Skip to Content
Property Insurance

Crime—Getting More Out of the Policy

William Austin | April 1, 2010

On This Page
A hand signing a document

"Russia is a riddle wrapped in a mystery inside an enigma."

Let me see a show of hands. How many risk management professionals really spend time reading crime policies to understand coverage? Hmm? Have you pondered issues such as "loss sustained" and "discovery" as they relate to crime insurance? Some hands go up, several stay down, and many falter between up and down.

Crime seems to be an insurance area often glossed over by agents, brokers, and insureds. Could it be that Mr. Churchill was really thinking about crime insurance and meant to say it is a riddle wrapped in a mystery inside an enigma? Probably not, but it seems to summarize how some of our risk management community views crime insurance. In this article we will examine ways to enhance crime coverage for the insured organization.

Many crime insurers completely follow Insurance Services Office, Inc. (ISO), crime policy filings while others (Hartford, Chubb, Travelers, etc.) may use independent filings that use portions of ISO wording and some of their own. This means it is possible to have coverage proposals from two or more insurers that have different coverage terms and conditions in addition to "loss sustained" and "discovery" coverage triggers. While the differences may be subtle, they should be identified and understood prior to binding coverage. The risk management professional needs to understand crime exposures and coverages available to determine what is best for the insured organization.

For our analysis, we will use ISO discovery policy form CR 00 22 05 06 and loss sustained policy form CR 00 23 05 06. These forms are used for monoline policies and are the basis for crime coverage when provided within a package policy: CR 00 20 05 06 for discovery and CR 00 21 05 06 for loss sustained. The Surety and Fidelity Association of America, formerly known as Surety Association of America, is an organization similar to ISO and files crime forms for its members. This discussion is limited only to crime forms filed by ISO.

Coverage Triggers—Discovery or Loss Sustained

The coverages available in an ISO crime policy are the same whether it is a discovery form or loss sustained form. The difference between discovery and loss sustained is akin to liability policy coverage triggers: "claims-made" (discovery) and "occurrence" (loss sustained). The difference in coverage triggers can have repercussions similar to that found in liability policies especially if an insured goes from a discovery policy form to loss sustained without noting the "trigger" differences. Some crime forms state the trigger as a subtitle on the first page, stating clearly "Discovery" or "Loss Sustained," while others do not. The risk management professional must read the policy to determine which trigger is used.

What is meant by a "coverage trigger"? The coverage trigger is the policy coverage grant found in the Insuring Agreement that states what must happen when a loss event occurs or becomes known to the insured. In a "discovery" policy we learn that coverage:

applies to loss that you (insured) sustain at any time which is "discovered" by you (insured) during the Policy Period shown in the Declarations or during the period of time provide in the Extended Period to Discover Loss Condition E. 1. j.

In a loss sustained policy, we can begin to see the difference when its trigger is defined as:

applies to loss you (insured) sustain resulting directly from an "occurrence" taking place during the Policy Period shown in the Declarations, except as provided in Condition E.1.o. or E.1.p., which is "discovered" by you during the Policy Period in the Declarations or during the period of time provided in the Extended Period to Discover Loss Condition E.1.j.

Discovery form key words are "... loss ... discovered during the Policy Period ... or in the Extended Period to Discover Loss Condition" which is different that the loss sustained form:

... loss ... resulting directly from an "occurrence" taking place during the Policy Period ... except as provided in Condition E.1.o or E.1.p which is discovered in the Policy Period ... or during the period of time provided in the Extended Period to Discover Loss Condition.

The crime triggers are similar to the concept of "occurrence and "claims-made" in liability policies: "loss sustained" to "occurrence" and "discovery" to "claims-made."

Why use one trigger over another? Crime policies have traditionally used loss sustained triggers as discovery is a more recent basis of coverage. The coverage trigger may be the preference of the insurer issuing coverage and continued use of loss sustained simply the ongoing renewal of a crime policy from an incumbent insurer. Some insurers issue more crime policies on a "discovery basis" while others may allow the insured, agent, or broker to decide when, if ever, to move from loss sustained to discovery. There should be little premium difference between a discovery form and a loss sustained form.

