Universal City Studios Credit Union v. Cumis Insurance Society, Inc.

Opinion

MALLANO, P. J.

Plaintiff, a credit union, processed a fraudulent wire transfer request, sustaining a loss of around $243,700, and sought to recover its loss under a credit union bond issued by defendant, which declined to pay. The credit union filed this action, seeking to recover under the bond for its monetary loss and requesting an award of punitive damages.

The trial court granted summary judgment in favor of defendant, concluding that the credit union had not complied with the security procedures set forth in the bond. We agree with the trial court’s reasoning and affirm.

I

BACKGROUND

This court accepts as tme the following facts and reasonable inferences supported by the parties’ undisputed evidence on the motion for summary judgment. (See Raghavan v. Boeing Co. (2005) 133 Cal.App.4th 1120, 1125 [35 Cal.Rptr.3d 397].)

For more than 10 years, defendant CUMIS Insurance Society, Inc. (CUMIS), provided plaintiff Universal City Studios Credit Union (Credit Union) with annual credit union bond coverage. The Credit Union typically renewed its bond coverage in February of each year. The bond at issue was effective from February 2007 to February 2008 (February 2007 bond).

*733Before the February 2007 bond was issued, CUMIS notified the Credit Union that the security procedure requirements in the new bond would be different with respect to funds transfers. In or before June 2006, CUMIS sent the Credit Union a two-page letter describing the coverage under a credit union bond issued on or after July 1, 2006. The letter stated in part: “Funds Transfer coverage is modified to require a callback procedure, or a signed written agreement with the member authorizing another commercially reasonable type of security procedure. The coverage previously only required a commercially reasonable security procedure, without specifying either a callback or a written agreement. The lack of specific guidelines created misunderstandings. This change is consistent with the approach used by other financial institution bond insurers. Our policy now clearly defines the callback procedure process, and specifies that the callback must be made to a designated secure telephone number.” (Italics added.)

In or around October 2006, CUMIS sent the Credit Union a three-page cover letter with a five-page enclosure entitled “Credit Union Bond Changes Executive Summary.” The executive summary read: “This summary provides your credit union with a high-level summary of the revisions to the Credit Union Bond effective with renewal and new business issued starting July 1, 2006 in most states. This high-level summary document is not the full and complete text of the Credit Union Bond. Your credit union may or may not carry all the coverages listed in this document. No coverage is provided in this summary, nor does it replace any provision in the Credit Union Bond.

“Please read the actual Credit Union Bond and any endorsements carefully to determine your rights, duties and to determine what is and is not covered. Coverage will be determined by the unique individual facts of each claim.

“The Credit Union Bond program is underwritten by CUMIS Insurance Society, Inc. (CUMIS), a member of the CUNA Mutual Group.

“Funds Transfer Coverage

“This coverage now requires either a callback verification security procedure, or a signed written agreement with the member agreeing to another type of security procedure. The prior language specified a commercially reasonable security procedure, which was less clear and may have led to less secure credit union practices. This change is consistent with industry standards, most of which impose even greater requirements, such as always requiring written agreements or recording of telephone conversations.

*734“This coverage applies when transfer requests are received through fax, telephone or email communications. The types of transfers that would be covered under this include: [][] outgoing wire transfer requests, [f] ACH transactions, and PJQ requests to transfer from one member account to another. m... m

“Losses over the past year have increased significantly. Many of these can be attributed to identity theft. Some of the recent losses involve situations where the perpetrator requests a telephone number change on the member’s account just prior to requesting the transfer, in an attempt to circumvent callback security. Losses under this coverage tend to be severe, with single losses in the $100,000 to $500,000 range.

“The new language specifies that a callback verification must result in a positive confirmation from the member indicating the request was authorized prior to processing the request. The new language also requires that the callback be made to a secure telephone number, which must meet any one of the following qualifications: [|] Was provided when the account was opened[;] [][] Was provided at a later date by the member when physically present with valid ID[;] [f] Was provided in a signed written funds transfer agreement^] [f] Was a replacement telephone number that you confirmed by contacting the member at the previous number[;] [f] Was obtained from a public or private telephone directory[;] [f] Was a number you had on file at least 30 days prior to the transfer request. . . . ” (Italics & boldface added.)1

The Credit Union received a reminder about the change in coverage when the February 2007 bond was delivered. As alleged in the operative complaint: “On or about May 2007, CUMIS delivered to Plaintiff a new BOND and a two-page document entitled ‘IMPORTANT NOTICE TO POLICYHOLDERS.’ This latter document contained a provision entitled FUNDS TRANSFER which stated: [][] ‘Modifying Funds Transfer coverage to require a callback procedure, or a signed written agreement with the member authorizing another commercially reasonable type of security procedure. The coverage previously only required a commercially reasonable security procedure, without specifying either a call-back or written agreement. The lack of specific guidelines created misunderstandings. This change is consistent with *735the approach used by other financial institution bond insurers. Our policy now clearly defines the call-back procedure process, [and] specifies that the call-back must be made to a designated secure telephone number.’ ” (Italics & boldface added, fn. omitted.)

