Dishonesty can be expensive. One misplaced decimal in accounting, an unauthorized transfer, a pilfered inventory pallet, and suddenly a quiet internal issue becomes a six-figure problem with auditors at your door. I have sat with owners who trusted the wrong person and learned about employee theft after the fact, and I have watched others sleep better because they transferred the risk properly in advance. A dishonesty bond can’t fix culture, but it can keep a bad act from becoming an existential threat.
This guide distills how to purchase a dishonesty bond with practical detail you can use, including how underwriters actually evaluate you, typical pricing, policy pitfalls I see again and again, and the operational steps for a smooth purchase.
What a Dishonesty Bond Really Covers
A dishonesty bond, often called an employee dishonesty bond or fidelity bond, reimburses your business for direct losses caused by theft or fraudulent acts committed by your employees. Some forms extend to third-party losses, meaning your client suffers the theft and you are liable because your employee did it while working for that client. The core promise is simple: if an employee steals money, securities, or tangible property, the bond pays up to its limit, subject to specific conditions.
The definition of employee matters. Under most forms, employees are people on your payroll whom you direct and control. Temporary workers from an agency may be included or excluded depending on endorsement. Independent contractors and vendors are typically excluded unless specifically scheduled. I have seen claims denied because the thief was technically a contractor, with a 1099, not a W‑2. That distinction should be settled before you bind the policy, not after a loss.
Not every dishonest act is covered. Most bonds are designed to respond to direct loss, not consequential loss. If your bookkeeper steals 120,000 dollars and you lose your biggest customer after the scandal breaks, the lost profits are not part of the claim. Similarly, mysterious disappearance is not proof of a covered loss unless you can tie it to an employee with evidence that would hold up in a practical audit. When I coach clients through a claim, we never rely on inference. We gather bank trails, POS logs, camera footage, and admission notes whenever possible.
Why companies buy them
You buy a dishonesty bond for three reasons. First, contract compliance. Many commercial, janitorial, and home-services contracts require a third-party dishonesty endorsement with a stated limit per employee. Some states require bonds for certain licensed professions handling client funds. Second, risk transfer. The median employee theft loss in small businesses sits in the mid five figures, and on the higher end for finance roles, losses north of 500,000 dollars are not rare. Third, governance. For companies with outside investors or lenders, a bond is one visible control among segregation of duties, dual authorization, and audits.
People sometimes assume that positive culture or background checks make this unnecessary. Culture matters, background checks help, but theft can still sneak in through tenured employees who learn the system and rationalize a short-term “loan.” Insurance is not a substitute for controls, but it is a backstop for the things you cannot see coming.
Translating the jargon: crime policy, dishonesty bond, and third-party endorsements
The market language causes confusion. A dishonesty bond can be purchased as a standalone bond or as part of a broader commercial crime policy. In practice, most businesses end up with a crime policy that includes employee theft as the cornerstone, then adds coverage parts such as forgery or alteration, funds transfer fraud, computer fraud, money orders and counterfeit money, and social engineering endorsements. The term bond persists because fidelity insurance grew out of surety, but for your purposes, both function like insurance.
Third-party dishonesty coverage extends protection when your employee steals from a client while working on the client’s premises or with the client’s assets. If you run an IT managed services firm, a janitorial company, or a staffing agency, your contracts likely require this. The endorsement usually applies on a per-client basis and includes a per-employee limit. Pay attention to how the aggregate limit stacks when multiple clients are affected.
How much does it cost
Pricing varies by industry, internal controls, payroll size, and the limits you request. Entry-level dishonesty bonds with 100,000 dollars in limits for a low-risk office-based business often run a few hundred dollars per year, sometimes under 500 dollars if your controls are tight and you have no prior losses. As you approach limits of 1 million dollars and beyond, rates typically increase nonlinearly, with underwriters asking pointed questions, sometimes requiring copies of audited financials or proof of dual control over cash and wire transfers.
If you handle client funds, operate in cash-heavy environments, or have a loss history, expect higher premiums. When I helped a regional retailer with 40 stores and heavy cash deposits buy coverage, the difference between having two-person cash counts with rotating staff versus single-person counts was a 20 percent swing in premium. Underwriters price behavior, not just exposure.
The step-by-step path that actually works
There is a clean sequence that avoids delays and coverage surprises. Think of it as preparing the underwriter’s story and then giving them what they need to say yes at a fair price. The following is the first of two lists in this article.
