United States Court of Appeals
For the Eighth Circuit
___________________________
No. 15-3804
___________________________
Schnuck Markets, Inc.
lllllllllllllllllllll Plaintiff - Appellee
v.
First Data Merchant Services Corp.; Citicorp Payment Services, Inc.
lllllllllllllllllllll Defendants - Appellants
____________
Appeal from United States District Court
for the Eastern District of Missouri - St. Louis
____________
Submitted: September 21, 2016
Filed: January 13, 2016
____________
Before WOLLMAN, ARNOLD, and KELLY, Circuit Judges.
____________
WOLLMAN, Circuit Judge.
Grocery store chain Schnuck Markets, Inc. (Schnucks) sued its credit card
processor, First Data Merchant Services Corporation (First Data), and the acquiring
bank for its credit transactions, Citicorp Payment Services, Inc. (Citicorp). Schnucks
alleges that First Data and Citicorp (collectively, Defendants) withheld more money
from Schnucks following a data breach at Schnucks than their contract allowed.
Schnucks brought declaratory judgment and breach of contract claims, and
Defendants brought a declaratory judgment counterclaim. Both parties moved for
judgment on the pleadings. Defendants appeal from the district court’s1 order
denying their motion for judgment on the pleadings and granting Schnucks’s motion
for judgment on the pleadings. Defendants also appeal from the district court’s order
denying their motion for reconsideration, or in the alternative for leave to amend their
pleadings. We affirm.
I.
First Data served as Schnucks’s credit card processor. Citicorp served as its
acquiring bank. When a merchant such as Schnucks makes a credit card transaction,
the acquiring bank pays the merchant and is reimbursed by the bank that issued the
credit card (the issuing bank). The acquiring bank sponsors the merchant into credit
card association networks, in this case Visa and MasterCard (the Associations), and
vouches for the merchant’s compliance with the Associations’ rules. The
Associations’ rules provide that the Associations may issue fines against the
acquiring bank in the event of a cardholder data breach and assess against the
acquiring bank the costs of monitoring or cancelling at-risk cards and the amount of
fraudulent charges on the at-risk cards.
The contract between the parties consists of a Master Services Agreement
(MSA) between Schnucks and First Data and a Bankcard Addendum executed by
Schnucks, First Data, and Citicorp. The Bankcard Addendum incorporates First
Data’s Operating Procedures, and the Bankcard Addendum and First Data’s
Operating Procedures incorporate the rules and regulations of the Associations.2 The
1
The Honorable John A. Ross, United States District Judge for the Eastern
District of Missouri.
2
Defendants argue that the Associations’ rules are not incorporated into the
agreement, or that only the rules applicable to the relationship between the parties are
-2-
contract imposes upon Schnucks a broad duty to indemnify Defendants for
Schnucks’s breach of contract. Under § 4.9 of First Data’s Operating Procedures, a
determination by the Associations that Schnucks is responsible for a data breach
requires Schnucks to pay Defendants for “Data Compromise Losses,” defined as “all
related expenses, claims, assessments, fines, losses, costs, and penalties and Issuer
reimbursements” that the Associations impose on Defendants.
