Free CAIB 3 Practice Questions: Crime Insurance

Use this page to isolate Crime Insurance before returning to mixed CAIB 3 practice.

Topic snapshot

Sample questions

These are original Finance Prep practice questions aligned to this topic area. They are not official CAIB exam questions, copied live-exam content, or exam dumps. Use them for self-assessment, scope review, and deciding what to drill next.

Question 1

Topic: Crime Insurance

A contractor reports that an accounts payable clerk changed supplier banking details after receiving a convincing email. The supplier now says it was never paid. The broker advises the client to preserve the email trail and bank records, report the matter promptly to the insurer, and strengthen controls such as independent call-back verification and dual authorization. The broker does not tell the client that the crime policy will pay because the facts and policy wording must be reviewed. Which CAIB 3 concept best matches the broker’s response?

• A. A binding confirmation that funds transfer fraud coverage applies to the loss
• B. A claims settlement decision made by the broker on behalf of the insurer
• C. A guarantee that social engineering losses are always covered by crime insurance
• D. Loss prevention advice without promising coverage for the disputed payment loss

Best answer: D

What this tests: Crime Insurance

Explanation: For a suspected social engineering or fraudulent payment loss, a broker can help the client identify immediate steps: preserve evidence, notify the insurer, report to the bank or authorities where appropriate, and improve controls to reduce future losses. That is different from promising that a crime policy will pay. Coverage may depend on the exact wording, endorsements, exclusions, conditions, authorization facts, discovery or notice requirements, and insurer investigation. A broker should explain the process, document the client’s instructions and communications, and avoid statements that could be taken as claim approval or a coverage guarantee.

• Confirming funds transfer fraud coverage goes too far because the insurer must review the facts and wording.
• Saying social engineering losses are always covered ignores policy differences, limits, conditions, and possible exclusions.
• A broker normally does not make the insurer’s claim settlement decision; the broker supports notice, documentation, and communication.

The broker is giving practical control and reporting guidance while avoiding an unauthorized assurance that the crime policy will respond.

Question 2

Topic: Crime Insurance

A controller at a Canadian construction firm discovers that a long-serving accounts payable clerk may have created a false vendor and approved payments to a bank account connected to the clerk’s spouse. The suspected payments total about $86,000 over 14 months. The client carries commercial crime coverage with employee dishonesty insuring agreement. The owner wants to confront the clerk immediately, reverse the payments, and wait to notify the insurer until the accountant confirms the full amount.

Which broker response best fits the situation?

• A. Recommend delaying insurer notice until the accountant proves the exact loss, because crime coverage responds only after the final amount is confirmed.
• B. Advise prompt notice to the crime insurer, preservation of records, and coordination among the insurer, legal counsel, accounting support, and the client’s internal investigation before confronting the employee.
• C. Tell the owner to terminate the employee immediately and submit the termination letter as the main proof of loss.
• D. Suggest reporting the matter as a cyber loss first, because the payments were made through the accounting system.

Best answer: B

What this tests: Crime Insurance

Explanation: Suspected employee dishonesty is a fidelity concern under commercial crime coverage. Even before the full amount is known, the client may need to notify the insurer according to policy conditions and preserve bank records, vendor files, approvals, emails, audit trails, and accounting data. Legal advice may be important because confronting or terminating an employee, interviewing staff, contacting banks, or recovering funds can affect employment issues, evidence handling, privilege, and possible police involvement. A broker should not direct the investigation or promise coverage, but should encourage timely insurer notice and coordinated support from the insurer, counsel, accountants, and management.

• Waiting for a final quantified loss can create notice problems and may allow evidence to be lost or altered.
• Use of an accounting system does not turn a false-vendor employee dishonesty loss into a cyber claim.
• Termination may become appropriate, but treating a termination letter as the main proof ignores the need for records, investigation, and insurer coordination.

A suspected employee dishonesty loss can trigger notice duties and evidence concerns, so the investigation should be coordinated before actions that may prejudice recovery or legal rights.

Question 3

Topic: Crime Insurance

A manufacturing client discovers that its payroll clerk created a fictitious vendor, approved invoices under a delegated authority limit, and directed electronic payments to a personal bank account over eight months. The commercial crime policy includes employee dishonesty coverage and separate computer fraud coverage. The client asks how the loss should first be presented to the insurer.

What is the best advice from the broker?

• A. Treat the loss as ordinary bad debt from an unpaid vendor transaction because the invoices were approved through the client’s normal payment process.
• B. Report the matter promptly as a possible employee dishonesty loss and preserve payroll, vendor approval, banking, and employment records for the insurer’s investigation.
• C. Wait until criminal charges are laid before notifying the insurer, because employee dishonesty cannot be considered until guilt is proven in court.
• D. Present the loss only under computer fraud because the payments were made electronically through the client’s banking system.

