- Argentina(Español)
- Australia(English)
- Österreich (Deutsch)
- Bahrain(English)
- Belgique (Français)
- België(Nederlands)
- Botswana(English)
- Brasil (Português)
- Canada(English)
- Canada (Français)
- Chile(Español)
- China(English)
- China(Chinese)
- Colombia(Español)
- Czechia(Czech)
- Denmark(Danish)
- República dominicana(Español)
- Egypt(English)
- France (Français)
- Deutschland (Deutsch)
- Greece(English)
- Hong Kong SAR China(English)
- Hungary(Hungarian)
- India(English)
- Indonesia(English)
- Ireland(English)
- Israel(English)
- Italy(English)
- Italia(Italiano)
- Japan(English)
- 日本(日本語)
- Kazakhstan(English)
- Kazakhstan(Kazakh)
- Kazakhstan(Russian)
- Latvia(English)
- Lithuania(English)
- Luxembourg(English)
- Luxembourg(Français)
- Malaysia(English)
- Malawi(English)
- Mexico(Español)
- Morocco(English)
- Maroc(Français)
- Namibia(English)
- Netherlands(English)
- Nederland(Nederlands)
- Nigeria(English)
- Norway(English)
- Oman(English)
- Panamá(Español)
- Perú(Español)
- Philippines(English)
- Portugal(English)
- Poland(Polish)
- Portugal(English)
- Portugal (Português)
- Puerto Rico(Español)
- Qatar(English)
- Romania(English)
- Romania(Romanian)
- Singapore(English)
- Saudi Arabia(English)
- Serbia(English)
- Slovakia(English)
- Slovakia(Slovak)
- Slovenia(English)
- South Africa(English)
- South Korea(English)
- (English)
- España (Español)
- Sweden(English)
- Taiwan(English)
- Taiwan(Chinese)
- Thailand(English)
- Tunisia(English)
- Tunisie(Français)
- Turkey(English)
- Turkey(Turkish)
- Uganda(English)
- Ukraine(English)
- Ukraine(Ukrainian)
- United Arab Emirates(English)
- United Kingdom(English)
- United States(English)
- Uruguay(Español)
- Vietnam(English)
- Venezuela(Español)
- Zambia(English)
UK Commercial Crime Insurance Market Update
The London commercial crime insurance market has seen an uplift in claims in recent months. Most losses suffered by companies still relate to traditional employee theft, although “social engineering” – where a fraudster impersonates a senior manager, vendor, or a financial institution – is an evolving risk that has also resulted in some large losses.
Insurers have cited recent losses as a key reason for their enhanced underwriting standards and narrower appetite – or as an explanation for exiting the market altogether.
Legacy insurers in this space – namely AIG, Chubb, and Zurich – continue to grant social engineering fraud cover on a restricted basis, that is, risk by risk and often sub-limited. When granting broad cover, crime insurers remain selective on price and retention, and carefully manage capacity.
In recent months there has, in many cases, been a doubling of retention or premiums, and sometimes both. Companies with large workforces may typically see retentions applied of between GBP500,000 and GBP1million. Companies operating in territories that are perceived as higher risk – for example, parts of Asia and Africa – may also find their premiums and/or retentions increasing. Insurers are also often quota-sharing the risks to manage their exposure in the event of a claim.
Systems and controls
The quality of a company’s submission remains a key consideration and differentiator when it comes to the pricing and retention levels it can secure. A company will benefit from starting the renewal process early, to ensure it can provide good quality data around the robustness of its systems and controls, and employee training. It can also be advantageous to involve the company’s audit and compliance team in the insurance placement process, to demonstrate the robustness of the company’s systems and controls.
It is also advisable that companies are able to answer the following questions (which are typically asked by insurers when assessing fraud risk):
- Are dual control procedures applied with regard to all payments?
- Are payment instructions received by telephone followed up with a “call-back”?
- What controls are in place to prevent unauthorised payments being made?
- Are all employees who have authority to transfer money made aware of social engineering fraud?
The extent of coverage should also be a key consideration for companies; this varies significantly in the market. Traditional crime wordings may only provide cover on a “named-perils” basis – such as forgery, fraudulent alteration, and telephonic/computer misuse. In order to ensure that a crime policy provides the broadest, most robust cover – and is likely to respond in the event of a social engineering scam – it should be written on an “all-risks” basis, with no restrictions or sub-limits placed on social engineering cover.
Such an “all-risks” basis crime insurance policy should provide coverage for:
- Loss arising from any fraudulent, dishonest, criminal, or malicious act of any person.
- Social engineering fraud (full policy limits).
- Proof of loss costs, in addition to limit of liability with no applicable retention.
- Data reconstitution and removal costs associated with cyber exposures – that is, the introduction of malicious code and/or impairment of data.
- Loss sustained by clients, customers and suppliers where the insured company is legally liable.