chevron-down Created with Sketch Beta.
January 26, 2023 Feature

Solving the Jigsaw Puzzle of Employee Dishonesty Claims

Stefan Dandelles
Don’t assume that you understand fidelity coverage without consulting the case law or someone with expertise.

Don’t assume that you understand fidelity coverage without consulting the case law or someone with expertise. via iStock

Employee dishonesty is the quintessential coverage afforded by fidelity bonds. At first blush, employee dishonesty and employee theft insuring agreements appear self-explanatory. However, interpretation of fidelity bonds has not been immune to variance in judicial determinations nor the ever-changing methods by which employees steal from their employers, especially given the evolution of technology in business operations. But despite the complexity of today’s employee dishonesty claims, certain common patterns and themes remain constant. This article will explore and discuss the basics of fidelity coverage and walk through some of the more nuanced aspects of handling a fidelity claim.

Fidelity Bond History

Fidelity bonds can trace their lineage back to surety bonds, three-party agreements in which one party (the principal) owes an obligation to another (the obligee) that is secured by the third (the surety). One such obligation that sureties can secure is an employee’s obligation to remain faithful to an employer. However, surety arrangements required a separate agreement for each employee, which proved to be fairly cumbersome. This ultimately resulted in the advent of the two-party insurance contract with which we are accustomed.

The financial institution bond was created in the early 1900s in response to the rapid growth of the banking industry and the need for banks to obtain coverage for perils beyond employee dishonesty. In addition to fidelity coverage, these financial institution bonds covered other risks, such as the mysterious disappearance of property, robbery, and forgery.

Approximately 30 years later, mercantile crime and blanket crime policies (predecessors to the modern-day commercial crime policy) were created to provide coverage to “the average commercial organization” for risks such as infidelity, burglary, robbery, and forgery. The coverage afforded by these policies varied based on the needs of the insured entity.

Of course, at least one type of coverage has been consistently present in fidelity bonds: employee dishonesty coverage. The exact terms of fidelity coverage afforded by these bonds, however, have evolved over the years, often in response to courts interpreting the policies in ways unintended by the drafters. Therefore, it is important to carefully assess the subject bond’s language as such provisions will control over case law interpreting similar, but not identical, language.

The Fidelity Insuring Agreement

Fidelity coverage afforded by bonds can vary significantly. As such, claim professionals, even the most experienced who often “know it when they see it,” should always pay close attention to the often nuanced language of the bond. That said, there are two standardized fidelity insuring agreements currently found in financial institution bonds and commercial crime policies.

The first, the employee dishonesty insuring agreement, has evolved significantly over the years. Originally, employee dishonesty coverage indemnified against loss “through” any dishonest act committed by the insured’s employee. However, courts found that the term “dishonest” was open-ended and regularly seemed to construe the bond liberally in favor of insureds. To counteract these decisions that were turning the bond into credit insurance and contrary to the drafters’ intent, coverage under the bond was limited to dishonest acts committed with the “manifest intent” to cause a loss. Employee dishonesty insuring agreements, in their current form, generally provide coverage for

loss resulting directly from dishonest acts committed by an employee, whether identified or not, acting alone or in collusion with other persons, with the manifest intent to:

a. Cause you to sustain a loss; and

b. Obtain an improper financial benefit for:

(1) The employee; or

(2) Any person or organization intended by the employee to receive that benefit.

As used in this Insuring Agreement, an improper financial benefit does not include any employee benefits received in the course of employment, including: salaries, commissions, fees, bonuses, promotions, awards, profit sharing[,] or pensions.

Even with the changes to the employee dishonesty insuring agreement, courts still disagreed as to what constituted “manifest intent.” Moreover, some in the industry believed that the term “theft” would be more readily understood than “dishonest act with manifest intent.” As such, some insurers adopted “employee theft” language. The modern employee theft insuring agreement provides coverage for

loss of or damage to “money,” “securities[,]” and “other property” resulting directly from “theft” committed by an “employee,” whether identified or not, acting alone or in collusion with other persons.

For the purposes of this Insuring Agreement, “theft” shall also include forgery.

“Theft” is generally defined as the unlawful taking of money or other covered property to the deprivation of the insured.

