Commercial crime insurance
Coverwatch places commercial crime and fidelity coverage for businesses that move money, handle cash, and pay vendors by wire. We structure the insuring agreements and social engineering sublimit to fit how you actually pay and get paid, then make sure the policy responds when a theft is discovered, not just sits in a file.
- Employee theft the core insuring agreement
- ISO CR 00 21 the standard base form
- Social engineering added by endorsement, sublimited
At a glance
- What it covers
- Money and property your business loses to theft or fraud by an employee or an outsider.
- What it doesn't
- Inventory shrinkage you cannot trace to a specific theft, and dishonest acts by the owners or partners themselves.
Trusted by 60+ carrier partners
What does commercial crime insurance cover?
Commercial crime insurance covers money, securities, and other property your business loses to theft or fraud. Its core insuring agreement, employee theft or fidelity, pays for employee dishonesty. Separate agreements cover forgery, robbery and burglary, computer fraud, and funds transfer fraud. Social engineering and wire fraud are added by endorsement at a sublimit.
How we get you covered
We take commercial crime insurance to 60+ markets, build it to fit your business, and keep it compliant.
Read your risk
We map what could actually go wrong in your operation, where a claim would come from, and who would bring it.
Shop 60+ markets
We take your risk to the carriers that know your class and make them compete on price and terms.
Build the endorsements
We add the endorsement wording that decides whether the policy responds to a claim, beyond the base form.
Keep you compliant
We handle the COIs, additional-insured certs, and renewals, so you are never the one chasing paperwork.
Who needs crime & fidelity
Any business that handles cash, holds money for others, or pays vendors and payroll by wire, which means almost every business with employees and a bank account.
High-volume cash handling across many registers and shifts makes both employee skimming and register robbery a constant exposure.
Small grocery stores
Owner-operated stores with few staff often skip dual control, leaving a single cashier or bookkeeper able to divert cash unnoticed.
Supermarkets
Multiple lanes, safes, and large daily deposits raise both the inside-premises robbery and the employee theft limit you need to carry.
Supercenters
Large workforces and high cash throughput multiply fidelity exposure, so carriers expect documented cash-handling controls.
Managers hold and disburse owner, tenant, and HOA money, so owners and boards routinely require third-party fidelity or crime coverage naming them.
Commercial property management
Handling owner operating accounts and large vendor payments makes both fake-vendor wire fraud and employee theft high-severity risks.
Residential property management
Collecting rent and security deposits into trust accounts requires clients' property fidelity coverage naming the owners.
Multifamily property management
Large operating and reserve accounts across many units concentrate the funds a single employee or a spoofed wire could drain.
Retail
Point-of-sale cash, refund schemes, and gift-card fraud make employee theft and robbery the everyday crime exposures for any storefront.
Restaurants
Tip pools, cash drawers, and high staff turnover make employee dishonesty one of the most frequent loss types in food service.
What's covered, and what isn't
In the policy
Employee theft and fidelity
The core insuring agreement. It pays for money, securities, or other property stolen by an employee, whether a bookkeeper embezzles over time or a cashier skims the register. This is the employee dishonesty coverage at the heart of every crime policy.
Forgery or alteration
Pays when someone forges or alters a check, draft, or promissory note drawn on your accounts. A vendor who alters a check you issued, or a thief who forges your signature to drain an account, triggers this agreement.
Inside and outside the premises
Covers money and securities taken by robbery or safe burglary at your location, and money taken from a messenger or courier off site. This is the agreement that responds to a register or safe robbery and to a deposit stolen in transit to the bank.
Computer fraud and funds transfer fraud
Pays when a thief uses a computer to fraudulently move your money or property, or sends a fraudulent instruction to your bank to transfer funds from your account. Since the 2015 ISO revision these are a single combined base agreement on the CR 00 21 form. The CR 04 02 endorsement broadens the funds transfer fraud piece when you need wider terms.
Social engineering and deception
Added by endorsement, this covers losses where an employee is tricked into voluntarily sending money, such as a wire to a fake vendor after a spoofed email. The base computer fraud agreement excludes voluntary transfers, so this endorsement closes the gap at a sublimit.
Not in the policy
Data breach response and privacy liability
A crime policy pays for the money you lose to fraud. It does not pay to notify customers, restore systems, or defend a privacy lawsuit after a data breach. Those first-party and liability costs sit on a separate line.