Under § 5.4 of the MSA, however, Schnucks’s liability is limited to $500,000,
with certain exceptions:
Limitation of Liability. Notwithstanding anything in this MSA and any
addenda to the contrary, Customer [Schnucks], FDMS [First Data] and
its affiliates’ cumulative liability . . . for all losses, claims, suits,
controversies, breaches, or damages for any cause whatsoever
(including, but not limited to, those arising out of or related to this MSA
and any addenda) and regardless of the form of action or legal theory
shall not exceed $500,000. Notwithstanding the foregoing, [Schnucks],
[First Data] and its affiliates’ cumulative liability for its breach under
Section 25 (Data Security) shall not exceed $3,000,000. . . . This
Section 5.4 limitation of liability shall not apply to [Schnucks’s] liability
for chargebacks, servicers’ fees, third party fees, and fees, fines or
incorporated. We disagree. Although § 4 of the Bankcard Addendum merely
requires Schnucks to comply with “all applicable Association Rules,” § 25 requires
Schnucks to “follow the Operating Procedures and comply with Association Rules
as they may each be amended from time to time.” And § A of First Data’s Operating
Procedures states that Schnucks “should consult the Card Organization Rules for
complete information and to ensure full compliance with them.” Moreover, ¶ 17 of
Schnucks’s Complaint alleged that “[t]he operating regulations of Visa and
MasterCard are expressly incorporated by reference as part of the Agreement,” which
Defendants admitted in ¶ 17 of their Answer. The Associations’ rules are thus
incorporated into the agreement, even to the extent that they do not directly govern
the relationship between Schnucks and Defendants.
-3-
penalities [sic] by the Association or any other card or debit card
provided under this MSA or any addenda.
Section 13.3 of the Bankcard Addendum defines “third party fees” as “all fees and
charges . . . without limitation, of any Credit Card Association, Network, card-issuing
organization, telecommunications provider, federal, state, or local governmental
authority (each a ‘Third Party’) including, without limitation any switch fee, issuer[]
reimbursement fee, adjustment fee, interchange fee, assessment fee or access fee[]
(collectively, [‘]Third Party Fees’).” The contract also permits Defendants to retain
in a reserve account funds that Schnucks owes them.
In March 2013, a cyber-attack against Schnucks compromised cardholder data.
MasterCard assessed a case-management fee against Citicorp, as well as costs to
reimburse issuing banks for card monitoring and replacement and for fraudulent
charges. Citicorp projected the total amount of Visa’s assessment based on
MasterCard’s assessment. Based on these assessments and projections, First Data
established a reserve account, and Defendants have withheld more than $500,000
from Schnucks’s credit transactions.
Schnucks’s breach of contract and declaratory judgment action alleges that the
limitation of liability provision establishes a $500,000 cap on its liability for the
assessments against Citicorp. Defendants’ counterclaim seeks a declaration that the
limitation of liability provision does not apply to fees charged by the Associations as
a result of a cyber-attack, or fees, fines, or penalties charged by the Associations for
a merchant’s non-compliance with Payment Card Industry Data Security Standards.
Defendants moved for judgment on the pleadings. Schnucks filed a cross-motion for
partial judgment on the pleadings, seeking judgment on Schnucks’s and Defendants’
declaratory judgment claims but not on Schnucks’s breach of contract claim.
-4-
The district court granted Schnucks’s motion and denied Defendants’ motion,
holding that the assessments for issuing banks’ losses were not “third party fees” or
“fees, fines or penalties,” and thus did not fall within the exception to limitation of
liability set forth in the last sentence of § 5.4 of the MSA. The court reasoned that
Defendants would have used the term “Data Compromise Losses” (or similar
language) in § 5.4 had they intended to exclude these losses from the limitation of
liability. The court explained that the plain meaning of the term “fee” is a payment
for a service, not reimbursement for another’s losses; furthermore, the court noted
that the portions of the contract concerning fees do not mention reimbursement for
data compromise events and that the portions concerning data compromise events do
not refer to fees. The court ruled that the terms “fine” and “penalty” describe sums
imposed as a punishment and do not include within their purview data compromise
losses. The court concluded that it would be unreasonable to impose liability on
Schnucks for all of Defendants’ losses, for to do so would render the limitation of
liability provision meaningless.
The court also determined that the parties had not raised as an issue the
Bankcard Addendum’s § 25 $3,000,000 limit regarding breaches of data-security
standards. Accordingly, the district court entered a declaratory judgment that
Schnucks’s liability for the issuing banks’ losses is capped at $500,000, and that
Defendants must return the funds that they retained in excess of $500,000, plus the
amount of the Visa fine and MasterCard case management fee. Defendants moved
for reconsideration, or in the alternative for leave to amend their pleadings, arguing
in part that the district court had erred in holding that Defendants had failed to raise
the issue of the $3,000,000 limitation of liability. As stated earlier, Defendants now
appeal from the grant of Schnucks’s motion for judgment on the pleadings and the
denial of their motion for reconsideration or leave to amend.
