One of the most heated issues in the community bank insurance arena over the last few years is the fraudulent transfer of funds that originate through a commercial customer’s own computer system. If a hacker gains access to your bank’s computer system and the bank suffers a loss, the assumption is that the Financial Institution Bond will respond. But what happens if the hack comes through a customer’s computer system?
The Computer Systems insuring agreement contained in the FI Bond protects against hacking theft through the bank’s own system, not through systems owned by bank customers. Bond underwriters predicate coverage and premium expenses on the bank’s computer security, not the bank client’s computer security. Working with some affiliate companies, IBIS helped develop a solution for this type of loss.
Obviously this coverage deficiency had created a problem – many commercial on-line bank customers assume hacking theft would be covered by their bank. This assumption was incorrect and created a perfect environment for a negligence lawsuit. If a bank customer was to lose six figures to a computer hacker they will understandably be looking to the bank for reimbursement. To exacerbate the situation, some D&O policies are not clear as to whether the cost of this type of litigation was covered. In many cases, the D&O policy retention exceeded the amount of the loss.
We initially tried to mitigate this coverage shortfall by advising our client bankers to personally visit their on-line commercial customers and let them know this kind of criminal activity is not covered, and to also advise these customers to add an Electronic Funds Transfer rider to their own BOPs (Business Owner’s Policies). Additionally, some of our client banks had incorporated secure software portals to strengthen their hacking protection.
When we subsequently researched the availability and structure of EFT riders contained in traditional BOP policies we were dismayed to find the typical limit available was only $25,000. Requests for higher limits triggered individual underwriting which increased premiums considerably. We were back to square one as far as effective insurance solutions were concerned.
We are happy to finally introduce an ideal coverage platform called EFT Guard. This is an insurance option that was designed to mitigate the bank’s liability exposure and also to insure the bank’s customers from Fraudulent Electronic Funds Transfers. EFT Guard is a reasonably-priced blanket policy designed to cover a bank’s entire commercial on-line customer base.
EFT Guard program highlights:
- Structured as an insured on-line client service which incorporates security training and features the use of an optional secure parallel software portal.
- Included is an on-line assessment that the account holder should complete for his own use. The assessment will highlight the account holder’s online security strengths and weaknesses in order to help protect themselves.
- The bank will need to complete a 1-page application Click here for the application. No application is required of the account holders – they only need to register through the EFT Guard Website.
- Coverage is blanketed on the entire user base with no “opt in/opt out” feature. Providing coverage as a customer option would result in adverse selection and drive up the program’s premiums.
- Underwritten by Lloyd’s of London A.M. Best Rated “A+” (Superior) FSC XV
- Option 1: $100,000 per-occurrence limit with a $5,000 deductible – $8.00 per month per on-line commercial account or an annual cost of $96.
- Option 2: $250,000 per-occurrence limit with a $10,000 deductible – $14.50 per month per on-line account or an annual cost of $174.
- Both options have a $15,000,000 per bank annual aggregate limit
The banks who assisted us in this effort indicated they would be offsetting the cost of the EFT Guard program through monthly service fees charged to the on-line customer’s account. Based on our research it appears that the coverage provided by the EFT Guard program offers both appropriate limits and pricing comparable or lower than traditional commercial insurance protection. EFT Guard additionally mitigates liability exposure by confirming due diligence on the part of the financial institution.
Implementing the program is simple. Get in touch with our Endorsed Program Partner IBIS Insurance Services, Inc. at pcorey@ibisinsurance.com (480-663-3778) or contact Betty House directly at betty@wib.org (415-352-3222)
Western Independent Bankers 