Crime & Fidelity Insurance
Talk to any controller who has watched a long-trusted bookkeeper walk out the door with three years of stolen receivables, and you will hear the same first reaction: "I thought our regular business policy covered this." It almost never does. General liability policies, business owners policies, and commercial property forms all carry employee-dishonesty exclusions, and a typical cyber policy will not respond when the wire was sent voluntarily by a tricked employee. Crime and fidelity insurance is the line that fills these gaps. Kelly Insurance Group places commercial crime coverage for businesses that need real protection against employee theft, forgery, computer fraud, fraudulent funds transfer, and (with the right endorsement) social engineering schemes.
What Crime & Fidelity Insurance Actually Covers
Commercial crime coverage is a first-party financial-lines product. It pays your business directly for stolen money, securities, or covered property, regardless of whether the thief is an employee or an outside party.
Crime insurance and fidelity bonds are often spoken about as if they were the same product, and in casual conversation that is fine. On a real policy form they are not. A fidelity bond, in its strictest sense, is a surety instrument that guarantees the honesty of named or scheduled employees who handle money or property. A commercial crime policy is built differently. It bundles several insuring agreements into one document, and each agreement responds to a specific kind of loss: employee theft, forgery, computer fraud, funds transfer fraud, premises theft, and so on. When a buyer says "we have a crime policy," what really matters is which of those agreements are in force, what their sublimits look like, and what conditions sit beneath them.
Two coverage triggers exist in this market: discovery and loss-sustained. The difference matters more than almost any other policy feature, because of how fraud actually behaves. A loss-sustained form requires the dishonest act and its discovery to fall inside the policy period. A discovery form responds to losses you find during the policy period regardless of when they happened, subject to a retroactive date or prior-loss lookback. Embezzlements that run quietly for two, three, sometimes five years are extremely common, which is why a discovery form is generally worth the price difference.
Crime insurance and cyber liability sit in different boxes even though their loss territory overlaps. Both policies brush up against social engineering, business email compromise, and fraudulent funds transfer, but they use different trigger language and are written by different carriers. When the two policies are placed by different brokers without anyone reading them side by side, gaps appear in the seam. That seam is one of the more avoidable failures we see in commercial insurance programs.
Insuring Agreements Inside A Commercial Crime Policy
Read the agreements you have, not the ones you assume you have. Each insuring agreement covers a specific loss type with its own limit, sublimit, and conditions.
Employee Theft / Dishonesty
The foundational agreement. It pays for direct financial losses caused by dishonest acts of an employee, covering money, securities, and other property. The named insured is covered, and most policies extend the coverage to scheduled subsidiaries. Modern crime forms also respond to collusion between an employee and an outside accomplice, so long as at least one employee was a knowing participant.
Forgery or Alteration
Responds to losses caused by forgery or material alteration of checks, drafts, promissory notes, and similar negotiable instruments. Coverage typically reaches both instruments drawn on the insured's accounts and instruments accepted in good faith from a third party. A counterfeit certified check accepted from a "buyer" is the textbook scenario this agreement was built to address.
Inside the Premises — Money & Securities
Covers theft, disappearance, or destruction of money and securities inside the insured's premises or banking premises. Robbery of a custodian, safe burglary, and unexplained loss from a locked vault are the classic triggers. Sublimits typically apply to cash on premises, cash in safes, and cash in transit, and these sublimits often differ significantly from the headline policy limit.
Inside the Premises — Other Property
Responds to theft of property other than money and securities, such as merchandise, equipment, and materials, when the loss is caused by robbery of a custodian or safe burglary. This coverage is narrower than commercial property insurance: it requires a specific theft event, not general inventory shrinkage discovered during a routine count.
Outside the Premises
Covers loss of money, securities, or other property while it is being moved outside the premises by a messenger or armored motor vehicle company. Important for any business that physically conveys cash or negotiable instruments, including retail, hospitality, and certain professional service firms. Higher limits often require armored carrier use as a condition.
