« Return to 2024 Insurance Isssue 2025 Issue Index
What should I do to avoid social engineering claims and prevent the associated sublimit?
1. Include written instructions in a retainer or other agreement for the receipt, release, and transfer of any funds or assets.
2. Advise in the written retainer or other agreement that the client or another party to which you owe a duty of care should not ordinarily expect to receive any revised instructions from you or your firm for the transfer of funds or assets.
3. Advise in the written retainer or agreement that, should the client or another party to which you owe a duty of care receive revised instructions for the transfer of funds or assets, they should immediately contact you by way of a telephone number specified in the written retainer or other agreement.
4. If you or your staff receive any changes to the contact information of a client or other party to which you owe a duty of care, or any changes to established instructions for the transfer of funds or assets, you confirm those changes by either calling the client or other party to which you owe a duty of care using contact information previously confirmed to be that of the client or other party, or by meeting with the client or other party.
5. Maintain in writing any updated contact information for a client or other party to which you owe a duty of care, and any updated instructions for the transfer of funds or assets.
For a full description of your obligations under the policy, please see Exclusion (k) of Part III, which applies to losses arising out of or connected to Social Engineering. Nothing in this summary should be taken as limiting or altering that exclusion.
For draft retainer language and more information on how to avoid social engineering, phishing and funds transfer frauds go to www.practicepro.ca/socialengineering.