Box Professional Insurance logo
BoxProfessionalInsurance
Back to Resources
RIA Insurance
Claims

Where Your RIA Gets Funds Transfer Fraud Coverage

June 3, 2026Ryan Closs

Funds transfer fraud and social engineering coverage are not as simple as the names suggest. Each carrier names it differently and structures it differently. Some cover the typical RIA scenario directly, some indirectly, and some leave a gap. Here is how the major carriers compare.

Your broker tells you that you need funds transfer fraud coverage and social engineering coverage. The general idea is straightforward. You want a policy that pays when a fraudster tricks your firm into moving money to the wrong account.

What you find when you start asking is that the general idea does not get you to a clean answer. Each carrier names this coverage differently. Each policy structures it differently. Some carriers cover the typical RIA wire fraud scenario directly. Some cover it through an indirect route. Some leave a gap.

The scenario most RIAs face

A client reaches out about a wire. They are buying a house. The transaction is real. The title company is real. The closing documents are real.

What the client does not know is that a hacker has been inside the client's email for days. When the title company sends the wire instructions, the hacker doctors the routing and account numbers and forwards the doctored version to the client. The client forwards it to your team. Your team submits the wire request to the custodian. The money goes to the fraudster's account.

The money was never your money. It belonged to the client. It sat in the client's account at the custodian. That fact alone breaks most RIA cyber policies. We covered the policy language that kills the cyber claim in The Wire Fraud Your RIA Cyber Policy Wasn't Built For.

First-party and third-party

Set cyber aside for the rest of this post. Every form of this coverage splits the loss two ways.

First-party coverage pays when the firm's own money is wired out of the firm's operating account.

Third-party coverage pays when client money is wired out of a custodial account.

For RIAs, the bigger risk is third-party. The custodian holds the money. The fraud happens there.

Each carrier handles these two scenarios differently. Some cover both under one named coverage. Some split them into two named coverages. Some carriers name a coverage "Social Engineering" and only cover first-party under that name. Some do not cover the third-party scenario directly and route the loss through the firm's legal liability to reimburse the client.

Where this coverage lives

For RIAs, this coverage lives in two places.

As part of the E&O policy

Markel, Berkley, Axis, and Hartford each attach funds transfer fraud and social engineering coverage to the investment adviser E&O policy through an endorsement.

When this makes sense: smaller firms or firms that want one carrier, one renewal, one premium. The endorsement keeps everything together and costs less than a stand-alone bond. The trade-off is that sublimits are often smaller and may share the E&O limit.

As a stand-alone crime bond

Hartford and Travelers write stand-alone crime bonds for RIAs. The bond is its own policy with its own limits, its own conditions, and its own renewal.

When this makes sense: firms that wire often, firms with larger typical wire sizes, firms whose E&O carrier does not offer the endorsement, or firms that want the limits separated from the E&O policy.

A note on cyber

A small number of cyber carriers have language that could respond to this scenario. Tokio Marine is one we have seen. Most cyber policies sold to RIAs are not the right home for funds transfer fraud coverage.

How the major carriers structure it

Carriers use different names for first-party and third-party coverage. The same name on two different policies might not cover the same loss.

E&O policy endorsements

  • Markel
    • First-party loss: Social Engineering, typical limit: $250,000
    • Third-party loss: Funds Transfer Fraud OR Social Engineering, typical limit: $250,000
  • Hartford Theft Endorsement
    • First-party loss: Social Engineering Theft, typical limit: $250,000
    • Third-party loss: Social Engineering Theft (via "legally liable" extension), typical limit: $250,000
  • Berkley
    • First-party loss: Corporate Deception Fraud, typical limit: $250,000 (shared with E&O)
    • Third-party loss: Corporate Deception Fraud, typical limit: $250,000 (shared with E&O)
  • Axis
    • First-party loss: Social Engineering Fraud, typical limit: $250,000
    • Third-party loss: Social Engineering Fraud (via "legally liable" extension), typical limit: $250,000

Stand-alone crime bonds

  • Hartford Crime Bond
    • First-party loss: Deception Fraud, typical limit: $250,000 (within bond aggregate)
    • Third-party loss: Deception Fraud, typical limit: $250,000 (within bond aggregate)
  • Travelers
    • First-party loss: Social Engineering Fraud, typical limit: $250,000
    • Third-party loss: Fraudulent Instruction, Customer's Property, typical limit: matches the bond's theft limit

A few patterns worth noting.

