ISO’s Crime Changes: Keeping Pace With Our Digital World

iStock_000005708993_Double

By Catherine L. Trischan, CIC, CRM, CPCU, ARM, AU, AAI, CRIS, MLIS

Let’s take a step back in time.

Who would have imagined a day when money was made up of bits and bytes, couldn’t be touched, and wasn’t regulated by the government? That day is here. Who would have envisioned how easy it would be for a thief to impersonate someone else in order to trick an employee into giving away their company’s money or property? Modern communication methods and technology have made it so!

These are precisely the types of exposures ISO’s 2015 revision to its Commercial Crime Program were meant to address. ISO amended several crime policies and coverage forms and added three new endorsements. The new forms have an edition date of November 2015 and are now available for use in many states. As with any form changes, it is important to check with your insurance carrier to determine whether and when it will implement any changes in the forms it uses.


Virtual Currency—Exclusion and Endorsements

In the past, whether money took the form of cattle, wampum, coins, or paper bills, it was always tangible. Now, money has gone digital, and ISO has responded. More businesses than ever are accepting payment in the form of virtual currency—sometimes called digital currency or crypto currency. Virtual currency, such as Bitcoin, exists only online. This type of currency can be transferred, stored, or traded electronically. It can be used to pay for goods and services from merchants who accept virtual currency as a form of payment.

A virtual currency exclusion has been added to all policies and coverage forms. It is now clear in the unendorsed forms that loss involving virtual currency is not covered.


Exclusion—Virtual Currency

This insurance does not cover:

Loss involving virtual currency of any kind, by whatever name known, whether actual or fictitious, including, but not limited to, digital currency, crypto currency, or any other type of electronic currency.

For insureds who use virtual currency, the endorsement, Include Virtual Currency as Money, can be added to provide coverage. There are two versions of the endorsement; the appropriate one to use depends on what type of crime policy is written.

  • Endorsement CR 25 45 11 15 is used with the Commercial or Government Crime policies and coverage forms. The endorsement can be used to include Virtual Currency Coverage for Employee Theft and/or Computer and Funds Transfer Fraud coverages.
  • Endorsement CR 25 46 11 15 is used with the Employee Theft and Forgery Policy and the Government Employee Theft and Forgery Policy. With this endorsement, coverage applies only to the Employee Theft insuring agreement.

Both endorsements amend the Virtual Currency exclusion so that coverage applies to the type of virtual currency scheduled on the endorsement. The endorsements include a limit for the virtual currency, and it is important to note that the limit is part of the Employee Theft or Computer and Funds Transfer Fraud limit—not an additional amount of insurance. The value of any loss is the value of such currency on the day the loss is discovered, based on the rate published by the exchange shown on the endorsement.


Coverage Example

Jason’s employer started accepting Bitcoin as payment on its online gaming site. Jason found the private key to his employer’s digital wallet and used it to transfer all Bitcoins to a wallet Jason controls. The Include Virtual Currency as Money endorsement adds coverage for this type of Employee Theft loss.


Fraudulent Impersonation Endorsement (CR 04 17 11 15)

ISO has also recognized that businesses are more vulnerable than ever to theft by imposters. When an employee gets an email from his boss telling him to send funds or property somewhere, how does he know it’s really from his boss? In an age when the internet allows access to so much information about a person, it has become increasingly easy to pretend to be someone else. The use of computers and electronic communication makes it easy for a thief to hide behind the persona he’s adopted in order to defraud an unsuspecting insured.

For this very reason, the second major change in 2015 is the introduction of an endorsement to cover losses resulting from an employee’s being deceived by an imposter into transferring money, securities, or other property. The new Fraudulent Impersonation endorsement can be used to add one or both of two separate coverages to a Commercial or Government Crime policy or coverage form.


Fraudulent Impersonation of Employees

This coverage applies when an employee is acting in reliance upon transfer instructions purportedly issued by the insured, its partners, members, managers, officers, directors, trustees, or employees. If coverage is added to a Government form, the instruction can be purportedly issued by an employee or any of the insured’s officials.


Fraudulent Impersonation of Customers and Vendors

This coverage applies when an employee is acting in reliance upon transfer instructions purportedly issued by a customer or vendor with which the insured has a written contract. The instruction must have been fraudulently issued without the knowledge or consent of the customer or vendor.

In both cases, an option for verifying transfer instructions must be included on the endorsement. Verification can be required for all transfer instructions or only for transfer instructions in excess of the amount shown on the schedule. There is also an option that does not require verification of transfer instructions.

Commercial property forms exclude voluntary parting and transfer of property on the basis of unauthorized instructions. Crime forms also include exclusions for voluntary parting and fraudulent instructions. For these reasons, this endorsement is a valuable tool to provide much needed coverage.


