Funds Transfer Fraud
Coverage for direct financial loss from fraudulent electronic transfer of funds from the insured's account by unauthorized means.
What It Is
Funds transfer fraud coverage protects against direct financial loss resulting from fraudulent instructions directing a financial institution to transfer, pay, or deliver money from the insured's account. This coverage is found in commercial crime policies and sometimes in cyber liability policies, and it specifically addresses situations where a third party gains unauthorized access to initiate transfers without the insured's knowledge or consent.
The critical distinction between funds transfer fraud and social engineering fraud is the element of authorization. Funds transfer fraud involves unauthorized access to accounts or systems to initiate transfers, while social engineering involves tricking an authorized person into voluntarily initiating a transfer. This distinction has been heavily litigated, with courts generally holding that when an employee is deceived into authorizing a transfer, it does not qualify as funds transfer fraud.
Crime policies typically cover funds transfer fraud under a dedicated insuring agreement, often with the full policy limit rather than a sublimit. Cyber policies may include funds transfer fraud as part of a broader computer fraud coverage section. Deductibles for funds transfer fraud are often higher than other crime coverages, commonly $25,000 to $50,000 for mid-market accounts.
Why It Matters for Brokers
Brokers must understand the technical distinction between funds transfer fraud and social engineering fraud because it determines which insuring agreement responds. Many claim denials result from insureds filing social engineering losses under funds transfer fraud coverage. Properly advising clients requires ensuring both coverages are in place and that the client understands which scenarios trigger each coverage.
Real-World Example
A threat actor compromises the email credentials of a logistics company's CFO and, without the CFO's knowledge, sends wire instructions from the CFO's actual email account directly to the company's bank, transferring $520,000 to an overseas account. Because the transfer was initiated through unauthorized access to the CFO's account rather than by tricking an employee into voluntarily authorizing it, the $1M funds transfer fraud coverage under the crime policy responds, paying $520,000 less the $25,000 deductible.
Common Mistakes
- 1Conflating funds transfer fraud with social engineering fraud in client discussions, creating confusion about which coverage applies to which scenario.
- 2Assuming the bank will absorb the loss when most commercial banking agreements place the risk of unauthorized transfers on the account holder after a short window.
How brokerageaudit.com Handles This
brokerageaudit.com's Policy Checker distinguishes between funds transfer fraud and social engineering insuring agreements when analyzing crime and cyber policies, clearly labeling each sublimit and noting any overlap or gap. The system generates a coverage comparison chart that brokers can share with clients to explain which scenarios trigger which coverage.