1. Forms
  2. CR
  3. CR-04-02

Form CR 04 02: Amendatory Endorsement - Funds Transfer Fraud

1. What the Form Is

The CR 04 02, often titled "Funds Transfer Fraud," is an amendatory endorsement to a Commercial Crime policy. Its primary purpose is to add or modify coverage to protect the insured business against losses resulting directly from a "fraudulent instruction" issued to a financial institution, directing it to transfer, pay, or deliver "funds" from the insured's "transfer account". This endorsement specifically addresses the risk of an unauthorized third party (not an employee, as employee theft is typically covered elsewhere) fraudulently instructing the insured's bank to send money to an external account.

2. Classes of Business It Applies To

This endorsement is crucial for a wide range of businesses that regularly conduct electronic funds transfers. The exposure exists regardless of industry if the business utilizes online banking or other electronic methods to move money. Examples include:

  • Manufacturing and Distribution: Businesses making frequent electronic payments to suppliers and vendors.
  • Professional Services (e.g., Law Firms, Accounting Firms): Firms that may handle client funds or make significant electronic disbursements.
  • Retail and E-commerce: Companies that manage online sales revenue and make electronic payments for inventory and operational expenses.
  • Real Estate Companies: Entities involved in transferring funds for property transactions, escrow accounts (where permissible by underlying policy terms), or large operational payments.
  • Healthcare Providers: Organizations making electronic payments for medical supplies, equipment, and other services.
  • Any business with online banking capabilities that allows for external fund transfers.

Real-world example: A manufacturing company receives a spoofed email, appearing to be from a known supplier, with new banking details for future payments. The accounts payable clerk, believing the instruction to be genuine, updates the supplier's banking information. When the next payment is made via electronic funds transfer using the fraudulent instructions, the funds are diverted to the fraudster's account. The CR 04 02 endorsement would typically respond to such a loss, subject to its terms and conditions.

3. Special Considerations

  • Specificity of "Fraudulent Instruction": Coverage hinges on the definition of "fraudulent instruction" within the policy. This typically means an instruction issued by someone other than the insured, without the insured's knowledge or consent, purporting to be from the insured.
  • Exclusion of Employee Acts: Losses resulting from an employee knowingly acting in collusion with a third party to issue fraudulent instructions might be covered under Employee Theft insuring agreements rather than this specific endorsement, depending on policy language. However, if an employee is merely duped into unknowingly processing a fraudulent instruction from an external party, this endorsement is more likely to apply.
  • Verification Procedures: Some policies or underwriters may have expectations or even requirements regarding the insured's call-back verification procedures or other security protocols for authenticating fund transfer requests, especially for large sums or changes to payee information. Failure to follow agreed-upon procedures could impact coverage.
  • Not a Broad Cyber Liability Coverage: This endorsement is specific to fraudulent instructions directing a financial institution. It is not a catch-all for all types of cybercrime or social engineering fraud (e.g., where an employee is tricked into voluntarily making a legitimate payment to a fraudulent party based on deceptive pretenses, without a fraudulent instruction being given to the bank by a third party). However, the lines can sometimes blur, and the exact sequence of events and policy wording are critical.
  • Geographic Scope: Review the policy for any territorial limitations on where the financial institution or the fraudulent instruction must originate or be received.

Real-world example: If an insured's CEO has their email compromised, and the hacker, posing as the CEO, emails the company's controller instructing them to wire funds to a new account for a (fake) confidential acquisition, the applicability of CR 04 02 would depend on whether the instruction to the *bank* was deemed fraudulent and by whom it was initiated according to the policy definitions. If the controller, believing the CEO's email, *then* legitimately instructs the bank, some interpretations might view this as voluntary parting with money, potentially falling outside CR 04 02 and into a social engineering type of loss (which may or may not be covered elsewhere).

4. Key Information for Agents and Underwriters

  • Risk Assessment:
    • Evaluate the sophistication and robustness of the insured’s internal controls for authorizing and processing electronic fund transfers. This includes segregation of duties, multi-factor authentication for banking platforms, and mandatory call-back verification procedures for any changes to payment instructions or for payments exceeding certain thresholds.
    • Assess the volume, frequency, and average/maximum amounts of funds transfers.
    • Understand the insured's employee training programs on identifying phishing attempts and other social engineering tactics aimed at instigating fraudulent transfers.
  • Coverage Gaps:
    • Clearly explain the distinction between this coverage and broader cyber liability or social engineering fraud coverages. Clients may assume CR 04 02 covers all forms of electronically-induced financial fraud.
    • Identify potential gaps if the fraudulent act involves an employee willingly (even if tricked) initiating the transfer, as opposed to a third party directly issuing a fraudulent instruction to the bank.
  • Pricing and Limits:
    • The limit of insurance should be adequate to cover potential significant fraudulent transfers, considering the insured's typical transaction values and overall financial exposure.
    • Premiums will be influenced by the strength of internal controls, loss history, industry, and the limits/deductibles chosen. Businesses demonstrating strong risk management practices may qualify for more favorable terms.
  • Underwriting Guidelines:
    • Inquire about past incidents of attempted or actual funds transfer fraud.
    • Require details on specific security protocols in place (e.g., dual authorization, out-of-band verification for changes to vendor/payee bank details).
    • Consider the insured's reliance on third-party payment processors and the security measures at those entities, though this endorsement primarily focuses on the insured's direct transfer accounts.
Form Information

Summary:
This form number likely refers to a general amendatory endorsement for crime policies. Its specific function would depend on the exact title and content of the endorsement, which might modify definitions, conditions, or other terms of the base crime policy or coverage form.

Line of Business:
Commercial Crime

Type:
Endorsement

Form Code:
CR 04 02

Full Form Number:
CR 04 02 MM YY

Navigation
All Forms Back to CR