- Map your exposure: identify where employees touch money, securities, or property, both yours and your clients’. Decide on limits and scope: pick a loss amount that would hurt, decide if you need third-party coverage, and note any contractual requirements. Document internal controls: write down how you separate duties, authorize payments, manage cash, and review reconciliations. Select your channel: approach a specialized broker with crime experience or a carrier known for crime policies, and request quotes with identical specifications. Bind, implement, and train: finalize the policy, calendar notice and proof duties, and train management on reporting protocols.
That list looks simple, but details determine outcomes. Mapping exposure means walking through real workflows. If your office manager collects checks, logs them, and also posts to the general ledger, underwriters will flag the lack of segregation. If your crews have access to client property, the policy needs third-party dishonesty, and sometimes scheduled job classes.
Deciding on limits involves a candid look at your financials. I ask clients two questions: what single incident, if uninsured, would materially change your plans for the year, and what’s the largest realistic theft scenario before someone notices? For a small nonprofit with 3 million dollars in annual donations, 250,000 to 500,000 dollars felt right because a larger loss would likely be detected by the board’s monthly oversight and bank reconciliation cycle. For a fintech custodian handling payment authorizations, 2 to 5 million dollars was more appropriate due to larger wire potential and longer detection windows in complex reconciliations.
Documenting controls is the best lever you have on price and eligibility. Underwriters look for dual authorization on outgoing wires, segregation between those who reconcile bank statements and those who issue checks, rotating duties or mandatory vacation for finance staff, timely bank reconciliations, and background checks calibrated to access level. If you use positive pay with your bank, say so. If your bank texts approvals to two officers and logs IP addresses, include screenshots. Facts beat assurances.
Selecting the channel matters more than many realize. Any broker can place a bond, but crime is a niche. A broker who places large commercial crime policies knows which carriers are competitive for your industry, which ones play well with third-party dishonesty, and how to negotiate wording. When I moved a client from a rider on their package policy to a standalone crime form, we eliminated a sneaky exclusion that carved out theft committed by employees with prior known dishonesty. The old form considered any HR write-up for “misconduct” to be knowledge, which would have nuked a claim.
Binding and implementation do not stop at paying the invoice. You need to store the policy, endorsements, and contact instructions where your controller and CEO can find them quickly. Add the insurer’s claim email and the broker’s mobile number to your incident response sheet. If you have clients requiring proof, ask for a certificate of insurance stating the third-party dishonesty limit and any required blanket position naming. Set a reminder 90 days before renewal to review limits, since your payroll and exposure will change.
The underwriting lens: how carriers evaluate you
Carriers do not guess. They use questionnaires and targeted interviews to assess your control environment. Expect questions such as whether the person reconciling bank statements has access to issue payments, whether you require countersignature or dual authorization for checks and wires above a threshold, and whether you perform inventory counts by someone independent of purchasing and receiving. They will ask about background checks, mandatory vacations for those in money-handling positions, and how quickly you perform monthly reconciliations.
Claims history counts, but underwriters differentiate. A prior loss that led to upgraded controls can be viewed positively. A prior loss where nothing changed is a red flag. I once worked with a wholesaler that had a 90,000 dollar theft by a long-time AP clerk who created ghost vendors. The owner installed a rule that any new vendor had to be approved by two people, used an external address verification, and enabled payee positive pay. The underwriter cut the renewal increase by half after seeing those changes.
Industry risk is baked into the rate. Cash-intensive businesses, companies with in-home services, and firms with privileged systems access face higher scrutiny. Conversely, software firms with clean separation between engineering and finance, no cash handling, and stringent bank controls often see better pricing.
Coverage scope you should insist on
The policy form matters. There are several areas where I encourage clients to push for clarity or specific endorsements.
- Third-party dishonesty if you service clients on-site or handle their funds. The endorsement should apply on a blanket basis to all clients, not only to scheduled ones, unless your operations are limited and you are certain scheduling is manageable. Discovery versus loss sustained form. Discovery forms respond to losses discovered during the policy period, regardless of when they occurred, subject to conditions. Loss sustained forms respond to losses that occur during the policy period and are discovered within a defined time after. Discovery is more forgiving for long-running schemes. If you accept loss sustained due to cost, insist on an extended discovery period. Definition of employee that fits your workforce. If you rely on temp agency staff or volunteers, ensure the form addresses them explicitly if you want coverage. Many nonprofits need a volunteer endorsement for fundraising events and thrift operations. Social engineering and funds transfer fraud. These are not the same as employee theft but often travel together in a crime policy. Social engineering endorsements can soften or eliminate exclusions that otherwise apply when an employee is tricked into transferring funds. The sublimit here is often small by default. Calibrate it to your typical wire sizes. Retroactive date and continuous coverage. Crime policies are sensitive to gaps. If you change carriers, ask for continuity of coverage or an extended discovery period on the expiring policy so that long-running losses do not fall into a gap.
