by Rickard Jorgensen, FCII, ACIArb, ARM
CPAGold™ has seen an increase in claims where CPAs and other custodians of client funds have been the subject of spoofing attacks which resulted in a fraudulent wire transfer.
These types of claims were discussed in previous blogs:
At the time of writing, insurers have remained silent about the issue of coverage. Because of the increasing frequency of these attacks, certain professional liability insurers have been paying attention to both the coverage provided and the establishment of risk management protocols that must be complied with BEFORE coverage can be confirmed.
One such professional liability insurer has imposed a Call Back Obligation which essentially means that BEFORE a wire transfer or check is mailed (it may be in excess of a certain dollar amount) an agreed protocol is adhered to as follows:
- The firm employee must verify the original instructions by making an answered outbound telephone call to the client, another employee or legitimate party in order to confirm the original or subsequently changed wire instructions or mailing address.
- The firm employee must document the telephone conversation, the confirmation of the wire or mailing address, and the method used to obtain the telephone number in the client file.
- If the telephone number is from a source other than the file, the firm employee must verify that this is from a legitimate independent third party (such as a credible white page listing or the clients’ web site).
This protocol may seem a little cumbersome, but verifying instructions and the identity of the client, and documenting the file is the simplest way of avoiding being duped.
While no protocol is guaranteed and the criminals are increasingly devious, we encourage all firms to implement such a system of checks to mitigate the possibility of a loss and a very unhappy client.
Jorgensen & Company are not attorneys and do not offer any form of legal advice. Consult with appropriately qualified local counsel for more assistance. Rickard Jorgensen is President and Chief Underwriting Officer for the CPAGold™ program and may be contacted at (201) 345 2440 or email@example.com