Crime & Fidelity covers the theft of MONEY — not data. Employee theft, business email compromise and social engineering, computer fraud, forgery, and funds transfer fraud. It pays the company directly when funds leave the bank account, and it's frequently required by sponsor banks and BaaS partners before fintechs can go live.
Last reviewed April 24, 2026 · Reviewed by the Corgi Insurance team
Crime & Fidelity is the policy that pays you back when MONEY leaves the company through theft, social engineering, or fraud. It's required by sponsor banks before BaaS go-live, and it's the only first-party coverage that responds when an employee or attacker drains the operating account.
Pulled from the actual form
Crime & Fidelity
What this policy pays for.
An AP employee redirects $250K in vendor payments to a personal account.1
Direct loss of money, securities, or other property resulting from theft, embezzlement, or other dishonest acts committed by an employee acting alone or in collusion with others — discovered during the policy period.
A spoofed CFO email tricks AP into wiring $185K to an attacker.2
Loss caused by an Insured being fraudulently induced — through written, verbal, or electronic instructions — to transfer money or securities to an unauthorized party impersonating a vendor, executive, or customer (BEC).
A bookkeeper forges checks totaling $90K over six months.
Loss resulting from the forgery or fraudulent alteration of checks, drafts, promissory notes, or similar negotiable instruments drawn against the Insured's accounts — including counterfeit and material alterations.
A computer-fraud attack uses your accounting software to push fraudulent ACH transfers.3
Loss of money, securities, or property resulting from the fraudulent entry or change of electronic data or computer programs by an unauthorized third party — including unauthorized ACH origination and account takeover.
Your sponsor bank requires a $1M crime/fidelity bond before BaaS go-live.
Crime & Fidelity coverage drafted to satisfy sponsor-bank, BaaS partner, and FI counterparty bond requirements — including FI Bond–style endorsements and additional-insured language for partner banks.
A vendor invoice fraud scheme alters wire instructions on a routine payment.
Loss resulting from a fraudulent instruction — purportedly from a vendor, employee, or customer — directing a financial institution to transfer, pay, or deliver funds from the Insured's account without the Insured's knowledge or consent.
Employee Dishonesty coverage applies only to losses discovered during the policy period or extended Discovery Period. Acts committed by a former employee are covered only if discovered within the discovery window.
Social Engineering Fraud is typically sublimited (commonly $250K) and conditioned on documented out-of-band verification controls. Failure to follow callback procedures may reduce or void coverage.
Computer Fraud coverage requires the loss to result directly from the fraudulent entry of data into the Insured's systems by an outside party. Voluntary parting of funds — even if induced by deception — falls under Social Engineering, not Computer Fraud.
Crime, Cyber, and EPLI each handle a different category of liability. Most fintechs and venture-backed companies end up with all three.
First-party coverage for the loss of MONEY — employee theft, social engineering / business email compromise, computer fraud, forgery, and funds transfer fraud. Pays the company directly when funds leave the bank account due to a covered scheme. Frequently required by sponsor banks, BaaS partners, and SaaS customers handling payments.
Covers the loss of DATA and the costs that flow from a security incident — breach response, notification, regulatory fines, ransomware extortion, third-party privacy claims, and business interruption. Where Crime pays for stolen money, Cyber pays for stolen records, downtime, and breach response costs.
Defends the company against employee claims of wrongful termination, harassment, discrimination, and retaliation. EPLI handles disputes with employees as plaintiffs; Crime handles losses caused by employees as bad actors. Most growth-stage startups carry both alongside D&O.
Crime & Fidelity is the most commonly required coverage in sponsor-bank agreements, BaaS partnership contracts, and money-transmitter licensing. Standard limits scale with payment volume — $500K–$1M for early fintechs, $1M–$5M for growth-stage, and $5M+ for companies originating payments at scale. Many sponsor banks require the policy to be bound and the partner named as additional insured before go-live.
Modern Crime policies require — and reward — documented financial controls. Mandatory dual approval on wires above a threshold, out-of-band callback verification on changes to vendor wire instructions, and segregation of duties between AP and treasury are standard underwriting requirements. Strong controls unlock higher Social Engineering sublimits.
Crime & Fidelity is designed to respond when MONEY moves out of the company through a covered scheme — employee theft, BEC, computer fraud, forgery, or funds transfer fraud. Critical for fintechs, payroll companies, marketplaces, and any startup moving customer funds. Increasingly expected by enterprise SaaS customers in vendor security reviews.
Embezzlement, payroll fraud, expense fraud, and direct theft committed by an employee — alone or in collusion with others — with manifest intent to cause loss to the Insured.
Business Email Compromise, executive impersonation, vendor impersonation, and other schemes that trick the Insured into voluntarily transferring funds to an attacker.
Account takeover, unauthorized ACH origination, and direct manipulation of the Insured's systems to push fraudulent transfers — initiated by an outside party without the Insured's knowledge.
Fraudulent instructions sent directly to the bank — purporting to come from an authorized signer — that cause the financial institution to transfer or pay funds from the Insured's account.
Forged checks, altered payee names, counterfeit drafts, and material alterations of negotiable instruments drawn against the Insured's accounts. Includes both physical and electronic instruments.
Schemes that alter wire instructions on routine vendor invoices — typically following a compromise of the vendor's email account — redirecting legitimate payments to an attacker-controlled account.
Crime & Fidelity is the first-party safety net for fintechs and any startup moving money. Layer in CGL, Tech E&O, Cyber, EPLI, and D&O — modular coverage that grows with you.
Protects your business against third-party claims for bodily injury, property damage, and personal or advertising injury arising from your operations.
Protects against losses and claims resulting from data breaches, cyberattacks, and network security failures.
Covers claims alleging your technology products or services failed to perform as intended, causing financial harm to a client.
Covers claims made against company leaders for alleged wrongful acts in managing the business.
Protects against claims alleging wrongful termination, discrimination, harassment, or other employment-related issues.
Protects your company and plan fiduciaries against claims alleging mismanagement of employee benefit plans, including retirement and health plans.
Protects against claims arising from your published or distributed content, including allegations of defamation, copyright infringement, or invasion of privacy.
Provides liability coverage when employees use rented or personal vehicles for company business.
Go deeper on Crime & Fidelity and the rest of the startup insurance stack.
Key terms that appear in policy language, sponsor-bank agreements, and BaaS partner contracts.
Can’t find an answer to your question? Get in touch