Names do not match across carriers. Travelers calls its first-party coverage "Social Engineering Fraud." The coverage line that responds to the typical RIA scenario at Travelers is named "Fraudulent Instruction, Customer's Property." A reader who sees "Social Engineering Fraud" on a Travelers binder and assumes it covers the client wire fraud scenario reads the policy wrong.

One sublimit can mean one pot for both kinds of loss. Berkley and Hartford Crime Bond cover first-party and third-party loss under the same insuring agreement. The $250,000 sublimit is the combined cap. Travelers writes two separate coverages. The split helps the claim file under the right name. The dollar ceiling still depends on the policy aggregate.

Markel structures the endorsement as an either/or election. The endorsement gives the firm a choice between Funds Transfer Fraud Loss and Social Engineering Loss. Most firms elect Social Engineering Loss. It is the broader coverage and pays on both the typical RIA third-party wire fraud scenario and first-party loss.

The indirect route depends on policy language. The Hartford Theft Endorsement and Axis do not name the third-party scenario directly in the insuring agreement. They cover money for which the Insured is legally liable. The route pays, but it depends on the carrier accepting that the firm has a legitimate loss tied to the original fraud. Direct coverage at Markel, Berkley, Hartford Crime Bond, and Travelers avoids that fight.

$250,000 is the common sublimit for social engineering, but third-party limits can scale. Most policies cap social engineering or deception fraud at $250,000. A firm that runs $1 million wires routinely outgrows that sublimit on the first claim. This is where the policy structure matters. Travelers writes Fraudulent Instruction, Customer's Property as a separate coverage line that tracks the bond's theft limit, not the social engineering sublimit. A firm that buys a $1 million theft limit on a Travelers bond gets $1 million of third-party wire fraud coverage. Most E&O endorsements cap the same scenario at $250,000 regardless of the underlying limit purchased. Reading the policy structure decides whether your $1 million wire is covered.

What this means for your firm

Two questions help decide whether to bundle this coverage onto your E&O policy or buy a stand-alone crime bond.

How often does your firm process wires? A firm that sends a wire once a quarter has a different exposure than a firm that sends wires multiple times a week. More wires mean more chances for a fraudster to slip through.

What size are your typical wires? A firm whose typical wire is $25,000 has a different exposure than a firm whose typical wire is $500,000 or more. The size of the wire is roughly the size of the potential loss.

A firm that wires often and wires large amounts can outgrow the $250,000 sublimit on most E&O endorsements. A stand-alone crime bond can keep the limits separate from the E&O policy and, in some cases, support higher sublimits.

You don't need to be the expert, you hire an expert

You do not need to memorize which carrier covers what. You do need a broker who can read your policies against each other, ask the right questions about your wire activity, and tell you where the gaps are.

The structure of funds transfer fraud and social engineering coverage changes carrier by carrier. The conditions that trigger payment change too. Part 2 of this series walks through the specific conditions that void coverage at claim time. Part 3 delivers a procedure checklist your firm can adopt.

The right time to learn how your policy is built is now, not after the wire goes out.

If your firm wants a second set of eyes on the funds transfer fraud language in your current policies, schedule a call with BPI here.

Need Expert Insurance Guidance?

Our team specializes in insurance solutions for Registered Investment Advisors. Let's discuss how we can protect your practice.

Get in Touch

Related Resources

Article

Why Three Insurance Brokers Won't Get You a Better E&O Policy

Shopping three brokers for E&O feels thorough. It isn't. The first broker locks out the carriers. The rest sell features to win the account. Pick one broker who knows your firm. Let them deliver clarity instead.

Article

The Wire Fraud Your RIA Cyber Policy Wasn't Built For

A client's email gets hacked. A wire goes out. The money disappears. Most RIA cyber policies deny this exact claim because of four phrases buried in the policy language. Here's what those phrases say, why they kill the claim, and which carrier has an argument.

Article

Deep Dive: The biBERK E&O Policy: A Great Name on a Wrong Form

biBERK offers RIA E&O insurance backed by Berkshire Hathaway at a great price. But the policy is a miscellaneous professional liability form, not built for advisors. Exclusion 8 strips out securities law coverage. No trade error language exists. The name is great. The contract isn't.