ISO COMMERCIAL CRIME
COVERAGES UNDERWRITING CONSIDERATIONS
(January 2026)
The underwriting
process for commercial crime begins with examining the coverage form or policy
under consideration, understanding the dishonest acts it covers, and
determining the type of property to be insured. Given these aspects, it’s
crucial to assess the risk of loss to the business and carefully review its
existing measures to prevent or deter fraudulent or dishonest acts.
Related Articles:
ISO Commercial Crime Coverage
Forms and Policies Analysis
ISO Commercial Crime Coverages
Available Endorsements and Their Uses
There are two general
categories of coverage and types of losses for Commercial Crime.
The first category concerns
offenses committed by employees. This is referred to as Fidelity. This was previously
designated as employee theft by ISO prior to the 06 22 edition.
With the 06 22 edition, ISO introduced a new Insuring Agreement, Fidelity,
now designated as
A.1 Fidelity Insuring Agreement, which includes employee theft
and extends coverage to ERISA Plan Officials and Employee Theft
of Client's Property.
The second category involves
crimes committed by individuals who are not employees. Traditionally, these
coverages are known as Money and Securities Coverage, 3–D Coverage, Open Stock
Burglary, and other miscellaneous titles. ISO now refers to them as Insuring
Agreements and uses descriptive titles to specify each coverage.
Some examples include:
While the categories
share similarities regarding ultimate loss and payments, the controls required
for each differ significantly, and underwriting efforts should account for
these distinctions.
Employees who steal
from their employer betray the trust placed in them. Therefore, exposure
analysis involves assessing each employee’s trust level, which typically
reflects the extent to which they control company assets. Employees generally
fall into two categories: those who manage money and those who handle
inventory. Both can inflict significant financial harm on the company, but each
requires different control measures.
Underwriting and rating
employee theft begins with accurately determining the proper employee
classifications. A higher premium is required for employees with greater access
to company assets. Risks associated with fewer employees having access to
company assets are considered better underwriting risks and may be eligible for
lower premiums.
ISO determines that the
following are ratable employees:
·
Officers
·
All the employees listed below, including leased
employees and former employees hired as consultants, who:
o
Handle
or have custody of money, securities, or other
property
o
Maintain
any records related to money, securities, or other property
o Persons or entities
regarded as employees who have been added through endorsement, but this
excludes agents, partners, and LLC members.
·
Directors, trustees, officers, administrators,
managers, and employees handling non-ERISA employee benefit funds or property. This
does not include independent contractors.
·
One percent (1%) of the total number of all other
employees not included above.
Officers and employees who have access
to money, securities, and other property
are usually subject to higher premiums. The risk of loss and the premium tend
to decrease when the insured restricts the number of these employees.
|
Example:
Quicker Restaurant employed 100 staff
members. The wait staff was responsible for bill payments alongside their
usual duties and had easy access to the kitchen and inventory. All employees
were considered ratable employees. An unexpected inventory loss prompted the owner to
implement changes: hiring a cashier, removing bill payment duties from wait
staff, and securing the kitchen inventory under lock and key with the kitchen
manager. Now, nine kitchen employees managed inventory. As a result, the number of ratable employees
decreased from 100 to 15, including officers. These changes reduced both
theft exposure and the premium. |
The type of business
operation must be evaluated after the employees are correctly classified.
The highest-rated ISO
employee theft classification is Automated Teller Providers.
Other classes of
business with high rates due to handling highly attractive property consisting
of money and/or highly negotiable securities include:
·
Currency
Exchanges
·
Safe
Depository Companies
·
Commodity
Brokers
·
Pawnshops
·
Mutual
Fund Brokers
The next group is businesses
that handle high-value items difficult to identify if stolen:
·
Gemstone
·
Jewelry
·
Silverware
Manufacturers
Other classifications
with high rates include:
·
Commodities
with high monetary value in the marketplace
·
Name-Brand
Athletic Shoes
·
Cigarettes
·
Alcohol
·
Firearms
·
Designer
Fashions
·
Meat
These are all examples
of big-ticket items attractive to the general public and are easily sold or
disposed of on the black market. In addition, electronic commerce and online
transactions increase their value since the marketplace is global, allowing sellers
to move goods anonymously.
Eliminating employee
theft entirely is impossible, but it can be reduced through effective controls.
These controls also help identify those responsible for losses. Many employees
confess to stealing because they believe they won't get caught.
This mindset proposes
two kinds of controls: first, reducing opportunities for theft, and second,
implementing an audit system that swiftly detects any misconduct. There are
various control techniques that a business can adopt.
1. New hires
New employees who handle cash,
securities, or inventory must complete an application and provide references. A
background check should verify these references and other details before the
named insured hires the employee.
|
Example: A new cashier was caught after she stole $10,000
during her first month on the job. Her employer was quite surprised when they
learned about her past theft convictions and that she was set to stand trial
for a recent theft from a previous employer. |
2. Separation of duties
Job duties should be
divided among different employees. The individual responsible for deposits
should not handle payments or reconcile statements for that account. Each
function should be assigned to a different person.
The individual
responsible for ordering inventory should neither sign for the receipt of
shipments nor authorize payment for the associated statements.