-5-
II.
A. Jurisdiction
We have jurisdiction over final decisions of the district courts. 28 U.S.C.
§ 1291. Schnucks’s breach of contract claim is still pending before the district court
and has been stayed during this appeal, but the district court certified its order
granting Schnucks’s motion for judgment on the pleadings as a final judgment under
Federal Rule of Civil Procedure 54(b). We conclude that it did not abuse its
discretion in ruling that the order was final and that there was no just reason for delay.
See Jones v. W. Plains Bank & Tr. Co., 813 F.3d 700, 703 (8th Cir. 2015) (“We
review a district court’s decision to grant Rule 54(b) certification for abuse of
discretion.”).
Defendants’ motion for certification requested certification of the January 15
order regarding judgment on the pleadings, not the July 31 order denying their motion
for reconsideration or leave to amend. Although the district court’s judgment
granting certification mentions only the January 15 order, its memorandum and order
preceding the judgment stated: “Defendants now move for certification of the Court’s
January 15, 2015 Order . . . allowing them to file an interlocutory appeal of both the
January 15 and July 31, 2015 Orders in the Eighth Circuit.” D. Ct. Order of Nov. 6,
2015, at 2. Defendants’ notice of appeal states that they appeal from both orders. We
conclude that the district court intended to certify both the January 15 order and the
July 31 order and that we thus have jurisdiction to review both orders.
B. Judgment on the Pleadings
“We review de novo the district court’s entry of judgment on the pleadings.”
Waldron v. Boeing Co., 388 F.3d 591, 593 (8th Cir. 2004). A motion for judgment
on the pleadings should be granted when, accepting all facts pled by the nonmoving
-6-
party as true and drawing all reasonable inferences from the facts in favor of the
nonmoving party, the movant has clearly established that no material issue of fact
remains and that the movant is entitled to judgment as a matter of law. Id. We apply
Missouri substantive law in light of the parties’ agreement that the MSA provides that
Missouri law shall govern the MSA and any addenda.
At the outset, we reject Defendants’ argument that the limitation of liability
does not apply to Schnucks’s indemnity obligation for assessments against
Defendants by the Associations. Defendants forfeited this argument because they did
not raise it in the district court, but it would fail even if it had been preserved. Under
§ 5.4 of the MSA, the limitation of liability applies to “all losses, claims, suits,
controversies, breaches, or damages for any cause whatsoever (including, but not
limited to, those arising out of or related to this MSA and any addenda) and
regardless of the form of action or legal theory.” The assessments in this case not
only fit within this broad provision, but would also qualify as “arising out of or
related to this MSA and any addenda,” because Schnucks’s indemnity obligation to
Defendants for the assessments arises from the contract.
Defendants argue that the MSA does not limit Schnuck’s liability for the
assessments for issuing banks’ losses. As recounted above, § 4.9 of First Data’s
Operating Procedures requires Schnucks to indemnify Defendants for “Data
Compromise Losses.” Section 5.4 of the MSA limits Schnucks’s liability to
$500,000, but carves out liability for “third party fees” and “fees, fines or penalties”
imposed by the Associations. Defendants argue that the assessments for issuing
banks’ losses fall within one or both of these carve-outs.
“The interpretation of a contract, including whether it is ambiguous, is a
question of law.” Adbar Co., L.C. v. PCAA Mo., LLC, No. 4:06-CV-1689, 2008 WL
68858, at *4 (E.D. Mo. Jan. 4, 2008) (citing Helterbrand v. Five Star Mobile Home
Sales, Inc., 48 S.W.3d 649, 658 (Mo. Ct. App. 2001)). “When a contract uses plain
-7-
and unequivocal language, it must be enforced as written.” Deal v. Consumer
Programs, Inc., 470 F.3d 1225, 1230 (8th Cir. 2006) (quoting Lake Cable, Inc. v.
