Guide to Cover
A History of Insurance for Banks
Bankers Blanket Bond — The Insuring Clauses
Electronic & Computer Crime — The Insuring Clauses
Limits & Deductibles
The Insurance Market
Losses
Other Specialist Coverages
Quotations
A History of Insurance for Banks
The nature and scope of insurance coverage offered to financial institutions has developed considerably over the years to reflect the changing activities and exposures of the banking world.
Around the early 1900’s, a bank’s activities were almost exclusively concerned with basic retail transactions such as accepting deposits, granting loans and dealing in hard currencies. The risks posed to a bank on a day-to-day basis were easily quantifiable, being of a purely physical nature; robbery, forgery of securities and other documents, and theft from dishonest employees. The cover afforded by the various insurance policies at that time was relatively straightforward.
In 1915 the first “blended” insurance programme was issued: the “Bankers Blanket Bond” and was an amalgamation of the separate coverages purchased by financial institutions into a single, more easily marketable package.
The following coverages were subsequently drawn under one policy:
Ø Employee Infidelity.
Ø Bank Premises Burglary & Robbery.
Ø Messenger Robbery.
Ø Forged Securities.
The advantages were:
Ø A blanket limit over all coverages incorporated into the Bond.
Ø Only one policy document to issue and one premium to collect.
Ø More favourable terms for the banks due to larger overall premium paid.
Ø Avoided potential gaps and conflicts between individual coverages
In recent years, considerable changes have taken place in the field of banking. A greater number of services than ever before is available to the consumer as a result of consumer demand and technological advances. These entail increased risk exposures for those financial institutions who offer such services. The following are examples of such services:
|
Forex Trading. |
ATMs |
Transfers |
|
Plastic Cards |
Transactions |
Dealing Activities |
|
Travellers Cheques. |
Fiduciary Services |
Automated Clearing House |
|
Trade Finance |
Custody of Property |
Securities |
|
investment Management Services |
Electronic Securities Trading |
On-line Cash Management |
|
Transit of Securities |
Wire and Cable Transfers |
|
|
SWIFT |
Customer Voice Initiated |
|
In response to the widespread expansion of computers into the banking industry in the early 1980’s, the first Electronic & Computer Crime Policy was issued in 1981. It was refined and developed by underwriters at Lloyd’s with the aid of computer risk consultants and researchers.
Their aim was to produce a policy wording which provided coverage for those exposures which could be identified and defined, and where there was a direct criminal link. Thus, a policy was written for computer-related fraud involving unidentifiable parties, as an associated policy to the Bankers Blanket Bond.
Coverage was updated in 1991 to take into account the major technical advances which had occurred over the decade. As the banking world becomes ever more dependent upon computers and electronic communication, the potential for serious losses involving computer driven fraud looms ever larger.
The advent of the Internet, and a general movement of the banking industry towards globalisation on a massive scale threatens to open up a whole new dimension of risk exposures as new opportunities for criminal activity arise, It is imperative that adequate security and control systems are put into place, and supported by comprehensive tailor-made insurance programmes.
Bankers Blanket Bond
The Insuring Clauses
Insuring Clause One: Fidelity
Covers loss resulting solely and directly from dishonest or fraudulent acts committed by employees. Requires intent by an employee either to cause the bank financial loss or obtain improper financial gain.
NB. Where loss results from Loans or Trading the bank must establish that a financial gain has accrued to the employee.
Insuring Clause Two: On Premises
Covers loss of property * from:
Ø Theft, larceny, false pretence, burglary, robbery or hold-up committed by persons present on the premises where the property is located, or
Ø Mysterious unexplained disappearance, or
Ø Damage, destruction or misplacement howsoever caused,
while such property is on the bank’s premises or recognised places of safe deposit or correspondent banks of any transfer or registration agents.
Also covers customer property within the bank’s premises.
