Banks have long been a favorite target for lawsuits when their customers don’t take basic steps to oversee their employees who later bilk the customer for millions of dollars over the course of untold years. Customers often try to hold the bank liable for some nuance in the fraud, like a bookkeeper who issues company checks without signatory authority or an employee who makes an irregular indorsement to cash stolen checks. These claims effectively transform banks into insurers against embezzlement, and some of these claims have gained traction in court. But such depositor claims will now face an uphill climb. Last week a unanimous Washington State Supreme Court held that a signature by a non-payee on the back of a check acts as an indorsement that triggers the one-year time bar for reviewing statements and reporting fraud. A customer who doesn’t report the fraud within a year can’t recover against the bank—nor can other banks in the collection chain be liable for breach of warranty claims—regardless of the bank’s culpability, if any. Continue Reading
Seth is editor of The Northwest Policyholder, www.nwpolicyholder.com, the firm’s insurance coverage blog, where portions of this article previously appeared.
Surveys of C-suite executives continually rank cyber-related risks near the top of risk-management concerns. “Phishing,” hacking, and cyber-ransom events are constantly in the news and are affecting companies of all sizes. Regulators are increasingly focusing on what companies are doing to protect themselves from these risks, including what insurance has been procured in case frontline defenses fail. The banking industry is no different and, as a result, cyber-security and cyber-risk management are becoming board-level concerns.
At the same time, bankers are rightly concerned about the resiliency of their customers and business partners from cyber-events. A key component of that resiliency is, of course, insurance. The insurance industry, for its part, is concerned about the scope of financial exposure from cyber-events, and has responded by creating specialized coverage forms to channel the risk toward products that are written specifically for cyber-risk and are underwritten and priced accordingly. Insurers are also pushing back at attempts to obtain coverage for new risks under traditional products.
With cyber-losses becoming a regular occurrence in the business world, litigation between policyholders and insurers about those losses is helping to illuminate some particular areas where vigilance is needed. Continue Reading
As many of you know, I spent six years as a bank regulator in the Securities Disclosure Division of the OCC. Since moving out to the Northwest, I have had the privilege of being involved with several hundred community banks ranging from de novos to capital raises and from enforcement actions to mergers and acquisitions. I think it is fair to say that I have seen both sides of the regulatory equation in banks throughout the U.S. and heavily in the West.
I have worked on the Bert Lance investigation, the Change in Bank Control Act, SEC Guide 3, and participated in meetings with the full SEC commission and its senior enforcement staff, as well as all of the federal banking agencies and many state banking agencies. I have witnessed the ebb and flow of the economy and regulatory environment. Recent events have compelled me to write this article about my observations regarding community banking and its future. No one has a crystal ball, but reading the tea leaves isn’t that challenging, so here we go. Continue Reading
In the past few months we have seen a few new developments on the cyber-risk frontier, including a court decision in Arizona in the P.F. Chang’s case, and the emergence of social engineering fraud as a stand-alone coverage. Here are three action items to help Northwest businesses manage cyber-risks effectively through insurance.
1) Read your cyber-policy, then read it again – it may not cover your biggest risks, in which case you must negotiate coverage. First up is the recent court decision—one of the first on a stand-alone cyber risk policy—in the P.F. Chang’s case in Arizona. The restaurant chain experienced a data breach involving customer credit card information. The restaurant did not pay the costs to reissue the cards, cover the fraudulent charges, etc. itself—that was taken care of by a “merchant services” vendor and by Visa/Mastercard. But the merchant services vendor was entitled to charge all of those costs back to P.F. Chang’s under a contract. P.F. Chang’s looked to its cyber insurer (Chubb) to cover those costs. Chubb paid some, but denied others, relying on a relatively obscure provision excluding payments made because of a contractual obligation. The court agreed that the exclusion barred P.F. Chang’s recovery even though the charges were because of a data breach, which was otherwise covered. Continue Reading