That short list is the second and final list permitted in this article. Everything else we can address in prose.
Common pitfalls that derail claims
Over my career, I have seen the same claim problems appear repeatedly.
The first is delayed discovery and late notice. Most forms require that you notify the carrier as soon as practicable after learning of a loss. If you wait months while you investigate internally, the insurer can argue that you prejudiced their ability to evaluate and mitigate the loss. Best practice is to notify at suspicion with a brief note that you are investigating a potential fidelity loss, and then update as facts develop.
The second is weak evidence. Underwriters and claim adjusters need proof that an employee committed theft and a reasonable calculation of the amount. Bank statements, general ledger entries, vendor files, email authorizations, and point-of-sale logs matter. Handwritten notes and verbal admissions help but rarely stand alone. In a case where cash skimming occurred, a client used daily close reports, deposit slips, timestamped camera footage, and exception void logs to triangulate missing cash over a four-month window. That package closed the claim faster than any single source could.
The third is coverage misalignment with reality. A tech services firm had a third-party dishonesty requirement in their master service agreements, but their bond only covered first-party employee theft. When a field engineer stole 60,000 dollars in equipment from a client’s server room, the claim was outside the first-party grant. Amending the policy mid-term did not retroactively fix the hole. If a contract demands a specific clause, send that clause to your broker and get it confirmed in writing, reflected on the certificate and endorsements.
Another trouble spot is knowledge of prior dishonesty. Many forms say that coverage does not apply to loss caused by an employee after you learn of any dishonest act by that employee. The threshold is low. If a manager knows an employee altered petty cash logs for personal use and keeps them in a cash-handling role, later theft may be excluded. Align HR discipline with risk management. After any confirmed dishonesty, remove the person from access or terminate.
Finally, inventory shrinkage claims often struggle without a forensic approach. Generic shrink percentages will not satisfy a crime adjuster. You need cycle counts, variance analyses, receiving logs, and controls around returns. I have had success when the business could isolate the time frame, show custody, and rule out vendor and customer fraud.
Contracts, certificates, and what clients really check
If a client requires a dishonesty bond, the requirement will usually sit in the insurance section of the contract and read like this: evidence of employee dishonesty insurance with a limit not less than 250,000 dollars per occurrence, including third-party coverage in favor of Client. Sometimes they require blanket position coverage, meaning coverage applies to all employees up to the limit, rather than scheduling individuals.
Clients often ask for a Axcess Surety applications certificate of insurance. A standard certificate does not change coverage, it just reflects what your policy includes. If the client’s counsel wants specific wording, such as client name included as loss payee for third-party dishonesty, the carrier must agree and issue an endorsement. Do not promise wording you don’t have. If time is tight, get the broker to issue an evidence-of-coverage letter while the endorsement is pending, but keep the contract unsigned or contingent if possible Axcess Surety until the endorsement arrives.
Expect audits from prime contractors or large enterprises. They will request your policy pages for the crime coverage, not just the certificate. Keep a clean copy that shows the insuring agreement, limits, definitions, exclusions, and endorsements. Black out premium amounts if you prefer, but do not edit the form language.
How to size your limit with data and judgment
Choosing a limit is both quantitative and qualitative. Start with exposure mapping. What is the largest amount a single employee can move or access without real-time oversight? For cash businesses, that might be the maximum weekend deposits sitting in a safe plus the safe drop from the previous day. For AP, it could be the vendor payment run cap. For T&E cards, aggregate limits across cards during a cycle. For inventory, what is the realistic volume that can disappear before a cycle count reveals it?
Next, consider detection windows. A scheme that can run for months, such as ghost vendors, merits a higher limit than a scheme that is typically caught in days, such as register skimming with daily deposits and reconciliation. Finally, check external constraints. Contracts and lender covenants may set minimum limits. Balance all of that with your budget. A common approach is to set a base limit for employee theft and a lower sublimit for third-party dishonesty if your client exposure is modest, or vice versa if you primarily operate on client sites.
If you are unsure, ask your broker to show you pricing at two or three limit options. The marginal cost of moving from 250,000 to 500,000 dollars is often reasonable, while jumping to 1 million dollars can be a larger leap.
