AXIS INSURANCE COMPANY SOCIAL ENGINEERING FRAUD COVERAGE SUPPLEMENTAL APPLICATION PLEASE FULLY ANSWER ALL QUESTIONS AND SUBMIT ALL REQUESTED INFORMATION. IF SPACE IS INSUFFICIENT CONTINUE ANSWERS ON THE APPLICANT S LETTERHEAD. 1. Does the Applicant operate any gaming establishment or any financial institution, advisor, bank, escrow company, collections agency, or similar type of business? Yes No If so, please provide full details. 2. Does the Applicant have a Chief Information Security Officer or equivalent position? Yes No If so, please identify the person and title. If not, where does principal responsibility for overseeing information security reside within the organization? 3. Does the Applicant provide guidance and periodic anti-fraud training to employees concerning the detection of phishing and other social engineering scams? Yes No If so, please state the date of the last training and provide a copy of any related written materials (e.g., presentations). 4. Within the last 12 months, has the Applicant received fraudulent emails, purportedly from customers, vendors, or employees seeking to direct transfers of the Applicant s funds or securities? Yes No If so, please provide a brief summary of each incident or a record describing each incident. 5. Please check below each procedure used to verify new customers or clients prior to initiating any financial transaction with them: D&B Report or other credit worthiness check Bank account verification (name, address, contact info matching customer or client file) Confirmation of physical address Other (please describe): 6. Please check below each procedure used to authenticate funds or securities transfer instructions prior to transfer: Call the customer or client at a predetermined number Send a text message to the customer or client at a predetermined number Receipt by the Applicant of a code known only to the customer or client Other (please describe): For any question below answered No, please provide full details: 7. Does the Applicant verify all vendor or supplier bank accounts by a direct call to the receiving bank prior to adding the vendor or supplier to the authorized master vendor list? Yes No 8. When a vendor or supplier requests any changes to its account details (including, but not limited to, bank routing numbers, account numbers, telephone numbers, or contact information), does the Applicant: a. confirm all requests by a direct call to the vendor or supplier using only a contact number provided by the vendor or supplier before the request was received? Yes No CR 0202 (02-15) Page 1 of 5
b. send notice of receipt of the request to someone other than the person who sent the request, before making the change? Yes No c. require review of all requests by a supervisor or next- level approver before any change is made? Yes No 9. Does the Applicant incorporate any of the procedures described in question 8 above into its contracts with vendors or suppliers? Yes No If so, please provide a sample copy. 10. Does the Applicant run exception reports showing all changes to vendor or supplier details? Yes No If so, please state how often are the reports run, by whom they are reviewed, and the date of the last report. 11. Who in the Applicant s organization has the authority to initiate funds or securities transfers? 12. Can funds or securities transfer authority be delegated to anyone verbally or in writing? Yes No 13. If online banking software is used to perform funds transfer functions, is access to the portal restricted to specific users and terminals? Yes No 14. Are international and domestic funds and securities transfer procedures performed consistently across all business units? Yes No IF THE APPLICANT HAS FULLY EXECUTED THE INSURER S CRIME INSURANCE APPLICATION AND IS SUBMITTING THIS SUPPLEMENTAL APPLICATION CONCURRENTLY THEREWITH, THEN STOP HERE. IF NOT, THEN CONTINUE TO AND COMPLETE PAGE 5. CR 0202 (02-15) Page 2 of 5
FRAUD WARNINGS Notice to Alabama Applicants: Any person who knowingly presents a false or fraudulent claim for payment of a loss or benefit or who knowingly presents false information in an application for insurance is guilty of a crime and may be subject to restitution fines or confinement in prison or any combination thereof. Notice to Arkansas, Louisiana, Rhode Island, and West Virginia Applicants: Any person who knowing presents a false or fraudulent claim for payment of a loss or benefit or knowingly presents false information in an application for insurance is guilty of a crime and may be subject to fines and confinement in prison. Notice to Colorado Applicants: It is unlawful to knowingly provide false, incomplete, or misleading facts or information to an insurance company for the purpose of defrauding or attempting to defraud the company. Penalties may include imprisonment, fines, denial of insurance and civil damages. Any insurance company or agent of an insurance company who knowingly provides false, incomplete, or misleading facts or information to a policyholder or claimant for the purpose of defrauding or attempting to defraud the policyholder or claimant with regard to a settlement or award payable from insurance proceeds shall be reported to the Colorado division of insurance within the department of regulatory agencies. Notice to District of Columbia Applicants: Warning: It is a crime to provide false or misleading information to an insurer for the purpose of defrauding the insurer or any other person. Penalties include imprisonment and/or fines. In addition, an insurer may deny insurance benefits if false information materially related to a claim was provided by the applicant. Notice to Florida Applicants: Any person who knowingly and with intent to injure, defraud, or deceive any insurer files a statement of claim or an application containing any false, incomplete or misleading information is guilty of a felony of the third degree. Notice to Kansas Applicants: Any person who knowingly and with intent to defraud any insurance company or another person files an application for the