Computer Fraud
Pays for loss of money, securities, or property resulting from the fraudulent entry of data or instructions into the insured's computer system. The traditional trigger contemplates an intruder altering electronic records to redirect funds. The narrowness of this trigger language is why so many social engineering claims get denied without a separate endorsement.
Funds Transfer Fraud
Pays for loss resulting from fraudulent instructions transmitted to a financial institution that direct the institution to transfer funds out of the insured's account. As with computer fraud, the trigger usually requires the instruction to come from someone impersonating the insured to the bank, not from the insured being tricked into authorizing the transfer themselves.
Social Engineering Fraud
The endorsement that closes the BEC gap. Covers losses where an employee is deceived by a fraudulent communication into voluntarily transferring funds. It almost always carries a sublimit well below the policy's main limit. Most carriers now condition this coverage on documented call-back verification procedures and multi-factor authentication on the insured's email infrastructure.
Vendor / Client Impersonation
Closely related to social engineering, structured around the impersonation of a known vendor or client whose payment instructions are spoofed and redirected. Some carriers fold this into their social engineering endorsement; others write it as a separate agreement. The distinction matters once a payment-redirection loss is on the table.
Money Orders & Counterfeit Currency
Responds to good-faith acceptance of counterfeit U.S. or Canadian paper currency or counterfeit money orders. Most relevant for retail, hospitality, and any business that handles cash regularly. Sometimes included on a standard form, sometimes endorsed; always worth confirming line by line on the schedule.
Credit, Debit & Charge Card Forgery
Pays for losses arising from forgery, alteration, or use of counterfeit credit, debit, or charge cards issued to the insured or accepted by it in good faith. Most relevant for businesses with significant card transaction volume or those issuing corporate cards to multiple employees.
Client Property (Care, Custody & Control)
Extends employee theft coverage to property the insured holds in trust for clients. Critical for accountants, attorneys, financial advisors, property managers, and trustees. Without this endorsement, the standard employee theft agreement protects only the insured's own property, not the client funds an employee may steal.
Why Business Email Compromise Claims Get Denied On Standard Crime Policies
Business email compromise is the single most contested coverage question in commercial crime today. The reason has less to do with carrier behavior and more to do with how the insuring agreements were originally written.
Read the standard Computer Fraud and Funds Transfer Fraud language carefully and you will notice a pattern. Both agreements contemplate a thief impersonating the insured: someone sliding fake instructions into the insured's computer system, or sending a forged wire request to the insured's bank. Neither agreement is naturally written for a different fact pattern, which is the one most BEC losses fall into. In a typical BEC scenario, the fraud reaches an employee inside the company, the employee believes the email is genuine, and the employee voluntarily authorizes the wire transfer to a fraudulent account. The money leaves through the front door, not the back.
A controller at a mid-size manufacturer receives an email that appears to come from the company's CEO, who is traveling internationally. The email asks for an urgent $185,000 wire to a "new strategic vendor" with bank details attached. The controller wires the funds. The CEO never sent the email. The standard Computer Fraud agreement does not respond, because the fraudulent input was not made into the insured's system; it was an email read by a person. The Funds Transfer Fraud agreement does not respond either, because the bank received an instruction from the insured itself, not from someone impersonating the insured to the bank. Without a Social Engineering Fraud endorsement, this loss has no home.
U.S. courts have ruled both ways on whether standard computer-fraud language reaches social-engineering losses, and the case law is jurisdiction-specific. Some federal circuits have stretched older policy language to cover BEC; others have refused to. Counting on a favorable interpretation is not a coverage strategy. The market has responded by offering Social Engineering Fraud as a separate scheduled endorsement with its own trigger language, sublimit, and conditions precedent.
What underwriters want to see before they will bind that endorsement: multi-factor authentication on the company's email system, written call-back verification procedures for any wire transfer above a stated threshold, training records showing employees have completed BEC awareness training, and confirmation that any change to vendor banking information requires verbal verification through a phone number already on file. Carriers price the endorsement against those controls. Sublimits are generally well below the main policy limit, and that gap is intentional. The endorsement is meant to absorb a single bad transfer, not insure unlimited exposure to clever email.