At some point, CUMIS e-mailed a “risk alert” to at least six Credit Union employees, notifying them of a sophisticated fraudulent funds transfer scheme in which a credit union attempts to verify a funds transfer request by calling a member’s “secure telephone number” but the call is forwarded to a “fraudster.” Although a credit union’s “Caller ID” shows that the call is going to the member’s telephone number of record, the call is actually being forwarded to the fraudster’s telephone. According to the e-mail, this scheme typically involved a member’s homeowner’s line of credit and frequently exceeded the transfer of $100,000. The e-mail contained a “Reminder”: “Mutual Bond coverage for Funds Transfers provides credit unions with definitive requirements by specifying either a call back verification or security procedure contractually agreed to by credit unions and their members.” (Original italics, boldface added.) CUMIS’s records indicate that five of the six Credit Union employees opened the e-mail.2

On January 9, 2008, the Credit Union received a telephone call from an individual who identified himself as William Ryder (Ryder), a Credit Union member. The individual requested that the Credit Union change his telephone number. The Credit Union asked the individual to state Ryder’s Social Security number, date of birth, mother’s maiden name, and current transaction activity. After the individual provided correct answers, the Credit Union changed the telephone number on Ryder’s account.

Five days later, on January 14, 2008, the Credit Union received via facsimile a completed wire transfer request form directing that $243,678.19 be transferred from Ryder’s homeowner’s line of credit to an account held by Fuji Bullion Ltd. at HSBC Bank in Hong Kong. The form had a signature on the line for the “Member’s Signature.” On the day the form was received, the Credit Union conducted its standard security procedure to verify the information on the form. For example, the Credit Union cross-referenced the information on the form—Ryder’s name, address, account number, type of account, and telephone number—to ensure it matched the information in his file. The. Credit Union determined that Ryder’s account had sufficient funds. *736The signature on the form was compared to Ryder’s signature on file; the Credit Union concluded they matched. Using a database maintained by the Office of Foreign Assets Control of the United States Department of the Treasury, the Credit Union verified that neither Ryder, HSBC Bank, nor Fuji Bullion Ltd. had a criminal history, was suspected of terrorist activity, or was wanted by the Federal Bureau of Investigation. The Credit Union made a telephone call to contact Ryder, using the number on his account. A man answered the phone. The Credit Union asked him a series of questions, seeking to confirm that he was Ryder and that Ryder had submitted the wire transfer request form. The man gave correct responses. The completed form, Ryder’s file, and the verifying information were reviewed by two Credit Union employees, first by the electronic funds coordinator and then by her supervisor. Having completed its security procedure without detecting a hint of fraud, the Credit Union transferred the funds.

On January 30, 2008, Ryder’s wife contacted the Credit Union by telephone to inquire about refinancing a loan. During the conversation, she was told about the wire transfer and replied that neither she nor her husband had requested a change in their telephone number or a transfer of funds. On February 1, 2008, Ryder provided a sworn written statement to the Credit Union, confirming what his wife had said. He further attested: “I did not authorize anyone to use my name, or represent my signature, or in any way have access to this account.” The Credit Union investigated the matter and unsuccessfully tried to recover the transferred funds.

The Credit Union made a claim under its credit union bond for the loss. CUMIS conducted an investigation, which it completed in early April 2008. By letter dated April 8, 2008, CUMIS informed the Credit Union’s chief executive officer that the bond did not cover the loss because the Credit Union had not verified the wire transfer request by using a “secure telephone number” within the meaning of the bond, namely, a “replacement telephone number for the member . . . that [the Credit Union] received at least 30 days prior to receipt of the [wire transfer] instruction.” Instead, the Credit Union had used a telephone number that had been changed on Ryder’s account five days before the wire transfer was processed.

On February 3, 2009, the Credit Union filed this action against CUMIS, seeking to recover its monetary loss as well as punitive damages. A first amended complaint followed and became the operative complaint. It contained two causes of action against CUMIS: breach of contract and breach of the duty of good faith and fair dealing. CUMIS filed an answer.

