It seems redundant to me for a company to insure for fraud loss. Insurers are naturally risk adverse when it comes to any kind of losses and with risk of fraud, they are especially sensitive. The application process is much more streneous and all part of the insurer’s risk assessment process to arrive at a decision – can they take a risk on you? If you’ve had a history of loss, the insurers will either decline to insure you or they will impose a high deductible, meaning you will bear the first loss limit before the insurer pays out anything.
So, if you’re lucky enough to be insured and you have an absurd limit of let’s say US$5m, with deductible of US$1m (bearing in mind that your annual turnover is probably only US$5m/year), the question that begs an answer is what is the point in insuring? Not only will you be paying a high premium but also bear the first-loss of US$1m. It’s as good as not insuring or the technical term – self insuring, taking a risk on yourself.
If your internal controls are in order, it reduces the probability that you will get hit by a major fraud of more than US$1m. Instead, it’s more likely that you’ll be irritated to death by small, niggling fraud of several thousands here and there.
So when it comes to fraud loss, the better option is to ensure sound internal controls are in place and have regular independent certifications to verify that the controls are indeed working and effective.