LOS ANGELES (8/22/12)--The California Court of Appeals has ruled that a financial institution's insurance claim for losses stemming from fraudulent wire transfers is not covered because the institution failed to follow security procedures mandated by its insurance policy.
The appellate court affirmed on July 31 a ruling by Los Angeles County Superior Court Judge Terry A. Green in favor of the insurance company, CUMIS Insurance Society, which was the insurer for the California-based credit union. The new ruling was published on Aug. 17, according to court documents.
CUMIS had provided a bond for coverage to the credit union for more than 10 years. The coverage was typically renewed in February of each year and the bond in question was effective from February 2007 to February 2008.
In January 2008, the credit union transferred nearly $243,700 from a member's account to a bank account in Hong Kong, according to the ruling's document. A man identifying himself as the member called the credit union to change the telephone number associated with the account. He provided the member's Social Security number, birthdate, mother's maiden name and current transition activity and the telephone number was changed.
Five days later on Jan. 14, the credit union received a fax of a completed wire transfer request form, directing the credit union to transfer funds from the member's homeowner's line of credit to the Hong Kong account. The credit union determined the signature on the fax and information matched that of the member and that no legal impediments prevented the transfer. The credit union called the new phone number and a man identifying himself as the member confirmed the transfer request. The man answered correctly a series of security questions and the credit union completed the transfer, said the court documents.
The member learned of the transfer two weeks later when his wife contacted the credit union about refinancing a loan. He submitted a sworn statement he had not requested the transfer and had not authorized anyone else to do so.
The credit union could not recover the funds and submitted a claim to CUMIS. On April 8, 2008, CUMIS informed the CEO that the bond did not cover the loss because the credit union had not verified the wire transfer request by using a "secure telephone number" as outlined in its policy. "Secure telephone number" means a "replacement telephone number for the member…that the credit union received at least 30 days prior to the receipt of the [wire transfer] instruction. Instead, the credit used the telephone number that had been changed five days earlier.
In the appellate court opinion, Presiding Justice Robert Mallano agreed with the lower court that the credit union's failure to comply with the security procedure entitled the insurer to deny payment under the bond. He noted the insurer had notified the credit union in October 2006 of changes taking effect in February 2007, including a callback verification procedure. The company said it would pay for a fraudulent wire transfer if a credit union performed the specific call back verification requirements.
The court rejected the credit union's argument that it was not required to use the callback because it used an alternative security measure permitted under the bond, namely a "written funds transfer agreement, signed by the member or the member's authorized representative." The court noted that "the alternative security procedure required the signature of the member or an authorized representative. A forged signature, as here, did not suffice."
CUNA Mutual Group, of which CUMIS is a member, declined to comment on the case.