On February 3, 2010, CUMIS moved for summary judgment or, in the alternative, for summary adjudication as to (1) each cause of action and (2) the request for punitive damages. The Credit Union filed opposition.

*737The motion was heard on April 19, 2010. The trial court concluded that the Credit Union had not complied with the bond’s security procedures for funds transfers and that CUMIS had properly denied payment under the bond. Judgment was entered in favor of CUMIS. The Credit Union appealed.

II

DISCUSSION

“ ‘ “A defendant seeking summary judgment has met the burden of showing that a cause of action has no merit if that party has shown that one or more elements of the cause of action cannot be established [or that there is a complete defense to that cause of action]. . . . Once the defendant’s burden is met, the burden shifts to the plaintiff to show that a triable issue of fact exists as to that cause of action. ... In reviewing the propriety of a summary judgment, the appellate court independently reviews the record that was before the trial court. . . . We must determine whether the facts as shown by the parties give rise to a triable issue of material fact. ... In making this determination, the moving party’s affidavits are strictly construed while those of the opposing party are liberally construed.”. . . We accept as undisputed facts only those portions of the moving party’s evidence that are not contradicted by the opposing party’s evidence. ... In other words, the facts [set forth] in the evidence of the party opposing summary judgment and the reásonable inferences therefrom must be accepted as true.’ ” (Buxbaum v. Aetna Life & Casualty Co. (2002) 103 Cal.App.4th 434, 441 [126 Cal.Rptr.2d 682], italics added.)

“Interpretation of an insurance policy presents a question of law governed by the general rules of contract interpretation. . . . We must give effect to the intent of the parties when they formed the contract and, if possible, infer this intent solely from the written provisions of the contract. ... In so doing, we must ‘look first to the language of the [insurance policy] in order to ascertain its plain meaning or the meaning a layperson would ordinarily attach to it.’ . . . The language of the policy must be read in the context of the instrument as a whole under the circumstances of the case . . ..” (Davis v. Farmers Ins. Group (2005) 134 Cal.App.4th 100, 104 [35 Cal.Rptr.3d 738], citations omitted; accord, Belz v. Clarendon America Ins. Co. (2007) 158 Cal.App.4th 615, 625 [69 Cal.Rptr.3d 864].) “ ‘Our goal in construing insurance contracts, as with contracts generally, is to give effect to the parties’ mutual intentions. . . . “If contractual language is clear and explicit, it governs.” ’ ” (State of California v. Allstate Ins. Co. (2009) 45 Cal.4th 1008, 1018 [90 Cal.Rptr.3d 1, 201 P.3d 1147], citation omitted.)

*738A. Funds Transfer Coverage

Consistent with (1) the advance notice the Credit Union received about changes in funds transfer coverage under the February 2007 bond and (2) the “IMPORTANT NOTICE TO POLICYHOLDERS” accompanying the delivery of the bond, the coverage provision of the February 2007 bond read: “Funds Transfer [f] We will pay you for your loss resulting directly from fraudulent instruction through ‘e-mail,’ ‘telefacsimile’ or ‘telephonic’ means received by you from a person who purports to be your member, your member’s authorized representative or your ‘employee’ but is not your member, your member’s authorized representative or your ‘employee,’ provided:

“a. That you performed a ‘callback verification’ with respect to such instruction;
“b. You followed a commercially reasonable security procedure set forth in a written funds transfer agreement, signed by the member or the member’s authorized representative, that governs the transaction and instruction.” (Italics & boldface added.)

‘Callback verification’ means an outgoing telephone call placed by you to verify the identity and authority of the member, the member’s authorized representative, or your ‘employee’ which: [f] a. You performed prior to executing the instruction; and [f] b. You placed to a ‘secure telephone number’; and HQ c. Resulted in confirmation that the instruction was sent by the member, the member’s authorized representative, or your ‘employee,’ who you believed to be the authorized sender to initiate such instruction.” (Italics added.)

‘Secure telephone number’ means a phone number that: HQ a. Was provided by the member or member’s authorized representative when the account was opened; or [JG b. Was provided after the account was opened, in person by the member or member’s authorized representative who was physically present on your ‘premises’ and who presented to you government-issued photo identification; or [][] c. Was provided in a signed written funds transfer agreement with the member or the member’s authorized representative; or [f] d. Was a replacement telephone number for the account, provided that you confirmed the legitimacy of the change through direct contact with the member or member’s authorized representative at the previous telephone number on record; or [][] e. You obtained from a public or private telephone directory that lists the member’s name; or [][] f. Was a replacement telephone *739number for the member or the member’s authorized representative that you received at least 30 days prior to the receipt of the instruction.” (Italics & boldface added.)

