                 United States Court of Appeals
                            For the Eighth Circuit
                        ___________________________

                                No. 14-3432
                        ___________________________

                             State Bank of Bellingham

                        lllllllllllllllllllll Plaintiff - Appellee

                                           v.

             BancInsure, Inc., now known as Red Rock Insurance Co.

                      lllllllllllllllllllll Defendant - Appellant
                                      ____________

                     Appeal from United States District Court
                    for the District of Minnesota - Minneapolis
                                   ____________

                           Submitted: October 21, 2015
                              Filed: May 20, 2016
                                 ____________

Before RILEY, Chief Judge, SMITH and SHEPHERD, Circuit Judges.
                              ____________

SHEPHERD, Circuit Judge.

       A computer at the State Bank of Bellingham (Bellingham) became infected with
malware, allowing a criminal third party to transfer $485,000 from Bellingham to a
foreign bank account. Bellingham sought coverage for the loss under its Financial
Institution Bond (Bond) issued by BancInsure, Inc. (BancInsure). BancInsure denied
coverage based on exclusions in the Bond. Bellingham filed this action, claiming
breach of contract. The district court1 granted summary judgment in favor of
Bellingham, and BancInsure appeals. We affirm.

                                          I.

        Bellingham, a Minnesota state bank with five employees, used the Federal
Reserve’s FedLine Advantage Plus system (FedLine) to make wire transfers. Wire
transfers were made through a desktop computer connected to a Virtual Private
Network device provided by the Federal Reserve. In order to complete a wire transfer
via FedLine, two Bellingham employees had to enter their individual user names,
insert individual physical tokens into the computer, and type in individual passwords
and passphrases.

       On October 27, 2011, Sharon Kirchberg, a Bellingham employee, completed
a FedLine wire transfer. She completed the transaction using her token, password,
and passphrase as well as the token, password, and passphrase of a second employee.
At the end of the work day, Kirchberg left the two tokens in the computer and left the
computer running. When she arrived at work the next day, she discovered that two
unauthorized wire transfers had been made from Bellingham’s Federal Reserve
account to two different banks in Poland. Kirchberg was unable to reverse the
transfers through the FedLine system. Kirchberg immediately contacted the Federal
Reserve and requested reversal of the transfers, but the Federal Reserve refused. The
Federal Reserve, however, did contact intermediary institutions to inform them that
the transfers were fraudulent, and one of the intermediary institutions was able to
reverse one of the transfers. The other fraudulent transfer was not recovered.




      1
        The Honorable Susan Richard Nelson, United States District Judge for the
District of Minnesota.

                                         -2-
       In 2010, BankInsure, an Oklahoma company, sold a financial institution bond
to Bellingham, which provided coverage for losses caused by such things as employee
dishonesty and forgery as well as computer system fraud. On the day of the
fraudulent transfer, Bellingham notified BancInsure of the loss and provided a copy
of the transaction details of the two transfers. After an investigation, it was
determined that a “Zeus Trojan horse” virus had infected the computer and permitted
access to the computer for the fraudulent transfers. After its investigation, BancInsure
determined the loss was not covered due to certain exclusions in the Bond.2


      2
       Under Insuring Agreement (H) of the Bond, BancInsure agreed to indemnify
Bellingham for:

      Loss resulting directly from a fraudulent

      (1) entry of Electronic Data or Computer Program into, or
      (2) change of Electronic Data or Computer Program within

      any Computer System operated by the Insured, whether owned or leased,
      or any Computer System identified in the application for this Bond, or
      a Computer System first used by the Insured during the Bond Period,
      provided the entry or change causes

      (1) property to be transferred, paid or delivered,
      (2) an account of the Insured or of its customer to be added, deleted,
      debited or credited, or
      (3) an unauthorized account or fictitious account to be debited or
      credited.

