The email looks completely routine. The roofing contractor your homeowners association (HOA) has worked with for three years sends updated banking information ahead of a scheduled payment. The board treasurer processes the wire. Three days later, the real contractor calls asking where the money is.
Business email compromise (BEC) is hitting HOAs across the country, and the financial damage is real. Crime insurance is the coverage line designed to respond to exactly this kind of loss — but whether it actually does depends on the specific insuring agreements in the policy. Does HOA insurance cover wire fraud and fraudulent wire transfers? Not always — and the difference comes down to the exact policy language the board has in place.
According to the FBI’s Internet Crime Complaint Center, BEC generated more than $55 billion in cumulative exposed losses from October 2013 through December 2023, with global exposed losses rising another 9% between December 2022 and December 2023 alone. Most HOA boards have no idea whether their current coverage responds to this exposure.
Why HOAs Are a Prime Target for Wire Fraud
Community associations hold significant operating and reserve funds, make regular recurring vendor payments, and typically run with lean administrative teams that have less transactional oversight than a corporate finance department. That combination makes them attractive targets.
Vendor email compromise (VEC) — where fraudsters spoof or hijack a trusted vendor’s email to redirect payments — rose 66% in the first half of 2024, and the average fraudulent wire transfer request stood at $24,586 at the start of 2025. Artificial intelligence (AI) has further complicated matters: By mid-2024, an estimated 40% of BEC phishing emails were AI-generated, making them more personalized and harder to flag than earlier attempts.
Urgency is a deliberate part of the scheme. Fraudulent wire requests routinely arrive late on a Friday afternoon or just before a holiday, engineering time pressure that discourages verification.
A case documented by Western Alliance Bank shows exactly what happens when a board acts on a spoofed email. Fraudsters targeting a homeowners’ association gained access to a community manager’s email account while she was out of the office, then used spoofing to impersonate her. The association’s accounts payable director received what appeared to be an internal request to pay the $300,000 annual insurance premium by wire rather than by the usual check. Because the amount exceeded wire transfer limits, the payment was split into three separate transactions — all of which went directly to the fraudsters. By the time the fraud was discovered, the money was gone and recovery required urgent coordination with the bank, law enforcement, and the FBI — a reminder of how quickly a single diverted email can drain an association’s accounts.
Crime Insurance vs. Cyber Liability: Why the Distinction Matters
This is the coverage confusion agents need to resolve for clients before a loss occurs. Wire fraud and BEC losses are crime claims, not cyber liability claims.
Cyber liability insurance responds to data breaches, ransomware, notification costs, and related system-compromise events. It typically does not cover funds that an authorized person voluntarily wired to a fraudulent account due to spoofed payment instructions. The two coverages operate in different lanes, and conflating them is one of the most common gaps agents encounter in HOA insurance programs.
The insuring agreements that actually respond to wire fraud are “funds transfer fraud” and “social engineering”:
- Funds transfer fraud: Covers loss arising from a fraudulent electronic instruction that causes the association’s financial institution to transfer funds without the association’s actual authorization
- Social engineering: Covers loss resulting from a fraudulent communication that induces an authorized employee or officer — such as a board treasurer — to voluntarily transfer funds based on spoofed payment instructions
These are not the same coverage. A policy can include one without the other. And a basic fidelity bond almost certainly includes neither. KDIS crime insurance specifically addresses both, as we’ve increasingly identified wire transfer and electronic funds fraud as emerging risks that community associations face today.
What Agents Should Review in an Existing Crime Policy
A policy review for HOA crime coverage should address three things: whether funds transfer fraud and social engineering are listed as covered insuring agreements, what the sublimits are for each, and whether a verification condition exists that could void a claim.
Many crime policies require the insured to independently verify any change to payment instructions before transferring funds. If a board wires money without that verification step and the policy contains the condition, the insurer can deny the claim regardless of whether the fraud itself would otherwise be covered. Agents should walk clients through this requirement before a loss occurs, not during one.
Practical guidance to pass along to association boards: Any change to vendor banking information received by email should be confirmed by phone, using a contact number independently sourced — not the number provided in the email. When a fraudulent transfer is discovered, immediate contact with the financial institution is critical, as recovery windows close quickly.
For associations that have experienced a BEC attempt — whether funds were lost or not — a conversation about cyber liability coverage for related data and system risks is also worth having.
The Coverage Gap No One Talks About Until It’s Too Late
Wire fraud targeting community associations is not hypothetical. The fraud vectors are active, the losses are documented, and the coverage that responds is specific — not assumed.
Agents who verify that their HOA clients have funds transfer fraud and social engineering insuring agreements in place, with appropriate sublimits and no coverage-defeating conditions the board doesn’t know about, are the ones whose clients recover when a wire goes to the wrong account. Agents who assume a fidelity bond handles it are the ones on the phone explaining why it doesn’t. Contact KDIS to review crime coverage gaps or request a proposal.
Wire Fraud FAQ
Does a fidelity bond cover wire fraud?
No. A fidelity bond covers employee dishonesty — theft by a covered employee. It does not cover an outside fraudster manipulating a board member into wiring funds.
What’s the difference between funds transfer fraud and social engineering coverage?
Funds transfer fraud covers losses when a fraudulent electronic instruction causes a financial institution to transfer funds without the association’s authorization. Social engineering covers losses when a fraudulent communication — such as a spoofed vendor email — induces an authorized person to initiate the transfer.
Why can’t cyber liability insurance cover a fraudulent wire transfer?
Cyber liability responds to data breaches, ransomware, and system-compromise events. A wire sent in good faith based on spoofed instructions is a voluntary funds transfer — a crime claim, not a cyber claim.
What should an HOA board do the moment it suspects a fraudulent wire?
Contact the financial institution immediately. Recovery windows close quickly, and early bank contact is the primary mechanism for recalling transferred funds. File a complaint at ic3.gov and notify the association’s crime insurance carrier.
Does crime insurance cover BEC losses if the board didn’t verify the payment instructions?
Many crime policies require the insured to independently verify changes to payment instructions before transferring funds. If that condition exists and wasn’t met, the claim may be denied. Agents should walk clients through this requirement before a loss occurs.
About the Author
Kevin Davis is President of Kevin Davis Insurance Services, Inc. (KDIS) and managing general agent for Travelers Insurance — one of the largest specialty insurance writers for community associations in the United States, currently insuring more than 40,000 associations nationwide. With three decades in the insurance industry — 25 of them devoted exclusively to community associations — Davis brings rare depth of expertise to a highly specialized field. He founded KDIS in 2000 with a two-person team and has since built it into a firm of more than 65 employees, establishing the company as a trusted leader in its market. A nationally recognized authority on loss prevention, Davis writes and speaks regularly on the subject. He also serves as a faculty member for Community Associations Institute (CAI) training programs throughout the country.
About Kevin Davis Insurance Services
For over 35 years, Kevin Davis Insurance Services has built an impressive reputation as a strong wholesale broker offering insurance products for the community association industry. Our president, Kevin Davis, and his team take pride in offering committed services to the community association market and providing them with unparalleled access to high-quality coverage, competitive premiums, superior markets, and detailed customer service. To learn more about the coverage we offer, contact us toll-free at (855) 790 -7393 to speak with one of our representatives.