Category: Crime & fidelity · Reviewed by Matt Bartlett, Director · Founder · Last reviewed 2026-06-05
Commercial crime insurance (CCI) is the broad first-party indemnity cover protecting a business against financial loss caused by criminal acts, including employee dishonesty, external fraud, theft of money and securities, computer fraud, funds transfer fraud, social engineering fraud and a range of other criminal exposures.
Category: Crime and fidelity Also known as: commercial crime insurance, comprehensive crime cover, CCI, employee dishonesty insurance First codified: Lloyd’s wordings from late-19th century (fidelity bonds); modern comprehensive crime forms from 1970s Related legislation: Fraud Act 2006 [1]; Theft Act 1968 [2]; Computer Misuse Act 1990 [3]; Proceeds of Crime Act 2002 [4]
Commercial crime insurance has evolved from the 19th-century fidelity guarantee bond (covering employee dishonesty only) into a comprehensive multi-section policy addressing the full range of criminal exposures faced by modern businesses. The product is one of the principal first-party indemnity covers in commercial insurance, with structural parallels to professional indemnity (covering wrongful acts) and cyber insurance (covering technology-related events) [5][6].
The principal sections of a modern commercial crime policy are [5][6]:
Section A — Employee dishonesty: cover for loss caused by dishonest or fraudulent acts of employees. See fidelity guarantee insurance for the historical core of this cover.
Section B — Premises (money and securities): cover for theft, robbery or wrongful abstraction of money, securities and other property from the insured’s premises.
Section C — In transit (money and securities): cover for the same property in transit by employee, security firm or other authorised carrier.
Section D — Forgery and alteration: cover for loss from forged or fraudulently altered cheques, drafts and similar negotiable instruments.
Section E — Computer fraud: cover for loss caused by computer manipulation, including computer fraud cover in the narrow sense and broader cyber-enabled fraud.
Section F — Funds transfer fraud: cover for loss caused by fraudulent instructions to a financial institution to transfer money from the insured’s account. See funds transfer fraud cover.
Section G — Social engineering fraud: cover for loss from fraudulent instructions impersonating a senior officer or third party, where the impersonation induces the insured to transfer money or surrender property. See social engineering fraud cover.
Section H — Investigation costs and reputation expenses: extensions for the costs of investigating losses and (in some wordings) costs of managing reputational impact.
The product has evolved rapidly since 2010 in response to the growth of cyber-enabled financial crime. Social engineering fraud — which was historically uncovered or covered only with very low sub-limits — has become a major exposure with multi-million-dollar losses common, and the corresponding insurance market has expanded significantly in cover and capacity [5][6].
The legal context for crime insurance in the UK is set by the substantive criminal law and the civil law of recovery. The Fraud Act 2006 modernised the UK fraud offences with the creation of three principal fraud offences: fraud by false representation (section 2), fraud by failing to disclose information (section 3) and fraud by abuse of position (section 4). The Act replaced the older deception offences under the Theft Acts and is the principal modern statutory framework for fraud prosecutions [1][7].
The Theft Act 1968 (as amended) and the Theft Act 1978 govern theft, robbery, burglary and related offences. The Theft Act 1968 section 1 defines theft as dishonestly appropriating property belonging to another with the intention of permanently depriving the other of it. The offences are the substantive criminal law underlying the property and money sections of crime insurance [2][7].
The Computer Misuse Act 1990 (substantially amended by the Police and Justice Act 2006 and the Serious Crime Act 2015) creates the principal computer crime offences: unauthorised access to computer material (section 1), unauthorised access with intent to commit further offences (section 2), unauthorised acts with intent to impair operation (section 3), unauthorised acts causing serious damage (section 3ZA) and making or supplying articles for use in computer misuse (section 3A). The Act underlies the computer fraud cover and broader cyber-enabled crime cover [3].
The Proceeds of Crime Act 2002 (as amended) establishes the regulatory framework for anti-money laundering, criminal lifestyle confiscation, and civil recovery of the proceeds of crime. The Act underlies the obligations of insurers and insureds in handling potentially tainted funds following a crime loss [4][8].