Insuring Clause Three: Transit
Covers loss of property in transit whilst in custody of:
Ø The bank’s employees
Ø Any person designated by the bank to act as a messenger
Ø Any security truck or armoured motor vehicle carrier
Begins immediately upon receipt and ends immediately after delivery
Insuring Clause Four: Forgery & Alteration
Covers loss to the bank resulting directly from:
Ø Forgery or alteration of cheques, bills of exchange, acceptances, drafts, certificates of deposit, letters of credit, withdrawal receipts, money orders, or orders upon public treasuries.
Ø Payment based on fraudulent transfer instructions.
Ø Payment of forged or altered promissory notes or those bearing a forged endorsement.
Insuring Clause Five: Securities Forgery
Covers loss to the bank where, in the normal course of business, it acts upon the following which are either counterfeit, or forged as to signature or fraudulently altered, lost or stolen
Ø Stock & share certificates, warrants and coupons
Ø Bonds, deeds of trust, and collateral trust agreements
Ø Promissory notes
Ø Deeds of trust, mortgages and assignment of mortgages
Ø Certificates of deposit and letters of credit
Insuring Clause Six: Counterfeit Currency
Covers loss to the bank through receipt of counterfeit or altered paper, currency or coin.
Insuring Clause Seven
Loss or damage to the bank’s offices, furnishings, fixtures and equipment (excluding computers) caused by vandalism burglaries, robberies and the like but excluding fire.
* Property
The definition of property is very wide encompassing cash, securities and documents of value of various kinds. Property covered is not restricted to property which belongs to the bank. It covers any property held by the bank.
Key Exclusions:
Ø Loss or damage to property contained in customer’s safe deposit boxes
Ø Loans & trading losses, unless sustained by employee fraud or forgery
Ø Loss relating to credit or charge card misuse, unless sustained by employee fraud or forgery.
Ø Errors & Omissions on the part of the bank’s staff
Ø Loss as a result of forgery of any accounts receivable, bills of lading or warehouse or trust receipts
Ø Cheque kiting and cross-firing *
Ø Any loss not discovered during policy period (or any loss sustained prior to a retroactive date, if any).
Ø Extortion.
Ø Indirect or consequential losses.
Ø Off-site ATM’s.
Ø Property in the mail.
Ø Property while with carriers for hire.
Ø Forged travellers cheques.
Special Note:
A number of enhancements can be made to the standard Bankers Blanket Bond, which in some cases have the effect of either deleting an exclusion, or reducing the effects of an exclusion.
* Kiting and Cross-Firing
Kiting and cross-firing is a situation whereby a person having an account at both bank A and bank B, draws a cheque on bank A account and pays it into bank B account. On the day before the cheque is presented for payment, a cheque on bank B account is drawn to meet the cheque on the first account, thereby a credit balance is shown on both accounts, although there are in fact, uncleared balances. This practice if allowed to continue, could mean an increase in the uncleared balances.
Electronic Computer Crime
The Insuring Clauses
Insuring Clause One: Computer Systems
Covers loss arising from the fraudulent input, modification or destruction of electronic data in the bank’s computer system, an Electronic Funds Transfer System, or a Customer Communication System.
It is necessary to show that the perpetrator’s intention was to make a financial gain or cause loss to the bank.
Insuring Clause Two: Bank’s Service Bureau Operation
Covers loss sustained by a customer arising from fraudulent input, modification or destruction of electronic data whilst the Bank is acting as a service bureau, and provided the bank is legally liable for such losses.
Insuring Clause Three: Electronic Computer Instructions
Covers loss arising from the fraudulent preparation or modification of electronic computer instructions.
Insuring Clause Four: Electronic Data & Media
Covers loss arising from the malicious destruction of data whilst stored on the bank’s computer system or whilst recorded on electronic data processing media.
Also covers loss arising from robbery, burglary or mysterious, inexplicable disappearance of media while on the bank’s premises or in transit.
Insuring Clause Five: Computer Virus
Covers loss arising from the destruction of the bank’s electronic data due to a computer virus whilst the data is stored within the bank’s computer system or service bureau’s computer system, including loss of the electronic data itself.
