Crime Insurance for Hedge Funds
Hedge funds, like other financial service firms, have serious exposure to potential theft of money and securities perpetrated by employees, criminals outside the organization, and digital hackers, intent on getting their hands on your assets.
The huge sums of money invested in your fund(s) can be an attractive target for scammers and dishonest employees.
But what I find interesting is that I’ve had several FinServ clients tell me that their security and procedures around money handling and financial transactions are bulletproof and therefore they don’t need crime insurance.
When I hear this, I try to push back diplomatically. Look, I appreciate redundant security, checks, and balances and think every hedge fund needs the highest level of security, but I don’t believe anything is fully bulletproof proof and that’s where crime insurance steps in to help make a fund whole following a loss.
And, once you think you’ve achieved the highest level of security; scammers are thinking up ways of defeating that security so they can get to the money, and hedge funds are attractive targets.
In the, let’s call it the traditional, pre-cyber age world, we had to worry about only a handful of crime exposures for a commercial crime policy:
1. Employee dishonesty – probably the biggest risk within a hedge fund prior to digital risk. Employee dishonesty covers claims from the dishonest acts of any employee, whether they acted alone or in collusion with others, intending to steal money or securities from the fund or fund manager.
Generally, dishonest acts of a partner or member are excluded, unless specifically endorsed onto the policy, and then coverage is limited to an amount in excess of a partner’s equity in the firm so as to avoid a potential moral loss.
2. Forgery & Alteration – in my opinion, is the second biggest hazard when it comes to crime exposures and involves the forging of signatures on financial instruments, most commonly checks and drafts, as well as the alteration of instruments. Alterations include risks such as someone changing an $800 check amount to an $8,000 check. Forgery and alteration are making a come back in the crime arena and becoming more common as technologies to alter checks become more sophisticated.
3. Counterfeit money – we don’t see this too often today, but this element of crime insurance covers loss resulting from a fund accepting in good faith any counterfeit money.
4. Computer system – I’m going to talk more about this in a minute, but this crime element covers fraudulent manipulation of a computer system that transfers funds to an unauthorized or fictitious account.
5. On-premises coverage and off-premises Coverage is what we know as burglary and robbery of money and securities but will also include mysterious disappearance, damage, or destruction of money and securities whether on your premises or in transit (off-premises).
6. I’ll also include what is known as ERISA coverage here which is often included as part of a hedge fund’s commercial crime policy and covers the firm’s requirements when there is an ERISA plan in effects such as a 401k or pension plan. Under ERISA rules, 10% of ERISA-based plan assets must be insured for theft or dishonest acts.
So what about the non-traditional, more let’s call it modern crime exposures presented by digital theft?
Digital or cyber crimes are of course exploding in today’s digital world. In order to be clear, there is a distinct difference between cybercrime coverages and other cyber risks such as ransomware demands. Cybercrimes revolve around the direct loss of money and securities by means of computer networks by digital thieves or criminals. Cybercrime perils or risks go by many names – social engineering, computer system theft, fraudulent funds transfer, impersonation fraud, and others. So, it’s important to understand what you’re buying when it comes to these exposures.
Broadly speaking most cyber policies will provide a sub-limit for cybercrime coverage, and again it’s important to know what elements or perils are covered here. The biggest variable is whether social engineering is covered or not. I did a video on social engineering which you can view here.
The problem we’re seeing in today’s marketplace is that most cyber insurers will cap the limit they will offer on cyber crimes to $250,000 which is insufficient for most hedge funds and other financial service firms, so what do you do?
There are a few options.
You can build additional limits in a crime policy.
You can purchase excess cyber insurance which will include additional limits for cybercrime.
Or you can do both.
What’s important to remember is that all the insurers providing cybercrime coverage need to be coordinated relative to their position within your “tower” of protection. Your broker should be able to do this effectively to avoid problematic “other insurance” clauses within each policy.
Here’s the bottom line–
Even with the most sophisticated controls in place, rogue employees, scammers, and hackers are learning new ways to defeat your systems and controls so crime insurance is needed as a backstop to financial loss. Don’t be lulled into thinking your process is bulletproof, there’s too much at risk, and crime insurance is relatively affordable for the risks it protects.
To find out more about crime insurance for hedge funds, or any other cover needed by a hedge fund manager, contact me, Gordon Coyle, for a conversation.