Office of the Special Deputy Receiver: Seventh Circuit applies Fraudulent Instructions Exclusion in finding No Coverage for Computer Systems Fraud Loss

In the recent decision of Office of the Special Deputy Receiver v. Hartford Fire Ins. Co., the Seventh Circuit Court of Appeals affirmed the District Court’s dismissal of an insured’s action seeking indemnity under a Computer Systems Fraud rider.  The Seventh Circuit applied a different rider’s Fraudulent Instructions exclusion to find no coverage for the claimed loss.  The decision reinforces basic principles of bond and rider interpretation and also considers (and rejects) an “illusory coverage” argument.

The Facts

The Office of the Special Deputy Receiver (“OSD”) is an Illinois non-profit corporation that administers estates for insolvent or financially troubled insurance companies.

Fraudsters outside OSD used a spear phishing scheme to gain access to the Chief Financial Officer’s email account.  Impersonating the CFO and using his email account, the fraudsters sent emails to other OSD employees instructing them to transfer assets, purportedly to fund new investments.  The fraudsters changed the rules in the CFO’s email account such that they were able to respond to questions about the transfers.  OSD’s staff wired the money as requested, and over the course of a few weeks OSD lost nearly $7,000,000 (of which it later recovered approximately $3,000,000).

The Insuring Agreements and Exclusion

OSD maintained a Financial Institution Bond for Insurance Companies with Hartford.  Rider 13 to the Bond (Computer Systems Fraud) provided that Hartford would indemnify for:

Loss resulting directly from a fraudulent

(1)       entry of Electronic Data or Computer Program into, or

(2)       change of Electronic Data or Computer Program within any Computer System operated by [OSD] … provided that the entry or change causes

(i)        Property to be transferred, paid or delivered[.]

Rider 17 (Electronic Mail Initiated Transfer Fraud) provided that Hartford would indemnify for:

Loss resulting directly from [OSD] having, in good faith, transferred or delivered Funds, Certificated Securities or Uncertificated Securities, in reliance upon a fraudulent instruction sent to [OSD] through electronic mail, and:

(1)       which fraudulent instruction purports and reasonably appears to have originated from:

(a)       a Customer of [OSD], or

(b)       an Employee acting on instructions of such Customer, or 

(c)       another financial institution acting on behalf of such Customer with authority to make such instructions;

but, in fact, was not originated by the party referenced in (a)-(c) above whose identification it bears[.]

Rider 17 also excluded coverage for certain losses, including:

loss resulting directly or indirectly from [OSD] having, in good faith, transferred or delivered Funds, Certificated Securities or Uncertificated Securities, in reliance upon a fraudulent instruction sent to [OSD] through electronic mail, except when covered [by Rider 17’s affirmative coverage…].

Both riders stated that they modified the entire bond, and Rider 17’s exclusion provision stated that it was an amendment to the exclusions section of the main policy document.

OSD submitted a claim under Rider 13.  Hartford concluded that the exclusion in Rider 17 applied to exclude the claim under Rider 13.

The Decision

The Seventh Circuit affirmed the District Court’s holding that Rider 17’s exclusion applied:

It’s undisputed that OSD’s claims do not fall within Rider 17’s affirmative coverage.  Whether the exclusion in Rider 17 applies turns on a simple question: is an email sent from a hacker posing as one OSD employee to another OSD employee “a fraudulent instruction sent to” OSD? If yes, Rider 17’s exclusion applies, and dismissal was appropriate.  If no, then the exclusion doesn’t apply, and OSD’s suit should proceed in the district court.