Insuring Clause Six: Electronic Communication
Covers loss arising from fraudulent electronic instructions transmitted directly onto the bank’s computer systems through an electronic communication system or tested telex, tested TWX or other similar means of tested communication.
Insuring Clause Seven: Electronic Transmission
Covers loss arising from electronic instructions which appear to be from the bank but which were fraudulently sent or modified during transit and for which the bank is held legally liable, where communications were transmitted or appear to have been transmitted through an electronic communication system or tested telex, tested TWX or other similar means of tested communication.
Insuring Clause Eight: Electronic Securities
Covers loss arising where a central depository acted on the faith of an electronic communication sent by the bank, in connection with an electronic security, which was either not sent or fraudulently modified and for which the bank is held legally liable where communications were transmitted or appear to have been transmitted through an electronic communication system or tested telex, tested TWX or other similar means of tested communication.
Insuring Clause Nine: Forged Telefacsimile
Covers loss arising from forged tested instructions transferred by telefacsimile directed to the bank.
Insuring Clause Ten:
Covers loss arising where the bank acted on the faith of any voice initiated fund transfer instructions fraudulently purporting to have been made by an authorised person.
All voice initiated requests received for the transfer of funds must be tested or subject to a call back to an authorised person other than the individual who initiated the transfer request.
Insuring Clause Eleven: Clean Up Costs Expenses
Covers costs and expenses incurred and paid by the bank with the prior approval of underwriters, for the verification, reconstitution and renewal of electronic computer instructions following a loss paid under Insuring Clause 3, 4 or 5.
This clause is available as an optional extension and a sub-limit is normally applicable.
Exclusions:
Ø Employee related dishonesty.
Ø Loss resulting from forged instruments, securities or documents used as source documentation in the preparation of electronic data.
Ø Loss of negotiable instruments and other documents except as converted to electronic data.
Ø Any loss not discovered during policy period (or any loss sustained prior to retroactive date, if any)
Ø Extortion.
Ø Indirect or consequential losses.
Ø Loss resulting from fraudulent features in” off the shelf” programmes sold to multiple customers.
Ø Loss resulting from the access of confidential information.
Special Note,
It should be noted that a number of enhancements can be made to the standard Electronic & Computer Crime coverage, which in some cases have the effect of either deleting an exclusion, or reducing the effect of an exclusion.
Limits and deductibles
Calculating limits for Bankers Blanket Bond and Computer Crime coverage is at best an imprecise science with little correlation between buyers within the same peer group. However, there remains a consistent matrix of factors which influences the decision-making process ie:
Ø The Insurance Premium Budget
Ø Confidence in Risk Management & Control Process
Ø Areas of Business Activity
Ø Geographical Spread
Ø “Appetite” for Risk
Ø Loss History
Ø Availability of a Consistent Limit
Ø Peer Group Limits
Ø Size of the Institution
Similarly, there is little correlation between peer group banks in terms of deductible levels. In the distant past these were largely dictated by the insurance providers. However with buyers in recent years becoming more aggressive with risk taking they have chosen to bear much higher levels of self-insured retentions to contain insurance premiums and insure for only catastrophe level coverage.
The Insurance Market
This class of business had been profitable for many years. However the market has seen some large claims over recent years (see next section) and indeed the frequency of these is increasing. This is leading to a reduced market capacity which in turn is driving premiums upwards.
The London Market continues to dominate this class of business in terms of leadership, experience and capacity, although there is an increasing interest and participation from the Swiss markets and from US-based insurers underwriting non-US business.
Capacity
Overall, there is still a relative surplus of capacity, and it is perceived that the market will continue to remain stable in terms of capacity for the foreseeable future.
|
Main Markets |
Capacity |
|
London Market ( companies) |
38 % |
|
USA |
27% |
|
London Market ( Lloyds) |
22 % |
|
Swiss |
06% |
|
Others |
07% |
Losses
All financial institutions are vulnerable to crime, particularly to crimes committed by employees acting on their own or in collusion with others. Over the years, dishonest employees have caused losses so large that many banks have gone into liquidation.