Working with banks and controls to reduce both risk and premium
Insurers reward bank controls. Positive pay, ACH debit blocks, tokens for wire initiation, and enforced dual authorization reduce loss probability. They also influence endorsements. Some social engineering coverage requires that you follow a callback procedure to a known number before funds move. Write your bank callback requirement into your internal policy. If a caller pressures your staff to bypass it, the policy gives them cover to say no.
Mandatory vacations are surprisingly effective. Many schemes collapse when the perpetrator cannot maintain them daily. Requiring two consecutive weeks of vacation for anyone with payment authority or reconciliation duties is a signal to underwriters and a real control. If you cannot spare two weeks, rotate duties for ten business days.
Background checks should be proportionate. You do not need a federal search for a part-time cashier but do consider a criminal and credit check for your controller or anyone with wire authority. Be consistent and document your policy to avoid claims of unfairness.
The purchase calendar: how long this takes and who needs to be involved
For most small to mid-sized businesses without unusual complications, you can complete the process in one to two weeks. Day one, gather your internal controls information and loss history, including any police reports. Day two to four, your broker markets the risk to carriers and returns quotes. Day five to seven, you review forms and decide on a carrier, then bind coverage. If you need customized endorsements or higher limits that require underwriter management approval, add another week.
Involve your controller or CFO, the person who manages bank relationships, and whoever owns client contracts. The person who knows the workflow usually surfaces the small facts that make a big difference to underwriters, like the daily reconciliation practice or the physical separation of receiving and purchasing offices.
How claims actually unfold
If you suspect a loss, pause, document, notify, and preserve evidence. Do not confront the suspected employee alone or allow them to access systems after you raise the alarm. Your broker can connect you with a forensic accountant approved by the carrier. Carriers will ask for a proof of loss, which is a formal statement with supporting schedules. Timelines vary, but plan for 30 to 90 days of back-and-forth if the loss is complex. Many carriers pay partial amounts as elements are proven, then finalize the remainder.
Law enforcement involvement helps but is not always required. Some carriers ask you to file a police report. Even when optional, a report adds credibility and can deter the employee from disputing facts. Recoveries from the perpetrator or from seized assets offset the insurance payment, but that is the carrier’s problem after they indemnify you. Coordinate with counsel to avoid prejudicing subrogation rights.
Nonprofits and small businesses: special notes
Nonprofits often rely on concentrated trust with a few staff and volunteers. That is fertile ground for undetected fraud. A modest bond with volunteer coverage goes a long way. Require two signatures for checks over a reasonable threshold and ensure bank statements are reviewed by a board member who does not issue checks. For small retailers and restaurants, invest in daily cash controls: count drops by two people, rotate closers, and reconcile to sales reports before deposit.
Microbusinesses sometimes assume that because the owner reviews everything, they are safe. Owners get busy. A thief who understands your routines can time their actions. At minimum, enable bank alerts for transactions above a set limit and review ACH batches before release.
Final checks before you bind
Before you authorize purchase, sit with the declarations page and the core form. Confirm the limits for employee theft and any sublimits for third-party dishonesty, funds transfer fraud, and social engineering. Verify the named insured matches your legal entity, including subsidiaries that need coverage. Read the definition of employee and confirm it matches your workforce. Scan the exclusions for anything that conflicts with your operations, such as a broad inventory exclusion if you are inventory heavy. Confirm discovery or loss sustained status and any extended discovery periods. If you changed carriers, check continuity dates.
Ask your broker to provide a brief coverage summary highlighting any special conditions you must follow. Save that summary with your incident response plan.
A quick word on the keyword in practice
People often search for dishonesty bond without realizing it sits inside crime insurance. That is fine. When you talk to a broker, say you need a dishonesty bond with third-party coverage if clients require it. Good brokers will translate that into a crime policy with the right insuring agreements and endorsements. What matters is that, if an employee commits theft or fraud that creates a direct loss to you or your client, you have a contract that responds, without hand-wringing over semantics when the stakes are high.
The payoff of doing it right
Buying a dishonesty bond the right way is not about buying a piece of paper. It is about forcing a conversation inside your company about who can move money, who approves changes to vendor files, who reconciles the bank, and who steps in when someone is out of office. Underwriters favor companies that run that playbook, and claims pay more smoothly when the groundwork is solid. The premium is a line item. The real value is sleeping at night knowing that a single bad choice by one person will not derail the entire business.
Once you have the policy in place, keep it alive. Review controls annually, adjust limits as revenue and transaction sizes grow, and treat contract requirements as living documents. If your operations change, a quick call to your broker can prevent a coverage gap. When the day comes that you need the bond, you will be grateful for every boring detail you squared away in advance.