Insuring against employee fraud

In today's recessionary times, more businesses–maybe even your own–need to be worried about employee fraud. Its can happen anywhere: In May 2009, two ACORD employees were arrested on theft charges, accused of embezzling more than $1 million from the nonprofit association.

According to research conducted by the Assn. of Certified Fraud Examiners, U.S. organizations lose an estimated 7 percent of annual revenues to fraud. Based on the projected U.S. Gross Domestic Product for 2008, this percentage indicates a staggering estimate of losses around $994 billion among organizations, despite increased emphasis on anti-fraud controls and recent legislation to combat fraud.

Based on a survey of international employers over the past 5 quarters, the Corporate Executive Board reported a 20 percent increase in observations of misconduct from the first to the second half of 2008; a 5 percent decline in frontline employee perceptions of senior management's commitment to integrity; and an increase in the number of disengaged employees, from 1 in 10 to 1 in 5, causing declines in companywide productivity of up to 5 percent. The Corporate Executive Board's research shows that business units with the weakest cultures have experienced five times the amount of misconduct as those with the best.

Employee theft and dishonesty is a serious exposure that needs attention in any risk management program. The first step is analyzing exposures and instituting robust loss control procedures. Next, carry high-limit employee theft/dishonesty coverage choosing the form that best fits the insured's needs. Finally, broaden the coverage to provide the most cost-effective protection.

Loss control

The first step is basic risk management based on loss control. This begins with checking an applicant's employment history and references. The Internet makes a basic check on a prospective employee simple and inexpensive.

Other good steps are outlined in the questions in typical employee dishonesty applications. These include:

o Auditing by an independent CPA with a review of internal controls

o Requiring two signatures on checks

o Separating accounting and bookkeeping functions; for example, individuals who authorize checks also should not be able to produce them

o Mandating vacations–a frequent comment after a large embezzlement is that the embezzler “never took a vacation.”

o Confirming bank statement balances by someone outside the accounts payable unit

o Stamping invoice “paid” when checks are issued

o Inventorying valuable equipment on a regular basis and storing it in secure areas

o Instituting strict computer controls including: automatic prevention of repeated attempts to gain unauthorized access, exception reports generated for unauthorized sign-in or repeated access attempts, and segregating programmers' and operators' duties.

Purchasing insurance

The next line of defense is insurance. Once the insured has decided to purchase insurance against employee thefts, the plot thickens. For a long time, the commercial insurance market offered primarily employee dishonesty insurance that covered losses incurred during the policy period (or during prior policy periods, if insurance had been continuous). The market now offers four types of employee fidelity insurance for commercial and non-profit enterprises:

1 Employee dishonesty insurance on an incurred loss basis

2 Employee dishonesty insurance on a discovery basis

3 Employee theft insurance on an incurred loss basis

4 Employee theft insurance on a discovery basis.

To decide which coverage to recommend to our clients, let's look at employee dishonesty versus employee theft forms and then incurred loss versus discovery.

Dishonesty versus theft

Employee dishonesty was the traditional form for insuring commercial enterprises. The insuring agreement says:

We will pay for loss of or damage to money, securities and other property resulting from dishonest acts committed by an employee.

Dishonesty is not defined, and on the surface that makes employee dishonesty seem to be a better choice that employee theft. After all, “dishonesty” is a broader term than “theft.” But most employee dishonesty forms include what I call the “triple trigger.” This provision requires a showing that:

1 The employee intended to cause the insured to sustain loss; and

2 Intended to obtain financial benefit for the employee or another person; and

3 The financial benefit is something other than salaries, commissions, bonuses, promotions, profit sharing, etc.

The major problem with the triple trigger is the court interpretation of the financial benefit requirement. A classic example is the bookkeeper who decides that he's underpaid and raises his salary check from $1,000 to $2,000 per week on his own initiative. While this is clearly dishonest and easily meets the requirement that the embezzler intended to cause a loss and derive a benefit for himself, the courts have held that the financial benefit involved does not pass the test of being something other than salary. The result is no coverage for a loss that most of us think should be covered. We're joined in this opinion by some of those who drafted the original policy language; they changed policy wording in an unsuccessful attempt to reverse the court interpretation of the policy.

There are some ways to overcome this problem. For example, in one insurer's policy the financial benefit requirement provision reads as follows:

Obtain financial benefit (other than employee benefits known to the insured, approved by the insured, and earned in the normal course of employment, including salaries, commissions, fees, bonuses, promotions, awards, profit sharing or pensions [emphasis added]).

The requirement that the financial benefit be “known to the insured and approved by the insureds” would provide coverage in a situation such as the one cited above. Even better, the AAIS employee dishonesty coverage form CO 1007 04 02 does not contain any manifest intent requirement at all.

Employee theft is simpler to discuss. It covers theft by an employee. “Theft” is defined as the unlawful taking of property to the deprivation of the insured. At first blush, that appears to be overly restrictive. Does unlawful mean that the employee must be indicted or convicted? No. What it means is that the act must be of an unlawful nature, but the standard of proof is that required for a civil claim: a preponderance of the evidence, not proof beyond a reasonable doubt as required for a criminal conviction.

Employee theft wording has been used for many years by several insurers who developed their own wording; ISO converted to employee theft wording about 10 years ago. The Surety Assn. of American and AAIS forms are still written with employee dishonesty language.