Best answer: B

What this tests: Crime Insurance

Explanation: Commercial crime wording analysis starts with the cause of the loss and the applicable insuring agreement. Here, the loss arose from a dishonest employee creating a fictitious vendor and diverting payments. The use of electronic payments does not automatically make the loss a computer fraud claim. Employee dishonesty coverage is the natural first coverage to consider, subject to the policy’s wording, conditions, limits, discovery provisions, and exclusions. The broker should encourage prompt notice and careful documentation without promising coverage. Useful records include vendor setup documents, invoice approvals, banking records, system access logs, payroll or HR records, and any internal investigation findings.

• Electronic payment is a method of transfer, but the core loss mechanism is dishonest employee conduct.
• Waiting for criminal charges can prejudice notice obligations and is not normally required before reporting a suspected crime loss.
• Approved invoices do not make the loss ordinary bad debt when the approvals were part of a dishonest employee scheme.

The decisive fact is that an employee used a dishonest scheme to cause direct financial loss, so employee dishonesty coverage is the primary wording to consider.

Question 4

Topic: Crime Insurance

A commercial client tells the broker that its controller discovered unusual electronic payments to a vendor that may not exist. The controller has suspended the employee who processed the payments, but the client has not yet completed its internal review and does not know the full amount of the loss. The client asks what should be done first to support a potential commercial crime claim.

• A. Give prompt notice to the crime insurer and preserve bank records, accounting entries, authorization logs, emails, and related audit trails.
• B. Wait until the internal review confirms the exact loss amount before contacting the insurer.
• C. Delete the employee’s system access history after suspension to protect personal information.
• D. Report the matter only under the commercial general liability policy because the loss involves a vendor.

Best answer: A

What this tests: Crime Insurance

Explanation: Commercial crime claims often depend on records that show who had access, what transactions occurred, who authorized them, and how the loss was discovered. A client does not need to know the final loss amount before giving notice. Prompt notice protects the insurer’s ability to investigate and helps avoid late-reporting problems. Preserving bank statements, EFT records, accounting ledgers, approval trails, emails, user logs, and audit findings supports both coverage evaluation and measurement of the loss. The broker should avoid promising coverage, but should guide the client to notify the insurer quickly and maintain the evidence needed for the claim review.

• Waiting for the exact loss amount can prejudice the claim process because the insurer may require prompt notice after discovery.
• Deleting access history destroys potentially important evidence about authorization, timing, and user activity.
• A vendor-related payment fraud concern is normally evaluated under crime or fidelity coverage, not simply under CGL.

Timely notice and preserved records allow the insurer to investigate the suspected fidelity loss and evaluate the amount, cause, and policy response.

Question 5

Topic: Crime Insurance

A Canadian food distributor reports that a part-time bookkeeper supplied through a staffing agency diverted customer e-transfer payments to her own account over 14 months. The theft began under last year’s commercial crime policy and continued into the current term. The client changed insurers at renewal, and the new policy may use discovery wording while the expiring policy may use loss-sustained wording. The bookkeeper stopped working for the client one month before the loss was discovered. Which coverage inquiry best fits the claim analysis?

• A. Treat the current insurer as responsible because the theft was discovered during the current policy term.
• B. Review both crime policies for discovery versus loss-sustained triggers, policy period conditions, the employee definition, and whether the diverted funds are covered property.
• C. Handle the loss mainly under cyber coverage because the payments were electronic transfers.
• D. Treat the expiring insurer as responsible because the first dishonest act occurred during the prior policy term.

Best answer: B

What this tests: Crime Insurance

Explanation: Commercial crime claim analysis often turns on precise wording rather than the general fact that money was stolen. A discovery form generally looks to when the insured discovered the loss, while loss-sustained wording focuses on when the loss occurred, subject to the policy’s conditions. When a loss spans two policy periods or insurers, both forms and any transition provisions should be reviewed before suggesting which policy may apply. Employee dishonesty also depends on whether the person who committed the act meets the policy’s employee definition, which can be important for leased, temporary, contract, former, or staffing-agency workers. Finally, the stolen item must fit the covered property definitions, such as money, securities, or other property. The broker should gather facts and policy wording rather than assuming coverage from timing alone.

• Discovery during the current term is important, but it does not automatically make the current insurer responsible without checking the form and conditions.
• The first dishonest act occurring in the prior term is relevant, but it does not settle the issue when wording and policy periods differ.
• Electronic movement of funds may raise cyber-related facts, but employee diversion of client funds is primarily a commercial crime analysis.