Coverage Elements At A Glance
A market-level view of how standard versus enhanced crime forms typically treat each insuring agreement. Carrier specifics vary; this is a reference, not a quote.
| Insuring Agreement | Standard Form | Enhanced / Endorsed | Underwriting Note |
|---|---|---|---|
| Employee Theft | ✓ Included | ✓ Included | Per-employee versus per-occurrence sublimits vary |
| Forgery or Alteration | ✓ Included | ✓ Included | Some forms cover only instruments in insured's name |
| Premises (Money & Securities) | ✓ Included | ✓ Included | Vault, safe, and cash-on-premises sublimits common |
| Outside Premises / Transit | ✓ Included | ✓ Included | Higher limits may require armored carrier use |
| Computer Fraud / Funds Transfer Fraud | ✓ Included | ✓ Included | Trigger requires fraudulent input, not voluntary transfer |
| Social Engineering Fraud | Excluded | Endorsement | Most contested gap; sublimit + MFA condition typical |
| Vendor / Client Impersonation | Excluded | Endorsement | May be folded into social engineering or separate |
| Money Orders & Counterfeit Currency | Varies | ✓ Included | Cash-handling businesses should confirm |
| Client Property (CCC) | Excluded | Endorsement | Required for accountants, attorneys, advisors, managers |
| Investigation / Forensic Costs | Often Excluded | Endorsement | Sublimited reimbursement, not unlimited |
| Discovery vs. Loss-Sustained | Either | Negotiable | Discovery form is critical for long-running schemes |
Get a Crime & Fidelity Quote From A Specialty Broker
Crime and cyber bound together. Discovery-form policies pushed for by default. Submission packages reviewed in business hours by a specialty brokerage.
Industries Where Crime Coverage Is Not Optional
Every business with employees who handle money carries some crime exposure. The industries below carry it at the highest frequency, the highest severity, or both.
Financial Services & Banks
Regulated institutions often need a Financial Institution Bond (FIB), a specialized crime form. High transaction volume, wire authority, and direct client account access compound the exposure profile.
Healthcare Organizations
Billing fraud, pharmacy inventory diversion, and reimbursement manipulation are persistent risks. Distributed locations and high employee headcounts thin out internal oversight.
Construction & Contractors
Materials diversion, subcontractor kickback schemes, fraudulent invoices, and payroll manipulation. Project-based accounting with multiple payment streams creates real opportunity for theft.
Retail & Hospitality
Cash handling, POS manipulation, return fraud, gift card schemes, and inventory shrinkage with employee involvement. High turnover degrades the quality of internal controls.
Law Firms
IOLTA trust account misappropriation, billing manipulation, and client fund theft. State bar rules may require specific coverage; ABA Model Rule 1.15 governs trust funds across most jurisdictions.
Accountants & Financial Advisors
Client property exposure is the dominant issue. Without a Client Property endorsement, theft of client funds is not covered by the standard employee theft agreement.
Property Management
Rent diversion, security deposit misappropriation, and vendor kickbacks. The exposure runs to both the management firm and the owner whose property is being managed.
Non-Profits & Foundations
Volunteer treasurers and lean staffing produce above-average fraud exposure. Many federal grant agreements list fidelity coverage as an explicit grant condition.
ERISA Plan Sponsors
ERISA Section 412 requires a fidelity bond for almost every funded benefit plan. The bond must equal at least 10% of plan assets, with a $1,000 minimum, $500,000 maximum, or $1,000,000 for plans holding employer securities.
Logistics & Trucking
Cargo theft, fuel-card fraud, driver expense schemes, and billing manipulation. Decentralized operations make internal control disproportionately hard.
Technology & SaaS
Vendor impersonation, BEC, and fraudulent funds transfer. Remote-first workforces and digital payment infrastructure raise the social engineering exposure substantially.
Government Contractors
Specific contract terms may require crime coverage at stated limits. Federal procurement contracts increasingly include explicit fidelity requirements as a condition of award.