Trittler, 914 S.W.2d 431, 436 (Mo. Ct. App. 1996)). “To determine whether a
contract is ambiguous, we consider the instrument as a whole, giving the words
contained therein their ordinary meaning. A contract is not ambiguous merely
because the parties dispute its meaning.” Id. (citations omitted). Because the
contract at issue is unambiguous, it must be enforced as written.3
Defendants argue that the term “third party fees” includes the issuing banks’
losses because § 13.3 of the Bankcard Addendum expansively defines “third party
fees” as “all fees and charges . . . without limitation” imposed by a third party.
Defendants contend that the assessments for issuer losses are thus carved out of
Schnucks’s limitation of liability. The Missouri Court of Appeals has defined the
term “fee” as “a sum paid or charged for a service.” Strader v. Progressive Ins., 230
S.W.3d 621, 625 (Mo. Ct. App. 2007). Defendants argue that the terms “fees and
charges” may be defined more broadly as an amount of money that must be paid.
Reading the contract as a whole, however, it is apparent that the parties intended the
narrower definition. Section 13 of the Bankcard Addendum refers to “fees for
Services.” The list of specific fees and charges in § 13.3—“any switch fee, issuer[]
reimbursement fee, adjustment fee, interchange fee, assessment fee or access
fee”—militates in favor of construing “fees and charges” as payments for services.
The assessments imposed by the Associations here do not qualify as payments for
3
Defendants argue that the district court erroneously adopted the parties’
agreement that the contract was unambiguous, rather than making this determination
for itself. See Shaw Hofstra & Assocs. v. Landco Dev., Inc., 673 F.3d 819, 826 (8th
Cir. 2012) (holding that Missouri law requires that “the court must first determine as
a matter of law whether a contract is ambiguous”). We disagree. The district court
determined that the plain language of the contract decided the questions presented in
this case, which to us indicates that the court had determined for itself that the
contract was unambiguous and had not relied solely on the parties’ agreement to that
effect.
-8-
services, because they are imposed to compensate issuing banks for losses they
sustained as a result of a data breach, not as compensation for performing services.
Moreover, the assessments do not fall within the enumerated fees and charges set
forth in § 13.3 of the Bankcard Addendum, including “issuer reimbursement fees.”4
Accordingly, the assessments are not carved out from Schnucks’s limitation of
liability as “third party fees.”
Defendants also argue that the assessments for issuer losses are carved out from
the limitation of liability because they constitute “fees, fines or penalties” imposed
by the Associations. We disagree. Having already concluded that the assessments
for issuer losses are not “fees,” we conclude that they also do not qualify as “fines or
penalties.” “The ordinary meaning of a ‘fine’ or ‘penalty’ is not compensation or
reparation for an injury; rather, it is a sum imposed as punishment.” Farmland Indus.,
Inc. v. Republic Ins. Co., 941 S.W.2d 505, 511 (Mo. 1997) (en banc). The
assessments for issuer losses are more accurately defined as “compensation or
reparation for an injury” and not as “a sum imposed as punishment.” In addition to
the plain meaning of the terms “fines” and “penalties,” the Associations’ rules also
indicate that the assessments for issuer losses are not “fines” or “penalties.” The rules
allow the Associations to impose fines for violations of data-security standards, but
describe their programs to compensate issuing banks for data compromise event
losses as methods of reimbursement, not fines or penalties. Thus, in reading the
contract as a whole and in light of the plain meaning of the terms “fine” and
“penalty,” the district court did not err in holding that the assessments for issuing
banks’ losses do not constitute “fines or penalties.”
4
The district court noted that the term “issuer reimbursement fees” appears in
MasterCard’s rules, but only in the limited context of an excessive chargeback.