Each trigger is an acceptable way for an insured organization to obtain crime coverage. The major difference between the two triggers is the discovery option allows the insured's current policy to address loss that occurs prior to the policy effective date. Since coverage expansion (i.e., purchase of additional insuring and increased limits) usually occurs going forward, a current policy may have more coverage when loss is discovered than may have been in place at time of loss (i.e., act of embezzlement). This coverage enhancement should be considered by the risk management professional—whether insured, agent, or broker—whenever a loss sustained policy comes up for renewal.

Moving from loss sustained to discovery coverage may cause the insurer (incumbent or new) to underwrite the overall exposure more closely than that conducted for prior renewals. The insurer will pay special attention to controls and situations that existed prior to the prospective policy period as well as that which is current practice of the insured. If the insurer is not comfortable with certain exposure years prior to the one proposed for discovery, it may limit its discovery exposure by use of a retroactive date (ISO endorsement CG 50 06, "Include Retroactive Date for Named Insured") similar in concept to the one used in the claims-made liability policy.

The risk management professional will need to review the potential coverage impact from use of the retroactive date to ensure that change from loss sustained to discovery is otherwise seamless in coverage to the insured. The ISO discovery form currently in use (as identified in this article) includes "policy bridge" wording to eliminate possible duplication of coverage that may occur from an extended coverage period provided under the loss sustained form in effect prior to inception of the discovery form.

What happens if current discovery coverage is not available at renewal and only loss sustained coverage is being offered? In ISO discovery forms, an extended period to discover loss provision is included in the standard policy form. The provision allows the insured to report loss discovered no later than 60 days from date of cancellation but not after any other crime coverage is obtained by the insured—with the current insurer or other. The extended discovery period is 1 year from the date of cancellation for loss discovered by an employee benefit plan.

Will the loss sustained policy that replaces the discovery policy provide coverage for loss discovered within the loss sustained policy but which occurred prior to the effective date of loss sustained coverage? Yes, provision is made for this type of event as long as the prior coverage ended at the date that current coverage became effective, and the loss would have been covered under the loss sustained policy had it been in effect at the time of occurrence. It is recommended that expiring and renewal policy conditions be reviewed carefully to ensure that all discovery and loss sustained issues are understood and dealt with prior to changing policy forms on the renewal date.

Named Insureds

The most important part of an insurance policy is the named insureds. If an entity is not listed specifically or within an omnibus clause, then it is not covered by the policy. Oftentimes, only one named insured is listed in crime policies. This should not be an issue if there are no other entities or if an omnibus clause picks up all other entities. An omnibus clause should be considered whenever more than one entity is subject to crime exposure and when the clause will adequately insure all entities without being specified as named insureds.

For example, Bill, Bob, John, and Steve equally own 100 percent of the shares of ABC Manufacturing Company, which in turn wholly owns 4 subsidiary entities. Bill, Bob, John, and Steve own 100 percent of BBJS Realty Trust, which owns the building that is rented to ABC Manufacturing Company. Will the omnibus clause written for ABC Manufacturing Company necessarily include the 4 subsidiary entities and BBJS Realty Trust? Probably not, since most omnibus clauses state that other entities are covered automatically as long as majority owned by the named insured, which in this case is ABC Manufacturing Company. Since BBJS Realty Trust is not owned by ABC Manufacturing Company, it falls outside the omnibus clause. BBJS Realty Trust needs to be identified as a specially identified named insured in the crime policy. The subsidiaries can be included via an omnibus clause.

Employees of One Insured

The first insuring agreement in most crime policies is theft by an employee. Sometimes several entities may be insured specifically or by omnibus clause. Does including each entity specifically or by omnibus necessarily provide coverage for theft by an employee? Maybe not. Often, only one entity has employees, and its employees handle administrative tasks (accounting, cash management, payables, etc.) for the other insured entities. If an employee of ABC Manufacturing Company steals from BBJS Realty, will the act of embezzlement be insured? Maybe. It will depend if the policy form directly or by endorsement if it states "an employee of any insured is considered to be an employee of every insured." This type of wording is found in the "Joint Insured" section of the ISO crime forms described in this article. Similar wording should be found in other policies or added by endorsement.