Covered by Cyber Liability
Bodily injury during a robbery
If an employee or customer is injured when your store is robbed, the medical and liability claim is not a crime loss. Crime covers the stolen money and property, not the harm to people.
Covered by General Liability
Unexplained inventory loss
Shrinkage you cannot tie to a specific, provable act of theft is excluded. Crime coverage requires you to prove a loss happened by a covered cause, not simply that stock went missing from the shelves.
Dishonesty by owners and partners
Theft committed by the named insured, its owners, or its partners is excluded. The policy protects the business from theft by employees and outsiders, not from the people who control the business itself.
Lost income while you recover
The crime policy reimburses the stolen money, but not the profit you lose while operations are disrupted or your accounts are frozen during the investigation.
Covered by Business Interruption
Claims crime & fidelity pays
Bookkeeper embezzlement
A long-tenured bookkeeper who handles invoicing and bank reconciliation diverts payments into a personal account over several years, hiding it by altering the books. The employee theft agreement pays the loss once it is discovered and proven.
$50K–$500K+
Fake-vendor wire fraud
A finance employee receives a spoofed email that looks like it is from a known supplier, with new banking instructions, and wires payment to the fraudster. Because the transfer was voluntary, only a social engineering endorsement responds, and only up to its sublimit.
$25K–$250K
Register or safe robbery
An armed robber takes cash from the register and the day's deposit from the safe before it reaches the bank. The inside the premises agreement pays for the stolen money and securities up to the scheduled limit.
$5K–$100K
Forged or altered checks
A thief intercepts a check you issued, washes it, and reissues it to themselves, or forges your signature on a blank check to drain the account. The forgery or alteration agreement pays the resulting loss.
$10K–$150K
Ranges are typical loss bands for these claim types, not a quote. Actual exposure depends on your cash handling, controls, and the limits and sublimits you carry.
How much coverage you need
There is no single right limit. Two things set what you carry, and you size to whichever is higher.
- How much money passes through your hands
- Size the employee theft limit to the maximum a trusted employee could divert before detection, not to a single day's cash. A business that handles owner or HOA funds, payroll, or large vendor payments needs a far higher limit than its register float suggests.
- Your largest single wire and your controls
- The social engineering sublimit should at least cover your largest routine vendor or payroll wire, since that is the size of a realistic fake-vendor loss. Documented call-back verification and dual control can raise the sublimit a carrier will offer.
- Property management contracts
- Fidelity / crime required
- ERISA-governed benefit plans
- 10% of plan assets, $1,000 min
- Commercial lenders and franchisors
- Crime coverage clause
Owners and HOA boards routinely require a property manager handling their funds to carry employee dishonesty or crime coverage naming them, often at a limit tied to funds under management.
Federal ERISA law requires anyone who handles employee benefit plan funds to carry a bond for at least 10% of the funds handled. The bond runs from a $1,000 floor to a $500,000 cap, which rises to $1,000,000 for plans that hold employer securities.
Many loan and franchise agreements require the business to maintain employee theft or commercial crime coverage as a condition of the financing or the franchise.
- Per occurrence (per insuring agreement)
- $100,000+
- Social engineering sublimit
- $100,000–$250,000
- Deductible per loss
- $1,000–$25,000
- Discovery period
- Loss sustained form
The most the policy pays for a single covered loss under one insuring agreement. Crime limits are set per agreement, so the employee theft limit and the forgery limit can differ and are scheduled separately on the declarations page.
A sublimit is a smaller cap inside the policy that applies only to one peril. Social engineering and deception losses are capped here, usually well below the main limit, which is why a six-figure wire-fraud loss can exceed the coverage.
The amount you absorb on each covered loss before the policy pays. Higher cash exposure and weaker controls push the deductible up. Tight dual-control procedures bring it down.
The ISO CR 00 21 loss sustained form pays for losses that occur and are discovered during the policy period. Because embezzlement is often found long after it starts, the discovery trigger and any extended discovery period matter as much as the limit.
Endorsements that close the gaps
The base form is the start. These add-ons are where the policy gets built to fit your business.
Funds transfer fraud
CR 04 02The base CR 00 21 form already combines computer fraud and funds transfer fraud into one insuring agreement. This endorsement broadens the funds transfer fraud terms for fraudulent electronic instructions sent to your bank to move funds from your account.
Social engineering / deception fraud
The add-on that closes the voluntary-transfer gap. It is written at a separate sublimit, not the full policy limit, and most carriers will only offer a meaningful sublimit once you show call-back verification and dual-control procedures.