Crime vs. Cyber — Where The Two Policies Meet
Modern losses cross both lines. Buying crime and cyber from different brokers without a coordinated read of both wordings is one of the more reliable ways to end up with a coverage gap nobody knew about until it was too late.
| Loss Scenario | Crime Policy Response | Cyber Policy Response | Likely Gap |
|---|---|---|---|
| Employee embezzles cash from operating account | ✓ Employee Theft | No — not a cyber event | Covered by crime if in force |
| Hacker breaches systems, exfiltrates customer data | No — not a fidelity loss | ✓ Data breach / privacy | Covered by cyber if in force |
| BEC email tricks CFO into wiring funds | ⚠ Social engineering endorsement only | ⚠ Some cyber forms include; many exclude | Likely gap if neither has the endorsement |
| Ransomware encrypts files, attacker demands payment | ⚠ Some forms include cyber extortion | ✓ Cyber extortion / ransomware | Coordinate to avoid double-trigger or gap |
| Compromised credentials used to initiate fraudulent wire | ✓ Computer Fraud agreement | ⚠ Depends on trigger language | Trigger language reading required |
| Vendor impersonation; payment redirected via fake invoice | ⚠ Vendor / impersonation endorsement | ⚠ Some cyber forms with endorsement | Most common modern gap |
| Employee steals trade secrets or source code | No — covers tangible property & money | ⚠ Limited; intellectual property policy may apply | Often uninsured; consider separate IP coverage |
| Counterfeit cashier's check accepted from fraudulent buyer | ✓ Forgery or Alteration | No — not a cyber event | Covered by crime if in force |
The other-insurance and excess provisions in modern crime and cyber forms have grown more detailed in recent years, in large part because of how often the two policies tangled with each other after a BEC loss. The functional rule that comes out of all that: have one broker review both policies side by side before either binds. Otherwise the question of which policy is primary, which sits excess, and which exclusion controls becomes an argument at the worst possible moment.
Common Exclusions Worth Knowing Before A Loss
Crime policies are negotiated documents. Exclusions vary by carrier and form, but the categories below appear consistently and surprise insureds most often after a claim is filed.
What Drives Crime Insurance Underwriting
Crime is unusual in that the quality of internal controls weighs at least as heavily as employee count or revenue. Underwriters ask about controls specifically, and the answers shape both appetite and price.
Employees with financial authority
The number of people with check-signing authority, wire initiation rights, vendor master file access, or the ability to alter banking instructions matters more than total headcount.
Separation of duties
Whether transaction initiation, approval, and recording are split across different people. Underwriters ask about this directly. Single-person workflows attract higher scrutiny and pricing.
Industry & cash-handling profile
The volume of cash, securities, and negotiable instruments under the insured's control sets baseline rate factors. Banks, healthcare, construction, and retail sit in heavier rating bands.
Loss history
A 5-year crime loss run is standard at submission. Prior employee theft losses, even fully recovered ones, affect appetite, pricing, and which carriers will quote at all.
MFA & email security controls
Multi-factor authentication on email, banking platforms, and ERPs is increasingly required as a condition of social engineering endorsement eligibility, not merely a discount item.
Background screening practices
Documented pre-hire criminal screening, and (where state law permits) credit screening for employees in financial roles, produces materially better underwriting outcomes.
Discovery vs. loss-sustained election
Discovery forms cost more but cover dramatically more. Most underwriters quote both and let the buyer choose; this is one of the bigger decisions on a placement.
Limit and sublimit selection
Each insuring agreement carries its own load. Social engineering and vendor impersonation endorsements add meaningfully to base premium because they sit on the highest-frequency claim categories.
The Crime Claim Process — What To Do First
Crime policies have notice and reporting requirements that don't forgive much. The first 24 to 72 hours after discovery shape everything that comes next.
Secure evidence before anyone is alerted
Once a fraud is suspected, secure financial records, system logs, email, and access credentials before the suspected employee or third party becomes aware of the investigation. Confronting the person before evidence is preserved is one of the most common, and most damaging, mistakes.
