Nonprofits face a higher-than-average risk of employee theft, volunteer fraud, and funds-transfer scams — yet most general liability and D&O policies exclude crime losses. Commercial crime insurance fills that gap by reimbursing direct financial losses from dishonest acts, forgery, computer fraud, and social-engineering theft. Annual premiums for a small-to-midsize nonprofit typically run $500–$2,500, with limits most grant-makers and state charity regulators require starting at $100,000–$250,000.
Who this is for: 501(c)(3) and other tax-exempt organizations — charities, foundations, houses of worship, social-service agencies, arts groups, and membership associations — that handle donated funds, payroll, or grant disbursements.
TL;DR — Key Takeaways
- Commercial crime policies cover employee dishonesty, forgery, funds-transfer fraud, computer fraud, and money-and-securities theft; your D&O and GL policies do not.
- Nonprofits are disproportionately targeted: the Association of Certified Fraud Examiners (ACFE) finds nonprofits lose a median of $75,000 per fraud scheme, and schemes run undetected for an average of 14 months.
- Most foundations and government grant-makers now require proof of crime coverage — often $100,000 minimum — before releasing funds.
- Premiums are modest relative to exposure: $500–$2,500/year for most small nonprofits, scaling to $5,000–$15,000+ for large organizations with high-dollar grant portfolios.
- Coverage is claims-discovered (not occurrence-based), so timing of discovery — not when the theft happened — triggers the policy.
Why Nonprofits Are a Prime Target for Internal Fraud
Nonprofits operate in an environment that unintentionally creates fraud risk: lean staffs prevent segregation of duties, high volunteer turnover limits vetting, the culture of trust discourages skepticism, and financial controls are often underfunded. The ACFE's Report to the Nations consistently shows that organizations with fewer than 100 employees suffer the largest median fraud losses because the same person often handles both authorization and recordkeeping.
Common loss scenarios in the nonprofit sector:
| Loss Type | How It Happens | Typical Dollar Range |
|---|---|---|
| Employee dishonesty / theft | Bookkeeper skims from donation deposits or payroll | $20,000–$500,000+ |
| Funds-transfer fraud (social engineering) | CFO receives spoofed CEO email; wires grant money to fraudster | $50,000–$2,000,000 |
| Forgery / alteration | Board treasurer alters checks payable to the org | $10,000–$100,000 |
| Computer fraud | Hacker gains access to accounting software; reroutes ACH payments | $25,000–$500,000 |
| Money & securities | Cash donations stolen from events or safe | $5,000–$50,000 |
| Credit / debit card fraud | Org card used by employee for personal purchases | $5,000–$30,000 |
What Commercial Crime Insurance Covers (and Excludes)
Covered
A standard commercial crime policy (ISO CR 00 20 or equivalent) for a nonprofit typically includes:
- Employee Dishonesty (Insuring Agreement A) — Covers loss of money, securities, and other property caused by a dishonest act of any employee, including paid staff and, when endorsed, volunteers and contract workers.
- Forgery or Alteration (B) — Covers losses from forged or materially altered checks, drafts, promissory notes, or similar instruments.
- Computer Fraud (C) — Covers transfer of funds initiated by unauthorized computer access to the nonprofit's systems.
- Funds-Transfer Fraud (D) — Covers loss from a fraudulent instruction directing a financial institution to transfer funds from the nonprofit's account. Social-engineering (deception) fraud, where staff are tricked into sending the funds, is a separate coverage; confirm it is explicitly included — many forms add it only as a sublimit or optional endorsement.
- Money & Securities (E) — Covers theft, disappearance, or destruction of money and securities, on premises or in transit.
- Money Orders and Counterfeit Money (F) — Less common, but available.
Excluded (Common Exclusions)
- Acts committed by owners or officers who have majority ownership control (though most nonprofits have no ownership, so this is rarely an issue)
- Inventory shortages discovered only by taking physical inventory, unless supported by direct evidence of theft
- Trading losses (stocks, crypto speculation)
- Indirect losses such as reputational harm or lost future donations
- Losses already covered under a separate fidelity bond
How Commercial Crime Differs from Fidelity Bonds and D&O
| Coverage | What It Pays | What It Misses |
|---|---|---|
| Commercial Crime Policy | Direct money/property losses from dishonest acts, computer fraud, forgery | Regulatory fines, reputational harm, claims from third parties |
| Fidelity Bond (ERISA or public official) | Employee theft of plan assets (ERISA bond) or public money | Broader crime scenarios; computer fraud usually excluded |
| Directors & Officers (D&O) | Wrongful acts by directors/officers — mismanagement claims | Intentional theft or criminal acts are excluded by conduct exclusion |
| General Liability | Third-party bodily injury and property damage | Any financial/crime loss is excluded |
Many nonprofits carry all four; they are complementary, not redundant.