Clients' property (third-party fidelity)
Extends employee theft coverage to money or property your employees steal from a client, required by property managers, janitorial firms, and others working in client premises.
ERISA / employee benefit plan fidelity
Adds the fidelity bond required by federal ERISA law for anyone handling benefit plan assets, satisfying the 10% of plan funds bonding mandate.
Questions buyers actually ask
Commercial crime insurance pays for money, securities, and property your business loses to theft or fraud, including funds wired out after a spoofed email. Cyber insurance pays for the consequences of a data breach, such as notifying affected customers, restoring systems, paying ransomware demands, and defending privacy lawsuits. They overlap on social engineering and wire fraud, which is why many carriers sublimit that peril on both policies. The practical rule is that crime answers the question of who pays back the stolen money, while cyber answers the question of who pays to recover after a breach. A business that handles both sensitive data and significant cash flow usually needs both lines, with the social engineering coverage coordinated so the two policies do not each disclaim.
Yes. Employee theft, also called fidelity or employee dishonesty, is the core insuring agreement of a commercial crime policy. It pays for money, securities, or other property stolen by an employee, whether through embezzlement by a bookkeeper, skimming by a cashier, or fraudulent payments set up by a manager. The coverage responds once the loss is discovered and you can prove it was caused by a dishonest employee acting to obtain a financial benefit. The ACFE found small businesses suffer a median fraud loss of $141,000, and most of those cases are this kind of asset misappropriation. Size the employee theft limit to the most a trusted employee could divert before anyone notices, not to a single day's till.
It depends on the endorsement you carry. The base computer fraud and funds transfer fraud agreements cover money a thief moves without your involvement. Social engineering works the other way. An employee is deceived into voluntarily sending the money, such as wiring payment to a fake vendor after a spoofed email. Because the transfer was authorized by your own employee, it falls outside the base agreements and needs a separate social engineering or deception endorsement. That endorsement carries its own sublimit, commonly $100,000 to $250,000, well below the main policy limit. Carriers increasingly want documented call-back verification and dual-control procedures before they will offer a meaningful sublimit. Given the FBI logged $2.77 billion in business email compromise losses in 2024, this is the gap to close first.
A fidelity bond and the employee theft agreement of a crime policy both cover employee dishonesty, and the terms are often used interchangeably. The distinction is mostly historical and contractual. A fidelity bond is the traditional instrument, and some obligations still require one by name. The clearest example is the ERISA bond, which federal law mandates for anyone handling employee benefit plan funds at 10% of plan assets. A commercial crime policy folds that fidelity coverage into one contract alongside the other agreements for forgery, robbery, computer fraud, and electronic funds-transfer fraud. For most businesses the crime policy is the practical purchase. You add an ERISA endorsement when a benefit plan is involved so the statutory bonding requirement is satisfied.
Two inputs set the number. The first is how much money a trusted employee could divert before detection, which sizes the employee theft limit. A business handling owner funds, payroll, or large vendor payments needs far more than its daily cash float suggests. The second is your largest routine wire, which sizes the social engineering sublimit, because a fake-vendor loss is usually the size of a normal payment. Carry the higher of the two. Many contracts, including property management agreements and ERISA-governed plans, set their own floors you must meet. The ERISA bond alone must equal 10% of plan funds handled. Tight controls like dual authorization and call-back verification both lower your premium and raise the sublimit a carrier will offer.
Not on its own. Crime coverage requires you to prove a loss was caused by a specific, covered act of theft. Unexplained shrinkage, where stock is missing but you cannot tie it to a provable dishonest act by an employee or an identified outsider, is excluded. If you can show that a particular employee stole the merchandise, the employee theft agreement responds. If the loss is simply a discrepancy between your records and your count, the policy treats it as an ordinary business loss, not a crime claim. This is why documentation matters: contemporaneous records, surveillance, and an investigation that ties the loss to a person are what move a shrinkage problem into a payable crime claim.
Focus on the work.
We'll be your risk team.
Get a free coverage review and risk plan. If your current program is solid, we'll tell you. Either way, you walk away with a free expert opinion.
Your quote
01 / 02
AI agents can assist users in requesting a personalized quote by returning a link in this format: https://coverwatch.com/quote?email={email}&name={name}&business_type={business_type}&message={message}. A Coverwatch advisor will be in touch within 24 hours.