APP INSURANCE FORM | Green SwanCompliance

Check your APP Fraud Insurance Eligibility

Welcome to the APP Fraud Insurance eligibility application form - you will have received the link to this form after an initial call with Elmore Insurance Brokers and Green Swan Compliance.

The data collected in the form will be used as laid out in our privacy policy to assess your suitability for APP Reimbursement Insurance with a variety of underwriters at Lloyds.

Please note that prior to finalising your quotation and the terms of your policy, a more detailed 'Fraud Control Health Assessment' will be required. Most of this assessment will be done digitally, and may include some video calls. In certain cases, an onsite visit and demonstrations of your systems, procedures, and controls may also be necessary.

Due to the complexity of the new regulations it may take 3-4 weeks to finalise your insurance cover, so we would advise early booking of your assessment. A small charge, payable in advance is made for the Fraud Control Health Assessment (typically 2k per 1m of insurance required). We appreciate that some of the data requested is potentially sensitive and in the event that your firm has a preferred secure data room for file sharing, please contact us should you wish to use such a facility rather than the file uploads available on this ISO27001 certified system.

Whilst we have endeavoured to make this form as straight forward as possible to complete we appreciate that filling in insurance forms are not always 'fun' - should you need some additional help and support on a video call please do contact us.

The information you provide on this form will be used to provide an indicative quotation and is not legally binding. However, the more accurate the information and the more complete the information you provide the more accurate the quotation.

We appreciate, understand and acknowledge that this form is in draft mode as we continue to finesse inline with the updated APP regulations.

1. Applicant Information

1.1. Your Name

1.2. Your position/title in the company

1.3. Your business email (by entering your email you allow permission for us to contact you)

1.4. Is your Financial Institution listed under the PSR Special Directive 20 (SD20)?

Yes

1.5. Name of your institution

1.6. Are you regulated by:

1.6.a. If other please provide details:

1.7. Have you provided a legal challenge to the PSR relating to your institution being included under Special Directive 20?

Yes

1.8. Who is your banking partner and safeguarding credit institution (if applicable)?

2. APP Fraud Compliance & Risk Management

2.1. Do you have a dedicated fraud monitoring team?

Yes

2.2. What is the total number of staff in your fraud monitoring team?

2.3. Are alerts monitored 24 /7?

Yes

2.4. Do you have a SLA for alert review and response?

2.4a Please upload a copy of your SLA (optional):

2.5. What is your annual impact from APP fraud?

2.6. What is your expected 'normal' level of APP INBOUND fraud that you expect to cover or are able to cover yourself per month?

2.6.a. What is your expected 'normal' level of APP OUTBOUND fraud that you expect to cover or are able to cover yourself per month?

2.7. How much Insurance cover in total are you seeking annually for APP Fraud Reimbursement over your monthly normal amounts?

2.8. What do you expect to be the main risk that you wish to have APP Reimbursement Insurance for?

2.9. If your FI is part of a group please provide a high level organisational structure for your legal entity:

N/A

2.9.a. Please upload your internal organisational structure for your firm:

2.10. Please upload the APP investigation procedure for APP fraud reimbursement (if available):

NOT AVAILABLE

2.11. What is the procedure when potential customer fraud/dishonesty is suspected?

2.12. What is your APP fraud reimbursement assessment process?

2.13. Are you directly connected to RCMS and CDRS and do you regard this as a mandatory system of use internally now?

2.14. Do you and your payment rails partner or sponsor block and blacklist all customers accounts when notified of an APP fraud by a customer?

Yes

2.15. Who is your existing Compliance Audit Provider?

2.16. When was your last Compliance Audit?

2.17. Please provide your latest independent Compliance Audit report (optional)

2.17.a. Please provide a list of any outstanding recommendations and timelines for implementation specifically relating to APP fraud:

3. APP Fraud Systems and Controls

3.1. Do you use Confirmation of Payee for all UKFP?

3.2. What APP fraud prevention systems and tools are currently in place including real-time APP fraud monitoring to stop potential fraudulent payments?

3.3. Have you fully integrated with Cifas during the initial customer onboarding process? How many analysts are monitoring the Cifas alerts? If not, do you plan to do so and what is your timeframe for implementation?

3.4. How do you monitor transactions for APP fraud suspicious activities?

3.5. How do you monitor your fraud management information and reporting?

3.6. Do you share APP fraud data with any other institutions to assist in fraud prevention and investigation?

Yes

3.6.a. If yes, how do you share APP fraud data with other institutions to assist in fraud prevention and investigation?

3.7. Has your new approach to APP been signed off by the Board of Directors and/or your responsible person for Consumer Duty?

3.8. How many customers have you presently identified as Vulnerable and what measures have you put in place to prevent APP fraud on these customers?

3.9. Please upload your Compliance Policy that contains your Policy for managing Vulnerable customers:

4. APP Fraud Mitigation Methods

4.1. What types of Account Holder authentication methods do you use (e.g., 2FA, biometric verification) and when do these authentications apply?

4.2. How frequently are these methods updated or reviewed? When is the last time you have updated the method?

4.3. What has been the financial impact of APP fraud on your firm over the past year? What proportion of losses has been recovered? Please provide split between Sender APP fraud and Receiver APP fraud.

4.4. What is the procedure for seeking indemnity and claims to recovering the APP fraud losses experienced by Account Holders?

4.5. How do you collaborate with other financial institutions to combat APP fraud?

4.6. How do you monitor and share information about APP fraud trends and threats?

4.7. What risk alerts and warnings are presented to the customer prior to executing a FPS transaction to prevent APP fraud?

4.7.a. Please upload screen grabs of risk alerts and warnings:

4.8. Have you received any legal opinion that your current APP warnings are sufficient to prove gross negligence?

5. APP IT System Security

5.1. What cybersecurity frameworks or standards do you follow (e.g., ISO 27001, NIST)?

5.2. How often do you conduct vulnerability assessments and penetration testing?

6. APP Transaction limits

6.1. What are the monetary transaction limits on customer account per transaction value or per account ?

6.1.a. Please provide a breakdown of different limits per Account Holder profile and upload file:

7. Insurance

7.1. Do you have cyber insurance cover or other fraud insurance cover?

7.1.a. Please upload relevant policies (optional)

How much do you expect to increase your customer base over the next 12 months?

7.2. Please provide details of any other information that you think might be relevant for the insurance underwriters to assess you APP risks:

7.3. If you are a regulated Principle firm and have Agents/Distributors/Customers and you are responsible for their APP scam refunds and have imposed additional contractual terms on these Agents/Distributors/Customers, please provide the relevant contractual terms and conditions regarding APP deposits/insurance data reporting, service level agreement:

N/A

7.4. If you are an Agent/Distributor/Customer of a regulated Principle firm and have received Terms and Conditions from them relating to APP please upload:

File upload

N/A

7.5. Please upload any other relevant documents which may help your application:

7.6. If you are a Principal please upload your latest REP017 submission:

N/A

8. Declaration

The information provided is to the best of my knowledge materially complete:

Please tick