Nonprofit Commercial Crime Premium Ranges
Premiums depend on gross revenue (often the audit basis), number of employees, controls in place, and the limit/deductible selected. The figures below are illustrative market ranges — your actual quote will vary.
| Org Revenue | Limit | Deductible | Indicative Annual Premium |
|---|---|---|---|
| Under $500K | $100,000 | $1,000 | $500–$900 |
| $500K–$2M | $250,000 | $2,500 | $800–$1,800 |
| $2M–$10M | $500,000 | $5,000 | $1,500–$4,000 |
| $10M–$50M | $1,000,000 | $10,000 | $3,500–$10,000 |
| $50M+ | $2M–$5M+ | $25,000+ | $8,000–$25,000+ |
Premium credits (5–20%) are often available for: dual-signature requirements on checks above a threshold, annual audits by an external CPA, dedicated internal audit or finance committee oversight, and bank reconciliation performed by someone other than the bookkeeper.
How to Get Nonprofit Commercial Crime Coverage in 5 Steps
- Assess your exposure. Tally annual cash handled, grant receipts, event revenue, and payroll processed. Identify whether any single employee or volunteer can both authorize and execute a transaction without a second signer.
- Gather underwriting data. Carriers ask for: latest audited financials or 990, number of employees and volunteers with financial access, current controls (dual signatures, background checks, segregation of duties), loss history (prior 5 years), and any existing fidelity bond.
- Determine required limits. Check grant agreements and state charity registration requirements. Many state attorneys general require a fidelity bond or crime policy as a condition of charitable solicitation registration [verify state]. United Way and many community foundations require $100,000 minimum.
- Compare carrier quotes. An independent agency can access admitted carriers (Travelers, Chubb, Hartford, Philadelphia Insurance, AmTrust, Markel, and others) and surplus lines markets for larger or higher-risk accounts. Compare not just premium but covered insuring agreements — particularly whether funds-transfer/social-engineering fraud is included or sublimited.
- Bind and file certificates. Once bound, obtain a certificate of insurance (COI) for each grant-maker or state regulator that requires one. Your broker should be able to turn around COIs same day or next business day.
Real-World Illustrative Example: Mid-Size Human Services Nonprofit, Illinois
Organization: A social-services nonprofit in the Chicago suburbs with $3.2 million in annual revenue, 22 employees, and three government grants totaling $1.4 million.
The loss: The accounts payable clerk — a 6-year employee — created 37 fictitious vendor invoices over 22 months, routing $186,000 to a personal bank account. The fraud was discovered during an annual audit when the external CPA flagged unusual vendor concentration.
Coverage in action: The nonprofit carried a commercial crime policy with a $500,000 employee dishonesty limit and a $5,000 deductible. After investigation, the carrier paid $181,000 (the $186,000 loss minus the $5,000 deductible). The policy's "discovery" trigger covered the full 22-month theft period because the policy was in force when the fraud was discovered.
Without crime coverage: The loss would have been charged against operating reserves, potentially triggering a grant clawback from one Illinois DCFS contract that required 90-day written notice of material financial events.
This is an illustrative scenario based on typical claim patterns in the nonprofit sector. It is not a guarantee of coverage or payment in any specific claim.
Frequently Asked Questions
Do I need commercial crime insurance if I already have a fidelity bond?
These are distinct products. An ERISA fidelity bond is required by federal law for plan administrators of employee benefit plans — it protects the plan and covers only a narrow set of dishonest acts against plan assets. A commercial crime policy protects the organization's broader funds: operating accounts, grant receipts, event cash, and online transfers. Most nonprofits need both.
Does commercial crime cover volunteer theft?
Standard policies cover employees as defined in the policy — which typically means compensated staff. Theft by volunteers is usually excluded unless you add a "volunteers as employees" endorsement. Given that many nonprofits have volunteers handling cash at events or in thrift stores, this endorsement is highly recommended and costs relatively little.
Is social-engineering / CEO email fraud covered?
Social-engineering (CEO-email) fraud coverage is available but not automatic in most forms. It is typically added by a separate endorsement — often sublimited (commonly $25,000–$250,000) — rather than included in the base funds-transfer fraud agreement. Always confirm this is explicitly included at a meaningful limit — it is one of the fastest-growing loss types for nonprofits.
