Summary: Identity theft is a widespread issue and does not seem to be slowing down. One of the issues with identity theft is the ability of the thief to impersonate an individual and then use that identity to steal from various organizations. The Fraudulent Impersonation form, CR 04 17 11 15, provides coverage for acts excluded under the Commercial Crime Coverage Form, CR 00 21 08 13, for transfer based on unauthorized instructions or voluntary parting induced by a dishonest act.

Topics Covered: Introduction Insuring agreement Definitions

Introduction

The Fraudulent Impersonation form provides coverage for loss that is a direct result from an employee being deceived into transferring money, securities, or other property based on the fraudulent instruction by someone impersonating another employee of the insured or a customer or vendor. With more and more companies being hacked, individuals identifying information may be accessed by thieves who later use that information to transfer funds into their own accounts.

The form includes a schedule for impersonation of employees or impersonation of vendors and customers. In the schedule, the insured is to indicate which type of fraud is being covered, and within each category certain subcategories may be indicated. The subcategories are to indicate if verification is required for all transfers, if verification is required for transfer instructions over a certain dollar amount, of if verification of transfer instructions is not required. Depending on the amounts of funds at risk, the insured may opt for no verification, some verification, or verification of all transfers.

Insuring Agreement

A.The following Insuring Agreement is added to Section A. Insuring Agreements:

Fraudulent Impersonation

1.”Employees” (if indicated in Section I. of the Schedule)

We will pay for loss resulting directly from your having, in good faith, transferred “money”, “securities” or “other property” in reliance upon a “transfer instruction” purportedly issued by:

a.An “employee”, or any of your partners, “members”, “managers”, officers, directors or trustees, or you (if you are a sole proprietorship) if coverage is written under the Commercial Crime Coverage Form or Commercial Crime Policy; or

b.An “employee”, or any of your officials if coverage is written under the Government Crime Coverage Form or Government Crime Policy; but which “transfer instruction” proves to have been fraudulently issued by an imposter without the knowledge or consent of the person in Paragraph 1.a. or 1.b.

2.”Customers” And “Vendors” (If indicated in Section II. of the Schedule) We will pay for loss resulting directly from your having, in good faith, transferred “money”, “securities” or “other property” in reliance upon a “transfer instruction” purportedly issued by your “customer” or “vendor”, but which “transfer instruction” proves to have been fraudulently issued by an imposter without the knowledge or consent of the “customer” or “vendor”.

Analysis

The endorsement attaches to the Commercial Crime Coverage Form, so many of the defined terms come from that policy. See CR 00 21 08 13. The definitions are fairly straightforward: employees must be natural people, not corporations, and are considered to be employees for thirty days after termination of service. Money is currency, coin and bank notes with monetary value; securities are negotiable and nonnegotiable instruments; and other property is property other than money and securities with intrinsic value.

A transfer instruction is an instruction to transfer money, securities, or other property. There is no specification that the instruction be received in person, by phone, fax, email, letter, or in any particular form. Loss caused by the action of an employee to transfer money, securities, or other property based on instructions received by a supposed employee, partner, member, manager, officer, director, or trustee of the organization if coverage is provided under the Commercial Crime Coverage Form or Policy, or if coverage is provided by the Government Crime Coverage Form or Policy, if it becomes known that the instruction was from an imposter. For example, an employee receives instructions in an email from Mr. Boss, the CEO of the company, instructing him to transfer funds into an offshore account that the company holds. This happens on a rare basis, but the employee knows such an account exists and the email looks legitimate. So the employee transfers the funds, not realizing that someone is impersonating Mr. Boss and that the offshore account does not belong to the company, but the thief issuing the instructions. There would be coverage for such a loss.

The second section provides the same coverage, but when the fraudulent instruction seems to come from an organization's vendor or customer. The situation is the same: the employee receives instructions he thinks are legitimate to transfer money, securities, or other property to an entity that seems to be legitimate but in actuality is fraudulent.