A member’s credentials are stolen. A fraudster uses them to transfer $200,000 out of the credit union. The NCUA opens an investigation. The member files a complaint. The board asks who is liable.
That single incident touches the credit union’s fidelity bond (stolen funds), the cyber liability policy (breach response, regulatory defense), and the D&O (board oversight claims). Three separate policies, three different sets of conditions, three different sets of exclusions.
At most credit unions, all three come through a single program, often TruStage. One relationship, one renewal, one broker. Each policy responds to claims independently, with its own terms, its own sublimits, and its own exclusions. The gaps sit in the seams between those policies, and most credit unions have never had anyone read all three together.
How the Bundle Breaks Apart
I audited a credit union’s insurance. All three coverages came through the bundled program. It had been in place for years, renewed without objection. On paper, it looked solid.
When I read the policies together and tested them against real claim scenarios, the gaps became visible.
Wire Fraud: The Bond Pays, but Not All of It
Wire fraud is a high-dollar loss exposure for credit unions. A $200,000 wire redirected by a spoofed email. A $400,000 transfer initiated after a business email compromise. These are not hypothetical numbers.
At most credit unions, wire fraud coverage sits primarily on the fidelity bond. At this credit union, the bond covered funds transfer fraud with a $5 million limit. However, it carried a 50% co-payment on all funds transfer claims.
On a $200,000 wire fraud, the credit union would recover less than $100,000. For a credit union, an unrecovered $100,000 is a board-level event, not a rounding error.
The bond also limited which communication channels qualify for coverage: online, phone, and fax. An AI deepfake video call, where a fraudster impersonates a vendor executive, doesn’t clearly fit any of those definitions.
D&O: The Entity Gap
The D&O policy protected individual directors and officers against personal liability. But it excluded entity-level claims related to privacy and security events.
If the NCUA brings an enforcement action against the institution, or if members file a class action after a data breach, the D&O policy does not respond for the credit union itself. Entity-level regulatory defense falls entirely to the cyber policy, which has defense costs inside limits. Every dollar spent on lawyers reduces what is available for damages and settlements.
Vendor Outage: The Sublimit
The cyber policy capped dependent business interruption at $1 million. This is the coverage that responds when a core banking platform, card processor, or online banking vendor goes down.
NCUA cannot examine third-party service providers. Credit unions have no regulatory backstop that pressures vendors to maintain security standards. Insurance is the only financial protection, and $1 million does not cover a multi-day outage at a core processor.
Why This Hits Credit Unions Harder
These gaps exist across most financial institution insurance programs. They are structural, tied to how the industry separates cyber risk across multiple coverages. But three things make them worse for credit unions.
What Happened After the Audit
The insurance audit identified specific fixes:
- Negotiate the bond co-payment and channel definitions. A 50% co-payment on funds transfer claims is worth challenging at renewal, and the covered communication channels should include video conferencing.
- Request removal or narrowing of the D&O entity exclusion. If the carrier won’t move on the language, a standalone D&O from a different carrier can fill the gap. Add investigative costs coverage for NCUA subpoenas.
- Increase the dependent BI sublimit to match actual vendor dependence.
Closing these gaps would have cost a fraction of the exposure they leave open.
The broker pushed back on most of the recommendations. That is not unusual. TruStage is the program administrator and the endorsed provider for credit unions. The broker’s job is placement. An independent review tests whether the program works under claim conditions.
Most credit unions are not going to leave TruStage, and they shouldn’t. But they should have a documented record of their coverage gaps so they can push for better terms at renewal. That is a different conversation than walking in with nothing but the broker’s summary.
What This Means for Your Credit Union
Credit union insurance is sold as a bundle. Claims are paid by separate policies with separate exclusions. The risk hides in the seams between them.
Has your team ever tested a single cyber incident against all three policies at once? A wire fraud, a vendor outage, a data breach followed by an NCUA investigation?
If not, that is the gap worth closing first. Not by switching carriers or programs. By knowing what your current coverage actually pays and where it doesn’t.