Notify the broker and carrier
Crime policies have notice requirements that vary by form, sometimes as short as 30 days. Don't wait for the loss to be quantified before giving notice. Notice protects the claim; quantification follows.
File the police report
Most crime forms require law enforcement notification, including for internal employee theft. Failing to file, or unreasonably delaying the report, can become a coverage issue. File promptly even if the matter would be easier to keep quiet.
Engage forensic support
The carrier will require a detailed Proof of Loss documenting both the nature and the amount of the loss. Forensic accountants typically lead the loss quantification. Some policies sublimit forensic costs; others exclude them entirely. Confirm the position before engaging.
Submit the formal Proof of Loss
Most policies require the Proof of Loss within a stated window, typically 120 to 180 days from discovery. The Proof of Loss identifies the agreement triggered, the loss amount, supporting documentation, and the insured's affirmation under oath.
Cooperate with carrier investigation and subrogation
The carrier conducts its own investigation and may pursue subrogation against the responsible party. Recovered amounts reduce the net claim cost. Cooperation with the carrier's investigation, including access to records and personnel, is a policy condition.
Remediate controls before renewal
After resolution, carriers expect documented remediation of the controls that allowed the loss. Renewal underwriting will look for evidence of changes. Failure to remediate may result in non-renewal or exclusion of similar future losses.
Internal Controls That Reduce Premium And Loss
Underwriters ask about these controls explicitly. Implementing them measurably improves both the application profile and the actual fraud risk.
Separation of duties
No single employee should initiate, approve, and record the same financial transaction. Splitting authorization from execution is the single most effective fraud control available.
Dual control on wire transfers
Two independent approvers for wires above a stated threshold. Any change to vendor banking instructions verified by phone using a previously known number, never email confirmation alone.
Mandatory vacation policy
Require employees with financial authority to take a minimum consecutive period off each year, with another employee covering responsibilities. A meaningful share of long-running embezzlements surface during mandatory coverage.
Independent reconciliation
Bank statements reconciled by someone other than the person who prepared the underlying entries. Surprise audits of cash, petty cash, and expense reports. Regular review of vendor master file changes.
Background screening
Criminal background checks, and credit checks where state law permits, for hires into financial roles. Periodic refresh for long-tenured employees in sensitive positions, as state law allows.
Multi-factor authentication
MFA on email, banking platforms, ERP, and financial software. Increasingly required as a condition of social engineering endorsement eligibility, and the most effective single control against BEC.
Vendor change verification protocol
Documented call-back procedure for any change to vendor ACH or wire details. Phone verification using a number on file, not a number provided in the request itself.
Anonymous reporting hotline
The ACFE 2024 study found 43% of cases were first detected by tip, far ahead of any other detection method. A hotline, or a third-party whistleblower service, raises the probability that internal concerns surface before they become losses.
Crime & Fidelity Insurance — Buyer Questions, Answered
Questions that come up routinely from CFOs, controllers, and risk managers when reviewing crime coverage with our team.
A fidelity bond is a surety instrument that guarantees the honesty of named or scheduled employees who handle money or property. A commercial crime insurance policy is broader. It bundles several insuring agreements (employee theft, forgery, computer fraud, funds transfer fraud, social engineering with endorsement, and others) into a single policy.
The labels often overlap in casual usage, but on a real policy form they are not interchangeable. A specialized fidelity bond is what's required to satisfy ERISA Section 412 for an employee benefit plan, and that bond is typically distinct from the commercial crime policy that covers the operating company.
Not on most standard crime forms. The standard Computer Fraud and Funds Transfer Fraud agreements are usually triggered when a fraudster impersonates the insured to a bank or to the insured's computer system. BEC works differently: the employee is deceived into voluntarily transferring funds. That voluntary transmission falls into the "voluntary parting" zone that standard agreements typically exclude.