Pure job or duty separation may not be
feasible, often due to limited staff. In such cases, overlapping
responsibilities can be beneficial. This approach involves employees helping
each other and frequently swapping tasks, which helps detect unusual transactions
or incidents more quickly.
|
Example: Paul was the best bookkeeper on staff. Over the
years, he took on many tasks that others avoided, and he rarely trained
anyone else in his duties. After he had a heart attack, the temporary
accounting help hired to cover for him quickly notified his employer that his
careful work had resulted in over $400,000 in misappropriated funds during
those years. |
3. Check handling
All checks should be
countersigned by at least two authorized individuals. The countersigner must
not participate in reconciling or preparing the checks. If maintaining
countersigning for every check is impractical, a specific threshold amount
should be set, above which all checks require countersigning. Checks below this
threshold only need a single signature.
Payroll checks should
be handled with the same level of care. Verify employment records before
signing to confirm that employees genuinely exist, are working, and are not
fictitious. Mechanical signing devices should be securely stored when not in
use, and access should be limited to a few authorized employees.
There should also be procedures for
handling incoming checks. They should be stamped “for deposit only” immediately
and then recorded as received.
|
Example: Naylor Manufacturing has high employee turnover.
Patricia prepared and distributed payroll checks. On one occasion, she
“inadvertently forgot” an individual was no longer employed and issued him a
paycheck anyway. Patricia kept the check, set up a bank account for the now
fictitious individual, and continued to “forget” to stop paying him. |
4. Inventory control
There should be manual
or computerized inventory records to track inventory movement. Only a few
select individuals should be authorized to order items. Prior supplier approval
by someone other than the person placing the orders should be in place. This
can prevent collusion and eliminate payments to fictitious suppliers.
Prior approval for
customers paying by credit should be mandatory to prevent shipments to fake
customers or addresses and to ensure collection of payments. Without proper
oversight and safeguards, inventory shrinkage can become a significant issue.
Regular physical inventories are a crucial control measure.
Additional measures
such as surveillance cameras, inspecting employee packages, and limiting access
to warehouse areas help reduce inventory loss.
5. Outside audits
Regardless of the
strength or scope of internal controls, ultimately, someone within the company
has the final authority. The only way to hold that person accountable is
through an independent external audit. This audit should be carried out at
least once a year by a Certified Public Accountant (CPA) who is completely
independent of the company.
As the Enron scandal
showed, accounting firms with a vested interest in the company they audit
continuing in business are less likely to be objective in their findings.
Objectivity is even more difficult when the CPA has a relationship with the
financial officer of the business they audit. There must be at least an
“arm’s-length” business relationship between the CPA and the business being
audited. Otherwise, problems can be easily overlooked.
Preventing
all criminal acts is impossible. However, the named insured should implement
measures and provisions to deter criminal activities. Additionally, making
criminals aware that profiting from crimes will be challenging can serve as a
deterrent.
A good lock serves as
an effective first barrier to crime. The more secure the lock, the stronger the
barrier, provided the door itself is strong enough. However, managing keys
properly is crucial. The insured should limit key distribution, giving keys only
to specific individuals and in controlled amounts. All keys should be numbered
and assigned to track their use. This ensures that when an employee leaves, the
key can be retrieved and accounted for.
The
next barrier is windows. They should be fixed and not designed to open. If they
can be opened, ensure they are closed and locked outside of business hours. For
businesses with valuable or attractive merchandise, using tempered or
bulletproof glass can provide additional security against burglary or theft.
Fences
and walls around the premises serve as effective barriers. They should be tall
enough and well-designed to prevent climbing and should not be placed near
trees. A secured gate staffed by company personnel or external security
providers can help reduce or eliminate unauthorized access. Adding razor wire
at the top of fences or walls can further deter illegal entry attempts. Additionally,
guard dogs on the premises can act as a strong deterrent.
Alarms
do not stop entry but alert the appropriate authorities, such as police or
guards, enabling them to intervene and attempt to prevent criminal activity.
They can also remove the element of surprise at an entrance, allowing for
actions to be taken inside the premises to protect valuables.
Alarms
reduce the premises’ attractiveness as a target for theft, at least for
unskilled criminals. A number of alarm systems are available, each with varying
degrees of effectiveness. The cost of each depends on the level of protection
needed and the extent of protection the alarm system provides.
Silent
alarms are useful in situations involving cashiers and tellers. They notify the
police that a crime is in progress without alerting the perpetrator. This
prevents panic and potential harm to employees and customers.
The
location and hours of operation of a business influence the likelihood of
holdup incidents. Holdups are significantly more common if the business
operates at hours different from those of neighboring businesses, is near an
access road such as an interstate or state highway, or has only one employee on
shift.
Businesses
in high-crime areas should implement more security measures than those in safer
areas. Local law enforcement agencies maintain detailed crime statistics, which
the business can access.
To
minimize losses in the event of a holdup:
·
Keep cash on hand to a minimum,
regardless of business type.
·
Checks should be stamped “for deposit
only” immediately.
·
Credit card receipts should be kept
separate from cash.
·
Cash registers should be routinely
cleared of large bills, checks, and credit card receipts.
·
Items removed from the drawers should be
deposited or secured in a safe, vault, or other secure container.
·
Bank deposits should be made at least
once a day or multiple times daily, depending on the amount of cash on hand.
Underwriting
off-premises crime coverage considers who can remove items from the premises,
the reasons for removal, and how long items remain off-site. The most common
reason is taking cash and checks to the bank for deposit.
A messenger is an
individual responsible for removing items from a premises. Although a guard
might sometimes accompany the messenger or another employee might join in a
different vehicle, messengers usually work alone. It is essential for
messengers to vary their routines, such as making regular deposits throughout
the day and taking different routes to the bank.
Businesses with substantial cash and
check holdings frequently utilize armored car services.