FraudInsurance.co.nz
Business Insurance Guide

Funds Transfer Fraud

Cover for losses when criminals manipulate your payment systems or deceive staff into misdirecting funds.

Get a Quote →

What is Funds Transfer Fraud?

Funds transfer fraud encompasses a range of criminal activities that result in money being sent to fraudulent accounts — whether through direct computer manipulation of payment systems, or through social engineering that tricks employees into initiating the transfer. This is one of the most significant financial crime risks for businesses across all sectors.

This coverage area sits at the intersection of commercial crime, social engineering, and cyber insurance. Some policies cover it under computer fraud provisions; others require a specific endorsement. With businesses losing millions annually to payment diversion and fraudulent instructions, having clear, contractual cover in place is increasingly important for risk management and lender covenants.

Written by FraudInsurance.co.nz Editorial Team·Updated May 2026

Key Risks This Covers

  • Unauthorised electronic funds transfers by hackers
  • Employee-initiated fraudulent bank transfers
  • Manipulation of payment files or batch transfers
  • Third-party computer fraud altering payment instructions
  • Fraudulent payment orders accepted by banks

What Funds Transfer Fraud Covers

  • Direct financial loss from unauthorised electronic transfers
  • Computer crime resulting in misdirected payments
  • Manipulation of accounts payable systems
  • Fraudulent SWIFT or international wire transfers
  • Recovery and investigation costs
  • Legal expenses in recovery proceedings

Who Needs Funds Transfer Fraud?

Finance and treasury departments handling large transactions
Importers and exporters making international payments
Law firms and conveyancers handling settlement funds
Managed investment and financial services entities
Construction and development companies

Typical Premium Range

Funds transfer fraud cover limits range from $250,000 for SMEs to $10m+ for corporates. Premiums depend on your transaction volumes, financial controls, and whether cover is standalone or bundled with cyber or crime insurance.

What is Funds Transfer Fraud Insurance?

Funds transfer fraud insurance provides specific coverage for financial losses arising from fraudulent instructions — whether computer-generated or human-authorised — that cause your business to send money to accounts controlled by criminals. It sits at the intersection of commercial crime, social engineering, and cyber insurance, and is one of the most practically important — and most frequently misunderstood — business insurance covers. The core coverage addresses what is ultimately the most costly outcome of most financial crimes against businesses: money leaving your account and not coming back. Whether the trigger is a hacked payment system, a manipulated accounts payable file, or an employee deceived into authorising a wire transfer, funds transfer fraud insurance responds to the financial loss. The distinction from related insurance types is important. Commercial crime insurance covers computer fraud (where criminals directly manipulate your systems) and employee dishonesty (where your own staff are the perpetrators). Social engineering insurance covers losses where employees are deceived into authorising payments. Cyber insurance covers the event and its consequences. Funds transfer fraud cover typically addresses the overlapping zone: fraudulent payment instructions, regardless of whether the vector was a system hack or human deception. This specificity matters because claims involving payment fraud often fall into disputed territory between commercial crime and cyber policies. A dedicated funds transfer fraud cover removes that ambiguity by directly insuring the outcome — the misdirected payment — rather than a specific mechanism.

Why Funds Transfer Fraud Is Growing Fast

Funds transfer fraud has grown dramatically as businesses have moved their payment processes online and adopted electronic fund transfer systems. Every efficiency gain in electronic payments creates a corresponding attack surface for criminals. BEC Volumes: Business Email Compromise remains the primary driver of funds transfer fraud losses globally. The FBI's Internet Crime Complaint Center (IC3) consistently identifies BEC as the highest-dollar-value cybercrime category. Locally, CERT NZ and the NZ Police Financial Crime Group track significant growth in BEC incidents, with individual losses routinely exceeding $100,000-$500,000. NZ Construction Industry Losses: The construction sector is disproportionately targeted for funds transfer fraud. High-value subcontractor payments, time-sensitive progress payment schedules, and complex payment chains involving multiple parties create ideal conditions for payment diversion attacks. A construction company making a $2 million subcontractor payment is a highly attractive target, and the payment volume and urgency creates pressure to pay without thorough verification. Law Firm Trust Account Fraud: The legal profession faces specific exposure from funds transfer fraud relating to trust accounts and settlement funds. Client settlement funds and property conveyancing transactions are routinely targeted — a single compromised settlement instruction in a property transaction can result in hundreds of thousands of dollars being misdirected. The Law Society has issued multiple warnings about this risk. Financial Services Exposure: Financial services businesses, fund managers, and treasury departments face elevated exposure from sophisticated attacks that target payment authorisation systems and SWIFT messaging (for international transfers). These attacks require greater technical sophistication but the rewards for criminals are commensurately larger. International Organised Crime: The criminal groups behind funds transfer fraud operate internationally, often from jurisdictions with limited law enforcement cooperation. This makes post-loss recovery extremely difficult and reinforces the importance of prevention and insurance as primary strategies.