BEC coverage requires a separately negotiated Social Engineering Fraud endorsement. The endorsement carries a sublimit, often well below the main policy limit, and is increasingly conditioned on multi-factor authentication and documented call-back verification procedures. Don't assume your crime policy covers BEC. Read the endorsement, or ask your broker to confirm in writing.
A loss-sustained policy responds when the loss and its discovery both happen during the policy period (or within a short discovery window after expiration). If an embezzlement runs for three years and is discovered after the loss-sustained policy has already been replaced, there may be no coverage anywhere on the timeline.
A discovery policy responds to losses you discover during the policy period regardless of when the underlying acts occurred, subject to a retroactive date or prior-loss lookback. Because the ACFE 2024 study found a median fraud duration of 12 months before detection, discovery forms provide materially better protection. Most well-advised buyers ask for the discovery form even at higher cost.
Generally not without an endorsement. Standard crime policies define "employee" narrowly, usually limited to W-2 employees subject to the insured's direct control. Independent contractors, leased employees, and temporary staffing-agency workers are usually outside the definition.
For businesses that use staffing agencies or contractors in roles with financial access, this is a meaningful gap. Some carriers offer endorsements that extend coverage to defined non-employee categories. Read the policy's "employee" definition, and ask the broker to extend it explicitly if your operations include 1099 staff in financial roles.
Most standard crime forms exclude theft committed by majority owners, controlling principals, or managing partners. The reasoning is structural: a controlling principal stealing from the company is, in effect, the company stealing from itself, which is not the kind of risk crime insurance was built to address.
Minority owners, officers without controlling ownership, and most employees do remain covered. For closely-held businesses with multiple family members holding financial authority, the policy's "principal" definition deserves explicit review with the broker before binding.
Limit selection comes from looking at maximum foreseeable exposure rather than average transaction size. The right framing involves the largest amount a single trusted employee could move, the maximum daily wire-transfer authority, total client funds held in trust or escrow, and how long a fraud could realistically run before existing controls would catch it.
Limits set five or ten years ago and never revisited are common, and frequently inadequate. Annual limit review against current cash positions, vendor master file size, and wire-transfer thresholds is part of the renewal conversation we run with clients.
Generally yes. Most modern Employee Theft agreements respond when at least one employee was a knowing participant in the dishonest act, even if the broader scheme involved an outside accomplice (a fraudulent vendor, a former employee, a relative). Collusion schemes are some of the more common loss patterns crime policies were designed to address.
The trigger requires the employee's participation to be knowing and intentional. Inadvertent involvement, or being deceived without participating in the scheme, can change which agreement responds, or whether any responds at all.
The most common statutory requirement is the ERISA fidelity bond. Under ERISA Section 412 (29 U.S.C. § 1112), every person who handles funds or other property of a covered employee benefit plan must be bonded in an amount equal to at least 10% of the funds handled in the prior plan year, with a $1,000 minimum per bonded person and a $500,000 maximum per plan per year, raised to $1,000,000 for plans holding employer securities. The bond must be first-dollar with no deductible to the plan. Source: U.S. Department of Labor EBSA guidance.
Beyond ERISA, crime or fidelity coverage is commonly required by lender agreements, franchise agreements, federal grant terms, government contracts, commercial leases, professional services agreements, and (for financial institutions) federal and state banking regulations. Always confirm contract requirements before binding so the limit and form match what's been promised.
Kelly Insurance Group is an independent specialty brokerage focused on hard-to-place, non-standard, and high-exposure commercial risks across more than 200 coverage categories. Crime and fidelity coverage sits inside our management liability practice, and we coordinate it directly with cyber liability rather than placing the two policies in isolation.
Our team works through the form-level questions that actually move the needle: discovery versus loss-sustained, social engineering sublimit, vendor impersonation language, client property endorsement when applicable, and ERISA bond requirements when a benefit plan is in scope. Contact our team or book a meeting to walk through your current crime and fidelity placement.
Search Kelly Insurance Group
Continue Reading At Kelly Insurance Group
Every page below is confirmed live on the KIG sitemap and most relevant to a buyer evaluating crime, fidelity, and adjacent management liability or coordinated coverage lines.