A Guide to Crime Insurance
Firms of all type and sizes are vulnerable to fraud. In fact, the PwC 2018 Economic Crime Survey revealed that 49% of global firms had suffered some form of incidences of fraud or economic crime in the preceding 24 months, 52% of which were perpetrated by people inside the organisation. The same survey showed that 40% of losses were perpetrated by an external party and one third of incidents involved some form of cybercrime.
Even though internal factors are a prominent source of fraud, external threats also remain high, this is as a direct result of the emergence and advent of new technology and new opportunities for criminals to exploit risk control systems and processes.
Types of Fraud
There are many different types of fraud. We believe the most significant types of fraud which can seriously affect your business include:
- Asset Misappropriation - the theft of company assets by an employee (also known as insider fraud).
- Financial/ Accounting Fraud- the practice of overstating revenue or earnings for example.
- Vendor Fraud – employees acting alone or in collusion with third parties, or fraud committed solely by third parties.
- Payroll Fraud – theft from a company’s payroll system including misuse of expenses
- Data Theft – includes theft of a company’s data, trade secrets, client lists or Intellectual Property (IP).
- Bribery/ Corruption- the act of employees receiving bribes or kickbacks from third parties in return for business opportunities.
Your company will probably have systems and processes in place to mitigate these risks and keep up-to-date with new threats, but even the most robust controls will still be susceptible to failure in today’s environment.
The above risks explain why an increasing number of Financial Institutions are purchasing Crime Insurance.
What is Crime Insurance?
Put simply, Crime insurance is a way that you can protect your company against financial losses as a result of criminal activity in the form of external fraud or employee dishonesty.
Which firms should purchase Crime Insurance?
Crime Insurance is recommended for firms of all types and sizes and it is particularly relevant to companies in the Investment Industry, Financial Services and Technology Sectors.
Smaller firms may not have the robust checks and processes of larger firms, but larger firms are likely to have more people accessing systems and accounts and risk can be magnified if your business has multiple locations or allows people to work remotely.
What is covered by a Crime Insurance policy?
A typical crime insurance policy will cover financial losses arising from dishonest, fraudulent and malicious acts of employees and third parties, including theft, forgery and computer theft. This can include:
- Funds transfer fraud - with instant worldwide fund exchange, it’s harder to intercept transfers to dummy vendors after the payment instruction has been given.
- Forgery - this might be a false signature on a contract or agreement that could potentially trigger losses amounting to millions of pounds.
- Employee theft - especially important with many businesses issuing company credit cards or holding valuable client assets. These risks are potentially not covered by your Office insurance, as generally it will require signs of forcible entry and/or exit.
A crime insurance policy can also can be extended to include;
- Costs of verifying, reconstituting or removing computer programs which have been involved in losses covered under the policy.
- Fraud cover for documents of value, securities, instructions, advices, faxes, currency and corporate card applications.
- Taking or misappropriation of your money, securities or property.
- Public relations (PR) costs – to manage reputational damage.
Who is classed as an ‘employee’?
This depends on the insurer and policy wording, but most would cover the following as ‘employees’:
- Directors and officers.
- Independent or freelance contractors working under a specific contract.
- Full or part time-employees, including interns, seasonal or temporary staff.
What is typically excluded from a Crime Insurance policy?
Examples of situations not covered under this type of policy are:
- Trade secrets and confidential information.
- Losses after you became aware of an insured incident.
- Unauthorised trading.
- Data reconstitution costs as a result of your failure to back-up data.
Is Crime insurance the same as Theft cover?
No, Crime insurance is not the same as theft insurance. Insurance against theft is typically included in a standard office policy.
With a theft insurance policy, evidence of forced entry into the premises is typically required before claims can be paid. A Crime insurance policy would not require forced entry for a claim to be covered.
Will it cover me for fraudulent acts committed by third parties?
Most Crime insurance policies will include some cover for fraudulent acts committed by third parties. For example, forgery, scams or theft of company property.
Does the policy cover losses which happened before the cover commenced?
Crime losses can take place over many months or even years before they come to light. Crime insurance policies have two elements which dictate whether a new claim is covered:
- Was it discovered during the period of insurance? Generally, Crime insurance policies are 12-month contracts that cover losses discovered and reported during the period of insurance. Crime insurance is a ‘claims made’ contract, i.e. it covers claims made during the period of insurance. Although it is also possible that if the crime event occurred prior to the policy incepting (but was only discovered during the policy term) that insurers may decline to pay the claim.
- Where a loss commenced prior to the period of insurance, Insurers will look at the ‘Retroactive Date’ in the policy. This is the first date from which you would be covered under the policy for crime losses.
Can I backdate a Crime insurance policy?
The ‘Retroactive Date’ would normally be the first date the insurance cover came into effect, or it could be an earlier date if this was specifically agreed at inception (which can sometimes invite an additional premium).
When you change insurers, it is important to make sure that the ‘Retroactive Date’ is maintained, otherwise you would be reducing the scope of your insurance cover.
If I allow a Crime insurance policy to lapse, can I report claims after the insurance has expired?
Usually not, although some policies will include an ‘Extended Reporting Date’ to allow losses to be reported after the policy expires in the event you do not renew this form of insurance.
How much cover should I buy?
This is dependent on the scale and nature of your business and the potential loss you could suffer through one, or a number of, crime events during the policy year. Typical minimum limits of liability start at £500,000.
