Pub. 3 2013 Issue 2

ARIZONA BANKER  Spring 2013 21 employ highly trained computer technicians and software engineers, and are using new and top-of-the-line equip- ment, so they have a head start when they begin an attack. Obviously their activities are profitable and those that are based in certain foreign countries have little risk of being caught or punished for their crimes. Community banks should be prepared for intensified efforts on the part of these criminals and one crucial facet of a community bank’s defense is appropriate insurance coverage. Follow- ing is a list of coverage areas that respond to electronic crime and related liability: Computer Systems Fraud Agreement This is a critical coverage part of your bank’s Financial Institution Bond and is your primary crime coverage for losses through your bank’s own computer system. You should load this agreement with all of the options your in- surance carrier provides. This insuring clause also extends to transfers of property (money) through wire transfers, voice initiated transfers, fax transfers, and e-mail trans- fers. This agreement contains required procedures or the policy may not respond to losses, so make sure you read the agreement and adhere to the insurance carrier’s require- ments. Bear in mind that the underwriting insurer is agreeing to cover losses through your bank’s own proprietary system, not losses that originate through your customer’s system. When the underwriter assesses exposure to the insurance company, it is predicated on information provided on your bank’s com- puter system, not your customer’s computer system. Internet Banking Liability Insurance (Cyber Liability) Notice the word “liability” – this is legal defense pro- tection if you are alleged to be “liable” for a number of computer system wrongful acts, including privacy liability, publishing liability, negligent custody and care of sensitive information, denial or impairment of access, and so on. It is extremely important to carry this insuring instrument on your bank regardless of the pride in which you hold your bank’s electronic security and procedures. Notice the word “alleged.” Even if you religiously employ the highest level of sophistication and security in your bank’s transactional internet activities, you can still be “alleged” to be respon- sible for a customer’s loss. Usually the eventual culprit is found to be the customer’s own carelessness with his identity, but the bank could incur significant legal expenses discovering the cause of loss. There are two exposures involved in potential privacy negligence allegations: 1.) document liability; and 2.) electronic storage and transfer liability. Document liability is typically included as part of Side “C” (corporate liability) of the bank’s management liability agreement to the D&O policy. It is sometimes referred to as “dumpster diving coverage.” Electronic stor- age and transfer liability is covered by the Internet Banking Liability / Cyber Liability policy. Optional Insurance Protection Chartis Insurance Company offers two very good op- tions for the bank’s insurance portfolio. One is Debit Card Fraud Insurance , a two-level form of coverage for community banks offering debit cards to their customers. This unique policy offers fraud coverage for individual cards up to $10,000 per loss with a $1,500 deductible and then couples individual card exposure with coverage for multiple card losses, such as BIN hits, with a $10,000 maximum per oc- currence deductible and an aggregate limit up to $1 million. Multiple card losses are the biggest concern because they can often involve hundreds of cards and many thousands of dollars in aggregate losses. This coverage is much bet- ter than that offered as an option on Financial Institution Bonds because it offers worldwide coverage, responds to losses due to telephone purchases, skimming, phishing, voiping, white cards, and internet purchases, plus carries a deductible much lower than the Bond deductible. There is also a relatively new offering from Chartis, EFT Guard, a malware protection program that safely processes commer- cial internet banking activity and is backed by Chartis up to $500K per loss subject to a $5 million aggregate limit. This program only responds to commercial accounts and will not apply to consumer accounts. Z Please feel free to contact our agency any Ɵ me if you have ques Ɵ ons or concerns about your bank’s professional or property insurance por ƞ olio. We only insure community banks and are the largest agency of our type in theWestern United States. Our insurance advice and our wri Ʃ en coverage reviews are provided free to the membership of Arizona Bankers Associa Ɵ on. www.ibisinsurance.com . Community banks should be prepared for intensified efforts on the part of these criminals and one crucial facet of a community bank’s defense is appropriate insurance coverage.