On appeal, the Credit Union does not contend it was entitled to recover under the bond provision requiring the use of a “callback verification” procedure. In verifying the information on the completed wire transfer request form, the Credit Union used a telephone number on Ryder’s account that had been changed five days before the Credit Union received the wire transfer request form. In contrast, the bond provided coverage for verification by telephone if a member’s new telephone number had been on his or her Credit Union account for at least 30 days before receipt of the wire transfer request.

The Credit Union asserts it was entitled to coverage under the alternative security measure permitted by the bond for a funds transfer: the use of “a commercially reasonable security procedure set forth in a written funds transfer agreement, signed by the member or the member’s authorized representative, that governs the transaction and instruction.” (Italics added.)

As the Credit Union explains, when an individual signed a Credit Union wire transfer request form, he or she expressly agreed to the terms set forth in an accompanying two-page “Funds Transfer Agreement,” which stated: “The following rules shall apply to all funds transfer orders (ACH, Wire Transfers, or other electronic services) processed by Universal City Studios Credit Union. [|] ... [f] In general, we will accept funds transfer orders only if you agree to the terms of this Wire Transfer Agreement, and for wire transfers, have signed [a] Wire Transfer Request form, have sufficient funds available in the appropriate account to execute the funds transfer order plus the appropriate fee ... , and produce acceptable identification. [][] You hereby acknowledge that the security procedures described are commercially reasonable and that you have agreed to the security procedure offered by the Credit Union and agree to follow the security procedure when making a funds transfer order via fax.”

But, contrary to the alternative of using a callback verification procedure, the Credit Union did not obtain Ryder’s signature on a funds transfer agreement setting forth the Credit Union’s security procedure. The signature on the January 14, 2008 wire transfer request form—by which the signer consented to the accompanying funds transfer agreement—was a forgery. Thus, the Credit Union did not satisfy the bond’s alternative security procedure for funds transfers: It did not obtain “a written funds transfer agreement, *740signed by the member or the member’s authorized representative, that governs the transaction and instruction.” (Italics added.)3

The Credit Union seems to argue that, notwithstanding the forged signature on the wire transfer request form, it satisfied the bond’s alternative security procedure. However, the bond’s coverage for a funds transfer expressly distinguished between “a person who purports to be your member . . . but is not your member,” on the one hand, and an actual member, on the other hand. (Italics added.) Coverage under the bond was provided for a fraudulent funds transfer placed by “a person who purports to be your member . . . but is not your member”, only if the Credit Union had set forth its alternative security procedure in an agreement “signed by the member or the member’s representative.” (Italics added.) The Credit Union would have us interpret “the member or the member’s representative” to include “a person who purports to be [a] member but is not [a] member.” (Italics added.) Yet, the bond was not written that way, and we cannot rewrite it. (See Rosen v. State Farm General Ins. Co. (2003) 30 Cal.4th 1070, 1077-1078 [135 Cal.Rptr.2d 361, 70 P.3d 351].) In sum, the alternative security procedure required the signature of the member or an authorized representative. A forged signature, as here, did not suffice.

The Credit Union also argues that Ryder agreed to its funds transfer security procedure when he signed the application to open an account. The application stated that the applicant “agree[d] to be bound by the bylaws, regulations, policies and rules, and any amendment thereof, of [the Credit Union].” But the bond’s funds transfer coverage required that the agreement signed by the member or an authorized representative “set forth” the “security procedure.” Even if the account application bound Ryder to the Credit Union’s security procedure for wire transfers, it did not “set forth” that procedure. In short, the bond did not cover the Credit Union’s loss under the funds transfer provision.

B. Coverage for Forgery and Unauthorized Signatures

Putting aside coverage for a funds transfer, the Credit Union asserts that its loss came within the coverage for “Forgery” or “Unauthorized Signatures.” Not so.

*741Under the “COVERAGES” section of the bond, CUMIS agreed to pay for a loss caused by “Forgery,” stating: “We will pay for your loss resulting directly from the ‘forgery’ or alteration of an ‘instrument.’ ” The bond also covered “Unauthorized Signatures,” as follows: “We will pay you for your loss resulting directly from your honoring a share draft, check or withdrawal order of a member in reliance upon an ‘unauthorized signature’ provided you have on file the signatures of all persons authorized to sign share drafts, checks or withdrawal orders on behalf of the member.”

