1. Forms
2. CY
3. CY-20-13

What the form is

The CY 20 13 Computer and Funds Transfer Fraud endorsement is designed to be added to an ISO Commercial Cyber Insurance Policy. Its primary purpose is to introduce or expand coverage for losses arising from computer fraud and funds transfer fraud. This means it typically covers direct financial loss resulting from fraudulent electronic instructions to a financial institution to transfer, pay or deliver money or securities from the insured's account, or fraudulent electronic instructions directing a third party to do so.

Classes of business it applies to

This endorsement is relevant for a wide array of businesses that utilize computer systems for financial transactions and are consequently exposed to the risk of electronic fraud. Examples include:

• Financial Institutions: Banks, credit unions, and investment firms that handle significant volumes of electronic fund transfers.
• Retail and E-commerce Businesses: Companies that process online payments and manage customer financial data.
• Healthcare Providers: Organizations that handle patient billing and electronic payments.
• Manufacturing and Service Companies: Any business that makes or receives electronic payments or holds funds in accounts accessible via computer systems.
• Not-for-Profit Organizations and Governmental Entities: These entities also handle funds electronically and are targets for cybercriminals.

Essentially, any organization that could suffer a direct financial loss due to a criminal manipulating its computer systems to illicitly transfer funds or securities would find this endorsement pertinent.

Special considerations

• No Separate Sublimit: A key feature of this endorsement is that it typically does not include its own separate sublimit of insurance. Losses covered under this endorsement are subject to the overall policy aggregate limit. This means a significant computer or funds transfer fraud loss could erode the limits available for other cyber incidents covered by the policy.
• Overlap with Crime Insurance: The coverage provided by this endorsement can be similar to that found in traditional Commercial Crime insurance policies (specifically, insuring agreement 6 related to computer and funds transfer fraud). It's crucial for businesses to review their existing crime policies to understand any potential overlaps or gaps in coverage when adding this endorsement.
• Triggering Coverage: The specifics of what triggers coverage, such as the definition of a fraudulent act or unauthorized access, will be detailed in the endorsement and the main policy language.

Key information for agents and underwriters

• Risk Assessment: Agents and underwriters need to thoroughly assess the insured's exposure to computer and funds transfer fraud. This includes understanding the volume and nature of electronic transactions, the security measures in place (e.g., multi-factor authentication, call-back verification procedures for transfers, employee training on phishing and social engineering), and any prior loss history.
• Adequacy of Limits: Given that this endorsement often does not have a separate sublimit, agents should discuss with clients whether their overall policy aggregate limit is sufficient to cover a potentially large computer or funds transfer fraud loss in addition to other potential cyber losses.
• Internal Controls: Underwriters will scrutinize the insured’s internal controls designed to prevent and detect fraudulent transfers. Weak controls may lead to higher premiums, specific exclusions, or declination of coverage.
• Clarifying Coverage Intent: This endorsement helps to affirmatively grant coverage for these specific types of fraud within the cyber policy, which can be important as some cyber policies might otherwise be ambiguous or exclude such direct financial fraud losses if not specifically added back.