Crime Insurance

Crime insurance (also called commercial crime insurance or fidelity insurance) protects businesses from financial losses caused by criminal acts — whether committed by employees or outside third parties. A standard policy covers employee theft, embezzlement, forgery or alteration of documents, robbery, burglary, computer fraud, and funds transfer fraud. It is NOT the same as general liability insurance — general liability covers bodily injury and property damage claims from third parties, while crime insurance covers direct financial losses from criminal acts. Note: Crime coverage is a separate line from general liability. Many businesses are surprised to discover their GL policy offers no protection against employee theft Q2

Employee theft is by far the most common claim — and the most costly. Studies show that over 75% of employees admit to stealing from an employer at least once. Losses are often carried out gradually over months or years in small amounts, making them difficult to detect. Employee dishonesty claims include direct cash theft, embezzlement, inventory theft, payroll fraud, and diverting company funds into personal accounts. The second most common category is social engineering and business email compromise (BEC) fraud. Key insight: Most businesses that suffer a crime loss assume it will come from an outside robber — but internal fraud from trusted employees is statistically the dominant risk. Q3

Yes. Employee theft (also called employee dishonesty coverage) is the cornerstone insuring agreement in virtually every commercial crime policy. It covers theft of money, securities, and other property by an employee acting alone or in collusion with others. Coverage typically includes: direct cash theft, check kiting, payroll manipulation, inventory theft, and fraudulent vendor payments. Most carriers including Chubb, Hartford, and Travelers include this as a primary insuring agreement. Important: coverage terminates for a specific employee once the insured discovers that employee has a prior dishonesty history. Key insight: Exclusion to watch: Coverage is excluded for losses caused by officers, owners, or partners at many carriers — they are considered principals, not employees subject to oversight. Q4

Social engineering fraud occurs when a criminal impersonates a trusted person — a CEO, vendor, or client — to manipulate an employee into wiring funds to a fraudulent account. This is also known as business email compromise (BEC). The FBI's IC3 reported BEC drove $2.77 billion in losses in 2024 alone. Standard crime policies do NOT automatically cover this — it requires a specific social engineering endorsement. Chubb offers dedicated social engineering fraud coverage up to $250,000 per occurrence (higher with additional underwriting). Most carrier sub- limits fall in the $100,000–$500,000 range. Key insight: Critical gap: If your company carries $2M in crime coverage but only a $250K social engineering sublimit, a well-executed BEC scam could leave you significantly underinsured. Ask your broker to review your specific sublimit. Q5

These are the two policy structures for when coverage is triggered. A Discovery (Loss Discovered) form covers any loss discovered during the policy period, regardless of when it occurred — even if the theft happened years ago. A Loss Sustained form covers losses that both occurred AND are discovered during the policy period (or shortly after). The Discovery form is generally considered broader and better for most businesses since employee theft often goes undetected for years. Most modern policies are written on a Discovery basis. There is little premium difference between the two forms. Key insight: Warning: Never let crime coverage lapse between carriers if on a loss sustained form — a gap in coverage can mean losses that occurred before the new policy started are not covered. Q6

Yes, most commercial crime policies include computer fraud and funds transfer fraud as separate insuring agreements. Computer fraud covers losses from unauthorized computer access used to transfer or steal funds. Funds transfer fraud covers losses caused by fraudulent electronic payment instructions submitted to your financial institution. However, social engineering fraud (where an employee is tricked into authorizing a transfer) is treated differently and typically requires its own endorsement. Carriers like Chubb explicitly offer coverage for losses from unauthorized hacker access, including via mobile apps and web portals. Key insight: Crime vs. cyber: If both a crime policy and a cyber policy are in place, the crime policy is typically the primary responding policy for financial loss, with cyber coverage acting as excess. Q7

Yes — general liability does not cover crime-related financial losses. GL policies are designed to cover third-party bodily injury, property damage, and some professional liability claims. They do not cover employee theft, embezzlement, forgery, or fraud against your own business. A business owner's policy (BOP) may include some limited crime coverage, but it is typically much narrower than a standalone commercial crime policy. Any business that handles cash, securities, client funds, or wire transfers should strongly consider a standalone crime policy. Key insight: Who especially needs it: Financial services firms, nonprofits, healthcare organizations, retail businesses, and any company with frequent wire transfers or high employee access to funds. Q8

Standard exclusions across major carriers include: (1) Acts committed by owners, officers, or partners — they are not considered 'employees' for coverage purposes. (2) Prior dishonesty — if the insured knew an employee had stolen before, losses from that employee are excluded. (3) Indirect losses — lost profits, lost business opportunities, or reputational harm. (4) Inventory shortages where no direct evidence of theft exists. (5) Acts of war or government seizure. (6) Losses caused by the insured's own illegal acts. Some carriers also exclude cyber-related losses unless specifically endorsed. Key insight: Underwriters pay close attention to competitive bidding processes for vendor payments and internal controls when evaluating applications — weak controls can affect pricing. Q9

Premiums vary based on business size, industry, revenue, number of employees, internal controls, and loss history. For small to mid-sized businesses, annual premiums typically range from a few hundred dollars to several thousand. Limits are purchased per occurrence — unlike management liability or professional lines, crime policies have a full limit available for each separate loss event (not an aggregate). Common limits range from $100,000 for small businesses to $5M+ for larger organizations or those in financial services. Carriers look at 12 months of financial history, company locations, international exposure, and separation of duties when quoting. Key insight: Carriers want to see that you have competitive bidding for vendors, background screenings for employees, dual-control for wire transfers, and regular reconciliation of accounts. Q10

Act quickly and document everything. (1) Secure all records related to the suspected loss — emails, invoices, bank records, and access logs. (2) Notify your insurance broker immediately, since most policies require prompt reporting. (3) Notify law enforcement — a police report strengthens the claim and is often required by carriers. (4) Engage forensic accountants if the loss involves financial manipulation. (5) Preserve evidence and avoid alerting the suspected employee until legal counsel advises. Discovery-form policies require the loss to be reported during the policy period, so delayed reporting is one of the most common reasons for denied claims. Key insight: Remember: Crime policies are written on a per-occurrence basis, meaning each separate theft event has access to the full policy limit — making proper documentation of each event critical.