But the bond also contained a funds transfer exclusion. Under the “EXCLUSIONS” section, the bond read: “We will not pay for: [f] . . . [f] . . . Funds Transfer [f] Any loss directly or indirectly from: [][]... [(j[] . . . [fraudulent instruction through ‘e-mail,’ ‘telefacsimile’ or ‘telephonic’ means ...[][] [ejxcept as may be covered under: [f] [][].. Funds Transfer Coverage.” (Italics added.) Simply put, a loss caused by a fraudulent funds transfer was covered, if at all, under the funds transfer provision and not under any other coverage provision. As stated, the Credit Union was not entitled to recover its loss under the funds transfer coverage because it did not use a “callback verification” procedure or a “procedure set forth in a written funds transfer agreement, signed by the member or the member’s authorized representative, that governs the transaction and instruction.” (Italics added.) In the April 8, 2008 letter from CUMIS denying the Credit Union’s claim under the bond, CUMIS explained that the funds transfer exclusion limited coverage of fraudulent funds transfers to the “Funds Transfer” provision in the “COVERAGES” section of the bond; a loss caused by that type of fraud did not fall within other coverage provisions, such as the one for forgery.

The Credit Union attacks the funds transfer exclusion, contending it was not conspicuous, plain, and clear. Under California law, “an insurer cannot escape its basic duty to insure by means of an exclusionary clause that is unclear. . . . ‘[A]ny exception to the performance of the basic underlying obligation must be so stated as clearly to apprise the insured of its effect.’ . . . [T]hus, ‘the burden rests upon the insurer to phrase exceptions and exclusions in clear and unmistakable language.’ . . . The exclusionary clause ‘must be conspicuous, plain and clear.’ ” (State Farm Mut. Auto. Ins. Co. v. Jacober (1973) 10 Cal.3d 193, 201-202 [110 Cal.Rptr. 1, 514 P.2d 953], citations omitted.) “An exclusion in an adhesion contract of insurance must be expressed in words which are ‘plain and clear.’ This means more than the traditional requirement that contract terms be ‘unambiguous.’ Precision is not enough. Understandability is also required. To be effective in this context, the exclusion must be couched in words which are part of the working vocabulary of average lay persons.” (Ponder v. Blue Cross of Southern California (1983) 145 Cal.App.3d 709, 723 [193 Cal.Rptr. 632].)

*742We conclude the funds transfer exclusion was conspicuous, plain, and clear. It appeared in the section of the bond entitled “EXCLUSIONS,” using the same size and style of typeface that described the bond’s “COVERAGES.” It was exclusion No. 14 out of a total of 35. The spacing in the bond was the same for “COVERAGES” and “EXCLUSIONS.” And the funds transfer exclusion was written using the same terminology as the funds transfer coverage: A layperson would understand from the coverage and exclusion provisions that the bond covered a fraudulent funds transfer as stated in the “COVERAGES” provision for funds transfers, not in the “COVERAGES” for other types of loss, such as forgery or unauthorized signatures.

Accordingly, the trial court properly granted CUMIS’s motion for summary judgment.

Ill

DISPOSITION

The judgment is affirmed.

Rothschild, J., and Chaney, J., concurred.

In its “separate statement” (see Code Civ. Proc., § 437c, subd. (b)(1)), CUMIS included the mailing of the June 2006 and October 2006 materials to the Credit Union as undisputed facts, with citations to the supporting evidence. The Credit Union responded with “Deny” in its “separate statement” (see id., subd. (b)(3)) but did not cite any evidence. Thus, the Credit Union failed to controvert the facts proffered by CUMIS. (See Cal. Rules of Court, rule 3.1350(f).) In its “separate statement,” the Credit Union also objected to CUMIS’s supporting evidence. All of those objections—such as lack of authenticity—were without merit, and their inclusion in the “separate statement,” as opposed to a separate document raising only objections, was improper. (See id., rule 3.1354(b).)

The parties disagree as to when the e-mail was sent. CUMIS submitted a declaration from one of its employees indicating the e-mail was sent on January 3, 2008—before the fraudulent transfer was made in this case—but the declaration from the Credit Union’s chief executive officer states the e-mail was sent on January 16, 2008—two days after the fraudulent transfer. For purposes of summary judgment, we assume the e-mail was sent on January 16, 2008, the date supported by the Credit Union’s evidence.

To qualify for alternative coverage, the funds transfer agreement had to set forth a “commercially reasonable security procedure.” Yet the Credit Union’s funds transfer agreement said virtually nothing about a security procedure and did not even include the verification steps the Credit Union actually used. The agreement merely said that the signer of the wire transfer request form had to “produce acceptable identification.” Because CUMIS has not raised the question of whether the Credit Union’s funds transfer agreement set forth a “commercially reasonable security procedure,” we do not reach it.