Despite these variances, rest assured: the all-too-common sticky-fingered bookkeeper loss will typically satisfy any iteration of the insuring agreement.

Fidelity Coverage Analysis

Analysis of a fidelity claim will vary depending on whether it covers employee dishonesty or employee theft and based on the circumstances surrounding the fraudulent scheme perpetrated by the employee. However, certain coverage issues are always present in fidelity claims, regardless of the foregoing specifics.

Most jurisdictions employ a burden-shifting regime wherein the insured must first prove that the putative loss falls within the coverage granted by the policy. Thereafter, the burden shifts to the insurer to prove the applicability of an exclusion to preclude coverage. However, in reality and in practice, much of the claim investigation and coverage analysis is occurring simultaneously: the insured is gathering its supporting documentation, and the insurer is assessing the facts and circumstances while considering each required element of a covered loss.

Usually, a final determination of coverage cannot (and arguably should not) be made until all pertinent facts are known. At the outset, it may not be apparent what facts are pertinent or not, and it is therefore important to cast a wide net to gather as much information as possible to be in a position to view the loss from different angles. It is like a jigsaw puzzle—you start at the corners, work around the edges, then start filling in the middle so that you have a clear view of the image. In assessing coverage for a fidelity claim, we cannot simply get a sense of what the loss “image” looks like but rather must put all of the pieces of the puzzle together. As such, it is incumbent upon every claim professional to ensure that the insured has sufficiently answered the who, what, when, and how of any fidelity claim.

Who? First is the who of a claim, which is really a two-part inquiry: Who committed the acts causing the subject loss, and who suffered the loss? Is the individual involved an “employee,” as defined, and is the entity from which the individual purportedly stole an “insured,” as defined?

As an initial matter, fidelity bonds are drafted as first-party policies that provide coverage for losses sustained by the insured, not for losses sustained by a third party for which the insured is or may be liable. As such, it is important to identify the entity that suffered the purported loss because unless it is the insured, coverage is unlikely to be afforded. There are certain caveats to this premise, however. First, a policy’s ownership provision generally covers theft of money or other covered property held by the insured or for which the insured is legally liable (generally understood to mean a bail-type relationship). Second, the standard definition of “discovery” contemplates a third-party liability scenario whereby a third party seeks to hold the insured liable under circumstances that, if true, would constitute a covered bond loss (e.g., a lawsuit seeking to hold the insured liable for the loss or destruction of the plaintiff’s property in the insured’s custody or control at the hands of the insured’s employee). Moreover, it is increasingly common to find a client/customer property insuring agreement in fidelity policies that extends coverage to employee theft of customer property.

Modern fidelity bonds and crime policies contain relatively uniform definitions for “employee,” which generally require that the insured have a right to direct and control the individual and that the insured directly compensate the individual. However, as companies have evolved to retain and rely upon a nontraditional workforce to perform tasks, some policies have amended the definition to include persons who perform certain specified tasks for the insured or certain types of independent contractors. In interpreting these various definitions, courts will often look beyond the terms of an employee contract or retainer agreement and look to the individual’s actual functions, duties, and obligations to the insured.

In order to determine whether an individual is an employee, it is best practice to obtain a personnel file, employment contract, or retainer agreement for the individual. A review of this documentation should reveal whether the individual is an employee.

What? After the who comes the what portion of the analysis, which assesses what property was taken by the employee. In a simple embezzlement scheme where an employee steals from an insured’s accounts, the loss is the money taken from the accounts. However, issues can arise where a defalcating employee is involved in a kickback scheme containing a mix of legitimate and illegitimate services. Query what an insured loses if an employee retains a vendor that renders legitimate services to the insured at a fair price but pays a kickback to the employee for the procurement of the service contract. Likewise, determining the amount of a loss can be difficult where an employee makes a combination of authorized and unauthorized purchases. As previously noted, it is the insured’s burden to prove that a loss (from both a liability and quantum perspective) satisfies the insuring agreement. Therefore, the insured must prove that purchases or expenses incurred were actually dishonest or unlawful rather than just ill-advised or even in violation of company policy.

In addition to determining what was lost, a claim professional must always consider from the outset whether what was lost can be recovered and/or other potential sources of recovery that arise from the employee infidelity which may offset the loss.

