D&O Perspectives on Coronavirus: Part 4

Join Kevin LaCroix, Carl Metzger, and Rob Yellen for Part 4 of their discussion on D&O Perspectives on Coronavirus. These speakers continue to look at possible effects of COVID-19 from a variety of D&O perspectives. This recording is part of the ongoing PLUS series PL Perspectives on Coronavirus—past recordings are here on the PLUS Blog, and stay tuned for more discussions to be posted in the coming weeks.

Listen here to D&O Perspectives on Coronavirus, Part 4:

Speakers:

KevinLaCroix2019Kevin LaCroix, Executive Vice President at RT ProExec

Kevin LaCroix is an Executive Vice President at RT ProExec, Beachwood, Ohio, a division of R-T Specialty, LLC. RT ProExec is an insurance intermediary focused exclusively on management liability issues. Kevin is also the author of the Internet weblog, The D&O Diary, which the New York Times called “influential” and the Wall Street Journal described as “widely followed.” Kevin has been involved in directors’ and officers’ liability insurance issues for more than 35 years.

Metzger_E_CarlCarl Metzger, Partner and Chair of Risk Management & Insurance at Goodwin Proctor

Carl Metzger is a partner in Goodwin’s Financial Industry and Business Litigation practices and Chair of the firm’s Risk Management & Insurance practice and Chair of the firm’s Partnership Committee. His clients include both public and private companies, major insurance carriers and brokerages, private equity and venture capital firms and non-profit and educational institutions. 

Rob YellenRob Yellen, Executive Vice President, D&O and Fiduciary Liability Product Leader, FINEX at Willis Towers Watson

With over 28 years of Financial Lines industry experience, Rob Yellen is a respected leader in the management and professional liability space. He currently works with Willis Towers Watson, FINEX NA brokers and claims advocates to identify and track developments in risk, coverage and markets, and with our business partners to develop innovative, best-in-class strategies and solutions. Rob joined Willis Towers Watson in 2015 from AIG where, during his 14-year tenure, he served in several key leadership roles–including Chief Underwriting Officer, Financial Lines, U.S. and Canada and, most recently, Head of Product Development for Financial Lines–globally and for the Americas Region.

Risk Associated with Latest Changes to Same Day ACH

Kurt.SuhsKurtis Suhs
Founder and Managing Director, Cyber Special Ops, LLC

Mr. Suhs serves as the Founder and Managing Director for Cyber Special Ops, LLC,  a cyber risk company that provides its clients with Concierge Cyber®, a revolutionary new delivery solution for cyber risk services modeled on concierge medicine.

The National Automated Clearing House Association (“NACHA”) is making enhancements to offer same day ACH more quickly, allow for larger per-transaction value, and add an additional processing window later in the day.  Here is a brief timeline and explanation of those changes:

  • March 20, 2019– the availability of funds for many Same Day ACH and other ACH credits will occur sooner in the day.
  • March 20, 2020– the per-transaction dollar limit for Same Day ACH will increase from $25,000 to $100,000.
  • March 19, 2021– access will be extended by enabling Same Day ACH transactions to be submitted to the ACH Network two hours later every business day.

So why is wire fraud expected to increase?  Why will it go up when banks are essentially providing the same service to customers that they do today, only giving them their money sooner? Well, the answer is because bad guys love speed and convenience. Same day ACH will enable fraudsters to abscond with money before the bank or its corporate customer even discovers the fraud.

Business Email Compromise Will Increase

In 2019, the FBI’s Internet Crime Compliant Center (IC3) received 23,775 Business Email Compromise (BEC) complaints with adjusted losses of over $1.7 billion. BEC is a sophisticated scam targeting both businesses and individuals performing a transfer of funds. The scam is frequently carried out when a subject compromises legitimate business email accounts through social engineering or computer intrusion techniques to conduct unauthorized transfers of funds.

Account Takeover Will Increase

It is no secret that fraudsters are stockpiling online banking credentials in what we often refer to as “sleeper fraud,” where they keep accounts on hand until they are ready to attack the bank en masse. After same day ACH, we can expect to see escalated levels of account takeover since fraudsters can move the money in larger and faster quantities on compromised accounts.

 Online Banking Losses Will Increase

If you want to see what will happen to U.S. online banking accounts, just look to the U.K. for the most likely scenario.  Online banking losses in the U.K. doubled immediately after Faster Payments launched and never really came back down to the pre-Faster Pay levels afterwards.