Emails, like all messages, originate with a sender and end with a recipient.  Sometimes the sender and recipient are the same person.  The exclusion in Rider 17 doesn’t include all emails — it’s limited to the subset of messages sent to one particular recipient, OSD.  In other words, losses resulting from an emailed, fraudulent instruction sent to OSD (but not other recipients) fall under the exclusion and are not covered.  But while the exclusion is restricted by recipient, it says nothing about any limit based on a message’s sender.  For instance, the exclusion doesn’t say that messages originating only from senders outside OSD trigger the exclusion.  Rather, it simply says messages sent to OSD qualify.  In this case, the emails in question were sent to OSD employees. They included a fraudulent instruction that led to a loss. The exclusion applies.  [emphasis added; citations omitted]

The Court addressed several of OSD’s arguments in support of coverage.  OSD first asserted that the exclusion could not be triggered where emails were sent within OSD.  The Court rejected this:

OSD contends that the emails at issue were sent within [OSD] (rather than to it).  This is semantics.  Just because a message’s sender and recipient are the same person does not mean that the message wasn’t sent to that person.  Put differently, if these emails weren’t sent to OSD, then who were they sent to?  Styling the messages as having been sent within [OSD] doesn’t somehow eliminate the categories of sender and recipient (categories which the contract itself uses), and the exclusion tells us to look only at recipient.  In this case, that’s OSD. [emphasis added]

OSD then argued that Rider 17’s exclusion implicitly incorporated a restriction on senders and could only apply to emails sent from outside OSD, similar to Rider 17’s insuring agreement.  The Court rejected this:

A better, but still unsuccessful, argument is that the exclusion implicitly incorporates a restriction on senders, such that it only applies to emails sent from outside the Office.  OSD correctly observes that Rider 17’s affirmative grant of coverage includes such a restriction: the Rider provides coverage for losses associated with emails that purport and reasonably appear to have originated from (1) a customer, (2) an employee acting on the instructions of a customer, or (3) another financial institution acting on behalf of a customer.  OSD also notes that the contract elsewhere explained in explicit terms that coverages for fraud by fax and telephone included communications sent within the company.

We must read Rider 17’s exclusion and positive statement of coverage together, considering the entire contract, because the “intent of the parties is not to be gathered from detached portions of a contract or from any clause or provision standing by itself.” Yet context only goes so far — we also must not add words where they are not written.  Rider 17’s positive coverage includes a restriction on senders; the exclusion does not. Nothing about the context of Rider 17 (or the rest of the contract) suggests that the parties meant to restrict the exclusion in the same way as the positive coverage. [emphasis added]

Put differently, OSD bargained for email fraud coverage that met specific criteria.  The parties agreed in the exclusion that email fraud that didn’t meet that criteria wasn’t covered.  That Rider 17’s exclusion is in some ways broader than the positive coverage (applying to both direct and indirect losses and restricted only based on recipient) is neither unusual nor a reason to rewrite the contract.  Similarly, while the parties elsewhere explicitly drew lines between communications from outside OSD and messages sent from one part of OSD to another, that doesn’t mean they were required to use the same level of specificity or necessarily intended such a restriction in Rider 17.  [emphasis added; citations omitted]

Finally, OSD argued that applying Rider 17’s exclusion to the insuring agreement in Rider 13 created a conflict between those provisions (and thus an ambiguity), while also rendering the coverage under Rider 13 illusory.  The Court rejected both of these arguments:

OSD’s last stand is that Rider 17 shouldn’t apply at all or creates ambiguity in the agreement because (1) Rider 13’s computer systems fraud coverage applies to the fraud as alleged, (2) the claim doesn’t fall within Rider 17’s affirmative coverage, and (3) applying the exclusion from Rider 17 creates a conflict with the coverage under Rider 13.

Insofar as OSD is suggesting that Rider 17 must be read in isolation from the rest of the contract, that’s plainly wrong.  Both Riders 13 and 17 modified and became part of the Hartford bond, with Rider 13 adding coverage that was subject to the policy’s exclusions, including those added by Rider 17.  It’s true that a plain text application of Rider 17’s exclusion creates some conflict with the coverage for computer systems fraud under Rider 13 (because fraud involving email otherwise covered by Rider 13 might also fall under the exclusion).  Yet conflict between coverage and exclusion provisions creates ambiguity only when the exclusion swallows or nullifies the positive coverage, and that’s not what we have here.  Subtracting claims barred by Rider 17’s exclusion, Rider 13’s coverage still applies to all instances of computer systems fraud that don’t involve reliance on fraudulent instructions sent to OSD by email.  That means the exclusion does not render Rider 13’s coverage illusory.  OSD objects that it’s strange that a fraud that might otherwise be covered by Rider 13 is not covered because it was perpetuated by email. But there’s nothing strange or ambiguous about an exclusion knocking out parts of coverage in a policy — that’s what exclusions do.  [emphasis added; citations omitted]

Consequently, the Seventh Circuit affirmed the District Court’s dismissal of OSD’s coverage action.

