Wire Fraud Risks for Retirement Plan Advisors

Year after year, cyber crime continues to grow and evolve, including wire fraud risks for retirement plan advisors. Certain industries, including the financial industry, have seen an increase in the number and cost of attacks. Because financial professionals like retirement plan recordkeepers, CPAs and lawyers host large amounts of their clients’ personally identifiable information, they are prime targets. These professionals also send money through wire transactions, one of the fastest growing outlets for cyber crime.

Read on to learn about wire fraud, wire fraud risks for retirement plan advisors and other financial professionals, a real wire fraud claim example and what to look for in cyber liability insurance.

The Continued Growth of Cyber Crime

According to data released by the FBI’s Internet Crime Compliant Center’s (IC3) 2019 Internet Crime Report, internet-enabled crimes and scams show no signs of letting up.

2019 saw both the highest number of complaints and the highest dollar losses reported since the center was established in 2000. IC3 received 467,361 complaints in 2019—an average of nearly 1,300 every day—and recorded more than $3.5 billion in losses to individual and business victims.

Donna Gregory, the chief of IC3, said the center did not see an uptick in new types of fraud, but saw criminals deploying new tactics and techniques to carry out existing scams, especially fraudulent instruction matters.

“Criminals are getting so sophisticated,” Gregory said. “It is getting harder and harder for victims to spot the red flags and tell real from fake.”

While the exact methods fraudsters use when attempting wire fraud vary, the goal is still the same—impersonate a trusted party in a transaction to divert a wire transfer to a fraudulent bank account.

Wire Fraud Risks for Retirement Plan Advisors and other Financial Professionals

In the past two years, cyber fraudsters have spent time learning about retirement-related financial transactions and the nuances of how money is transferred in connection with 401K asset management and loan requests.

In a recent claim involving a retirement plan advisor, a cyber criminal impersonated a 401k participant and requested a fraudulent loan from the plan’s third party administrator (TPA).

The TPA performed authentication checks and was tricked by the sophisticated manner of the personal information verification. The TPA approved the $340,000 loan and sent the request to the plan’s ERISA 3(38) discretionary plan advisor to release funds. The plan advisor relied on the information provided by the TPA and released and wired the funds to the criminal’s overseas bank account.

The real participant reviewed their plan statements and brought the theft to the attention of his employer. The employer then filed a claim against their retained 3(38) plan advisor who managed the plan and fulfilled a fiduciary role to the plan and plan participants.

Does Your Insurance Cover Wire Fraud?

Because wire fraud cases continue to grow in sophistication, the insurance industry has adjusted coverage types and amounts to mitigate losses in this area. These changes include excluding coverage, migrating specific risks to a new policy (or special endorsements) and placing a much lower limit (sublimits) on the specific cyber exposures. Insurance policies like professional liability, crime and fraud policies may not cover cyber crime damages. Instead, many financial professionals buy a cyber liability insurance policy to ensure coverage for data breaches, social engineering and loss of confidentiality. However, even if you have a cyber liability insurance policy, wire fraud may or may not be covered.

Wire transfer is often made after a social engineering attack, not as a direct result of cybercrime or a direct breach to your computer network. Technically, the criminal does not directly use your computer to steal the money but convince personnel to send the money. Given these claim features, policies respond differently–which can lead to finger-pointing by the carriers if a claim is made.

If wire fraud is covered, it may still be subject to a sublimit. For example, socially engineered wire fraud may be specifically covered in a $1 million policy limit. However, in that same policy, wire fraud claims may be limited to $100,000 or $250,000 sublimit and carry a higher deductible. This could leave the insured with a substantial loss despite having insurance in place.

The Lockton Affinity Difference

Lockton Affinity’s Cyber Liability Insurance offers protection from the growing threat of cyber risks, such as wire fraud, privacy breaches, computer system disruptions, malware and more.

Our policy does not include sublimits for wire fraud. In fact, the policy limit you select is the policy limit you get, even for incidents of wire fraud, social engineering loss, ransomware and more.

In today’s technology-driven environment, it is more important than ever for financial professionals to understand the cyber risks they face and to protect themselves and their businesses from wire fraud scams.

Get reliable Cyber Liability Insurance coverage from Lockton Affinity today.