The following are examples of employees infidelity and computer crime which have hit the headlines in recent times and will illustrate clearly the extent to which financial institutions can sustain losses
Deutsche Bank - US$20 million Fraud
A routine audit resulted in the arrest of the bank’s then head of Foreign Exchange, together with a customer in Nuremburg on suspicion of a DM28 million (US$20 million) fraud involving US dollar options.
Mehran Bank, Karachi - GBP 120 million Embezzlement
The Chief of Operations was jailed for 10 years for fraud involving at least GBP 120 million during his career.
Part of the money was apparently used to pay off politicians and army generals who diverted public money into banks he worked for or ran.
HSBC - US$42 million Fraud
The bank fell victim to a US$42 million loss at its Jakarta branch. The fraud was believed to involve fake telegraphic transfers from Swiss Bank to Deutsche Bank.
A recent media report into computer crime described the phenomenon as “Superhighway Robbery….the crime of the future which is happening today”. In the same report, some interesting statistics were offered by Bill Marlow, a Security Consultant at SAIC:
“The average bank robbery typically nets the robber around US$1,900. It is prosecuted 82% of the time. With a computer, the average theft results in around US$250,000 taken, and is only ever prosecuted 2% of the time. It is safer and easier to go armed with a computer than armed with a gun.”
Other Specialist Coverages
As well as Bankers Blanket Bonds and Computer Crime policies, there are other important specialist coverages available to financial institutions:
Directors & Officers Liability
This is designed to protect directors and officers including their personal assets from claims made against them for losses arising out of an alleged Wrongful Act. Wrongful Act typically means any actual or alleged error, omission, misstatement, neglect, breach of duty or negligent act by any of the directors and officers, whilst acting solely in their official capacity as a director or officer of the company.
The responsibilities and duties faced by directors and officers may be summarised as follows
Ø Fiduciary: this duty encompasses the director or officer’s relationship of trust with the company. He or she must act with honest] and good faith at all times
Ø Care & Skill: a director or officer must act with care and skill at all times in whatsoever duty he or she is discharging regardless of the relative importance of the task.
Ø Legal a director or officer must ensure that he or she abides by all relevant statutes on the company’s behalf. Special attention must be afforded when the company comes under the jurisdiction of foreign courts.
Ø Authority Limitations: the director or officer must act only within the scope of his or her powers and authority.
Claims can arise from
Ø Employees: actions for alleged wrongful termination of employment, discrimination, and sexual harassment.
Ø Customers, clients & consumer groups: actions where a director or officer is held personally liable in a similar manner to the company for a product liability.
Ø Competitors: actions for alleged breach of copyright & patent breaches Government bodies: actions in respect of the legal environment of a company. This would involve fraud, civil rights violations and licensing issues.
Ø Shareholders: actions arising out of mergers, takeovers, financial disclosure, acquisitions & divestitures.
It is well documented that the USA is by far the most litigious country in the would in terms of Directors and Officers suits. However, the rest of the world is now also witnessing increasing claims frequency as the duties of directors and officers are being ever more closely scrutinized
In most territories there is no statutory definition of’ “Director” or “Officer”. Generally, directors and officers are the persons legally responsible for managing the affairs of the company and through whom the company can legally act. In many jurisdictions, it is the role of the person and not his or her title which determines whether or not he or she is a director. “Officers” in addition to the directors will normally include “managers” who are managing the affairs of the company as a whole.
Professional Indemnity
This is intended to provide protection for the institution itself, in the form of indemnity for legal liability to third parties for compensatory damages and claimant’s costs and expenses arising out of negligent acts, errors or omissions.
