AFCA’s Warning To Insurers

Pursuant to the Australian Financial Complaints Authority’s (AFCA) determination, Zurich Insurance (Zurich) was ordered to make payment of AU$90,500 to a business after its accountant’s email account was intercepted by hacker/s.

The events that unfolded was that the hacker/s emailed an altered invoice to a customer of the business with instructions to make payment to a bank account unrelated to the business.

The customer made payment of US$138,400.56 to the unrelated account. The business contacted the customer to enquire about the funds a few days later after concerns about the missing funds. Through an arrangement with the customer, the business was able to mitigate its loss to recover just over 50% of its loss.

The balance of the funds was not recovered, and the business lodged a claim with Zurich to recover the remaining US$61,651.86.

Zurich denied the claim lodged under its management liability insurance on the basis that the business did not establish that the claimed loss was a direct result of a “criminal act” as defined in the Policy. Zurich did not accept there was a loss of ‘money’ and that the loss sustained was ‘in respect of the non-physical item comprised of the funds owed to it by its customer’.

AFCA disagreed.

In its review of the decision, AFCA ruled the policy definition of ‘criminal act’ to include ‘external crime’ as “any fraudulent or dishonest act by a third party of theft, fraudulent alteration, computer fraud and crime not otherwise insured or excluded under this definition where the third party obtained improper financial gain and intended to cause the insured a loss…” (Supplementary Endorsement (pages 1-8) to the PDS).

For the purposes of the determination, AFCA found a ‘fraudulent alteration’ to mean, “…for the purposes of the policy, the material alteration of a financial instrument for a fraudulent or dishonest purpose by a person other than the person who was authorised to sign such financial instrument.”

Moreover, ‘financial instrument’ was defined as “cheques, drafts or similar written promises, orders or directions to pay a certain sum of money that are made….”

AFCA was ultimately satisfied that the business’ loss was the “direct result of a criminal act – namely, the fraudulent alteration of a financial instrument.”  External crime was established on the basis that the business’s loss occurred as a result of a third party materially altering the invoice and bank account details of the business. 

Zurich was ordered to pay the business the outstanding balance and plus statutory interest on the settlement amount from late 2019.

The content of this article is intended to provide a general guide to the subject matter. Specific advice should be sought about your specific circumstances.