Payment Fraud and Bill Pay Losses Will Increase

Organizations that track their ACH and Bill Pay Fraud losses, will probably notice a big uptick in Bill Pay-related fraud losses.  Fraudsters can set up new payees and send funds, or even divert funds to new locations using the same payee accounts by changing the details.  Bill Pay losses will increase with same day ACH.

Time is of Essence

Upon discovering wire fraud, organizations should file a suspicious activity report (SAR) to the FBI’s Internet Crime Complaint Center (IC3).  The mission of the IC3 is to provide the public with a reliable and convenience reporting mechanism to submit information to the FBI concerning suspected internet-facilitated criminal activity and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness. Since the establishment in February 2018, IC3 established the Recovery Asset Team (RAT) that has helped streamline communication with financial institutions and assist FBI field offices in the recovery of funds for businesses that report a fraudulent domestic wire transfer. The RAT, which was established as a standalone team in 2018, completed its first full year of operation in 2019, assisting in the recovery of over $300 million lost through online scams, for a 79% return rate of reported losses. Time is critical, typically within 48 hours of the transfer request, when dealing with BEC, so the RAT can communicate with the domestic financial institutions to freeze funds before they have been transferred.

Best Practices to Minimize Wire Transfer Loss

  • Always verify the authenticity of each wire transfer request. Call the person, using a number you have previously called — not one from the current wire transfer request — to verbally verify it.
  • Implement a call-back verification process when setting up payment instructions for a new vendor or making changes to payment instructions for an existing vendor.
  • Implement dual control and segregation of duties.
  • Set prudent wire transfer limits and/or outright prohibit the ability to initiate overseas wire transfers
  • Educate your employees to protect your financial assets.
  • Perform internal audits to ensure controls set up are being followed.
  • Develop adequate policies and procedures.

Review your business insurance policy. Does it cover financial losses due to theft of money? Coverage might be found in a Crime Policy with a Computer and Funds Transfer Fraud Insuring Agreement, a Business Owner’s Policy that provides coverage for Theft of Money and Securities or a Cyber Policy with Social Engineering Coverage.

Cyber Perspectives on Coronavirus: Part 2

The second installment of Cyber Perspectives on Coronavirus focuses on the risks associated with the increase in the remote workforce and the role that HR can play in a company’s cyber risk culture. View the white paper written by one of the speakers, Tom Finan, here.

Listen here to the Cyber Perspectives on Coronavirus: Part 2 discussion:

Speakers:

Gail ArkinGail Arkin, SVP, General Counsel at Berkley Cyber Risk Solutions

Gail Arkin is the General Counsel of Berkley Cyber Risk Solutions, located in  Morristown, NJ.  Her responsibilities include the development of cyber insurance products and managing all regulatory, compliance, distribution and corporate legal matters. Gail has over 20 years of insurance experience, including over 15 years developing cyber products, and previously held the positions of senior vice president & general counsel for a financial lines division, general counsel for a wholesale and retail division, and a claims officer for professional and management liability lines of insurance.

T FinanTom Finan, Cyber Growth Leader at Willis Towers Watson

Tom Finan is a Cyber Growth Leader within Willis Towers Watson’s FINEX Cyber/E&O Practice.  In this role, Tom advances the company’s integrated approach to cybersecurity across all aspects of people, capital, and technology risk.  Tom previously worked as the Chief Strategy Officer of Ark Network Security Solutions.  He also served as Senior Cybersecurity Strategist and Counsel with the Department of Homeland Security’s National Protection and Programs Directorate.  While at DHS, Tom established and led the agency’s cybersecurity insurance initiative in support of implementation of Executive Order 13636, “Improving Critical Infrastructure Cybersecurity.”  To advance that effort, he created DHS’ Cyber Incident Data and Analysis Working Group (CIDAWG), a private-public engagement forum that examined how a cyber incident data repository could help meet the information and analysis requirements of the insurance industry and technical cybersecurity professionals.  Tom previously served as the Staff Director and Counsel for the Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment with the U.S. House Committee on Homeland Security.

James-J-GiszczakJames Giszczak, Member at McDonald Hopkins

James is a member at the law McDonald Hopkins. He is chair of the litigation department and  co-chair of the data privacy and cybersecurity practice group. He advises clients regarding data security measures and responding to security breaches involving sensitive personal information and protected health information. He works with clients in a myriad of industries to assess and implement appropriate data security safeguards. Jim also litigates matters involving data security and data privacy, including defending single plaintiff and class action lawsuits.