Every business faces financial exposure from theft, fraud, and manipulation. Commercial Crime Insurance helps protect your company when money, securities, or property are stolen, whether by an employee or an external actor.

But not all crime losses are the same. To understand how Crime Insurance actually works, it’s essential to distinguish between:

1. First-party crime coverage: Protects your business when you lose money.
2. Third-party crime coverage: Protects your clients if your employee steals their money or property.

With external fraud, cyber-enabled scams, and vendor impersonation attacks on the rise, understanding what third-party Crime coverage is and why you may need it is essential. This guide breaks down what it covers, how it works, who needs it, and how it fits into a broader commercial insurance program.

What Is Third-Party Crime Coverage?

Third-party crime coverage protects your clients when your employee or contractor steals their money or property.

It applies when:

• Your employee has access to client funds, systems, or financial data
• Your employee dishonestly takes, transfers, or misappropriates client money or property
• Your client requires proof of fidelity coverage in a contract or RFP
• You work in a service model where employees operate on client accounts

This coverage is often required for:

• Fintech and payments companies
• Bookkeeping, accounting, and back-office providers
• IT, devops, and managed services with privileged access
• Professional services with access to client financials
• Any company acting as a custodian or agent on behalf of customers

Why Do Clients Require Third-Party Fidelity Coverage?

Large customers often demand this coverage to protect themselves in case:

• A contractor or employee steals money from their account
• An insider with privileged access misuses credentials
• Someone working on your behalf handles customer funds or billing
• Your staff has access to client systems or payment rails

Without third-party crime coverage, the client wouldn’t have a direct recovery mechanism and would have to sue your company.

How Third-Party Crime Insurance Works

A claim can be triggered when:

1. Your employee or contractor commits theft, and
2. The victim is your client, not your business.

Covered examples include:

• A bookkeeper siphons client funds to a personal account
• A customer-support rep steals stored customer payment data
• A software engineer with production access diverts client payments
• A field employee steals from a client site while performing services
• A contractor acting as your agent misappropriates client assets

What Does Third-Party Crime Coverage Include?

Third-party Crime coverage protects your clients when your employee or contractor steals their money, securities, or property while performing work on your behalf.

Unlike first-party Crime coverage (which protects your money from both insiders and outsiders), third-party Crime is focused specifically on employee dishonesty directed at a client. It’s typically added by endorsement because many businesses carry it to meet enterprise or investor requirements.

1. Theft of Client Money or Property by Your Employee

This is the core of third-party Crime Insurance. Coverage applies when an employee or qualifying contractor:

• Steals money from a client account
• Misappropriates funds entrusted to your company
• Diverts customer payments
• Manipulates a client’s billing or financial records
• Takes property from a client site or client facility

If the client suffers a financial loss due to your employee’s dishonest act, the third-party endorsement reimburses the client directly.

2. Theft by Contractors Who Act on Your Behalf

Some Crime policies extend “employee” status to long-term or named contractors (e.g., software developers, on-site personnel, analysts). In those cases, theft committed by such contractors against a client can also be covered.

This is common in:

• Managed services
• DevOps and IT providers
• Outsourced finance and accounting
• Customer-support and payments operations

3. Client-Named Endorsements (When Required by Contract)

Many enterprise customers require vendors to carry third-party Crime and name them as a beneficiary. When added, the endorsement ensures:

• The client can recover directly from the insurer
• Your company is not forced to self-fund the loss
• You meet compliance or procurement requirements

This is crucial for professional services firms, fintech companies, and any vendor accessing customer accounts or funds.

What Third-Party Crime Coverage Doesn’t Cover

Third-party crime doesn’t cover:

• Hacking, phishing, or fraudulent wire instructions
• Forgery by non-employees
• Burglary of your office
• Social engineering (unless endorsed)
• Loss of your money or property
• Cyber breaches or ransomware
• Errors, omissions, or negligence
• Fraud by owners or executives
• Theft by employees of a client (unless specifically endorsed)

Businesses should pair crime coverage with Cyber, Errors & Omissions, Property, and General Liability Insurance to create a more complete protection program.

Learn more about what Crime Insurance does and doesn’t cover.

Third-Party vs First-Party Crime Coverage

If your company loses money, it’s first-party. If your client loses money because of your employee, it’s third-party.

Third-Party Crime vs. Cyber Insurance

It’s easy to confuse crime and cyber coverage because both can involve stolen money or financial fraud. The simplest way to think about the difference is who commits the act and where it happens: inside your business or through your systems. Here’s a straightforward comparison:

Some attacks, like social engineering, can fall into a gray area, which is why many companies carry both Crime and Cyber policies.

Frequently Asked Questions

What exactly does third-party crime coverage protect?

It protects your clients if your employee or contractor steals their money or property while performing work for them. This coverage is specifically focused on insider misconduct that creates a financial loss for a client.

Does third-party crime cover losses caused by hackers or outside criminals?

No. Third-party crime only applies when your employee commits the theft. Losses caused by outsiders—such as hacking, phishing, or fraudulent instructions—are addressed by Cyber Insurance, if included in your policy.

Why do some clients require third-party crime coverage in their contracts?

It provides clients with a direct financial safeguard if someone on your team misuses access to their systems, accounts, or financial workflows. Many enterprise customers require it before allowing a vendor to handle payments or sensitive financial operations.

Is theft by contractors covered?

It can be, depending on whether the contractor meets your policy’s definition of a covered person. Some policies or endorsements extend coverage to long-term or named contractors who act as part of your team.

Do I still need Cyber Insurance if I have crime coverage?

Yes. Third-party crime protects clients from insider theft, while Cyber Insurance protects your business from digital attacks such as hacking, ransomware, email compromise, and fraudulent digital instructions. Most companies need both types of protection.

Vouch Specialty Insurance Services, LLC (CA License #6004944) is a licensed insurance producer in states where it conducts business. A complete list of state licenses is available at vouch.us/legal/licenses. Insurance products are underwritten by various insurance carriers, not by Vouch. This material is for informational purposes only and does not create a binding contract or alter policy terms. Coverage availability, terms, and conditions vary by state and are subject to underwriting review and approval.

‍