823 F.3d 456
8th Cir.2016Background
- Bellingham Bank used FedLine and a desktop tied to a Fed-provided VPN to send wires; completing a transfer required two employees to enter usernames, tokens, passwords, and passphrases.
- An employee (Kirchberg) left two authentication tokens in the computer and left it running; overnight a Zeus Trojan allowed unauthorized transfers of $485,000 to foreign accounts; one transfer was recovered by an intermediary, the other was not.
- Bellingham submitted a proof of loss under a Financial Institution Bond issued by BancInsure covering computer-system fraud (Insuring Agreement H); BancInsure denied coverage invoking multiple exclusions (employee-caused loss, theft of confidential information, and computer mechanical/failure-type exclusions).
- Bellingham sued for breach of contract in federal court (diversity); the district court granted summary judgment for Bellingham, finding the criminal hacker’s intrusion was the efficient and proximate cause of the loss and not an excluded cause.
- BancInsure appealed, arguing (1) the concurrent-causation doctrine should not apply to financial institution bonds or was contracted around here, and (2) factual questions remained about the proximate cause of the loss.
- The Eighth Circuit affirmed summary judgment for Bellingham, applying Minnesota law and the concurrent-causation doctrine and holding the criminal third-party hacking was the overriding cause of the loss.
Issues
| Issue | Plaintiff's Argument | Defendant's Argument | Held |
|---|---|---|---|
| Whether Minnesota's concurrent-causation doctrine applies to financial institution bonds | Bellingham: Yes; bonds are treated as insurance policies so doctrine applies | BancInsure: No; bonds require direct/immediate proof of criminal causation, a higher standard | Court: Doctrine applies; bonds are treated like insurance and doctrine does not raise proof bar |
| Whether Bond language excludes concurrent-causation (i.e., parties contracted around the doctrine) | Bellingham: Bond lacks clear anti-concurrent-causation language | BancInsure: Exclusions using “indirectly” and similar terms negate concurrent-causation | Court: Requiring clear, specific anti-concurrent clause; mere reference to “indirectly” is insufficient |
| Whether employees’ failures (password handling, no AV update) were the efficient and proximate cause rather than the hacker | Bellingham: Hacker’s fraudulent entry/change was the overriding cause | BancInsure: Employee conduct was the efficient cause; factual dispute for jury | Court: Hacker’s criminal conduct was not a foreseeable, inevitable consequence of employee lapses; hacker was the efficient and proximate cause, proper for summary judgment |
| Whether coverage under Insuring Agreement H was defeated by exclusions (employee or mechanical-error exclusions) | Bellingham: Insuring Agreement H covers fraudulent electronic entry causing transfer | BancInsure: Exclusions for employee-caused loss, theft of confidential info, and computer failure bar recovery | Court: Exclusions do not bar recovery because criminal intrusion was the overriding cause under concurrent-causation doctrine |
Key Cases Cited
- Campbell v. Ins. Serv. Agency, 424 N.W.2d 785 (Minn. Ct. App. 1988) (articulating Minnesota’s concurrent-causation approach)
- Henning Nelson Const. Co. v. Fireman’s Fund Am. Life Ins. Co., 383 N.W.2d 645 (Minn. 1986) (concurrent-causation authority cited by Minnesota courts)
- Fawcett House, Inc. v. Great Cent. Ins. Co., 159 N.W.2d 268 (Minn. 1968) (early Minnesota concurrence-causation precedent)
- Anderson v. Connecticut Fire Ins. Co., 43 N.W.2d 807 (Minn. 1950) (historical authority on causes and coverage)
- Friedberg v. Chubb & Son, Inc., 691 F.3d 948 (8th Cir. 2012) (Eighth Circuit application of Minnesota concurrent-causation doctrine and definition of "efficient and proximate cause")