What's the difference between "occurrence" and "discovery" in crime policies?
Commercial crime policies are written on a discovery basis, not occurrence. Coverage applies to losses discovered during the policy period, regardless of when the theft occurred — as long as it happened after the retroactive date. This is important: a thief who stole for three years before being caught may be fully covered if the discovery happens while the policy is active. Loss sustained forms (an alternative current format) also exist; confirm which form you are buying.
How much crime coverage do my grant-makers require?
Requirements vary. Many community foundations and United Way chapters require a minimum of $100,000. Federal grantees under 2 CFR Part 200 (Uniform Guidance) may require coverage as part of internal control certifications, though the exact threshold is determined by the pass-through entity. State charity registration requirements vary by state [verify state]. Review each grant agreement's insurance exhibit.
Can I get crime coverage mid-year if I just won a grant that requires it?
Yes. Crime policies can be bound at any time with a short-rate or pro-rata premium for the stub period. Most carriers can issue a binder and COI within 24–48 hours for standard nonprofit accounts.
Does commercial crime cover cyber theft and ransomware?
Computer fraud insuring agreements cover unauthorized access leading to financial transfer — e.g., a hacker redirecting ACH payments. They do not cover ransomware extortion payments, data-recovery costs, notification expenses, or business interruption from a cyberattack. A separate cyber liability policy is needed for those exposures. Many nonprofits benefit from bundling crime and cyber with the same carrier for streamlined claims handling.
What deductible should a nonprofit choose?
Most small-to-midsize nonprofits select a $1,000–$5,000 deductible. A higher deductible ($10,000–$25,000) meaningfully reduces premium but shifts more first-dollar loss to the organization. Organizations with thin reserves should prioritize lower deductibles; those with strong reserve policies can trade deductible for premium savings.
Why Morrow for Nonprofit Commercial Crime
- Independent agency, multiple carrier relationships. Morrow places commercial crime with admitted carriers including Travelers, Chubb, Philadelphia Insurance, Markel, and others, as well as surplus lines markets for larger organizations — so you get a genuine market comparison, not a single-carrier quote. [Morrow to confirm current carrier appointments]
- Nonprofit specialization. We understand the funding landscape: grant covenants, state charity registration requirements, 990 audit schedules, and ERISA bond coordination. We help you structure limits that satisfy funders without over-insuring.
- Fast COI and certificate turnaround. Grant deadlines don't wait. Once coverage is bound, we issue certificates of insurance same-day in most cases — including additional-insured endorsements if required by a government contract.
- Bundling efficiency. Most nonprofits need crime alongside D&O, general liability, and cyber. Morrow can package these or place them strategically across carriers to optimize both coverage and cost — and coordinates renewal dates to reduce administrative burden.
- Claims advocacy. If you suffer a crime loss, we act as your advocate with the carrier — helping document the claim, meet proof-of-loss deadlines, and push for timely resolution so your operations are not disrupted during an already difficult period.
Get a Nonprofit Crime Insurance Quote
Ready to protect your organization's funds? Morrow's nonprofit team can deliver bindable quotes typically within one business day for accounts under $10M in revenue.
Request a Nonprofit Crime Insurance Quote →
Call or Email Morrow → [Morrow to confirm phone/email]
Trust strip: Licensed in [Morrow to confirm states] | Placing coverage with A-rated admitted and surplus lines carriers | [Morrow to confirm review count and rating platform]
Related Pages
- Nonprofit Insurance — Industry Overview
- Directors & Officers Insurance for Nonprofits
- Cyber Liability for Nonprofits
- General Liability for Nonprofits
- Commercial Crime Insurance — Coverage Overview
- What Does Commercial Crime Insurance Cost?
Author: [Senior Content Strategist, licensed P&C insurance professional — Morrow content team]. Published: June 2026. Last updated: June 2026.
Sources: - Association of Certified Fraud Examiners (ACFE), Report to the Nations on Occupational Fraud and Abuse (current edition) - Insurance Services Office (ISO), Commercial Crime Coverage Form CR 00 20 - National Association of Insurance Commissioners (NAIC), commercial crime product filings - U.S. Office of Management and Budget, 2 CFR Part 200 (Uniform Guidance for Federal Awards) - Internal Revenue Service (IRS), Form 990 instructions and nonprofit governance guidance - Insurance Information Institute (III), crime and fidelity coverage resources - State attorneys general charity registration requirements (varies by state)