Limits of liability are typically ‘aggregate’ (either including claim costs and expenses, or with costs and expenses in addition to the limit) but on occasion an insurer might provide an ‘any one claim’ limit.
An ‘any one claim’ basis means that the policy limit would effectively be reinstated and thus available for any subsequent claims. Importantly, these would need to be entirely separate, unrelated claims.
Will there be an excess on the policy?
Yes, there would normally be an excess included in the policy. For businesses in the Financial sector the excess may be at least £10,000 whereas General Commercial Businesses could be as little as £2,500.
What information is needed to get a quotation?
For a standalone policy you will usually have to complete a comprehensive proposal form, so an insurer can understand the risks that exist in your business.
The proposal form would go into some detail and focuses on:
- Distribution of employees, operations and revenue nationally and globally.
- Any past claims.
- What audit processes you have in place and the quality of these.
- Stringency and robustness of payment requests and processes.
However, if you are buying other types of commercial insurance, such as Professional Indemnity (PI) or Directors' & Officers' Liability (D&O) there can be a Crime insurance clause included as a bolt-on to these, allowing you to complete just one proposal form. A bolt-on is unlikely to be as comprehensive as a stand-alone policy therefore it is worth checking with your insurance broker that all the elements of crime cover you need for your business are included.
Do Crime Insurance policies have specific warranties or conditions?
We would generally expect to see some, or all, of the following exclusions as standard:
- A money laundering exclusion – legal liability as a direct result of acts which constitute breaches of money laundering legislation.
- Property Damage exclusion – damage to the office building itself and losses to property within the building are only covered if they’re the result of a malicious act by an employee.
- Market Abuse exclusion – claims relating to ‘Market Abuse’ as defined under the Financial Services and Markets Act 2000.
- Director / Major shareholder fraud exclusion – internal fraud losses resulting from a director or major shareholder in the business. The definition of ‘Major’ varies between insurers but is often around 25%
Some of these would already apply to a Professional Indemnity or Directors’ & Officers’ Liability (D&O) policy anyway and the wording may have general exclusions that apply to all insuring clauses (e.g. bodily injury exclusion).
However, an insurer may additionally apply a:
- Dual signature requirement – where more than one signatory is required to instigate fund transfers from company bank accounts.
- Dual verification process requirement regarding payments – this is an agreed procedure for checking the authenticity of payment instructions (such as telephoning a confirmed contact on receipt of a payment request by email).
- A partial or total cybercrime exclusion (particularly if cyber liability is separately insured) as there is a potential crossover between crime and cybercrime. Cybercrime is likely to be more appropriately covered under a specific cyber liability policy.
What precautions should a business take to prevent Crime?
Whilst it might be impossible to prevent crime losses, insurers will expect you to take reasonable precautions, such as:
- Frequently auditing or reviewing high risk operations, e.g. procurement, finance and sales.
- Implementing systems and controls to mitigate risk, e.g. IT and security, recruitment, finance authorities and dual signatures, segregation of duties and pre-employment screening.
- Establishing and maintaining a whistleblowing policy and culture.
- Training to ensure employees know what constitutes fraud.
- Obtaining employment histories, criminal record information and potentially credit checks for employees in sensitive positions.
- Developing a fraud response plan.
How much does Crime Insurance cost?
This will very much depend on the information presented to insurers about your firm’s processes and any procedures in place to prevent crime losses. However, as a very general rule, insurers may apply a 15%-25% additional premium to add Crime insurance cover to an existing SME Professional Indemnity (PI) or Directors' & Officers' Liability (D&O) policy (if the limit is shared with the PI/D&O).
If there are separate limits in place for each cover, a higher additional premium will apply.
Crime insurance cover can be bought separately with minimum premiums for a £1,000,000 limit typically starting from £2,500 for General Commercial Businesses and £5,000 for firms in the Financial sector. This is, of course, dependant on a number of factors.
Actual Crime Examples
A Local Authority
The contracts manager was found to be awarding building repair and maintenance contracts based on factors other than the authority’s best interests, namely the size of the bribe he was paid. It transpired that one contractor extended his house for free and another installed a swimming pool. A suspiciously large number of holidays were also taken by the contracts manager during the period. The insured was estimated to have lost in excess of £1,000,000 from the fraud.
An Insurance MGA
The claims manager instructed a firm of solicitors to review the overall claims handling and reserving over a number of files. Like most of these things it started off small with only a few files involved, as time went on the reviews involved more and more of the MGA’s files. Each review incurred a bill.
It transpired that the firm conducting the review was owned by the claims manager’s spouse, registered in her maiden name. No reports were ever written, and the MGA was billed for and paid several million pounds. As the fraud was kept relatively small and limited to a number of files, it took time to discover the infidelity. It was only when the activity scaled up and the firm became one of the MGA’s top 3 service providers that fraud came to light.
Forgery – A luxury car sales company
An individual came into the showroom seemingly representing one of the Middle Eastern ruling families and looking to purchase a number of luxury cars on their behalf. This sort of transaction was by no means unusual as the ultra-rich often use agents to do their purchasing.
Prices were agreed along with delivery dates. The agent paid with a bankers’ draft, which was again not unusual. The draft turned out to be a forgery. The loss to the client was over £2,000,000 and the cars were never recovered.