Coverage Example

Paula is the manager of a Los Angeles clothing store that specializes in designer women’s wear. Paula received an e-mail from Laura, owner of a production company with which Paula’s shop has a contract. Per the instructions in the e-mail, Paula shipped 10 dresses worth $100,000 to what she thought was a movie set in a nearby town. When she called Laura to make sure the dresses met her needs, Laura told her she hadn’t sent the e-mail or requested the dresses. An imposter had hacked Laura’s e-mail account to send Paula the fraudulent order, and the dresses were in the hands of thieves. Assuming the endorsement did not require verification of the transfer instructions, the Fraudulent Impersonation of Customers and Vendors coverage in the Fraudulent Impersonation endorsement would respond to the loss.


Other Changes

In addition to these major changes, several other modifications have been made to the policies and coverage forms, themselves. With the exception of the change in the “fraudulent instruction” definition, none of the changes described below are intended by ISO to impact coverage. The affected forms and policies are as follows:

  • Commercial Crime Coverage Form (Discovery Form) CR 00 20
  • Commercial Crime Coverage Form (Loss Sustained Form) CR 00 21
  • Commercial Crime Policy (Discovery Form) CR 00 22
  • Commercial Crime Policy (Loss Sustained Form) CR 00 23
  • Government Crime Coverage Form (Discovery Form) CR 00 24
  • Government Crime Coverage Form (Loss Sustained Form) CR 00 25
  • Government Crime Policy (Discovery Form) CR 00 26
  • Government Crime Policy (Loss Sustained Form) CR 00 27
  • Employee Theft and Forgery Policy (Discovery Form) CR 00 28
  • Employee Theft and Forgery Policy (Loss Sustained Form) CR 00 29
  • Government Employee Theft and Forgery Policy (Discovery Form) CR 00 30
  • Government Employee Theft and Forgery Policy (Loss Sustained Form) CR 00 31
  • Under these crime policies and forms, the exclusion for Confidential or Personal Information has been revised to emphasize that the exclusion does not apply to an otherwise covered loss that results directly from the use of the insured’s confidential or personal information. Disclosure of such information and use of another’s information is still excluded.

    In the non-government forms, the Joint Insured Condition has been revised to add directors, trustees, and LLC managers to the list of individuals whose knowledge of relevant information may be imputed to all insureds.

    There have been changes in a few definitions in the Commercial and Government Crime policies and forms, as well.

  • “Financial institution” is now defined for coverages other than Inside the Premises – Theft of Money and Securities and Computer and Funds Transfer Fraud. For coverages other than these two, the term means any financial institution.
  • The “financial institution premises” definition now specifically refers to financial institutions as defined for Inside the Premises – Theft of Money and Securities coverage.
  • In the “fraudulent instruction” and “transfer account” definitions, the words “telegraphic,” “cable,” and “teletype” are removed from the list of instruction types, as these forms of communication are no longer commonly used. The term “other electronic instructions” is broad enough to cover these forms of communication should they be utilized.
  • In the “fraudulent instruction” definition, reference to “employee impersonation” is removed. That exposure, with respect to Computer and Funds Transfer Fraud coverage, is to be handled using the Fraudulent Impersonation endorsement. This change in definition is a reduction in coverage, so care should be taken to add the Fraudulent Instruction endorsement if coverage is desired.
  • Lastly, a few editorial changes have been made.

  • In the Government policies and forms, the lead-in language to the Termination as to Any Employee condition has been revised since the verbiage applies to both the Employee Theft – Per Loss Coverage and the Employee Theft – Per Employee Coverage.
  • In the employee and government Employee Theft and Forgery Policies, the definition of “premises” has been removed. This definition was originally used to limit coverage for guest students and temporary workers. That limitation was previously removed, and now the unneeded definition has been removed as well.
  • In the Employee Theft and Forgery Policy (Loss Sustained Form) the word “termination” has been removed from the Extended Period to Discover Loss condition. The language is now consistent with that in the other policies and forms.
  • ISO’s 2015 changes to the Commercial Crime Program reflect changes in the way people do business. By addressing the existence of virtual currency and dealing with new ways people have found to steal, ISO is keeping coverage current to meet the needs of today’s businesses and government entities.


    Learn More, Earn More

    P&C Insurance Essentials

    The National Alliance offers several courses related to cyber risk and crime coverages. Depending on your specific area of interest, consider attending a Ruble Cyber Risk Seminar or a CIC Commercial Property Institute. The CISR Insuring Commercial Property Course also offers practical curricula about the different property coverages. And remember, The Academy’s P&C Insurance Essentials book devotes a full chapter to crime coverages.


    Catherine L. Trischan, CIC, CRM, CPCU, ARM, AU, AAI, CRIS, MLIS, has been with the E&K Agency in Eatontown, NJ, since 1996, and currently serves as its Director of Commercial Underwriting. She began her insurance career upon graduation from Rutgers University in 1987. She is a National Faculty member with The National Alliance and speaks at both CIC and CISR programs.

    Comments are closed.

    All Rights Reserved. | The National Alliance for Insurance Education & Research