Determining the what is often a time-consuming exercise as it involves a review of each purportedly dishonest transaction perpetrated by an employee. Claim professionals should be sure to obtain full and complete records detailing the amounts purportedly taken by the employee, including items such as credit card statements, invoices, audit reports, general ledgers, and bank statements (depending on the scheme perpetrated by the employee).

When? Following the what comes the question of when the loss was sustained and discovered. Financial institution bonds were originally written on a “loss sustained” basis, i.e., coverage was afforded for losses sustained during the policy period, regardless of when the loss was discovered. However, modern financial institution bonds and commercial crime policies are typically written on a “loss discovered” basis, i.e., coverage is afforded for losses discovered during the policy period or any applicable “discovery period.”

This component of the analysis requires the claim professional to consider, cumulative of the earlier steps, who knew what when. The standard definition of “discovery,” the triggering event under the typical bond, bears on when the insured (or a designated individual) first became aware of facts which would cause a reasonable person to believe that a loss of the type covered under the bond has been or will be incurred, even if all facts and circumstances surrounding same (including as to the amount of loss) are not yet known. It is critical to examine exactly when suspicions may first have arisen, who had such suspicions, and what was done in response to those suspicions. An insured that buries its head in the sand in the face of conduct that would cause a “reasonable person” to believe that a loss had or would occur may find itself on the outside looking in—i.e., if discovery was deemed to have occurred during a prior bond period, a declination of coverage may be warranted. Further, if discovery occurred earlier than as presented by the insured (even if within the instant bond period), the claim professional must also consider the timeliness of notice and submission of the proof of loss, both of which run from the date of “discovery.”

Accordingly, the question of when dictates whether the bond has been triggered (discovery) and whether an insured has abided by all the bond’s requirements and conditions precedent. Most fidelity bonds require that the insured provide notice “as soon as practicable” or within a set amount of time after discovery. The insured will also need to submit a sworn proof of loss detailing, “with full particulars,” the putative loss within a specific amount of time following discovery. Insurers may attempt to deny coverage where an insured fails to provide timely notice or a sworn proof of loss. However, there is a split of authority as to whether late notice or late submission of a proof of loss, without more, is sufficient to deny coverage.

How? After determining who, what, and when, the claim professional gets to the heart of the analysis—how—which is often complex as it bears on the core issue of whether the covered peril has been satisfied. How did the loss occur? Was it the result of an accounting error or other form of negligence? Or was there in fact a misappropriation, embezzlement, or some unlawful act that directly caused the loss? If so, the claim professional must go further to understand how the subject property was misappropriated. Did the employee simply reach into the company till and take physical cash? Was it a vendor kickback scheme? Was a computer involved in the subject transactions and/or transfer of funds? Did the scheme involve payroll or expense reimbursement? Was there a falsification or alteration of documents that helped facilitate or cover up the misappropriation? Obtaining answers to these and other questions is necessary to determine whether the scheme constitutes a dishonest act with the manifest intent to cause a loss or an unlawful taking, respectively, as required by the insuring agreement, and whether the subject conduct directly caused the claimed loss.

While employee theft language was created to alleviate confusion with respect to “manifest intent” language, certain policies still utilize the older employee dishonesty language. Unfortunately, federal and state courts continue to disagree on the precise meaning and application of the “dishonest act with manifest intent” requirement. While “dishonest act” arguably, in and of itself, requires some sort of intent to deceive, most courts have interpreted the term broadly. The “manifest intent” language was intended to limit coverage for dishonesty claims to embezzlement-like conduct. However, courts still struggle with the exact requirements posed by the manifest intent language. This disagreement has produced three tests to analyze the issue of manifest intent: (1) the “objective approach” focuses on the natural consequences of the employee’s actions instead of the employee’s state of mind; (2) the “substantial-certainty test” analyzes whether the employee knew the conduct was substantially certain to cause a specific result; and (3) the “specific-intent approach” assesses whether the employee acted “with the specific purpose or desire to both injure the insured and obtain a benefit.” Fortunately, for run-of-the-mill embezzlement losses, these tests generally result in the same outcome (i.e., an employee who steals from an insured’s cash register would satisfy any of the foregoing tests).