As the banking industry continues to grow and diversify, performing an ever increasing range of services - particularly those of an advisory nature - exposures to professional indemnity suits pose an ever greater threat,
Banking activities with significant exposure include:
Ø Corporate Finance: Mergers & Acquisitions, New Issues and Prospectus Liability
Ø Trade Finance: Letters of Credit
Ø Financial Advice
Ø Asset Management
Ø Stock broking
Ø Insurance Company operations and Insurance Broking
Ø Estate Agency and Surveying (valuations)
Vault and Transit Insurance & Safe Deposit Box Insurance:
Financial institutions which operate vaults and safe deposit boxes face a number of risks, such as loss or damage to customer’s property through alleged negligence, mysterious disappearance, burglary, robbery or theft.
The vault and transit policy provides all risks coverage for physical loss or damage to customers property on the premises or in transit
The safe deposit box policy can either be limited to cover a bank’s legal liability to customers for loss of or damage to property contained in safe deposit boxes lodged in the bank’s premises, or broader “all risks” cover can be arranged where there is no need to establish the bank’s legal liability. Both types normally exclude cash or currency.
Credit Card Fraud:
Today there are many different types of cards available: store cards, bank debit and cash point (ATM) cards, credit cards and various travel & entertainment cards.
Unfortunately, the fraud practices involving such cards are equally numerous and include the following
Ø Counterfeiting - debits established against the bank resulting from the use of counterfeited plastic cards supported to have been issued by it and the subsequent use of these cards by an unauthorised person.
Ø Stolen or lost cards - debits established against the bank resulting from the use of lost or stolen cards by an unauthorised person.
Ø Infidelity of employees in respect of plastic card operations.
Ø Merchant fraud - forgery or alteration of any written instrument required in conjunction with any plastic cards.
Cover would also include any legal fees, court costs and legal expenses incurred and paid by the bank in defending any suit or legal proceeding brought to enforce its liability, provided that such liability constitutes a valid and collectible loss sustained by the bank under the policy.
Plastic Card Fraud Claims include
|
Stolen Cards |
38% |
|
Lost cards |
24% |
|
Cards not received |
16% |
|
Fraudulent use of PIN numbers |
9% |
|
Fraudulent applications |
5% |
|
Counterfeit |
3% |
|
Other fraud |
5% |
Other very important coverages to consider are Balance Sheet Stabilisation, Captive Management Services, Cyber Liability, Pension Trustee Liability and Unauthorized Trading.
We would be more than happy to supply more information on these areas if required.
Quotations
Obtaining a Quotation
Whilst a bank may be able to obtain a rough indication of insurance costs by providing the insurer with a brief claims history, together with information in respect of the number of locations, the geographical spread of those locations and the number of employees, it will only be possible to obtain full terms upon submission of a fully completed Proposal Form, together with any additional information requested by the insurer.
The completed Proposal Form contains a substantial amount of the information required by the insurer in order to assess risk exposures and underwrite the risk.
The main concerns for insurers are as follows:
 |
Loss History - to establish any previous losses and/or pending claims. |
|
Financial Status of the Bank - financial performance must be within acceptable parameters. |
|
Compliance - the bank should be in compliance with all regulatory requirements. |
|
U Values at Risk - these values must be assessed and rated accordingly. |
|
Procedures - internal controls must be adequate. |
|
Physical Security - the insurer will assess the level of physical protection provided. |
|
In addition, there are a number of significant factors to be considered from the responses on the separate Computer Crime Proposal Form, such as: |
|
A general description of Data Processing activities and details of computer hardware & software |
|
Details of Systems, Service Bureau, Independent Contractors, Fund Transfers and Clearing Operations |
The information disclosed in the Proposal Form is always treated with the utmost confidentiality.
A survey may also be required to provide more detailed information on procedures and systems, and the adequacy of physical protections. A survey would typically involve a series of meetings with the bank’s management and those involved in data processing, compliance and auditing operations. It seeks to establish the extent to which the bank is aware of its risk exposures, and the level at which they are willing to tackle them.
Frequently recommendations are made, and in some cases where a serious weakness is discovered, insurers will grant coverage subject to the implementation of recommended improvements within an agreed timeframe. Such a survey can only be regarded as a positive benefit from the point of view of the bank, since it constitutes a valuable, independent risk assessment of its operations.