These wording points determine which policy may respond and whether the person and property involved fit the employee dishonesty insuring agreement.

Question 6

Topic: Crime Insurance

A wholesale distributor changed crime insurers on January 1. The expiring policy was written on a loss-sustained basis, and the new policy is written on a discovery basis. In June, an audit finds that a contract bookkeeper diverted electronic customer payments from October through February. The client asks the broker to confirm that the new insurer must respond because the shortage was discovered during the current policy period.

What is the best advice?

• A. Confirm that the new insurer responds because discovery wording always covers any dishonest act first found during its policy period.
• B. Confirm that the expiring insurer responds because the dishonest activity started before the renewal date.
• C. Decline to report the matter under crime coverage because diverted electronic payments are handled only under cyber insurance.
• D. Do not confirm coverage yet; report the matter as required and review both policies for discovery or loss-sustained wording, policy periods, the bookkeeper’s status as an employee, and whether the diverted payments are covered property.

Best answer: D

What this tests: Crime Insurance

Explanation: Commercial crime claims often turn on precise wording and dates. A discovery form generally focuses on when the loss is discovered, while a loss-sustained form generally focuses on when the loss occurred, subject to its own reporting and discovery conditions. A loss spanning two policy periods or two insurers should not be assigned to one insurer without reviewing both forms. The broker also must check whether a contract bookkeeper falls within the policy definition of employee; independent contractors, temporary workers, and service providers may be treated differently unless endorsed. Finally, the property definition matters because crime forms may distinguish money, securities, and other property. The safest broker response is to avoid promising coverage, give timely notice where appropriate, gather records, and let the insurers analyze the wording.

• Discovery during the current period is important, but it is not the only requirement under a discovery form.
• The start date of the dishonest activity is relevant, but it does not automatically make the expiring insurer responsible for the whole loss.
• Electronic diversion of customer payments may still involve covered money or funds under crime wording; it should not be dismissed as only a cyber matter without reviewing the forms.

Crime claim analysis depends on timing, form wording, who qualifies as an employee, and whether the stolen property falls within the policy’s covered property definitions.

Question 7

Topic: Crime Insurance

A manufacturer’s accounts payable clerk creates a fictitious supplier, approves invoices using her normal system access, and directs payments to a bank account she controls. The loss is discovered during an internal audit. Which commercial crime coverage concept most directly matches this loss?

• A. Employee dishonesty
• B. Outside theft of money and securities
• C. Forgery or alteration
• D. Social-engineering fraud

Best answer: A

What this tests: Crime Insurance

Explanation: Employee dishonesty coverage is intended for theft or dishonest acts committed by employees against the insured employer. The key clue is that the accounts payable clerk is an employee and used her authority inside the business to divert company funds. Outside theft coverage is aimed at theft by non-employees, and forgery coverage focuses on forged or altered instruments. Social-engineering fraud usually involves an outside party deceiving an employee into voluntarily transferring funds. Here, the employee herself created the scheme and controlled the destination account, so the matching crime concept is employee dishonesty.

• Outside theft of money and securities does not fit because the actor is an employee, not an outside thief.
• Forgery or alteration is not the best match because the facts do not centre on a forged cheque, draft, or similar instrument.
• Social-engineering fraud does not fit because the employee was not tricked by an outside impostor; she committed the dishonest act herself.

The loss arises from a dishonest act by an employee who used her position to steal the employer’s money.

Question 8

Topic: Crime Insurance

A wholesale distributor notices that payments to a regular supplier have stopped being credited to the supplier’s account. The broker’s claim file includes these facts:

• The accounts payable clerk changed the supplier’s banking details in the vendor master file.
• The clerk altered copies of supplier invoices to support the changed banking information.
• EFT payments were approved through the normal internal process, but the funds went to an account controlled by the clerk.
• There is no evidence that an outside party hacked the system or sent fraudulent instructions to the bank.

Which crime insurance concept best matches the loss evidence?

• A. Computer fraud by an outside actor
• B. Employee dishonesty loss
• C. Funds transfer fraud
• D. Forgery or alteration

Best answer: B

What this tests: Crime Insurance

Explanation: Crime evidence should connect the method of loss to the party who caused it and the records that prove it. Here, the key facts are the clerk’s internal access, the altered vendor records, the manipulated invoices, and the transfer of company funds to an account the clerk controlled. That pattern supports an employee dishonesty analysis because the loss resulted from dishonest acts by an employee against the employer. The normal EFT approval process does not change the character of the loss when the underlying vendor information was intentionally manipulated by an employee. The broker should help the client preserve authorization logs, invoice copies, vendor master file change records, bank confirmations, and employment records, while avoiding any promise that coverage will apply until the insurer reviews the policy wording and evidence.