issuance of, or the rating of, an insurance policy or statement of claim or any written statement containing any materially false information, or conceals for the purpose of misleading, information concerning any fact material thereto, commits a fraudulent insurance act, which is a crime and subjects the person to criminal penalties. Notice to Kentucky Applicants: Any person who knowingly and with intent to defraud any insurance company or other person files an application for insurance containing any materially false information, or conceals, for the purpose of misleading, information concerning any fact material thereto commits a fraudulent insurance act, which is a crime. Notice to Louisiana and New Mexico Applicants: Any person who knowingly presents a false or fraudulent claim for payment of a loss or benefit or knowingly presents false information in an application for insurance is guilty of a crime and may be subject to civil fines and criminal penalties. Notice to Maine Applicants: It is a crime to knowingly provide false, incomplete or misleading information to an insurance company for the purpose of defrauding the company. Penalties may include imprisonment, fines or a denial of insurance benefits. CR 0202 (02-15) Page 3 of 5
Notice to Maryland Applicants: Any person who knowingly or willfully presents a false or fraudulent claim for payment of a loss or benefit or who knowingly or willfully presents false information in an application for insurance is guilty of a crime and may be subject to fines and confinement in prison. Notice to New Jersey Applicants: Any person who includes any false or misleading information on an application for an insurance policy is subject to criminal and civil penalties. Notice to Ohio Applicants: Any person who, with intent to defraud or knowing that he is facilitating a fraud against an insurer, submits an application or files a claim containing a false or deceptive statement is guilty of insurance fraud. Notice to Oklahoma Applicants: WARNING: Any person who knowingly, and with intent to injure, defraud or deceive any insurer, makes any claim for proceeds of an insurance policy containing any false, incomplete or misleading information is guilty of a felony. Notice to Oregon Applicants: Any person who knowingly presents a false or fraudulent claim for payment of a loss or benefit or knowingly presents materially false information in an application for insurance may be guilty of a crime and may be subject to fines and confinement in prison. In order for us to deny a claim on the basis of misstatements, misrepresentations, omissions or concealments on your part, we must show that: 1. The misinformation is material to the content of the policy; 2. We relied upon the misinformation; and 3. The information was either material to the risk assumed by us or provided fraudulently. For remedies other than the denial of a claim, misstatements, misrepresentations, omissions or concealments on your part must either be fraudulent or material to our interests. With regard to fire insurance, in order to trigger the right to remedy, material misrepresentations must be willful or intentional. Misstatements, misrepresentations, omissions or concealments on your part are not fraudulent unless they are made with the intent to knowingly defraud. Notice to Pennsylvania Applicants: Any person who knowingly and with intent to defraud any insurance company or other person files an application for insurance or statement of claim containing any materially false information or conceals for the purpose of misleading, information concerning any fact material thereto commits a fraudulent insurance act, which is a crime and subjects such person to criminal and civil penalties. Notice to Puerto Rico Applicants: Any person who knowingly and with the intention of defrauding presents false information in an insurance application, or presents, helps, or causes the presentation of a fraudulent claim for the payment of a loss or any other benefit, or presents more than one claim for the same damage or loss, shall incur a felony and, upon conviction, shall be sanctioned for each violation with the penalty of a fine of not less than $5,000 and not more than $10,000, or a fixed term of imprisonment for 3 years, or both penalties. Should aggravating circumstances be present, the penalty thus established may be increased to a maximum of 5 years, if extenuating circumstances are present, it may be reduced to a minimum of 2 years. CR 0202 (02-15) Page 4 of 5
Notice to Tennessee, Virginia, and Washington Applicants: It is a crime to knowingly provide false, incomplete or misleading information to an insurance company for the purpose of defrauding the company. Penalties include imprisonment, fines and denial of insurance benefits. APPLICANT DECLARATIONS The undersigned authorized officer of the Applicant represents that the statements and answers made in this application are true, accurate, and complete and are made on behalf of all proposed insureds. The Applicant understands and agrees that this application is a material inducement to the Insurer to issue a policy and will be deemed attached to and will form a part of the policy, if issued; provided that in Wisconsin, it will be part of the policy only if attached to the policy at the time of delivery. The Applicant shall report to the Insurer immediately, in writing, any material change in its operations, condition or answers provided in this application that occurs or is discovered before the effective date of any policy, if issued. The Applicant understands that the Insurer reserves the right to modify or withdraw any insurance proposal it has offered if such change occurs. This supplemental application must be signed by the Applicant s Risk Manager or other person responsible for purchasing insurance. Signature Date Name and Title (please type or print) To be completed by the Producer, if required: Producer Name: Producer Agency and Mailing Address: Telephone No.: License No.: Producer Signature Date CR 0202 (02-15) Page 5 of 5