from the life insurance company that stated the cash value of the life insurance policy and was signed by another individual. The bank approved the loan and issued the loan to the company. The company defaulted on the loan, and the bank contacted the life insurance company to assert a claim against the collateral. The life insurance policy did not have the cash value that it was alleged to maintain, the letter stating the value was a forgery, and the policy had been assigned to multiple banks. The court deemed the collateral worthless. The court found that the collateral was worthless from the day it was signed, and the loss stemmed from the reliance on worthless collateral and not from the forgery itself.

Insurer Response—Fraudulent Instruction Coverage

Carriers across the country and worldwide have heard their insureds’ concerns. Every day, individuals and companies receive phishing emails or robocalls advising that the IRS has commenced an action against them or that the Social Security Administration has detected fraud on their Social Security numbers. Every day, individuals and companies fall victim to these frauds. Social engineering matters are part of our daily lives. Insurers have listened, and many companies are now offering cyber deception coverage or social engineering coverage. These policies may provide coverage for reliance on fraudulent emails requesting wire transfers. “Cyber deception” may be defined as “the intentional misleading or deception of an employee . . . by a person falsely purporting to be your client [or] vendor . . . through social engineering, pretexting, phishing, . . . or any other confidence trick communicated by email [or] text . . . which results in your transfer . . . of money.”

In Tidewater Holdings, Inc. v. Westchester Fire Insurance Co., the plaintiff’s accounts payable clerk received an external email from a fraudster instructing the clerk to alter payment details the plaintiff held on file for a client of the plaintiff. The details were changed, and subsequent payments were made from the plaintiff to the fraudster. The policy offered coverage for “loss resulting directly from the Company having transferred, paid or delivered any Money or Securities as the direct result of a Fraudulent Transfer Request committed by a person purporting to be an Employee, customer, client, or vendor.” The policy defined “Fraudulent Transfer Request” to mean

the intentional misleading of an Employee, through a misrepresentation of a material fact which is relied upon by an Employee, sent via an email, text, instant message, social media related communication, or any other electronic telegraphic, cable, teletype, telefacsimile, telephone or written instruction, regardless of whether such misrepresentation is part of a phishing, spearphishing, social engineering, pretexting, diversion, or other confidence scheme.

The limits of liability for this coverage were significantly less than the traditional computer fraud coverage. The policy also excluded social engineering losses from all coverages except under the fraudulent transfer request coverage. The plaintiff only pursued coverage under the computer fraud coverage. Finding no ambiguity in the policy, the court granted the insurer’s motion to dismiss.

Conclusion

There are many things to consider on a claim premised on forgery or alteration. Understanding whether it is a direct loss, whether one has the original document, and the law of the jurisdiction where the policy language will be interpreted are some of the things that must be taken into consideration.