Commercial crime – insurance and risk issues from COVID-19

Traditionally business was at risk of fraudulent conduct by employees from theft of money. Fidelity insurance would cover such exposure. Over time, exposure to “direct financial loss” suffered by business has evolved. Third-party collusion and most recently, technology, are key emerging trends in criminal activity causing companies to suffer loss of money they hold.

Presently, frequency losses are resultant of imitation fraud causing erroneous transfer of funds.  That is, a perpetrator imitates a party in a transaction, and proceeds to induce payment for the fraudster’s benefit. This is otherwise known as “social engineering” fraud”: all businesses are exposed to this risk.

Commercial crime cover indemnifies the policyholder for both “internal” and “external” fraudulent acts causing business “direct financial loss” of “Money” and “Tangible Property”. Cover may extend to:

  1. fraud or dishonesty committed by an Employee, whether acting alone or in collusion with others;

  2. computer fraud committed by a third party;

  3. funds transfer and credit card fraud;

  4. unlawful taking of ‘money’ from the policyholder’s premises, or bank, or whilst in transit to and from premises/bank, or whilst being held by a director or employee at their premises;

  5. alteration of a financial instruments such as cheques, bonds, currency and travellers’ cheques.

Coverage is very different across the insurance market for crime. Where cover is extended under a management liability policy, brokers and their clients should be very careful as to insurers’ intent. There have been many insurers who do not price crime risk accordingly, and in the event of a claim take adverse coverage positions.

Steps to take

There is overlap between crime, industrial special risks and cyber policies. As such risk management required by insurers will be common across those products:

  1. training on ‘social engineering fraud’, in particular, strict measures on thorough identification of authors requesting transfers;

  2. multi-factor authentication;

  3. vulnerability and penetration testing of network;

  4. ensuring strict security and facilities management during an unoccupancy of premises.