Coverage deep dives

Trust account crime cover: the line most law firms ignore until they need it

Law firms hold meaningful client money in IOLTA and trust accounts. The crime / fidelity cover on that money is often sub-limited to a token amount.

Stanley Cieslak Founding Head of Brokerage May 9, 2026

Every law firm with an active practice holds client money. IOLTA accounts for retainers and small balances, separate trust accounts for larger sums — settlement funds, escrowed deal proceeds, estate funds. Depending on the practice area, the running balance can be modest or it can reach into the eight figures.

That money is the firm’s responsibility. When it goes missing — employee theft, wire fraud, vendor impersonation — the firm is on the hook to replace it. State bar rules require it; client engagement letters typically reinforce it. The carrier of the firm’s commercial crime policy is who actually pays.

Or rather, who actually pays if the policy is sized and worded correctly. That’s where most firms have a gap.

What standard commercial crime covers

A typical commercial crime policy covers:

  • Employee dishonesty — theft by an employee, including conversion of client funds
  • Forgery and alteration — losses from forged or altered checks and instruments
  • Computer fraud — losses from unauthorised system intrusion
  • Funds transfer fraud — losses where the firm’s bank account is hit directly via fraudulent instructions
  • Social engineering — usually as a sub-coverage with its own limit

The limits on these vary. Many bundled package crime policies cap social engineering at $50,000 or $100,000. For a firm holding meaningful trust balances, that’s a token amount.

Where law-firm trust accounts get hit

Three loss patterns account for almost every meaningful trust-account claim we see.

1. Wire-fraud at settlement

Most common in personal injury, real estate closings, and matrimonial practice. A spoofed email from “the client” (or an “opposing counsel,” or a “title company”) arrives requesting that settlement proceeds be wired to a new account. The firm wires the funds. The client never sees the money. The firm is responsible to replace it.

This is funds-transfer fraud / social engineering. Coverage depends entirely on whether your policy has primary limits at meaningful levels — or a sub-limit.

2. Employee conversion

A paralegal, accountant or bookkeeper with trust-account authority diverts funds over months or years. By the time it’s detected, the cumulative loss can be substantial. Employee dishonesty cover responds, but the discovery clause matters — many policies require discovery within the policy period or a short extension.

3. Vendor or counsel impersonation

A “vendor invoice” arrives from a fake address claiming to be a regularly-used service provider. The firm pays. The actual vendor wasn’t paid. The fraudster collected.

This sits in the social-engineering bucket and is the loss type that’s grown fastest through 2024–2026.

What the right cover looks like for a law firm

The cover that actually responds to trust-account exposure has three properties:

  1. Social-engineering limit sized to the trust balance, not the package default. If the firm holds $5M in trust on average, the social-engineering limit needs to be sized to a meaningful fraction of that — not $100k.
  2. No exclusion for “voluntary” parting with funds. Some crime forms exclude losses where an employee was tricked into authorising the transfer — which describes most social-engineering losses. Read the exclusion carefully.
  3. Discovery extension long enough to catch slow theft. Employee conversion often runs for years before detection. A six-month discovery extension isn’t enough; 24–36 months is more defensible.

What state bars are now asking

Several state bars have begun including questions about crime / fidelity insurance in their annual lawyer registration. Some require minimum limits on IOLTA accounts. Even where not formally required, a firm that can’t show meaningful crime cover may face client-engagement-letter pushback from sophisticated clients.

The check to run this quarter

Three questions, one renewal cycle:

  1. What’s the social-engineering limit on the current crime policy? If it’s below $250k for any firm holding more than $1M in trust on average, that’s a gap.
  2. What does the form say about “voluntary parting with funds”? If it excludes, the policy probably doesn’t respond to most social-engineering losses.
  3. What’s the discovery extension on employee dishonesty? Six months is the floor. Longer is materially better.

Trust-account crime is the loss that’s actually arriving at law firms in 2026. The cover for it is buyable. The bundled package limits aren’t enough.

Related on Nomos

Where this lives on the site.

Crime Professional liability Professional services
About the author

Stanley Cieslak

Founding Head of Brokerage

Stanley brings more than 20 years in wholesale and retail insurance brokerage, and has placed over $500 million in premium across his career. He has held senior roles at AmWINS, WestRope and Jencap, building exclusive insurance programs.

LinkedIn →
Get a quote

One programme,
for the whole firm.

Tell us about your firm. We'll come back with cover sized to your real risk — and we respond within an hour, any time.

Whole-firm view across every line
Quotes in days, not weeks
Reply within 1 hour, any time
Specialty and admitted markets, one programme

Request a quote

We'll get back to you with options.

We respond within 1 hour — any time, not 24.

No obligations. No spam.