Conclusion

The Seventh Circuit’s decision applies and reinforces some basic principles of bond interpretation.  First, when an endorsement or rider adds an exclusion or other provision applicable to the bond or policy as a whole, the exclusion is to be applied across the entire bond or policy, not only to the rider in which it is located.  An exclusion that is restricted in application solely to the coverage afforded under a specific rider will explicitly indicate that.

Second, an exclusion will render coverage “illusory” only where the exclusion truly nullifies the coverage grant, not merely where it arguably removes coverage for some significant subset of circumstances which might otherwise qualify for coverage.  In this regard, the Seventh Circuit’s decision is consistent with the recent decision of the Supreme Court of Canada in Emond v. Trillium Mutual Insurance Co., 2026 SCC 3, in which the majority of the Court held that the nullification rule only prevents insurance contracts from being construed so as to defeat the very coverage the policy provides, thereby defeating the very objective of the insurance contract and rendering it nugatory.  As the majority in Emond held, “nullification of coverage applies in the extreme and specific scenario where coverage is nullified, such that the insurer is pocketing a higher premium without any material risk” (para. 65).  The Seventh Circuit found that there was still scope for Rider 13 to provide some indemnity in circumstances other than those falling within Rider 17’s exclusion.

Office of the Special Deputy Receiver v. Hartford Fire Ins. Co., 2026 WL 1758981 (7th Cir.)

Fidelity Blog

Blue Compass RV: Fifth Circuit analyzes meaning of “Vendor” in finding No Coverage for Social Engineering Fraud Loss under Crime Policy

On June 5, 2026 the Fifth Circuit Court of Appeals released its decision in Blue Compass RV, L.L.C. v. Twin City Fire Ins. Co.  The Fifth Circuit affirmed the District Court’s dismissal of the insured’s social engineering fraud (SEF) claim under several non-SEF insuring agreements on the basis that the claimed loss fell squarely within … Continued

by

Cadaret, Grant & Co.: U.S. District Court finds No Coverage under Financial Institution Bond for Registered Representative’s Selling Away Ponzi Scheme

In the recent decision of Cadaret, Grant & Co. v. Great American Insurance Co., the U.S. District Court for the Eastern District of New York applied the “direct loss” requirement of coverage, the ownership condition and the legal liability exclusion to find no coverage under a Financial Institution Bond in respect of a registered representative’s … Continued

by

Gore, Kilpatrick & Dambrino PLLC: U.S. District Court finds No Social Engineering Fraud Coverage in Phony Debt Collection Fraud

On March 31, 2026 the U.S. District Court for the Northern District of Mississippi released its decision in Gore, Kilpatrick & Dambrino PLLC v. Spinnaker Ins. Co.  The Court interpreted the requirements of a Social Engineering Fraud (SEF) insuring agreement in a cyber policy in the context of a phony debt collection fraud perpetrated on … Continued

by

Westlake Chemical: Texas Court of Appeals applies Authorized Representative Exclusion in finding No Coverage under Crime Policy for Phony Invoicing Scheme

On May 25, 2023, the Texas Court of Appeals released its decision in Westlake Chemical Corporation v. Berkley Regional Insurance Company.  The Court affirmed the District Court’s summary judgment in favour of the insurers on the basis that the Authorized Representative Exclusion applied.  The Court’s decision is notable in finding that the exclusion does not require … Continued

by

Cachet Financial Services: U.S. District Court finds No Coverage under Commercial Crime Policy for Alleged ACH Kiting and Related Frauds

In the recent decision of Cachet Financial Services v. Berkley Insurance Company, the United States District Court for the Central District of California found no coverage under a commercial crime policy in respect of several alleged frauds involving a payroll processor. The decision is instructive for fidelity claims professionals as to the meaning of “alteration” in … Continued

by

All Fidelity Blog Posts