      In this Insuring Agreement (H), fraudulent entry or change shall include
      such entry or change made by an employee of the Insured acting in good
      faith

      (1) on an instruction from a software contractor who has a written
      agreement with the Insured to design, implement or service programs for
      a Computer System covered by this Insuring Agreement (H), or

                                          -3-
Specifically, BancInsure claimed the loss was not covered based on employee-caused
loss exclusions in sections 2(h) and 2(bb)(17), exclusions for theft of confidential
information in section 2(bb)(4), and exclusions for mechanical breakdown or
deterioration of a computer system in section 2(bb)(12).3

      (2) on an instruction transmitted by Tested telex or similar means of
      Tested communication identified in the application for this Bond
      purportedly sent by a customer, financial institution, or automated
      clearing house.
      3
       BancInsure cites the following sections of the Exclusions clause of the Bond
as applicable to the facts here:

      This Bond does not cover
      ....
      (h) loss caused by an Employee, except when covered under Insuring
      Agreement (a) or when covered under Insuring Agreement (B), (C), or
      (R) and resulting directly from misplacement, mysterious unexplainable
      disappearance or destruction of or damage to Property;
      ....
      (bb) under Insuring Agreement[] (H) . . ., in addition to all of the other
      Exclusions
      ....
            (4) loss resulting directly or indirectly from theft of
            confidential information,
            ....
            (12) loss resulting directly or indirectly from
                   (a) mechanical failure, faulty construction,
                   error in design, latent defect, fire, wear or tear,
                   gradual deterioration, electrical disturbance or
                   electrical surge which affects a Computer
                   System,
                   (b) failure or breakdown of electronic data
                   processing media, or
                   (c) error or omission in programming or
                   processing,
            ....

                                         -4-
        Bellingham initiated this diversity action in federal court, alleging BancInsure
breached the contract when it denied coverage under the Bond. BancInsure
counterclaimed. In its counterclaim, BancInsure (1) sought a declaratory judgment
that it owes no duty under the Bond to provide coverage, (2) claimed Bellingham
breached the contract when it failed to provide a complete and accurate Proof of Loss
and failed to cooperate with BancInsure, and (3) claimed that Bellingham engaged in
malicious prosecution when it complained about BancInsure’s actions to the
Minnesota Department of Commerce.

       Both parties moved for summary judgment. The district court granted summary
judgment to Bellingham on its breach of contract claim. The district court held “that
the computer systems fraud was the efficient and proximate cause of [Bellingham’s]
loss,” and “neither the employees’ violations of policies and practices (no matter how
numerous), the taking of confidential passwords, nor the failure to update the
computer’s antivirus software was the efficient and proximate cause of [Bellingham’s]
loss.” (Order at 39.) Further, the district court held “it was not then a ‘foreseeable
and natural consequence’ that a hacker would make a fraudulent wire transfer. Thus
even if those circumstances ‘played an essential role’ in the loss, they were not
‘independent and efficient causes’ of the loss.” (Order at 39.) The district court
awarded Bellingham $620,187.36, which included prejudgment interest. It denied
summary judgment to BancInsure on its counterclaims for breach of contract and
malicious prosecution. The court also awarded attorneys’ fees to Bellingham based
on the denial of summary judgment on the malicious prosecution claim.




             (17) loss caused by a director or Employee of the Insured
             or by a person in collusion with any director or Employee
             of the Insured . . . except when the loss is caused by an
             Employee and covered under Insuring Agreement (L) or
             (M) . . . .

                                          -5-
     BancInsure appeals, challenging only the district court’s grant of summary
judgment on Bellingham’s breach of contract claim.

                                          II.

       We review the district court’s grant of summary judgment de novo, viewing the
record and drawing all reasonable inferences in the light most favorable to the
nonmoving party. Shrable v. Eaton Corp., 695 F.3d 768, 770 (8th Cir. 2012).
Summary judgment is appropriate if “there is no genuine dispute as to any material
fact and the movant is entitled to judgment as a matter of law.” Fed. R. Civ. P. 56(a).

