Commercial Crime Insurance

/ Insurance Guides / By
Business Insurance • Commercial Crime

Commercial Crime Insurance: How to Protect Your Business from Theft, Fraud & Employee Dishonesty

If someone steals from your company — an employee, an outside fraudster, or a hacker tricking staff into wiring funds — the financial consequences can be immediate and severe. This practical guide shows what to buy, how to document losses, and the controls that reduce both risk and premiums.

Read Practical Steps →
Business desk with financial documents, a secure lockbox, and a laptop showing a security dashboard.

I see business owners panic when an unexpected fraud hits: payroll siphoned, an invoice paid to a scammer, or a long-time employee caught stealing. You need three things fast — the money to cover the hole, a claim that pays, and a plan to stop it happening again. This guide gives you a clear buying checklist, sample wording to watch in policies, and concrete operational steps to implement this week.

On this page

What is commercial crime insurance?

Commercial crime insurance — sometimes called fidelity or employee dishonesty coverage — compensates businesses for financial losses caused by criminal acts. That can be internal (employee theft), external (forged checks), or hybrid (business email compromise where a fraudster tricks your staff into wiring funds). Insurance forms vary a lot, so the right policy for a retail shop differs from the right policy for a law firm or a technology services business.

Common loss scenarios I recommend you plan for

Here are the loss patterns I see most often in U.S. firms — and what they typically cost:

  • Employee theft / skimming: an employee diverts cash receipts or tampers with accounts payable to route funds to themselves. Even small monthly skimming compounds quickly.
  • Payroll fraud: ghost employees, altered direct deposit details, or unauthorized bonuses paid to insiders.
  • Forgery & check alteration: forged signatures or checks changed after signing.
  • Funds-transfer fraud / BEC (business email compromise): fraudsters spoof emails or vendor invoices and trick finance into wiring money to fraudulent accounts.
  • Client funds in custody: escrow, client deposit, or trust account theft — high exposure for professional practices and real estate brokers.
Employee reviewing financial ledgers and transaction records with a calculator and pen.
Employee reviewing financial ledgers and transaction records with a calculator and pen.

What a typical policy covers (and limits)

Commercial crime policies are modular. Here are the common insuring clauses and what they mean:

  • Employee Dishonesty (Fidelity): reimburses the insured for loss caused by dishonest acts of employees — theft of funds, securities, or property.
  • Forgery or Alteration: covers loss from forged, altered, or counterfeit checks and negotiable instruments.
  • Funds-Transfer Fraud: covers sums transferred because of fraudulent instructions (wire/ACH) — often subject to a separate sublimit.
  • Computer Fraud: loss resulting from unauthorized electronic access that causes theft of funds or transfer of property.
  • Client Funds / Funds in Custody: protects third-party funds you hold — critical for brokers, escrow, or agents.

Limits: smaller businesses commonly buy $100k–$500k limits; mid-sized firms choose $1M+ depending on exposure. But the numeric limit isn’t the only variable — sublimits, deductibles, and the definition of “employee” matter more at claim time.

How to buy — an exact checklist that gets accurate quotes

When you talk to a broker or insurer, have these items ready. They speed quoting and avoid surprises:

  1. Annual payroll and employee count: underwriting uses payroll as a proxy for access to funds.
  2. Control summary: who approves transfers, dual approval thresholds, vendor-change process, who reconciles bank statements.
  3. Monthly transfer volume and largest single transfer: underwriting wants to see your typical and peak transfer patterns.
  4. Any client funds held: totals and segregation practices (e.g., trust accounts).
  5. Loss history: date, amount, description of any prior thefts and corrective actions taken.
  6. Contracts with vendor billing or escrow clauses: lenders and clients sometimes set coverage minimums.
  7. Desired sublimits for funds-transfer & computer fraud: specify if you need higher sublimits than the default.

Quote tip

Ask for the full policy text with each insuring clause highlighted and the carrier’s response to three hypothetical scenarios you care about. That forces clarity on how the policy behaves in practice.

Real buying insight: strong internal controls (two-step approvals, vendor-verification calls, and audited reconciliations) often reduce rates more than small premium discounts you might try to chase with tiny deductibles.