What Funds Transfer Fraud Insurance Covers

Funds transfer fraud insurance provides coverage for direct financial losses arising from specific fraud scenarios involving the misdirection of funds. Key coverage elements include: Fraudulent Payment Instructions: Losses arising from the business following payment instructions that were fraudulently issued or altered — including BEC-originated instructions, spoofed email instructions, and fraudulent SWIFT messages. Electronic Funds Transfer Manipulation: Losses arising from the manipulation of electronic funds transfer systems — including alteration of payment files, corruption of batch payment instructions, or fraudulent input into banking platforms. Counterfeit Wire Fraud: Losses arising from fraudulent wire transfer instructions presented to the business's bank that appear to have authorised origin but do not. Third-Party Impersonation Losses: Losses arising from a third party (supplier, customer, bank, regulatory body) being impersonated to issue instructions that cause funds to be transferred to fraudulent accounts. Recovery Costs: In addition to the direct financial loss, many policies cover costs associated with attempting to recover the misdirected funds — including legal costs of pursuing recalls through banking and legal channels, and forensic investigation costs. What is typically excluded: Losses arising from your own employee's dishonest acts (fidelity territory), losses arising from speculative or investment decisions, and losses that are recoverable from a third party (e.g., where bank recall succeeds). The boundary with social engineering: Some funds transfer fraud policies incorporate social engineering as a component; others treat it separately. When reviewing coverage, confirm whether human-authorised payment diversions (BEC, CEO fraud) are included or whether they require a separate endorsement.

The Anatomy of a Funds Transfer Fraud Attack

Understanding how funds transfer fraud attacks unfold in practice helps businesses recognise both the warning signs and the points where prevention is most effective. Step 1 — Reconnaissance: Criminals research their target thoroughly before making contact. They monitor publicly available information — company websites, LinkedIn, Companies Office filings, industry publications — to identify the business's key personnel, suppliers, payment processes, and upcoming transactions. For higher-value attacks, this reconnaissance phase can take weeks. Step 2 — Account Compromise or Domain Spoofing: Either the criminal gains access to a legitimate email account (through phishing or credential theft) or they create a convincing fake — a near-identical domain name or a carefully crafted impersonation. For BEC, supplier email compromise is particularly effective because the attacker can monitor real payment conversations. Step 3 — The Fraudulent Instruction: At the right moment — typically when a large payment is due or a transaction is in progress — the criminal issues the fraudulent instruction. This might be new banking details for a pending invoice, a change to settlement account instructions, or an urgent wire transfer request from what appears to be a senior executive. Step 4 — Exploitation of Urgency and Authority: Social engineering attacks typically incorporate two psychological elements: urgency (there's a deadline, a deal is closing, a crisis is unfolding) and authority (the instruction comes from someone the employee is conditioned to follow). These two elements combined suppress the normal inclination to verify. Step 5 — Detection Failure: Many fraudulent transfers are not detected until the legitimate payee contacts the business about non-receipt of payment. By this point, the funds have typically been moved multiple times and may have left New Zealand. The window for bank recall — which closes within hours for international transfers — has almost certainly passed. The critical insight: the detection failure is almost always a process failure, not an individual failure. A well-designed verification process would have stopped the fraud at Step 3.

Accessing Funds Transfer Fraud Cover in New Zealand

Funds transfer fraud cover in New Zealand is most commonly accessed as a component of commercial crime or cyber insurance, rather than as a standalone product. Understanding how to access appropriate cover requires understanding the market structure. Bundled with Commercial Crime: Most commercial crime policies include a computer fraud insuring agreement that covers some funds transfer fraud scenarios — specifically those involving direct computer system manipulation. If the fraud was initiated by hacking your payment system, the computer fraud section should respond. Socially engineered transfers typically require an additional social engineering endorsement. Bundled with Cyber Insurance: Many cyber insurance policies now include funds transfer fraud or social engineering as an endorsement. DUAL NZ offers a social engineering fraud add-on with their cyber product. This is often the most cost-efficient access point for SMEs seeking BEC and payment diversion coverage. Specialist Providers: For businesses with high transaction volumes or elevated exposure (legal, financial services, property, construction), a standalone commercial crime policy with a dedicated funds transfer fraud insuring agreement — and higher limits — may be more appropriate. Chubb, AIG, and Delta Insurance all offer products in this space. Broker Placement for High Limits: For businesses requiring more than $1-2m in funds transfer fraud cover, broker placement is typically required. Specialist brokers — Marsh NZ, Rothbury, Gallagher — can access Lloyd's of London and international markets for high-limit placements. This is relevant for law firms holding client settlement funds, fund managers, and businesses with treasury operations. Cover4You Referral: Submit a quote request through FraudInsurance.co.nz and a licensed adviser will assess your specific exposure and connect you with appropriate coverage options.