• Funds transfer fraud usually points to fraudulent transfer instructions, often from an external impersonator, rather than an employee’s internal manipulation of vendor records.
• Forgery or alteration is tempting because invoices were altered, but the main loss evidence is the employee’s dishonest diversion of company funds.
• Computer fraud by an outside actor does not fit because the facts say there was no outside hacking or external system intrusion.

The evidence points to an employee using authorized access and altered records to misappropriate the employer’s funds.

Question 9

Topic: Crime Insurance

A broker is reviewing a property management account. The firm collects condo fees into trust accounts, pays vendors for several condominium corporations, and one accounting employee can prepare electronic payments before a manager releases them. The client asks whether its commercial property or CGL policy would respond if that employee redirects client funds to a personal account. What is the best advice?

• A. Rely on the CGL policy because the condominium corporations would be third parties claiming financial injury.
• B. Treat this as a crime/fidelity exposure and review employee dishonesty coverage for money held on behalf of clients.
• C. Advise that accounting controls are sufficient if two people are involved in releasing payments.
• D. Handle it mainly as a cyber exposure because the loss would involve electronic payment instructions.

Best answer: B

What this tests: Crime Insurance

Explanation: Employee theft of money, securities, or other property is a core commercial crime and fidelity concern. For a property manager, the exposure is heightened because the firm may control funds belonging to condominium corporations or other clients. The broker should identify who owns the funds, who has access, what authority and reconciliation controls exist, and whether the crime wording addresses employee dishonesty and property held for others. Commercial property insurance generally addresses physical loss to insured property, and CGL is not designed to insure the insured’s financial loss from dishonest employees. Cyber coverage may be relevant if a network compromise or fraudulent electronic instruction by an outside party is involved, but the facts point to internal dishonesty.

• CGL is not the primary solution for theft by the insured’s own employee, even if clients later make claims.
• Cyber coverage may apply to certain technology-driven frauds, but an employee redirecting funds is primarily a fidelity issue.
• Internal controls reduce frequency and support underwriting, but they do not replace appropriate crime insurance.

The decisive exposure is dishonest employee theft of funds the firm controls for others, which requires crime/fidelity analysis rather than property or CGL treatment.

Question 10

Topic: Crime Insurance

A growing electronics distributor asks whether its new cyber policy is enough for theft-related losses. The broker’s file notes show that the controller can add vendors and release EFT payments, warehouse staff handle high-value inventory, service technicians pick up customers’ equipment for repair, and the current package has only a small money and securities limit. What is the broker’s best advice?

• A. Complete a crime exposure review and discuss coverage for employee dishonesty, funds transfer or computer fraud, forgery, money and securities, inventory, and property of customers in the client’s care.
• B. Ask the insurer to bond only the controller because that employee has access to the banking system.
• C. Rely on the commercial property policy for inventory theft and increase only the money and securities limit.
• D. Treat the issue as mainly a cyber placement because EFT payments and vendor records are handled electronically.

Best answer: A

What this tests: Crime Insurance

Explanation: Crime coverage needs are driven by who can access or control valuable property and financial systems. This client has several distinct exposure points: an employee can create vendors and release EFTs, staff control inventory, technicians hold customer equipment, and the existing money and securities limit is small. A cyber policy may respond to some network or privacy events, but it does not replace a commercial crime review. The broker should identify exposures to employee dishonesty, forgery, fraudulent transfers, computer-related fraud, money and securities, stock, and customer property, then discuss suitable limits, conditions, controls, and insurer information needs.

• Cyber coverage alone misses employee dishonesty, forgery, inventory theft, money and securities, and property of others.
• Increasing only the money and securities limit ignores EFT authority, vendor manipulation, warehouse stock, and customer equipment.
• Focusing only on the controller is too narrow because other employees also have access to inventory and customer property.

The client’s access points create crime exposures involving internal theft, electronic payment abuse, stock, money, and customer property that should be matched to appropriate crime coverage and limits.

Continue in the web app

Use Finance Prep for interactive CAIB 3 practice with mixed sets, timed mocks, topic drills, explanations, and progress tracking.

Related focused pages

• Free CAIB 3 Full-Length Practice Exam
• CAIB 3: Business Interruption Insurance
• CAIB 3: Cyber Insurance
• CAIB 3: Marine Insurance
• CAIB 3: Aviation Insurance
• CAIB 3: Reinsurance
• CAIB 3: Directors and Officers Liability Insurance
• CAIB 3: Surety Bonding
• CAIB 3: Risk Assessment for Advanced Commercial Risks

Practice next step

Use the Finance Prep web app above when you want interactive practice beyond this static page.