Fiduciary liability insurance and fidelity bonding are easily confused. A fidelity bond is a contract under which the issuer of the bond, typically a surety company or an insurance carrier, agrees to reimburse a benefit fund for losses caused by theft, fraud, or other dishonest acts covered by the bond. A fidelity bond covers losses due to intentional acts to deprive a benefit fund of fund assets. By contrast, a fiduciary insurance policy covers losses caused by negligence or other acts or omissions not intended to cause the benefit fund to lose assets. But unlike fiduciary insurance which is discretionary, fidelity bonding is mandatory under ERISA.
Who must be bonded? The ERISA standard is that each person who handles plan assets must be bonded. The ideal bond not only names the plan as the insured and covers the plan’s trustees and employees, but also covers any natural persons employed by a vendor who would be required to be bonded. The reason is that fund assets are often handled by third parties. Euclid Fiduciary’s coverage is even broader, expanding coverage to “… any other natural person who handles Employee Benefit Plan assets, whether or not required to be bonded …” With this language, coverage is automatic not only for the employees of a plan vendor, but also for the employees of entities typically exempt for ERISA’s bonding requirements, such as banks and insurance companies. An employee of a non-fiduciary service provider would also be covered if they embezzle plan assets. The key provision to review is the definition of “Plan Official” or “Employee” to ensure that your bond meets the ERISA requirement.
PRACTICE POINTER: Most plans choose their bond based on the lowest possible premium. This has led many plans to select bonds that only cover standard “Employee Theft,” but do not meet the ERISA fraud and dishonesty standard. Given that fidelity bonds are so inexpensive, it is imperative to pay the small additional premium to ensure that your bond meets the broader ERISA standard.
Broader coverage is available, including for third-party computer fraud, wire fraud and forgery, which is becoming increasingly important for benefit funds operating in the modern era. Indeed, because many financial records are maintained and transactions conducted with computers, the risk is that third parties can hack into computer systems to steal plan assets. Fiduciaries should consider purchasing third-party computer fraud, wire transfer fraud, and forgery coverage to provide protection for these types of losses.
Payment Instruction Fraud: A growing threat to businesses is the rise of “social engineering fraud” or “payment instruction fraud.” In these schemes, scammers use official-seeming email communications to induce company employees to transfer company funds to the imposters’ account. Most crime insurers have taken the position that payment instruction fraud is not a covered direct loss because the schemes do not involve a “hacking” of the company’s systems – rather the actual fund transfers are considered an indirect loss because they are voluntarily committed by an insured person with such person’s knowledge or consent. Payment Instruction Fraud coverage is nevertheless crucial because of the growing number of social engineering schemes to trick plan officials into sending plan assets. This coverage will usually be sublimited and may require additional application disclosures to confirm plan controls to guard against social engineering scams.
What limit of liability is required? The bond limit is for each person required to be bonded and must equal ten (10) percent of the plan assets “handled,” subject to a minimum limit of $1,000 and a maximum required limit of $500,000. This maximum limit of liability increases to $1,000,000 if a plan’s assets are invested in securities of any sponsor or contributing employer, unless these investments are via a “pool” such as a mutual or index fund.
PRACTICE POINTER: The ERISA limit requirement is the maximum required, but not necessarily the correct amount for your plan. For plans with assets in the tens or hundreds of millions, or even billions, trustees should consider higher limits.
ERISA does not allow for a deductible on the “fraud” or “dishonesty” coverage for the required $500,000 or $1,000,000 limit of liability, however any additional third-party coverages may contain a deductible.
ERISA compliant bonds should contain an inflation guard provision which provides for an increased bond limit should the plan grow in assets during the policy period, thus requiring a higher limit to satisfy the ERISA minimum limit requirement. For policies covering more than one plan on the same policy, a provision allocating ERISA’s required limit to each plan should be included to ensure that a covered loss which affects more than one plan does not exhaust the limit.