Prevention Controls and Insurance Working Together

The most effective risk management strategy for funds transfer fraud combines strong preventive controls with appropriate insurance coverage. Each element reinforces the other, and good controls typically reduce the cost of insurance. Callback Verification for All Payment Changes: This is the most impactful single control. Any change to payment details — banking account numbers, SWIFT codes, beneficiary names — must be verified by a voice call to a telephone number obtained from your existing records (not from the instruction requesting the change). This stops the majority of BEC and payment diversion attacks. Out-of-Band Verification for High-Value Transfers: For payments above a threshold, require verification through a communication channel different from the one used to receive the instruction. If the instruction came by email, verify by phone. If by phone, confirm in writing through a known-secure channel. Transaction Monitoring and Anomaly Detection: Banking platforms increasingly offer transaction monitoring — alerts for unusual transaction patterns, payments to new payees, or transfers above thresholds. Enable these alerts and ensure they are reviewed by more than one person. Dual Approval Thresholds: Require two independent approvals for all payments above a defined amount. Make this a genuine two-person check, not a rubber stamp. The two approvers should independently satisfy themselves that the payment is legitimate. How Good Controls Reduce Premium: Insurers underwriting funds transfer fraud risks consider the business's control environment as a primary rating factor. Businesses with documented callback verification procedures, dual authorisation for large payments, and staff training typically attract meaningfully lower premiums than those without these controls. Some insurers will offer additional premium reductions for businesses that can demonstrate specific security certifications or audit processes.

What to Do If You've Been a Victim

If you discover that funds have been misdirected as a result of a fraudulent instruction, the actions you take in the first few hours are critical. Speed is the most important factor in recovery. Immediately Notify Your Bank — Within Hours: Contact your bank's fraud line immediately. Ask them to issue a recall request to the receiving bank. For domestic NZ transactions, recalls are possible for 24-72 hours. For international transfers, the window is shorter — sometimes just hours. Even partial recovery is valuable: if $500,000 was misdirected and $300,000 is recovered, your insurer needs to respond to only $200,000. Notify Your Insurer and Broker: Contact your insurer and broker before taking further significant action. Your policy likely requires prompt notification as a condition of cover. Your insurer may have specialist fraud recovery resources and legal support that can assist with the bank recall process. Preserve All Evidence: Do not delete or overwrite any emails, payment instructions, authorisation records, or communication logs. These are essential for the insurance claim and for any law enforcement investigation. Where possible, capture screenshots of the fraudulent emails and payment confirmations before system changes occur. Contact Netsafe and NZ Police: Report the incident to Netsafe (0508 638 723 or netsafe.org.nz) and NZ Police (105). Netsafe can provide guidance on the recovery process and connect you with appropriate resources. NZ Police involvement creates an official record that supports the insurance claim process. File a Report with CERT NZ: CERT NZ (cert.govt.nz) receives reports of BEC and payment fraud and maintains threat intelligence that helps them warn other businesses. Your report contributes to the collective defence. Manage Communication Carefully: Be cautious about who you tell and when. If the criminal still has access to your email systems, alerting them (through an email conversation they can monitor) that you have discovered the fraud may cause them to take additional destructive action. Secure your email accounts before communicating internally about the fraud. Realistic Expectations on Recovery: For domestic transfers, partial recovery is possible in many cases if reported within hours. For international transfers — particularly to accounts in jurisdictions with limited cooperation — full recovery is rare. Insurance provides the financial recovery when the funds cannot be recalled.

Frequently Asked Questions

It depends on the specific policy wording and how the fraud was initiated. Computer-initiated fraud (where a criminal directly manipulates your system) is typically covered under computer fraud provisions. Employee-initiated fraud is covered by fidelity sections. Socially engineered payments (where a staff member was tricked) often require a specific social engineering endorsement. Review your policy carefully and speak to your broker.

Get a Tailored Quote

Complete our brief form and a licensed adviser will contact you with options for Funds Transfer Fraud.

Start Free Quote →

Key Providers

Chubb NZInsurer
DUAL NZInsurer
NZIInsurer
Delta Insurance NZInsurer
AIG NZInsurer
View all providers →

By Business Sector

small businessfinance bankingprofessional servicesnonprofit charityAll sectors →

This page provides general information only. Insurance needs vary by business. Always consult a licensed insurance adviser before purchasing. Our quote form connects you to licensed advisers only.

Protect Your Business from Funds Transfer Fraud

Get a tailored quote from a licensed insurance adviser — no obligation, no pressure.

Get a Free Business Quote →