IN THE UNITED STATES COURT OF APPEALS FOR …

Case: 15-20499 Document: 00513722432 Page: 1 Date Filed: 10/18/2016

IN THE UNITED STATES COURT OF APPEALS FOR THE FIFTH CIRCUIT

No. 15-20499

APACHE CORPORATION, Plaintiff ? Appellee Cross-Appellant

v. GREAT AMERICAN INSURANCE COMPANY,

Defendant ? Appellant Cross-Appellee

United States Court of Appeals Fifth Circuit

FILED

October 18, 2016

Lyle W. Cayce Clerk

Appeals from the United States District Court for the Southern District of Texas USDC No. 4:14-CV-237

Before JOLLY, BARKSDALE, and SOUTHWICK, Circuit Judges. PER CURIAM

Texas law controls this diversity action, which arises out of Apache Corporation's being defrauded by criminals, in part by their use of an email; as a result of the fraud, and a flawed follow-up investigation by Apache, it made authorized payments of legitimate invoices from its vendor to the criminals' bank account, instead of to its vendor's. Great American Insurance Company (GAIC), Apache's insurer, denied its claim for coverage of its loss under GAIC's "Computer Fraud" provision of Apache's crime-protection insurance policy. At

Pursuant to 5th Cir. R. 47.5, the court has determined that this opinion should not be published and is not precedent except under the limited circumstances set forth in 5th Cir. R. 47.5.4.

Case: 15-20499 Document: 00513722432 Page: 2 Date Filed: 10/18/2016

No. 15-20499 issue is whether the district court correctly awarded summary judgment to Apache, on the basis that its loss was covered under that provision; and, if so, whether the court properly denied statutory penalties, subject to Texas Insurance Code ? 542.060. VACATED and RENDERED.

I. GAIC is headquartered in Ohio; Apache is an oil-production company, with its principal place of business in Houston, Texas, but operating internationally. In March 2013, during the coverage period for Apache's policy with GAIC, an Apache employee in Scotland received a telephone call from a person identifying herself as a representative of Petrofac, a vendor for Apache. The caller instructed Apache to change the bank-account information for its payments to Petrofac. The Apache employee replied that the change-request could not be processed without a formal request on Petrofac letterhead. A week later, Apache's accounts-payable department received an email from a "" address. But, Petrofac's authentic email domain name is ""; the criminals created "" to send the fraudulent email. The email advised: Petrofac's "accounts details have now been changed"; and "[t]he new account takes . . . immediate effect and all future payments must now be made into this account". As noted in the email, an attachment to it was a signed letter on Petrofac letterhead, providing both oldbank-account information and the new-bank-account number, with instructions to "use the new account with immediate effect". In addition, the email stated: the "attached letter . . . has also been posted to you". In response, an Apache employee called the telephone number provided on the letterhead to verify the request and concluded the call confirmed the authenticity of the change-request; next, a different Apache employee

2

Case: 15-20499 Document: 00513722432 Page: 3 Date Filed: 10/18/2016

No. 15-20499 approved and implemented the change. A week later, Apache was transferring funds for payment of Petrofac's invoices to the new bank account.

Within one month, however, Apache received notification Petrofac had not received the ?4.3 million (approximately $7 million) Apache had transferred to the new (fraudulent) account. After an investigation determined the criminals were likely based in Latvia, Apache recouped a substantial portion of the funds. It contends, however, it suffered a loss, before the $1 million policy deductible, of approximately ?1.5 million (approximately $2.4 million).

Apache submitted a claim to GAIC, asserting coverage under the "Computer Fraud" provision, which states:

We will pay for loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:

a. to a person (other than a messenger) outside those premises; or

b. to a place outside those premises.

In its denial letter, GAIC advised Apache's "loss did not result directly from the use of a computer nor did the use of a computer cause the transfer of funds".

Apache initiated this action in Texas state court in January 2014 against GAIC for denying its claim under the computer-fraud provision. After GAIC removed the action to district court, both parties moved for summary judgment.