The Insurance Act 2015 governs the duty of fair presentation and warranty rules for commercial crime insurance placements. Disclosure of prior losses, internal control arrangements and high-risk operations is critical to the fair presentation obligation [9].
A UK commercial customer arranges crime insurance through a specialist broker. The placement typically involves detailed disclosure of the insured’s operations, internal control arrangements (authorisation procedures, segregation of duties, IT security controls, employment screening), prior loss experience and the specific exposures of high-risk activities (cash handling, electronic payments, customer money handling, high-value asset custody) [5][6].
Limits per policy year are typically £5m–£50m for mid-market commercial operators and substantially higher for large corporates and financial institutions. Deductibles per occurrence are typically £25,000–£250,000 reflecting the high-frequency low-severity character of routine employee dishonesty claims. Sub-limits apply to specific cover sections (social engineering fraud has typically lower sub-limits than core employee dishonesty cover, although market practice has been evolving) [5][6].
Premium for commercial crime insurance is calculated by reference to the insured’s revenue or balance sheet, the specific exposures of its business, claims experience and the cyclical state of the market. Rates for SME and mid-market commercial operators are typically £1,000–£10,000 per £1m of limit per annum; rates for financial institutions and high-exposure operators are substantially higher [5][6].
Claims handling for crime losses is complex and often involves coordination with criminal authorities. The discovery of a loss typically triggers internal investigation, notification to insurers, engagement of forensic accountants to quantify the loss, and (in many cases) notification to the police and to relevant regulators. Recovery from the perpetrator is rare in many cases (particularly for online fraud where the funds are quickly dissipated), with the insurance payment forming the principal financial restoration [5][6].
Standard commercial crime: comprehensive cover for typical commercial operators.
Financial institution bond (FIB): specialised cover for banks, building societies, broker-dealers and similar financial institutions, with bespoke wordings reflecting the specific exposures. See banker’s blanket bond and Lloyd’s BBB.
Fidelity guarantee insurance: historical and narrower cover for employee dishonesty only.
Computer crime insurance: specific cover for computer-enabled criminal acts.
Kidnap, ransom and extortion insurance: related cover for K&R exposures. See also K&R insurance.
SME-focused crime cover: simplified product for small operators with lower limits and broader cover sections at lower per-section sub-limits.
Sector-specific crime cover: tailored cover for sectors with specific exposures (retail with shoplifting and cash handling exposures; pharmaceuticals with high-value inventory exposures; logistics with transit exposures).
International crime cover: global programme for multinational operators with local crime certificates in each jurisdiction.
Cyber crime extension: integrated cover for cyber-enabled crime, blurring the boundary between traditional crime insurance and dedicated cyber insurance products.
A UK mid-market financial services company places commercial crime insurance with limits of £15m per policy year and a £100,000 deductible per occurrence. The policy includes the standard sections with specific sub-limits including £15m for employee dishonesty, £5m for social engineering fraud, £15m for funds transfer fraud and £10m for computer fraud. Annual premium is approximately £45,000. During the policy year, a sophisticated social engineering fraud results in the company’s finance team being induced to transfer £2.8m to a fraudulent overseas account, believing the request to come from the company’s CEO. The funds are largely unrecoverable through banking channels; the social engineering fraud cover responds for £2.8m less the deductible, subject to the cover’s specific requirements (verification call-back procedure being a typical condition of cover). Figures in this example are illustrative.
This entry is part of the Apex Insurance Wiki. Last reviewed by Matt Bartlett on 2026-06-05. Next review: 2026-12-05.
Apex Insurance Brokers Limited. Authorised and regulated by the Financial Conduct Authority, FRN 724952. Registered in England and Wales, Companies House 07014570. This entry provides general information about UK insurance concepts and is not regulated advice. Consult your insurance broker on your specific position.
Apex Insurance Brokers serves UK professional services firms and commercial businesses. Call 0117 325 0027, email hello@apexinsurancebrokers.co.uk, or request a quotation.
Get a quote