       BancInsure challenges the district court’s application of Minnesota’s
concurrent-causation doctrine in this circumstance. First, BancInsure argues the
concurrent-causation doctrine does not apply to financial institution bonds. Second,
assuming the concurrent-causation doctrine does apply, BancInsure claims that the
parties here contracted around the doctrine in the language of this Bond. Finally,
BancInsure argues the district court erred in determining that the fraudulent conduct
of hacking into the computer system was the efficient and proximate cause of the loss.

                                          A.

       In this diversity action, both parties agree that Minnesota law governs the
interpretation of the Bond. Concerning insurance contracts, Minnesota has adopted
the concurrent-causation doctrine, which directs that “[a]n insured is entitled to
recover from an insurer when cause of the loss is not excluded under the policy. This
is true even though an excluded cause may also have contributed to the loss.”
Campbell v. Ins. Serv. Agency, 424 N.W.2d 785, 789 (Minn. Ct. App. 1988) (citing
Henning Nelson Const. Co. v. Fireman’s Fund Am. Life Ins. Co., 383 N.W.2d 645,
653 (Minn. 1986); Fawcett House, Inc. v. Great Cent. Ins. Co., 159 N.W.2d 268, 270



                                         -6-
(Minn. 1968); Anderson v. Connecticut Fire Ins. Co., 43 N.W.2d 807, 812 (Minn.
1950)).

       BancInsure insists that despite the general applicability of the concurrent-
causation doctrine to Minnesota insurance contracts, the doctrine is not similarly
applicable to financial institution bonds because a financial institution bond requires
the insured to initially show that its loss directly and immediately resulted from
dishonest, criminal, or malicious conduct. This, BancInsure argues, is a higher
standard of proof than that provided for under the concurrent-causation doctrine.
Further, according to BancInsure, if courts allow the concurrent-causation doctrine to
be applied to financial institution bonds, it would be impossible for an insurer to show
a financial institution bond’s exclusions were the overriding cause of the loss.

       Minnesota generally treats financial institution bonds as insurance policies. See
Alerus Fin. Nat’l Ass’n v. St. Paul Mercury Ins. Co., No. A11-680, 2012 WL 254484
at *2 (Minn. Ct. App. Jan. 30, 2012) (unpublished) (“Courts have treated [financial
institution bonds] as insurance policies, applying general rules of contract construction
to derive their meaning.”); see also In re Guardianship of Hampton, 359 N.W.2d 740,
743 (Minn. Ct. App. 1984) (explaining that fidelity bonds issued by bonding
companies “are now regarded as insurance policies, in substance, and are governed
for the most part by insurance law rather than suretyship law”), aff’d in part and rev’d
in part, 374 N.W.2d 264 (Minn. 1985). No Minnesota case precludes application of
the concurrent-causation doctrine to financial institution bonds. We find that
Minnesota courts would adhere to the general rule of treating financial institution
bonds as insurance polices and interpreting those bonds in accordance with the
principles of insurance law. See Friedberg v. Chubb & Son, Inc., 691 F.3d 948, 951
(8th Cir. 2012) (holding that where there are no cases on point, we “must predict how
the Supreme Court of Minnesota would rule”). Furthermore, we reject BancInsure’s
argument that the Bond imposes a higher standard-of-proof than the concurrent-
causation doctrine. Bellingham still had to show that its loss was directly caused by

                                          -7-
the fraudulent transfer, and the application of the concurrent-causation doctrine did
not interfere with that requirement.

                                          B.

       Next, we reject BancInsure’s argument that the parties successfully drafted
around the concurrent-causation doctrine in the Bond. BancInsure argues that the
language in Bond exclusions 2(bb)(4) and 2(bb)(12) contracted around the concurrent-
causation doctrine because those exclusions also apply to “indirect” causation. Parties
may include “anti-concurrent causation” language in contracts to prevent the
application of the concurrent-causation doctrine; however, in those cases where courts
have found the contract contains an anti-concurrent causation clause, the language
used is clear and specific. See Ken Johnson Props., LLC v. Harleysville Worcester
Summary Ins. Co., No. 12-1582, 2013 WL 5487444, at *12 (D. Minn. Sept. 30, 2013)
(recognizing language that an exclusion applies “regardless of any other cause or
event that contributes concurrently or in any sequence to the loss” constitutes an
adequate “anti-concurrent causation” provision and “evidences the parties’ intent to
contract around the concurrent causation doctrine”). As a matter of law, the Bond’s
reference to “indirectly” is not a sufficient invocation of the “anti-concurrent
causation” provision, and thus the Bond at issue in this matter does not contain such
a provision.

