When Money Goes Missing: Why “Which Policy Responds?” Is Never Simple
When money disappears from a business, the instinct is to look for the nearest policy mentioning fraud, hacking or theft and assume the claim will fall neatly into place.
In reality, financial crime losses rarely follow neat lines.
Commercial Crime, Fidelity Guarantee, Cyber Liability and Trustees Liability use overlapping language, but they are designed to respond to very different triggers. What matters is not simply that fraud occurred — but how it happened, who caused it, and what was actually lost.
Broker responsibility begins here.
Understanding how money flows through a business, how payments are authorised and how digital systems interact with banking platforms is just as important as understanding policy wording. Most Crime and Cyber policies are built around defined triggers and minimum control requirements. Insurance transfers risk — it does not replace operational discipline.
Let’s look at how this plays out in practice.
When the Trusted Employee Steals
A long-serving bookkeeper diverts small EFT payments over time. The fraud goes undetected for months.
This is a classic employee dishonesty claim.
Commercial Crime is typically the strongest primary solution because it is designed to insure direct financial loss caused by dishonest acts of employees, including electronic payments. Fidelity Guarantee can also respond, but it is generally narrower and less adaptable to modern banking environments.
The key question is not which product name appears on the schedule — it is whether the policy reflects how the client actually handles money.
When Payroll Fraud Looks Like Cyber Crime
A payroll manager creates fictitious employees and diverts salaries using authorised system access.
Technology was used — but there was no hacking.
This remains employee dishonesty. Commercial Crime responds because the loss flows from internal fraud by an authorised employee. Cyber Liability is usually not triggered, as it is designed to respond to unauthorised access, network breaches and security failures — not abuse of legitimate credentials.
The distinction is technical, but critical.
When Hackers Empty the Bank Account
A phishing email compromises banking credentials and fraudulent EFT payments are processed.
Operationally, this is a cyber incident. But the insured loss is the theft of funds from the company’s bank account.
Commercial Crime is structured to insure fraudulent banking instructions and external theft of funds. Cyber Liability may cover forensic investigation, breach management and system remediation, and some policies include limited theft-of-funds extensions. However, these are typically sub-limited and conditional.
Cyber manages the crisis. Commercial Crime pays for the stolen money — subject to compliance with policy conditions.
When Trust Money Is Misused
A trustee misappropriates funds from a formal trust structure. Beneficiaries suffer financial loss.
This is not simply theft — it is breach of fiduciary duty.
Trustees Liability exists specifically to protect trust structures, trustees and beneficiaries where fiduciary responsibility is involved. Commercial Crime and Cyber Liability were never designed to insure governance failure or breach of trust obligations.
This is specialist placement, not policy stacking.
Why Structure Matters
Not all “fraud” losses are the same. Internal theft, electronic banking scams, payroll manipulation and breach of fiduciary duty trigger different policies — even when they appear similar on the surface.
Correct placement depends on understanding how money, data and responsibility flow through a business.
The decision about which policy to place — and how to structure it — is often what determines the outcome long before a claim is submitted. It also requires ensuring the client clearly understands the policy triggers, conditions and exclusions upfront.
Financial crime insurance is no longer a box-ticking exercise.
It is risk architecture.
And when money goes missing, the quality of that structure makes all the difference.
