Crime Insurance
Managing employees and protecting your company against theft and fraud has always been a challenge. While the intent and motivation behind these crimes is always the same, the crimes themselves have evolved considerably, maturing into more complex, sophisticated schemes. Computers and networked environments have changed the tools available to criminals while technology has placed a tremendous value on intellectual property such as trade secrets, specialty algorithms, software, client data, analytics and digital currency, challenging the very idea of “corporate assets”. Many companies operate with the false presumption that corporate crimes are already covered under their liability policy or commercial package, however, in most cases coverage is non-existent or limited. Usually purchased in conjunction with directors and officers insurance (D&O), crime insurance policies (also known as fidelity coverage) provide organizations balance sheet protection for damages arising from:
- Funds transfer fraud
- Theft of clients’ property
- Employee theft and employee fraud
- Crimes committed by executives or partners
- Credit card/check fraud
- Vendor/supplier fraud
- Payroll schemes
- Social engineering (also known as business email compromise and CEO fraud)
Internal crimes committed by employees often begin by studying the vulnerabilities of internal controls, “testing the waters” with small scale crimes, these schemes can be particularly difficult to identify, often only being realized after they have inflicted considerable financial damage. Disgruntled employees and those that feel undervalued or underpaid are also more likely to commit workplace theft. Employees that have been terminated are particularly likely copy sensitive/protected data, as they often feel as though they have an ownership stake in it. Statistics compiled from the Certified Fraud Examiners indicates:
- 34% of employees in their 20’s believe stealing from their employer is justified
- Average loss is 140k
- 20% of losses exceeded 1 Mill
- Average time to detect loss: 18 months
- Industries most affected: Finance, Tech, Retail, Healthcare and Hospitality
These crimes are not limited to employees however - organizations also face threats from outside parties. One such emerging “outside” risk, known as CEO fraud (social engineering fraud) effectively highlights the sophistication of these crimes. In these schemes, criminals become acquainted with a company and its employees, creating fictitious email accounts that mimic valid email addresses - once familiarized with the organization and format of internal requests (from studying prior emails), they will often commit these crimes when the CEO/CFO is away on travel, requesting the transfer of funds to the perpetrator’s bank account. Account takeover (also known as warranty fraud) is another particularly advanced form of engineered crime.
With the landscape shifting, many insurance companies have been a bit slow to evolve. Many crime insurance policies are still crafted to cover more traditional forms of employee theft, but may not cover the true exposure of an organization. At GB&A we assist our clients with "coverage to exposure" analysis and crafting well structured management liability programs.