Monday, August 20, 2012
Credit Union Held Responsible for Funds Lost Due to Fraud
Failure to Follow Security Procedure Fatal to Insurance Claim, C.A. Rules
By KENNETH OFGANG, Staff Writer
A financial institution is not covered for funds lost due to the processing of a fraudulent wire transfer request if it fails to follow security procedures mandated by its insurance policy, the Court of Appeal for this district has ruled.
Div. One Friday certified for publication its July 31 opinion upholding Los Angeles Superior Court Judge Terry A. Green’s ruling in favor of CUMIS Insurance Society, Inc., the insurer of Universal City Studios Credit Union.
CUMIS, which provided a credit union bond to Universal for more than 10 years, denied coverage for the loss of $243,000 that was transferred from William Ryder’s account to a bank account in Hong Kong in January 2008.
The credit union said a man identifying himself as Ryder called and requested that the telephone number associated with his account be changed. After the caller correctly gave Ryder’s Social Security number, date of birth, mother’s maiden name, and current transaction activity, the number was changed.
Five days later, the credit union received, by fax, a completed wire transfer request form, asking that funds be transferred from Ryder’s homeowner’s line of credit to the Hong Kong account. After determining that the signature on the fax and information provided matched that in Ryder’s file, and that there were no legal impediments to the transfer, the credit union called the phone number it had been given five days earlier, and a man identifying himself as Ryder confirmed that he had requested the transfer.
After the man correctly answered a series of security questions, the credit union approved and completed the transfer. Ryder learned of the transfer two weeks later when his wife contacted the credit union to ask about refinancing a loan, then submitted a sworn statement declaring that he had never asked to have the phone number changed, nor did he ask for a wire transfer or authorize anyone to access his account.
The credit union, after failing to recover the funds, tendered a claim to CUMIS. The insurer concluded that there was no coverage because new security procedures, in effect for the bonding period of February 2007 to February 2008, required that the member requesting a wire transfer be contacted at a “secure telephone number,” which was defined as a number that had been provided at least 30 days earlier.
The credit union sued CUMIS for breach of contract and bad faith. Green granted summary judgment to CUMIS, ruling that the credit union’s failure to comply with the security procedure entitled the insurer to deny payment under the bond.
Presiding Justice Robert Mallano, writing for the Court of Appeal, agreed. He noted that the credit union had been notified months in advance that the bond taking effect in February 2007 would be subject to new security procedures, and that the insurer explicitly stated that it would pay for a fraudulent wire transfer if a “callback verification” meeting the specified requirements was performed.
The presiding justice rejected the argument that the credit union was not required to obtain a callback verification because it used an alternative security measure permitted under the bond, “use of a commercially reasonable security procedure set forth in a written funds transfer agreement, signed by the member or the member’s authorized representative, that governs the transaction and instruction.”
Universal did not comply with the alternative procedure, Mallano said, because the signature that it obtained was not that of Ryder or an authorize representative, but a forgery.
The bond, the jurist noted, alternatively provided coverage for a fraudulent transfer ordered by “a person who purports to be your member...but is not your member,” if the member or authorized representative signed an authorization.
“The Credit Union would have us interpret ‘the member or the member’s representative’ to include ‘a person who purports to be [a] member but is not [a] member.’...Yet, the bond was not written that way, and we cannot rewrite it....In sum, the alternative security procedure required the signature of the member or an authorized representative. A forged signature, as here, did not suffice.”
The case is Universal City Studios Credit Union v. Cumis Insurance Society, Inc., B226868.
Copyright 2012, Metropolitan News Company