Immediate controls you can implement this week

Don’t wait for an insurer — these controls reduce risk and make claims simpler if something goes wrong:

  • Dual-approval for wires: require two independent approvals for any wire or ACH over a threshold (e.g., $2,500).
  • Vendor-banking verification: changes to vendor payment details must be confirmed by phone using a number on file (not via email reply).
  • Segregation of duties: never let the same person create vendors, approve invoices, and issue payments.
  • Monthly independent reconciliation: have someone not involved in AP/AR reconcile bank statements monthly and sign off.
  • Limit payment initiators: restrict who can initiate transfers in your banking portal and use role-based access.
  • Staff training: short sessions on social-engineering red flags for anyone who approves payments.
Person examining a suspicious check under a desk lamp with a magnifying glass and verification tools.
Person examining a suspicious check under a desk lamp with a magnifying glass and verification tools.

How to prepare a claim that gets paid quickly

Insurance claims aren’t paperwork exercises — they’re timelines. The more immediate and organized your evidence, the faster the payout. Collect:

  • A chronological loss statement: who discovered the loss, what happened, when, and how you responded.
  • Copies of fraudulent instructions: emails, invoice PDFs, screenshots, altered checks, or other documents.
  • Bank transaction records and attempted recovery steps (bank recall requests).
  • Employee statements, investigation notes, and any HR actions.
  • Police report and evidence of law enforcement contact (when applicable).
  • Proof of your controls before the loss (reconciliations, approvals) — it shows you took reasonable steps.

Tip: prepare a 1-page “loss packet” template now and save it in your shared drive so the finance team can populate it immediately the minute a suspicious transaction appears.

Policy wording & exclusions that commonly cause denials

Here are the contract phrases that cause the most grief:

  • Social-engineering exclusions: some forms exclude losses caused by deceptive instructions unless an endorsement is added — ask your broker to confirm coverage for BEC or funds-transfer fraud.
  • Employee definition gaps: ensure the policy includes temporary workers, leased employees, and contractors if they have access to funds.
  • Funds-transfer sublimits: many policies place a small sublimit on wire fraud; if you regularly wire large amounts, purchase a higher sublimit.
  • Discovery wording: check how the policy defines the discovery period — delays in noticing theft can be fatal to a claim.
  • Related-party exclusions: ensure the policy doesn’t exclude losses involving family or related entities without clear wording.
Finance manager monitoring a bank transaction alert on a computer screen with an authentication device nearby.
Finance manager monitoring a bank transaction alert on a computer screen with an authentication device nearby.

FAQ — quick answers

Will my cyber insurance cover BEC or fraudulent wires?
Sometimes. Cyber forms increasingly include social-engineering coverage, but amounts and exclusions vary. For reliability, request a specific commercial crime funds-transfer or social-engineering endorsement in addition to cyber coverage.
Can a bank reverse a fraudulent wire?
Sometimes, if you act immediately. Time matters — contact the sending and receiving banks and file an IC3 report. But bank recovery is unpredictable, so insurance remains your strongest backstop.
How much should a small business spend on crime insurance?
It depends on exposure. For many small businesses, $250k–$500k limits with sensible sublimits and a $2,500–$10,000 deductible are a reasonable starting point. Ask brokers to price multiple limit/deductible combinations.
Should I insure client funds separately?
Yes — coverage for funds-in-custody is distinct. If you hold client escrow or trust funds, discuss a specific coverage clause with your broker.

Conclusion — your immediate 7-point action list

  1. Implement dual-approval for all wires/ACH above $2,500 today.
  2. Require vendor bank-change confirmation by phone to a number on file (no email-only changes).
  3. Restrict who can initiate transfers in bank portals; use role-based access.
  4. Create a 1-page loss-packet template and store it in a shared drive.
  5. Ask your broker for a commercial crime quote with explicit funds-transfer and social-engineering endorsement.
  6. Document and save monthly reconciliations for the last 12 months — insurers ask for them.
  7. Train finance staff this week on social-engineering red flags and the vendor-verification process.
Warning / Caution: Insurance is a financial safety net — not a substitute for controls. Frequent preventable losses will raise premiums and may limit future coverage. Use insurance proceeds to strengthen controls and restore trust with customers and lenders.

Financial & Legal Disclaimer: This article is informational only and does not replace legal, accounting, or insurance advice. Policy wording, availability, and pricing vary by state and carrier. Consult licensed professionals before purchasing coverage.

Last updated: December 10, 2025