Under the employee theft standard, an insured must prove that an employee “unlawfully took” property to its deprivation. In determining unlawfulness, some courts may apply a state’s criminal laws to an employee’s conduct. Other courts have taken a broader and more wholistic approach to lawfulness by analyzing whether the average insured would believe its employee’s conduct was an unlawful taking. Courts have also grappled with the exact conduct necessary to constitute a taking. Some have required more affirmative action and control over the property by the employee. The current trend, however, appears to interpret “unlawful taking” broadly.

In order to determine whether the circumstances surrounding a putative loss satisfy employee dishonesty or employee theft insuring agreements, a claim professional should discuss the scheme in detail with the insured and obtain supporting documentation of the putative fraud perpetrated by the employee. Typically, what comes with the proof of loss will not be sufficient to satisfy the claim professional that every box is checked leading to a covered loss. Multiple conversations, requests for information, and possible examinations under oath or other in-person meetings are often warranted. Often, the answer to one question leads to other questions—the insured should be apprised of the process from the outset to manage expectations so as to avoid the “Here’s my proof of loss. When do I get my check?” inquiry.

Further, identifying the steps in the employee’s scheme is necessary to determine whether a loss results directly from employee dishonesty or employee theft. The first step in this analysis is to identify the jurisdiction whose law applies to the interpretation of the bond. Despite the insuring agreement explicitly requiring that the loss result directly from the covered risk, some jurisdictions have applied a broader proximate cause standard. For courts applying the “direct means direct” approach, loss occurs where there is an “actual depletion of [the insured’s] funds caused by the employee’s dishonest acts.” For courts applying the proximate cause standard, coverage is afforded where a covered peril “sets other causes in motion which, in an unbroken sequence and connection between the act and final loss, produces the result for which recovery is sought.” Once it is determined which standard applies, a claim professional will want to assess the timeline of purported misappropriation and any intervening factors that may break the causal connection between the employee’s conduct and the insured’s loss.

Finally, some insureds may attempt to expand coverage by arguing that a single loss is actually multiple losses, which opens up multiple per-loss limits under the bond. This argument is a double-edged sword, however, in that multiple losses also mean that multiple per-loss retentions apply. Typical “single loss” policy wording is clear and broad enough to effectively address this without significant dispute. However, if necessary, courts will generally look to the cause of the loss and the nature of the scheme to determine whether it stems from a single act or series of acts perpetrated by the same person or related persons. Understanding how the employee perpetrated the fraud is vital to determining the number of putative losses suffered by the insured.

Exclusions and Other Provisions

Of course, satisfying the insuring agreement is only part of the analysis. A claim professional must also determine whether any exclusions or other provisions apply to preclude coverage. While there are many exclusions that could potentially apply to preclude coverage depending on the specifics of a claim, certain exclusions and provisions are more commonly triggered.

For instance, related to the question of directness is the indirect/consequential loss exclusion. This exclusion precludes coverage for a loss that is an indirect result of a covered act or occurrence. This will often preclude lost business opportunities or potential income not realized as a result of an employee theft.

Prior knowledge exclusions and/or bond termination provisions will preclude or terminate coverage for an employee with a history of prior theft of which the insured has knowledge. Some courts hold that a bond never goes into effect with respect to an employee if, before the bond incepts, the insured is aware of the employee’s prior dishonest or fraudulent acts. Others, however, have held that a bond cannot “terminate” until it is in existence and therefore termination provisions are not triggered by dishonest acts discovered prior to the bond. In response to this unintended split, modern fidelity bonds may contain cancellation or termination provisions that preclude coverage for employees with known prior dishonest acts, regardless of when the acts occurred. The language used in the bond is key to analyzing the fact scenario at hand.

Fidelity bonds generally also contain a voluntary parting exclusion precluding coverage for an insured that voluntarily parts with property to a third party. This exclusion is potentially triggered where an employee induces the insured to voluntarily make purchases or where the employee convinces the insured to voluntarily pay off a corporate credit card with fraudulent purchases therein.