                                          C.

      Finally, BancInsure argues that even if the district court was correct to apply
the concurrent-causation doctrine to the Bond, it erred in concluding that the
fraudulent hacking of the computer system by a criminal third party was the




                                         -8-
overriding, or efficient and proximate, cause of the loss. Instead, BancInsure contends
the district court should have left that question to the jury.4

       We reviewed Minnesota’s concurrent-causation doctrine in Friedberg, 691 F.3d
at 951-53. The Friedbergs built their house in 1989. Id. at 950. In 2006, they
discovered extensive water damage to the house, and a subsequent investigation
determined that defective construction of the home had allowed water to enter the
home and cause the damage to accumulate over the course of several years. Id. The
Friedbergs claimed their policy covered “the water damage to their home because the
loss resulted from the combination of both faulty construction and the presence of
water.” Id. at 951. The policy contained an exclusion for losses caused by faulty
construction. Id. at 950-51. After examining Minnesota cases applying the
concurrent-causation doctrine, we explained

      where an excluded peril “contributed to the loss,” an insured may
      recover if a covered peril is . . . “the efficient and proximate cause” of
      the loss. Conversely, it follows that if an excluded peril is the efficient
      and proximate cause of the loss, then coverage is excluded. An
      “efficient and proximate cause,” in other words, is an “overriding cause.”

Id. at 952. We reasoned that “[a]lthough water intrusion played an essential role in
the damage to the Friedbergs’ house,” “[o]nce the house was plagued with faulty
construction, it was a foreseeable and natural consequence that water would enter.”

      4
        BancInsure also argues the covered conduct could not have independently
occurred absent the excluded conduct of the Bellingham employees’ intentional and
reckless disregard of Bellingham and Federal Reserve policies. Thus, because there
are not two independent events, BancInsure argues the concurrent-causation doctrine
cannot apply to this circumstance. BancInsure relies upon dicta in Bolin v. Hartford
Life & Acc. Ins. Co., 28 F. Supp. 3d 916, 919 n.4 (D. Minn. 2014), to support its
argument. Bolin, however, cites Minnesota cases that concern Minnesota’s “divisible,
concurrent-cause doctrine,” which is not the same as the concurrent-causation doctrine
at issue here, and this argument therefore is not relevant to this case.

                                         -9-
Id. Applying Minnesota’s concurrent-causation doctrine, we held that the policy did
not cover the Friedbergs’ loss. Id. at 952-53.

       We agree with the district court’s conclusion that “the efficient and proximate
cause” of the loss in this situation was the illegal transfer of the money and not the
employees’ violations of policies and procedures. In Friedberg, the district court
noted that based on “the climate of Minnesota, water infiltration is certain when not
prevented by proper construction,” and therefore the water damage to the Friedberg’s
home was “the inevitable physical loss.” Friedberg v. Chubb & Son, Inc., 832 F.
Supp. 2d 1049, 1058 (D. Minn. 2011). Unlike the water damage in Friedberg, an
illegal wire transfer is not a “foreseeable and natural consequence” of the bank
employees’ failure to follow proper computer security policies, procedures, and
protocols. Even if the employees’ negligent actions “played an essential role” in the
loss and those actions created a risk of intrusion into Bellingham’s computer system
by a malicious and larcenous virus, the intrusion and the ensuing loss of bank funds
was not “certain” or “inevitable.” The “overriding cause” of the loss Bellingham
suffered remains the criminal activity of a third party. Therefore, the district court
properly granted summary judgment to Bellingham.

                                         III.

      Accordingly, we affirm.
                     ______________________________




                                        -10-
