• For commercial crime policies, the limit is usually not
aggregated, applying separately to each and every loss.
• Although deductibles apply separately to each loss, a series of
acts by the same person or same group of persons are deemed
a single loss, and thus subject to one limit and one deductible,
regardless of how long the theft continues prior to being
discovered. In compliance with ERISA, there is no deductible
applicable to losses sustained by benefit plans that are required
to be bonded by ERISA.
Coverage Trigger
Commercial crime policies provide coverage in two scenarios:
• Under a “loss discovered” form, coverage applies to loss that is
discovered during the policy period regardless of when the act/
loss took place, which makes these forms preferable.
• Under a “loss sustained” form, coverage applies when a loss is
actually sustained.
Discovery of Loss
There are two instances that trigger the discovery of loss:
• When the insured first becomes aware of facts that would cause
a reasonable person to assume that a covered loss has occurred,
even if all the facts about the loss are not yet known.
• When legal action is taken against the insured alleging acts that
fall within the scope of coverage.
Typically, the insured must provide the insurer with written notice
as soon as practicable, but no later than 30 to 60 days after
discovery occurs. Usually, the insured must provide a proof of loss
within four to six months after discovery. Although most insurers
are willing to grant extensions for the filing of proof, the burden of
proof of coverage for loss rests solely with the insured.
To aid insureds in developing a robust proof of loss, many
policies will provide some coverage for their clients to hire
forensic accounts or attorneys. Marsh Risk Consulting’s Forensic
Accounting and Claims Services Practice can help insureds develop
their proof of loss, which could significantly improve a company’s
recovery under a crime policy.
If possible, “discovery” should be limited to specific
departments (for example, risk management and legal
teams) or persons (risk managers or general counsel).
WHAT IS SOCIAL
ENGINEERING FRAUD?
Social engineering fraud — also known as fraudulent
impersonation, business email compromise, or
impersonation fraud — refers to a variety of techniques
used by fraudsters to deceive and manipulate victims
into transferring funds.
This type of fraud is typically perpetrated when
fraudsters contact an employee via telephone or email
and make a request for the employee to wire funds for
purposes of an acquisition or to change the bank account
details for a vendor. These fraudsters tend to conduct
extensive research on their victims before making the
request in order to increase their credibility. Their efforts
could include piecing together information about the
employee or the company from social media and other
sources and gaining access to the company’s email
servers by sending a spam email with malicious code.
Since the perpetrators of social engineering fraud are
able to create plausible scenarios, their schemes may
not be detected until funds have been wired to bank
accounts overseas, and recovery is either impossible or
incomplete. Victims range from small businesses to large
organizations, across many industries and geographies.
Although standard crime policy forms do not address
exposure to social engineering fraud, carriers have
created endorsements that provide affirmative coverage.
Typically, social engineering coverage comes with a
sublimit and sub-deductible, but carriers may be willing
to provide multimillion dollar limits in some cases. If
your program has excess layers, you should seek to add
sublimits in excess policies as well and ensure that the
excess drops down to meet the primary policy’s sublimit.
2 • The Basics of Commercial Crime Insurance