The inventory loss exclusion precludes the insured from proving a covered loss solely on the basis of an inventory comparison or similar computation, absent some proof of employee theft or dishonesty. Courts have created three standards when applying the inventory loss exclusion: (1) the “absolute” exclusion precludes coverage where the existence and amount of loss is dependent on an inventory comparison; (2) the “exclusion with an exception” allows an inventory comparison where the insured can prove employee theft or dishonesty with evidence completely separate from such comparison; and (3) the “conclusive proof” standard allows the insured to use inventory computations to establish the extent of the loss where the insured submits separate evidence conclusively proving employee dishonesty.

Finally, the alter ego doctrine allows an insurer to assert a defense to coverage where an insured is totally dominated and controlled by the defalcating employee. Under the contractual alter ego doctrine, the dominating individual fails to constitute an employee since the insured does not control the individual. The equitable alter ego doctrine precludes coverage on the basis that it would be unjust for an individual with complete control over an insured to recover for the individual’s own fraudulent acts.

These are some of the potentially applicable exclusions and provisions, but remember, the policy terms rule! Be sure to carefully review each term, condition, and exclusion of the bond for other potentially applicable provisions.

Fidelity Claim Example and Checklist

While the foregoing coverage issues are certainly not intended to be exhaustive, evaluation of employee dishonesty claims generally follows a similar pattern. Take, for instance, a scenario in which the controller of an insured automotive dealership, ABC Auto, has been understating the dealership’s sales in the books in order to hide funds that he has been taking from the dealership’s operating accounts. This is a fairly straightforward embezzlement claim that likely proceeds in the following manner after notification of the loss (which often will not provide much detail).

  1. The insurer issues an acknowledgment letter and general reservation of right with a blank proof of loss form citing to the bond’s proof of loss deadline (triggered of course by the date of discovery, which may not at this point be known and is subject to investigation as discussed above).
  2. Next, it typically helps to have an introductory phone call with the insured (and broker) to discuss the overall claim process, gather known facts and the status of the internal investigation to date, determine whether any criminal authorities have been identified and the status of any such investigation or prosecution, identify items you would expect to see in the forthcoming proof of loss, identify any potential recovery sources and determine any immediate steps that can or should be taken to secure same, and discuss a general timeline of the next six to 12 months and beyond.
  3. Upon receipt of the sworn proof of loss with supporting documentation, a review will reveal whether additional information and documentation are needed (which is almost invariably the case).
  4. Assuming additional information is necessary, the insurer will issue requests for information seeking specific documentation needed to fully assess the following coverage issues:
    1. Is the controller an employee of ABC Auto, as that term is defined? Request personnel files and employment contracts.
    2. Who is the insured, and whose money was stolen? Request organizational charts and statements showing that property was taken from the insured.
    3. What and how much was stolen from the insured’s accounts? Request bank statements, financial documentation, and whether the insured anticipates any recoveries.
    4. What are the mechanics of the scheme perpetrated by the controller? Request a detailed narrative of the fraudulent scheme and documentation supporting same.
    5. Does the controller’s conduct constitute employee dishonesty or an employee theft?
      1. Employee dishonesty: Did the controller commit dishonest or fraudulent acts with the manifest intent to cause ABC Auto to suffer a loss and to obtain a financial benefit that was not a benefit earned in the course of employment?
      2. Employee theft: Did the controller unlawfully take money or other covered property to the deprivation of ABC Auto?
    6. Did the controller’s conduct result directly in a loss without any intervening factors? Request the insured’s policies and procedures pertaining to the prevention of similar embezzlement schemes.
    7. Are there any exclusions or other provisions that could limit or preclude coverage?


Employee dishonesty and theft coverage is the backbone of the fidelity bond, and case law interpreting the insuring agreement is vast. Nevertheless, courts still disagree on the requirements, scope, and extent of coverage provided by such insuring agreements. Therefore, when analyzing potential coverage, it is important to remain cognizant of the evolving landscape of fidelity coverage and be mindful of the myriad methods by which employee theft can occur.

    The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.

    Stefan Dandelles

    Kaufman Dolowich Voluck LLP

    Stefan Dandelles is a co-managing partner of Kaufman Dolowich Voluck’s Chicago office and chair of the firm’s fidelity and crime practice group. He regularly handles complex insurance coverage matters involving financial institution bonds, commercial crime policies, employment practices liability, directors and officers liability, and bankers’ professional liability.