A critical point in any insurance policy is an appropriate limit. How does one establish an adequate coverage limit? For exposures such as theft or burglary leading to loss inside or outside the premises, it can be relatively easy, as one should be able to quantify the maximum amount of cash and securities on premises at any one time. It becomes more complex for coverages such as employee theft, forgery/alteration, computer fraud, and fraudulent funds transfer. There is not any credible formula available to allow an insured to gauge limits needed for these exposures. We are aware of an employee dishonesty limit formula that was published by the Surety Association of America many years ago. Since we cannot comment on its credibility, we are unable to offer any commentary on whether this formula is a sound resource for the risk management professional.

There are several ways for the insured organization to view limit adequacy. First, what is common for similar organizations in the insured's industry peer group? Peer group information must be used knowing that many variables may influence a given insured's limit, such as risk tolerance, cost of insurance, past loss history, availability of limits. Second, discuss limits with an independent auditor to determine what limits are used by other clients of the audit firm, taking into consideration the crime experience of the audit firm's clients. Third, discuss crime losses paid or known to the insured's crime insurer to establish a benchmark on what type event(s) can occur to the insured organization.

A guideline we use in consulting assignments is to set a reasonable limit for employee theft and use the same limit for forgery/alteration, computer crime, and fraudulent funds transfer. If information exists that suggests one of these coverage areas has more exposure than theft by an employee, then the coverage limit should be increased.

Computer Crime/Fraudulent Funds Transfer

Nearly every organization today relies on some form of electronic tool in its banking activities, including cash management as well as for internal core systems, such as order entry, billing, inventory controls, and accounts payable. The main tool used is the organization's computer system, which may be linked to other systems, including one or more banking institutions.

The Internet is a great conduit for the insured organization to gain access for critical services as well as become a means for thieves to gain access to the insured organization's computer system. Computer Fraud coverage is provided in ISO Insuring Agreement 6. Coverage is provided for loss or damage to money, securities, and other property which results directly from use of any computer to fraudulently cause a transfer of insured property from inside the insured's premises or a banking premises to a person or place outside of the insured's or banking premises. Computer crime coverage is a must for all organizations today. The absence of this coverage leaves an organization open to a potentially sizeable uninsured exposure.

A general weakness found in many crime insurance policies is lack of coverage for fraudulent funds transfer, which is ISO Insuring Agreement 7. Coverage is provided for loss of funds resulting directly from a fraudulent instruction that directs a financial institution (bank) to transfer, pay, or deliver funds from the organization's transfer account. Note that this coverage does not rely on a computer, thus this coverage supplements that provided to the insured organization by Insuring Agreement 6—Computer Crime. A common exposure for many organizations is a transfer of funds by electronic instruction (wire, telefacsimile) or voice initiated transfer (telephone). The term "Fraudulent Instruction" in ISO forms means:

  1. An electronic, telegraphic, cable, teletype, telefacsimile or telephone instruction which purports to have been transmitted by you (Insured), but which was in fact fraudulently transmitted by someone else without your knowledge or consent;
  2. A written instruction (other than those described in Insuring Agreement A.2.—Forgery or alternation) issued by you, which was forged or altered by someone other than you without your knowledge or consent, or which purports to have been issued by you, but was in fact fraudulently issued without your knowledge or consent;
  3. or An electronic, telegraphic, cable, teletype, telefacsimile, telephone or written instruction initially received by you which purports to have been transmitted by an "employee" but which was in fact fraudulently transmitted by someone else without your or the employee's knowledge or consent.

The premium charge to add computer crime and fraudulent funds transfer to the crime policy is usually reasonable and commensurate to that charged for the employee theft coverage. The deductible used for employee theft can be used for these two coverages as well. Increased deductibles for these coverages can be considered and implemented as deemed cost effective.


Changing crime insurance and/or an insurer may risk accepting changes in coverage terms and conditions, knowingly or not. Obtaining, reviewing, and understanding a specimen crime policy is recommended to avoid coverage gaps during any renewal process. Review all insuring agreements to ensure that the insured organization's coverage evolves and is consistent with its exposure from technology areas, such as computer crime and fraudulent funds transfer.

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.