The court denied GAIC's motion and granted Apache's, ruling, inter alia, "the intervening steps of the [post-email] confirmation phone call and

3

Case: 15-20499 Document: 00513722432 Page: 4 Date Filed: 10/18/2016

No. 15-20499 supervisory approval do not rise to the level of negating the email as being a `substantial factor'". Apache Corp. v. Great Am. Ins. Co., Civil Action No. 4:14CV-237, 2015 WL 7709584, at *3 (S.D. Tex. 7 Aug. 2015). Moreover, the court reasoned that, if the policy only covered losses due to computer hacking, such an interpretation would render the policy "pointless". Id.

Apache moved for entry of final judgment, and sought, inter alia, statutory penalties under Texas Insurance Code ? 542.060. But, in entering judgment, the court denied the penalties.

II. GAIC challenges the summary judgment awarded Apache; on the other hand, Apache challenges the denial of statutory penalties. Because we vacate the judgment and render it for GAIC, we do not reach the penalties issue. A summary judgment is reviewed de novo. E.g., Southern Ins. Co. v. Affiliated FM Ins. Co., 830 F.3d 337, 343 (5th Cir. 2016). Summary judgment is proper if the movant shows no genuine dispute as to any material fact and entitlement to judgment as a matter of law. Fed. R. Civ. P. 56(a). "The court must view the facts developed below in the light most favorable to the nonmoving party." La. Generating, L.L.C. v. Ill. Union Ins. Co., No. 15-30914, --F.3d ----, 2016 WL 4150902, at *2 (5th Cir. 4 Aug. 2016). A genuine dispute of material fact exists "if the evidence is such that a reasonable jury could return a verdict for the nonmoving party". Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986). Interpretation of an insurance policy presents a question of law; therefore it is also reviewed de novo. E.g., Naquin v. Elevating Boats, L.L.C., 817 F.3d 235, 238 (5th Cir. 2016). The summary-judgment record is very limited--there were no depositions or discovery responses. For its motion, GAIC attached: Apache's

4

Case: 15-20499 Document: 00513722432 Page: 5 Date Filed: 10/18/2016

No. 15-20499 proof of loss and supporting documents, such as the email at issue and the letterhead attachment to it; the crime-protection policy; and Apache's declination letter. Apache relied on GAIC's exhibits, in addition to two very brief, self-serving declarations executed by two Apache employees.

As noted, Texas law controls this diversity action. GAIC claims, inter alia, the loss was not a covered occurrence because: the email did not "cause a transfer"; and coverage under this provision is "unambiguously limited" to losses from "hacking and other incidents of unauthorized computer use". GAIC notes that, under Texas law, insurance provisions are interpreted according to the same rules applicable to contracts generally; but, it also asserts the "Supreme Court of Texas has `repeatedly stressed the importance of uniformity when identical insurance provisions will necessarily be interpreted in various jurisdictions'", citing McGinnes Indus. Maint. Corp. v. Phoenix Ins. Co., 477 S.W.3d 786, 794 (Tex. 2015). According to GAIC, the weight of authorities interpreting similar computer-fraud language, considered with Texas' policy goal of crossjurisdictional uniformity, persuades against coverage for Apache's claim.

Apache counters that the plain meaning of the computer-fraud language covers its loss, and maintains any ambiguity in the terms should be resolved in favor of the insured's reasonable interpretation, even if the insurer's interpretation is more reasonable, relying on RSUI Indem. Co. v. Lynd Co., 466 S.W.3d 113, 118 (Tex. 2015). Because the language of the provision says nothing about "hacking", Apache asserts it only needs to show that "any computer was used to fraudulently cause the transfer of funds".

As noted, under Texas law, courts interpret insurance policies using the same rules of construction applicable to contracts generally. Tesoro Ref. & Mktg. Co., L.L.C. v. Nat'l Union Fire Ins. Co. of Pitt., Pa., No. 15-50405, --- F.3d ----, 2016 WL 4166173, at *2 (5th Cir. 29 July 2016); Am. Mfrs. Mut. Ins. Co. v.

5

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download