Commercial Insurance Program Design: CPP, Specialty Lines, and Coverage Gaps

A commercial insurance program is not a single policy — it is a portfolio of policies that collectively address the organization’s identified risk exposures. For small businesses, a BOP plus workers’ compensation may provide adequate starting coverage. For mid-market and large commercial accounts, the program typically includes a Commercial Package Policy covering property, GL, and auto; a workers’ compensation policy; a commercial umbrella or excess liability tower; and one or more specialty lines policies covering management liability, cyber, professional liability, and other exposures that standard commercial forms explicitly exclude. Designing this program systematically — starting from an inventory of the organization’s actual risk exposures and working to coverage structures that address each one — produces better outcomes than assembling policies reactively in response to renewal notices or loss events.

Commercial Package Policy (CPP) Structure

The Commercial Package Policy is the ISO framework for assembling multiple commercial coverage parts into a single policy. A CPP consists of a common policy declarations page, a common policy conditions form (IL 00 17), and two or more coverage part declarations and forms selected from the ISO commercial lines portfolio.

Definition — Commercial Package Policy (CPP): A modular commercial insurance structure combining two or more ISO commercial coverage parts under a common declarations and conditions framework. Unlike a BOP (pre-packaged for eligible small businesses), the CPP has no eligibility restrictions and can accommodate any combination of property, liability, auto, crime, inland marine, and other commercial coverage parts needed for the specific account.

Key CPP coverage parts: Commercial Property (ISO CP 00 10 — building and personal property; CP 00 30 — business income and extra expense; perils covered by the causes-of-loss forms CP 10 10 Basic, CP 10 20 Broad, or CP 10 30 Special/Open-Perils); Commercial General Liability (ISO CG 00 01, occurrence form, or CG 00 02, claims-made form); Commercial Auto (ISO CA 00 01, business auto; CA 00 12, truckers; CA 00 20, garage); Commercial Crime (ISO CR 00 20, covering employee theft, forgery, computer fraud, funds transfer fraud, and money and securities); and Commercial Inland Marine (equipment floaters, contractor’s equipment, installation floater, electronic data processing, accounts receivable, and valuable papers).

The CPP framework allows coverage customization that the BOP form cannot accommodate: replacement cost valuation with agreed value provision (eliminating coinsurance); business income with extended period of indemnity; blanket coverage for multiple locations; completed operations coverage for contractors; and ISO endorsements addressing the specific operational characteristics of the insured’s business. Mid-market commercial accounts (annual premium $50,000–$500,000) are the typical CPP user; smaller accounts use BOPs; larger accounts may move to manuscript policy forms negotiated directly with the carrier’s underwriting team.

Specialty Lines: Coverage Outside the Standard Commercial Forms

Standard commercial forms (CGL, commercial property, commercial auto, workers’ compensation) contain explicit exclusions for categories of risk that require standalone specialty policies. The most commercially significant specialty lines for mid-market accounts:

Professional liability (errors and omissions, E&O): covers claims alleging financial loss caused by an error, omission, or negligent act in the performance of professional services. The CGL form’s professional services exclusion removes this exposure from the GL policy; a standalone professional liability policy is required for any business that provides professional services for a fee — architects, engineers, IT companies, management consultants, real estate agents, insurance agents and brokers, accountants, and attorneys. Professional liability policies are typically written on a claims-made basis with retroactive dates; tail/extended reporting period coverage is required when the policy is non-renewed or the business ceases operations.

Management liability (D&O, EPLI, fiduciary): Directors and Officers liability protects individual directors and officers and the corporate entity from claims alleging wrongful acts in management — misrepresentation to investors, breach of fiduciary duty, failure of oversight, antitrust violations, and securities fraud. For private companies, D&O exposure arises in M&A transactions, disputes with minority shareholders, regulatory investigations, and bankruptcy. Employment Practices Liability (EPLI) covers claims of discrimination, harassment, wrongful termination, failure to accommodate, and retaliation — exposures that are excluded from the CGL form and that represent the most frequent management liability claim category for employers of all sizes. Fiduciary liability covers claims by plan participants alleging ERISA violations in benefits plan administration.

Cyber liability: see FAQ section below for complete coverage description. Cyber is now a top-5 commercial risk exposure for any business that stores customer data, processes electronic payments, or relies on operational technology systems. Stand-alone cyber policies — not BOP endorsements — are required for any account with material cyber exposure.

Commercial crime / fidelity: covers dishonest acts by employees including theft, embezzlement, computer fraud, and funds transfer fraud. The standard CGL and property forms explicitly exclude employee dishonesty; a commercial crime policy (ISO CR 00 20 or equivalent) is required to fill this gap. ERISA fidelity bond (ERISA §412) is separately required for any employer maintaining an employee benefit plan — the bond must cover 10% of plan assets up to $500,000 ($1,000,000 if the plan holds employer securities).

Coverage Tower Construction

A coverage tower is the layered structure of primary and excess policies that collectively provide the total liability limit for a line of coverage. The primary policy (CGL, commercial auto, D&O, professional liability) sits at the base with its stated per-occurrence and aggregate limits. The umbrella policy attaches excess of all underlying primary limits and typically provides additional coverage features beyond pure excess (drop-down coverage for gaps in underlying policies; self-insured retention for losses not covered by underlying policies). Above the umbrella, excess liability policies attach in successive layers — each excess policy follows the form of the policy immediately below it.

Tower sizing for mid-market accounts: commercial GL minimum $1M per occurrence/$2M aggregate; umbrella minimum $5M–$10M for most mid-market accounts, $25M+ for accounts with significant products liability, premises liability, or professional exposure; professional liability minimum $1M per claim/$2M aggregate, $5M+ for larger professional service organizations. D&O limits for private companies are driven by revenue, asset size, and number of outside investors — $2M–$10M is typical for mid-market private companies; $25M–$100M+ for pre-IPO companies and public companies. Cyber limits are driven by data volume and revenue — $1M–$5M for small accounts, $10M–$25M for mid-market accounts with significant data exposure.

For the underwriting process that determines pricing for these coverage lines, see Commercial Lines Underwriting: Loss Runs, COPE Data, and Large Account Pricing. For the complete commercial insurance framework including all coverage lines, see Commercial Insurance: The Complete Professional Guide (2026).

Frequently Asked Questions