Mind the Gap
MODERN-DAY CRIME COVERAGE ISSUES
Learn what your carriers offer, because exposures continue to evolve
It’s easy for agents who are new to the industry to get wrapped up in the excitement of the sale and lose sight of what they are actually selling: peace of mind, protection, and a promise to put the client back on track in the event that a disaster strikes. Selling coverage that is appropriate to your clients’ exposures is paramount, and the feeling of relief you’ll experience knowing that their claim is covered will be just as powerful as the thrill of closing the initial sale.
Keeping up to speed on coverages available in the insurance marketplace is something that every agent must do—no matter what his or her experience level may be. While many types of P-C coverage have remained essentially the same over time, others continue to adapt as exposures and perils continue to evolve.
Many social engineering endorsements now have a verification requirement, meaning that your insured needs to confirm the request for money using a callback system or other established verification system.
For example, employment practices liability wasn’t a typical coverage offered to commercial lines clients 30 years ago; in fact, it was rare. Cyber liability insurance has evolved several times over the past two decades. Ten years ago, social engineering fraud coverage wasn’t even in existence.
Speaking of social engineering fraud, is this something you are discussing with your clients and prospects? Don’t assume that a standard crime policy will properly cover this type of situation. Odds are it won’t.
Issue one: Funds transfer fraud
Social engineering fraud and funds transfer fraud are, without a doubt, two of the hottest types of crime around. Criminals continue to invent new ways to steal money, and as a result insurance policy language has had to change.
While this can certainly be a good thing for you, as well as your clients, it can also create uncertainty if you don’t pay close attention to policy language.
To elaborate, let’s start by looking at funds transfer fraud language from two different carriers with a specific issue in mind: covering money that is lost by a client of the insured. In both cases, the carriers state in their marketing materials that their forms cover the loss of clients’ money. Obviously, this coverage is particularly important to businesses in the financial sector that might invest money on behalf of their clients.
Sample Language—Carrier A
Carrier A adds the following language via endorsement to the insuring agreements that are part of the base policy form:
“Loss resulting directly from the Insured’s good faith transfer of Customer’s Property as a result of a Fraudulent Instruction when, prior to such transfer, the Insured used reasonable best efforts to verify the identity of the person transmitting the instruction.”
The term “Customer” is further defined in the endorsement:
“Customer means any entity or natural person that has an account, is in the process of opening an account, or has been informed by and reasonably believes that an Employee has opened, or is in the process of opening an account on their behalf, with the Insured.”
Last, since this agreement references “property” of the customer, the endorsement states that “Covered Property” is “property (a) owned by the Insured; (b) held by the Insured in any capacity, including Customer’s Capital; or (c) owned and held by someone else under the circumstances that make the Insured responsible for the Property or Customer Capital prior to the occurrence of the loss.”
Sample Language—Carrier B
On the other hand, Carrier B includes a simple Funds Transfer Fraud loss insuring agreement that defines “funds transfer fraud incident” as follows:
“Funds transfer fraud incident means any priming, pre-texting, spoofing, or other fraudulent or deceptive communication sent to an insured within normal course of Named Entity’s business operations resulting in funds transfer fraud loss.”
Funds transfer fraud loss is defined as:
“[t]he loss of money, securities, bonds or similar financial instruments with monetary value which is incurred by the Named Entity and which is directly caused by a fraudulent or deceptive communication.”
Know what—and to whom—you’re selling
Which carrier would you be more comfortable with based upon what you just read? Carrier A does a nice job of clearly referring to “customer’s property,” as well as defining who a customer is and what is considered covered property. This makes it easy to spell out to clients or prospects who want to know exactly how their proposed insurance policy will respond to a given situation.
Carrier B doesn’t mention the term“customer” or “client” in the insuring agreement or in the definitions. How-ever, their marketing material states that their funds transfer fraud coverage “covers loss of clients’ money resulting from a misdirection of funds via fraudulent or deceptive communications,” so their intent is indeed to cover such a situation. That might be good enough for clients who don’t want to be bored with reading insurance policy details.
While I’m not endorsing one carrier over another, as both are very reputable companies with which our agency does business, my point is that you should be familiar with the specifics of your coverage forms—especially when addressing an issue that doesn’t arise every day.
Also, know to whom you’re selling. If you have a prospect who is very detail-oriented, you’d better avoid showing them policy language that contains gray areas. Otherwise you run the risk of their losing confidence that your proposed program will properly cover them.
Issue two: Social engineering fraud
Our other hot issue pertains to social engineering fraud, which I’m sure you’re at least vaguely familiar with by now. If not, this type of loss occurs when the insured is conned into paying money or giving away tangible property based on what appears to be a legitimate request.
For example, let’s say you have a client who does business with a vendor who emails them invoices several times per month. They could receive an email that appears to be from the vendor—but actually isn’t—containing a fake invoice noting a new mailing address for the supposed vendor. If your client isn’t diligent and doesn’t verify the request, they could end up sending a check to a criminal who is ready to cash it.
At this point you’re probably wondering how the fake business can cash a check made out to a legitimate business. Depending on the name of the business and how the check is created, criminals can alter the name of the payor by simply adding letters or words onto the check. Checks payable to “XYZ Supply” can quickly become payable to “XYZ Supply House Inc.” By the time your insured knows what happened, the account will have already been closed and the criminals will be long gone.
This is only one example of how the scheme works. In another case, you might have a client who donates online each year to one or two charities. Criminals can catch on to this and send what appears to be a legitimate donation request to your client. Once the insured enters their credit card or banking information into the fraudulent online form, the scheme is complete and the bad guys have once again come out on top.
Again, know what you’re selling
Many social engineering endorsements now have a verification requirement, meaning that your insured needs to confirm the request for money using a callback system or other established verification system that is documented and kept on file. This type of requirement varies from carrier to carrier; it could be required on every transaction, all internal transactions, or all external transactions. It might only be required on transactions above a certain dollar amount. Or it might not even be required at all.
Also, you might find some unexpected perks within the policy language. Remember Carrier B from our Funds Transfer Fraud review? When it comes to Social Engineering coverage, they also cover theft of personal funds of the insured’s executive team! That’s a nice coverage perk for insured entities who administrative assistants pay the personal bills of the executives.
In summary
Like cyber/privacy liability exposures, modern-day crime exposures continue to evolve—as do the insurance policy forms that protect against losses from them. Offering your clients a little coverage in the form of a policy enhancement is certainly better than not providing them any protection at all.
You will be best served by taking the time to learn what your carriers offer—and what they don’t offer—when it comes to specific crime-related coverages. You’ll then be able to discuss these crime situations with your clients, listen to their concerns, and advise them on how they can best protect themselves based upon the solutions you can provide.
The author
Marc McNulty, CIC, CRM, is vice president of insurance operations at The Uhl Agency in Dayton, Ohio, and has been with the agency since 2001. He divides his time among sales, marketing, technology and operational duties. You can reach Marc at marcmcnulty@uhlagency.com