Skip to content
Menlo Insurance Services logo

What Is Commercial Crime Insurance? Fidelity Bonds and Employee Theft Explained

What commercial crime insurance covers, how fidelity bonds and employee dishonesty coverage work, and the ERISA bond amount your benefit plan must carry.

Menlo Insurance Services · July 16, 2026

Commercial crime insurance pays for money, securities, and other property stolen from your business, whether the thief is your own bookkeeper or an outside fraudster. The standard ISO policy offers eight insuring agreements, and the first of them, called Fidelity, is the modern form of the fidelity bond: it covers employee theft, ERISA plan official dishonesty, and employee theft of clients' property. You pick only the agreements you want, and each one gets its own limit and deductible on the declarations page.

Theft by insiders is the loss most businesses never see coming, and it is exactly the loss that general liability and property policies exclude. Here is how the crime policy is built, what a fidelity bond actually is, and the two coverage triggers that decide whether a years-long embezzlement gets paid.

Commercial Crime Insurance

Commercial crime insurance covers loss of money, securities, and other tangible property from theft, fraud, forgery, and related criminal acts committed by employees or outsiders. Businesses select individual insuring agreements, each with its own limit, rather than buying one blanket coverage.

Menlo Insurance Services
ISO writes commercial crime coverage on forms CR 00 20 (discovery) and CR 00 21 (loss sustained).

What does commercial crime insurance cover?

Commercial crime insurance covers eight categories of loss under the current ISO program, written on the Commercial Crime Coverage Form in a Discovery version (CR 00 20 06 22) or a Loss Sustained version (CR 00 21 06 22). The insured chooses which agreements to buy, and the declarations show a per-occurrence limit and deductible for each one selected.

Fidelity is really three agreements in one: Employee Theft, ERISA Plan Official Dishonesty, and Employee Theft of Clients' Property. Forgery or Alteration splits in two as well, covering forged negotiable instruments and, as a sublimit, forged payment card instructions. The rest of the menu addresses theft by outsiders, on your premises and off.

Here is the full slate of insuring agreements and what each one pays for:

Insuring agreementWho stealsWhat it pays
Fidelity (Employee Theft, ERISA Plan Official Dishonesty, Employee Theft of Clients' Property)InsidersTheft of money, securities, and other property by employees or ERISA plan officials
Forgery or AlterationOutsidersForged or altered checks, drafts, and promissory notes, plus forged payment card instructions as a sublimit
Inside the Premises: Theft of Money and SecuritiesOutsidersTheft, disappearance, or destruction of money and securities inside your premises or a bank
Inside the Premises: Robbery or Safe Burglary of Other PropertyOutsidersRobbery of a custodian or safe burglary of property other than money and securities
Outside the PremisesOutsidersMoney, securities, and property in the care of a messenger or armored car off premises
Computer and Funds Transfer FraudOutsidersHacking that changes data or programs, and fraudulent instructions sent to your bank purportedly by you
Fraudulent ImpersonationOutsidersTransfers you make because a thief impersonated a vendor, client, or your own executive
Money Orders and Counterfeit MoneyOutsidersMoney orders that are never paid and counterfeit currency accepted in good faith

A few mechanics matter more than the list itself. Fidelity agreements carry an occurrence definition that bundles every act by one employee, or one scheme by several in collusion, into a single occurrence subject to one limit. Two clerks who conspire to steal $50,000 from a policy with a $25,000 Employee Theft limit produce a $25,000 recovery, not $50,000. Inventory shortages are excluded as proof: if the only evidence of theft is an inventory or profit and loss computation, there is no coverage. That rule alone drives more claim disputes than any other condition in the form.

What is a fidelity bond?

A fidelity bond is coverage that reimburses an employer for theft or dishonesty committed by its own employees. The name survives from an era when this protection was written as a bond guaranteeing an individual's honesty, but today it is almost always issued as insurance, either as the Fidelity insuring agreement of a commercial crime policy or as a standalone employee dishonesty policy. Unlike a surety bond, which involves three parties and lets the surety recover from the principal, a fidelity bond is a two-party contract between the insurer and the employer.

