Adams Stirling PLC
Menu

FIDELITY BOND & CYBER CRIME INSURANCE

Fidelity Bond Required for HOAs


Beginning January 1, 2019, associations must purchase what the statute calls a "fidelity bond." (Civ. Code § 5806.) This is in addition to D&O Insurance.

Terminology. Although the statute calls it a fidelity bond, associations will purchase an insurance policy covering employee dishonesty (fidelity) and non-employee theft. A bond is a three-party arrangement; insurance is not. The preferred terminology is a Fidelity/Crime policy. The policies are two sides of a coin. On one side is Fidelity/Employee Dishonesty coverage, and on the other side is non-employee crime coverage.

Employee Dishonesty. Employee dishonesty coverage protects an association against dishonest acts such as embezzlement committed by an employee as defined by the policy. In a common interest development, the definition of “employee” must be broadened to include the board of directors as non-compensated employees of the association, as well as the community manager and management company.

Computer and Funds Transfer Fraud. This protects against dishonest acts committed by third parties. Unlike a typical local embezzler who would be inclined to steal a little bit at a time to avoid detection, these individuals don't live in the association, are not on the board, and have no emotional connection to the community. Depending on their geographic location, they may feel they are unlikely to be tracked down and prosecuted for the crime. As a result, they are more likely to transfer as much money as they can, as quickly as possible, from an association's accounts.

Standalone Policy. Associations should explore standalone policies. Sometimes, coverage in an association's Master Package Policy does not comply with Davis-Stirling or Fannie Mae and Freddie Mac requirements. Sometimes they do not cover wire transfer fraud, computer fraud, or social engineering. Boards should ask if the policy covers the following:

  • Fidelity. Employee theft, ERISA fidelity with a defined benefits plan, and client property.
  • Forgery or Alteration. Loss caused by forgery or alteration of a financial instrument.
  • Premises Coverage. Robbery, theft, or safe burglary.
  • Transit Coverage. Robbery or theft of money or destruction or disappearance of money while in transit.
  • Computer Crime. Losses from computer fraud by someone who has gained unauthorized access to the association's computer system and losses due to a computer virus designed to damage or destroy electronic data.
  • Restoration Expense. Reasonable costs incurred restoring a computer system following a computer crime.
  • Funds Transfer Fraud. Loss of money resulting from a fraudulent instruction directing a financial institution to transfer, pay, or deliver it from the association's account.

Amount of Coverage. As required by Civil Code § 5806, associations must:

  • Purchase a fidelity policy with coverage limits in an amount equal to or greater than the combined amount of the reserves and total assessments for three months unless the governing documents call for greater limits),
  • Cover all persons handling funds, including officers, directors, employees, managing agents, and the management company and
  • Include "computer and funds transfer fraud" in the policy coverage in the same amount or greater (unless the governing documents call for greater limits).

Management Companies. Management companies should carry their own fidelity insurance to protect against losses resulting from the dishonest acts of management company employees. In March 2012, the Federal Housing Administration adjusted an element of the certification requirement for condominium associations. Previously, management companies had to provide a separate fidelity bond insuring the association and themselves (creating insurance problems for management companies). The FHA is dropping the requirement for those management companies named as additional insured on the association's policy. However, Fannie Mae requires management companies to carry out their fidelity coverage. Recommendation: Boards wanting to meet FHA and Fannie Mae requirements should talk to their association's insurance broker.

Reporting Requirements. Actual and potential claims must be reported to the association's insurance carrier in a timely manner, or the association may lose coverage.

Internal Controls. Internal controls can help avoid losses but cannot guarantee it. Thus, there is a need for insurance.

Cyber Crime Insurance is Now Required


Associations are increasingly vulnerable to liability for cybersecurity breaches involving electronic data. Their files may be compromised or lost by viruses, hackers, and cyber thieves. It can also be lost through old-fashioned theft of computers, laptops, flash drives, and smartphones. See the 2018 Survey of Cybersecurity in Community Associations by the Foundation for Community Association Research. "Cyber Crime Insurance" covers security breaches and losses from internal or external threats to an association's internet and networks. Coverage may include:

  • financial losses
  • costs related to notifying members of a breach
  • lawsuits resulting from a data security breach
  • errors and omissions by an association
  • business interruption
  • data restoration
  • privacy liability

Insurance Review. Cyber insurance varies widely from company to company, and boards need to inquire about coverage to ensure it's appropriate to their needs before purchasing a particular policy.

ASSISTANCE: Associations needing legal assistance can contact us. To stay current with community association issues, subscribe to the Davis-Stirling Newsletter.

Adams Stirling PLC