Following our recent newsletter about the changes to our Fidelity and Computer Crime Policy Wording Part 1 we will in the next few newsletters look at some examples of FG claims that we have received.
One of the most prevalent scenarios is the fraudulent change of banking details. A fraudulent instruction is sent from a service provider’s email address to the body corporate. A letter from the service provider – on their company letterhead and often accompanied by a stamped ‘letter from the bank’ – is attached confirming the new (fraudulent) bank details.
With everything seemingly in order – the bank details are unwittingly changed and payment is made to the fraudster, resulting in a loss to the body corporate as the actual service provider still has to be paid.
To curb this trend of fraudulent instruction a requirement for a two-step verification process has been introduced to ensure that an instruction to change bank or beneficiary details is indeed legitimate and correct.
TWO-STEP VERIFICATION PROCESS
Means a verification process that comprises two or more independent procedures being carried out to verify and confirm the legitimacy of any instruction to change banking details, add or amend beneficiaries, or attend to the withdrawal or transfer of funds. As a minimum the two-step verification process should include both a written or electronic confirmation as well as a separate and independent telephonic verification.
This additional verification process represents good business practice which can be applied as a preventative measure for all such instructions.
For ease of reference please follow the link for our revised policy wording as well as a simple and comprehensive summary of changes to the wording effective from renewal dates 1 July 2019.
In the next newsletter we will look at another example of Fidelity claims received.
Please feel free to get in touch should you have any queries.