Defendants argue that the district court “cherry picked” from MasterCard’s rules in
considering the use of the term “issuer reimbursement fees” and did not look at Visa’s
rules. Defendants do not point to any use of this term in Visa’s rules, however, and
we have found none.
-9-
Even if the text of the carve-outs in § 5.4 of the MSA did not decide the matter,
the use of broader language elsewhere in the contract would indicate that the carve-
outs should be read narrowly. For example, as set forth in § 4.9 of First Data’s
Operating Procedures, Schnucks must indemnify Defendants for “Data Compromise
Losses,” which includes “all related expenses, claims, assessments, fines, losses,
costs, and penalties and Issuer reimbursements.” Similarly, § 5.4 of the MSA limits
liability “for all losses, claims, suits, controversies, breaches, or damages for any
cause whatsoever.” Had the parties intended to include reimbursements to issuing
banks within the carve-outs from Schnucks’s limitation of liability, they would have
used more expansive language than simply “fees, fines or penalties.”
Defendants argue that the contract is ambiguous because Schnucks’s
interpretation leads to the commercially unreasonable result of requiring Defendants
to act as Schnucks’s insurer. The parties disagree whether a commercially
unreasonable result renders a contract ambiguous or whether commercial
unreasonableness becomes relevant only after the court determines that the contract
is ambiguous. We need not decide this question, because the underlying business
arrangement, which represents Defendants’ choice to vouch for Schnucks’s
compliance with data-security standards, is not rendered commercially unreasonable
merely because the limitation on Schnucks’s liability is broader than Defendants now
wish it to be.
We further hold that the district court did not misapply the standard for
judgment on the pleadings in concluding that Defendants had not raised the issue of
the separate $3,000,000 limitation of liability. Defendants’ briefing on the cross-
motions for judgment on the pleadings did not argue that the $3,000,000 limitation
of liability for breach of § 25 of the Bankcard Addendum applied. In any event, § 25
of the Bankcard Addendum concerns “fines” for violations of data security standards
and, as discussed above, the assessments in question were not “fines.”
-10-
C. Reconsideration or Leave to Amend Pleadings
We review for abuse of discretion a district court’s decision on a motion for
reconsideration or leave to amend under Rule 54(b). See K.C. 1986 Ltd. P’ship v.
Reade Mfg., 472 F.3d 1009, 1017 (8th Cir. 2007). A party that moves for leave to
amend after the deadline in a scheduling order has passed must show good cause
under Rule 16(b), the primary measure of which is the movant’s diligence in
attempting to comply with the scheduling order. Sherman v. Winco Fireworks, Inc.,
532 F.3d 709, 716 (8th Cir. 2008). District courts “have considerable discretion to
deny a post-judgment motion for leave to amend because such motions are
disfavored.” United States ex rel. Roop v. Hypoguard USA, Inc., 559 F.3d 818, 824
(8th Cir. 2009).
We conclude that the district court did not abuse its discretion in denying
Defendants’ motion for reconsideration or leave to amend, which essentially restated
their assertions of error regarding judgment on the pleadings. Further, Defendants
have not shown good cause for leave to amend. Defendants argue that “the need to
amend was only brought to light by the District Court’s conclusion that,
notwithstanding the allegations in Defendants’ Answer and Counterclaim, Defendants
‘did not allege that Schnucks was either negligent or PCI DSS non-compliant.’”
Appellants’ Br. 47. As the district court stated, “Defendants are responsible for
pleading their case without the Court’s assistance.” D. Ct. Order of July 31, 2015, at
9.
III.
Neither carve-out from the limitation of liability applies to the assessments that
the Associations imposed on Defendants. The district court did not misapply the
-11-
standard for judgment on the pleadings and did not abuse its discretion in denying
Defendants’ motion for reconsideration or leave to amend.
The judgment is affirmed.
___________________________
-12-