The employee whose theft triggers the claim has no rights under it. If someone quotes you employee dishonesty insurance, a fidelity bond, or Employee Theft coverage, they are describing the same protection under three names.

The coverage reaches further than most buyers expect. Money includes deposits in your bank account, so an occurrence of electronic embezzlement is treated the same as cash out of the till. Employee Theft of Clients' Property extends the coverage to property your employees steal from customers, though the claim must be presented by your business as the named insured, never by the client directly. A computer repair shop whose technician steals fifteen customer laptops has coverage, but the shop files the claim and pays its customers.

One design choice deserves a hard position. The unendorsed form pays even when you cannot identify which employee stole, which matters because embezzlers hide well. The Employee Theft Name or Position Schedule endorsement (CR 04 08 06 22) trades that away, covering only named individuals or scheduled positions, and it also cancels the automatic coverage for employees you add mid-term. For nearly every buyer, blanket coverage is worth the extra premium and the schedule endorsement is a false economy.

What is an ERISA bond and how much coverage is required?

ERISA requires every person who handles funds of an employee benefit plan, such as a 401(k) or pension plan, to be bonded for at least 10% of the funds they handled in the preceding year, with a $1,000 minimum. The maximum bond required is $500,000 per plan, rising to $1,000,000 for plans that hold employer securities. Those figures come from Section 412 of ERISA as interpreted by the U.S. Department of Labor in Field Assistance Bulletin 2008-04, which remains the governing guidance. The bond protects the plan, not the employer, against fraud or dishonesty by plan officials, and it is mandatory rather than optional.

Plans report their bond amount on the Form 5500, and a missing or inadequate bond is one of the most common audit flags the Department of Labor pursues.

Two compliance details trip up otherwise careful sponsors. DOL guidance prohibits any deductible on the ERISA-required portion of the bond, which is why the ISO crime declarations show N/A in the deductible column for ERISA Plan Official Dishonesty. The bond must also be written by a surety named on the Treasury Department's Listing of Approved Sureties, Circular 570. Inside the ISO crime program, this exposure is picked up by the ERISA Plan Official Dishonesty agreement, which covers fraud or dishonesty by any plan official, identified or not, and even by a sole proprietor insured stealing from his own company's plan.

Who counts as an employee under employee dishonesty coverage?

Employee dishonesty insurance defines "employee" broadly, and the definition decides whether a claim pays. The ISO definition covers natural persons you compensate by salary, wages, or commissions and have the right to direct and control, and it keeps them covered for 30 days after termination unless they were fired for theft or dishonesty. It also sweeps in temporary workers, leased workers under a written labor leasing agreement, guest students and interns, former partners or employees retained as consultants, and staff of any entity you merged with before the policy date.

It expressly excludes agents, brokers, independent contractors, and similar representatives. A property manager or outside bookkeeper who steals from you is not an employee, and there is no coverage unless you added an endorsement such as Include Designated Agents as Employees (CR 25 02 06 22).

The exclusions cut the other way for owners. Theft by you, your partners, or your LLC members is flatly excluded, no matter which insuring agreements you bought, with the single exception of ERISA Plan Official Dishonesty. The policy insures you against your workforce, not against yourself.

What is the difference between the loss sustained and discovery forms?

The loss sustained form and the discovery form provide the same coverages with different triggers. Under the Loss Sustained Form (CR 00 21 06 22), the occurrence must take place during the policy period and be discovered during the policy period or the extended discovery period, which runs 60 days after cancellation, or one year for an ERISA plan. Under the Discovery Form (CR 00 20 06 22), the occurrence can take place at any time, including years before the policy existed, so long as it is discovered during the policy period.