Loss sustained versus discovery

“Loss sustained” covers losses incurred during the current policy year or under prior continuous insurance. Note particularly that the prior insurance must be continuous; even a one-day gap is sufficient to end coverage for prior losses. But even when the insurance is continuous, coverage for prior losses is limited to the lower of the amount of coverage in the prior period or the amount available in the current period.

The “loss discovered” form covers any loss, no matter when it occurred, as long as it is discovered during the policy period or within 60 days of expiration. If the insurance is renewed or replaced, the discovery period ceases when the new policy takes effect. The limit of the current policy applies regardless of what coverage the insured carried in the past.

The underwriter can attach a retroactive date endorsement, similar to the retroactive date endorsement used with claims-made liability coverage. It excludes coverage for any loss that occurred entirely prior to the retroactive date. It does provide coverage, up to policy limits, for losses that occurred partly before and partly after the retroactive date or that occurred entirely after the retroactive date.

Which to choose?

The question of which form to chose lends itself to a decision tree. When choosing between loss sustained and discovery, ask your customer these questions:

o Has the insured not carried employee dishonesty or theft insurance in the past?

o Has there been a coverage lapse that would wipe out the continuous coverage for prior acts under a loss-sustained form?

o Has the insured carried inadequate limits in the past?

If the answer to any of these questions is yes, a discovery form is the insured's best bet, unless the underwriter wants to attach a retro date endorsement with an unacceptable date. In that event, go for loss sustained coverage. If the answer is no to all three questions, then either discovery or loss sustained would be satisfactory. Choose the policy with the best other terms and conditions.

When deciding between employee dishonesty and employee theft, determine whether the insurer will provide employee dishonesty coverage without the “manifest intent” requirement or with a satisfactorily modified “manifest intent” provision. If yes, the choice is employee dishonesty form. If no, then I recommend the theft form.

How much coverage?

There is no accumulation of limits from year to year under employee dishonesty and theft insurance. For example if an insured carried a $500,000 limit each year for the past 10 years on a lost sustained form, and discovers this year that an employee has been embezzling $250,000 a year for the past 8 years, the most the insured can collect is $500,000. The discovery form is, by its terms, limited to losses discovered during the policy period, avoiding arguments over accumulation. This is one of the reasons why high limits of fidelity insurance are vital. Fidelity losses can go on for many years, so even a small business can sustain a surprisingly large loss. As an example, the CFO of two Hollywood hotels siphoned $11.4 million from his employers over an 8-year period.

The New York School Board Assn. recommends 10 percent of budget as a suggested limit for schools, which establishes a starting point for many entities.

Try to involve the firm's accountant or CFO in a discussion of the worst-case scenario for an embezzlement loss.

Broadening coverage

Price should not be the sole deciding factor when purchasing employee theft/dishonesty coverage–or any other insurance, for that matter. Some carriers offer broader coverage or will provide it if you ask for it. Areas of broader coverage include:

o Extending the definition of “employee” to include persons performing acts of employees, such as directors, trustees, non-compensated officers, volunteers, students, interns, and retired employees working as consultants

o Covering the cost of preparing and proving the claim

o Expanding policy territory definition to anywhere in the world

o Including insured's ERISA plans as named insureds to avoid the need for separate ERISA fidelity coverage

o Waiving prior fraudulent or dishonest acts by employees exclusion if the amount taken by the employee was $5,000 or less

o Proving that knowledge of prior fraudulent or dishonest acts is limited to knowledge by the insured's risk manager

o Covering terminated employees for up to 90 days instead of 30 days

o Waiving notice of consolidation, mergers and new acquisitions provided the insured's total assets do not increase by more that 25 percent

o Including “faithful performance” coverage for governmental entities

o Eliminating the treasurer and tax-collector exclusions in policies covering governmental entities.

In most policies the definition of “employee” does not include agents, consultants and others performing services for the insured as non-employees. Frequently in volunteer or public organizations, non-employees have important responsibilities that can create large exposures. For example, the treasurer for one organization with more than $1 million on deposit in various accounts was an independent contractor. Such people can be added to the coverage using an “agent's rider.” Whether there are non-employees with the opportunity to embezzle the insured's money or other property is something to explore with clients when discussing employee theft and dishonesty coverage.

A big gap

While employee theft/dishonesty coverage is broad, careful reading turns up some serious gaps. Typically coverage applies to loss of or damage to money, securities and “the property resulting directly from theft committed by an employee” or employee dishonesty. The problem is that “other property” is defined to mean tangible property. In our knowledge-based economy, our most valuable assets often are intellectual property such as formulas, patents, copyrights, customer data, etc.

Neither employee dishonesty nor employee theft forms provide coverage when an employee steals intangibles, but the loss to the firm can be devastating.

And these losses do occur. An employee of Avery Dennison, the label company, sold trade secrets to a competitor. When the company submitted a claim to its insurer, it was turned down because trade secrets are not tangible property. The declination was confirmed by the courts in the ensuing lawsuits. This is a gap the insurance industry should try to close; at the moment, loss prevention is the only line of defense.

Careful risk management, high-limits insurance and appropriately broadened coverage will go a long way toward protecting your clients against the growing threat of employee dishonesty.