Discovery means more than suspicion: a designated person must learn facts that would cause a reasonable person to believe a covered loss occurred. The trigger difference is everything for embezzlement, which often runs for years before surfacing. The ACFE's 2024 Report to the Nations puts the median occupational fraud at 12 months from start to detection, and the longest-running schemes are the costliest ones. A bookkeeper who siphoned $1,000 a month for five years is fully covered under a discovery form bought last January.

Under a loss sustained form, only the portion stolen during that policy period is covered, with prior-period theft picked up only through the loss sustained during prior insurance conditions, and then only if you kept continuous coverage with compatible terms. Brokers moving a client between forms, or between carriers, should map the transition dates in writing. The extended discovery period also dies immediately when replacement coverage takes effect, whether or not the new policy reaches back, so a gap analysis belongs in every crime renewal file.

Is crime insurance the same as cyber insurance?

Crime insurance and cyber insurance overlap at exactly one seam, and businesses need both. The crime policy's Computer and Funds Transfer Fraud agreement covers a hacker who alters data in your system or sends your bank fraudulent transfer instructions in your name. Fraudulent Impersonation covers the social engineering loss, where your own employee is tricked into wiring money by someone posing as a vendor or executive.

What the crime policy never pays are breach costs: forensics, customer notification, credit monitoring, ransomware response, regulatory defense, and lost income while systems are down all live in a cyber insurance policy. The crime form covers stolen funds, the cyber form covers the incident around them.

Fraudulent Impersonation carries a condition worth reading twice. You must make a reasonable effort to verify any change of account request or transfer instruction through a method other than email, a callback or a text to the apparent sender, and you must document that verification before the money moves. An accounts payable clerk who wires $80,000 on a convincing email alone has likely failed the condition.

Build the callback into your payment workflow and log it every time, because the adjuster will ask for the log. Note also that Computer and Funds Transfer Fraud excludes anyone with authorized system access, so an employee who hacks you is routed back to the Fidelity agreements and their limits.

Frequently asked questions

Is a fidelity bond the same as a surety bond?

No. A surety bond is a three-party agreement in which a surety guarantees your performance to someone else, and the surety can recover its payout from you. A fidelity bond is two-party insurance that pays your business for theft committed by your own employees, and the insurer's recovery target is the dishonest employee. Fidelity bonds today are usually issued as the Employee Theft coverage of a commercial crime policy.

Does commercial crime insurance cover theft by the business owner?

No. The policy excludes theft and dishonest acts committed by the named insured, its partners, and its LLC members, whether acting alone or in collusion, regardless of which insuring agreements were purchased. The one exception is ERISA Plan Official Dishonesty, which covers a sole proprietor who steals from the company benefit plan because the plan, not the owner, is the protected party.

Do I need to identify the employee who stole to collect on employee theft coverage?

Not under the standard unendorsed form, which pays as long as you can prove an employee theft occurred, even if you never learn who did it. The exception is a policy endorsed with the Employee Theft Name or Position Schedule (CR 04 08 06 22), which covers only listed names or positions and therefore requires identifying the thief. Either way, proof cannot rest solely on inventory or profit and loss computations.

How much fidelity bond coverage does ERISA require for a 401k plan?

Every person who handles plan funds must be bonded for at least 10% of the funds they handled in the prior year, with a minimum of $1,000 and a maximum required amount of $500,000 per plan. The cap rises to $1,000,000 for plans holding employer securities. Per Department of Labor guidance, the bond cannot carry a deductible and must be written by a Treasury-listed surety.

This guide is for educational purposes and summarizes standard ISO policy language. Your policy's specific terms, conditions, and endorsements control. Talk to a licensed broker about your actual exposures.

Related Articles

Insurance BasicsAM Best Ratings Explained: What Insurance Company Ratings Mean
Insurance BasicsWhat Is a Broker of Record Letter and How Does a BOR Change Work?
Insurance BasicsCyber Insurance for Small Business: What It Covers and What It Costs
Insurance BasicsInsurance Agent vs Broker: What Is the Difference and Who Works for You?