Insurance is an industry that, due to its nature of collecting and paying out large sums of money, is prone to both external and internal fraud. External fraud can be committed by service providers (auto body shops, contractors, physicians, diagnostic clinics, etc.), and internal fraud can be committed by employees, both by themselves, as well as in concert with parties outside of the company.
The scale of fraud in the insurance industry is vast: according to the FBI, the cost of fraud (non-health insurance), is estimated at >$40B. Not surprisingly, Claims are especially vulnerable to fraud, and fraud accounted for between 15 and 17 percent of total claims payments for auto insurance bodily injury in 2012, according to an Insurance Research Council (IRC) study. The study estimated that between $5.6 billion and $7.7 billion was fraudulently added to paid claims for auto insurance bodily injury payments in 2012, compared with a range of $4.3 billion to $5.8 billion in 2002. (1) Regarding general employee fraud, a 2018 study showed that employee fraud accounted for more than $7 billion in total losses, at a median loss of $130,000 per case, with 22 percent of cases causing losses of more than $1 million each. (2)
And, the fraud problem is getting worse. In 2019, the Coalition Against Insurance Fraud and the SAS Institute published a report entitled, “State of Insurance Fraud Technology.” The study was based on an online survey of 84 mostly property/casualty insurers conducted in late 2018. Nearly three-quarters of the survey participants said that fraud has increased either slightly or significantly in the past three years, an 11-point increase since 2014. No insurer has said that fraud has decreased significantly in the last six years. (3)
Given that this problem has real scale, let’s explore how employees at Insurance companies commit fraud and what companies can do to both prevent it and detect it.
Just as external fraud can be committed at each of the insurance process steps such as Producing, Marketing, Underwriting, Filing Claims and Paying Claims, among others, there can be internal involvement in the fraudulent activities at each of those process steps as well.
A key type of insurance fraud that Producers commit is Premium Diversion, and there are two broad categories of this type of activity. There are the cases where agents or brokers “sell” insurance, collect premiums, but don’t remit them to their affiliated insurance company. In these cases, either policies are not issued, or coverage is dropped. There are also cases where fraudulent “agents or brokers,” who represent fraudulent agencies, sell insurance to unwitting customers. They issue bogus policies or never intend to pay a claim, and these unfortunate customers are out in the cold after an event and out of pocket for the premiums they have submitted. These are clearly some of the most egregious frauds that are associated with the Insurance industry.
Most of these types of fraud, especially ones committed by employees, are often the result of several fundamental motivations:
1. Employee feels stressed / desperate
2. Employee feels wronged / neglected
3. Employee has access to valuable assets
Or, to go back to Criminal Justice 101 – Means, Motive and Opportunity. And let’s not forget that they also believe that they can getaway with it, because they have knowledge of the business processes upon which they commit the fraud. Given how often employees do getaway with it, and for how long they make these frauds last, they’re not altogether wrong.
Although there are many reasons that employees are tempted to take the plunge into committing fraud, they usually involve some combination of those shown below, and sometimes it can be a push-pull effect. For instance, if an employee is feeling slighted / under-appreciated, and/or has an overbearing boss, these factors, when combined with great growth / financial results, might lead a person to try to “get what they think is rightfully theirs.” This is just one combination of the environmental and cognitive factors that go into this unfortunate choice that some employees make.
Regarding prevention, of course you should have a company culture that not only stresses honesty and integrity, but also lives those values and provides solid examples. The company should also have basic fraud detection training, similar to that which is now happening in the Cyber security realm. At the very least, the company should conduct training for the 20% of the functional areas which usually account for the 80%+ of fraudulent activity (if Pareto holds true for Employee Fraud, which one would expect). This training would include, first, a powerful “why” – why employee fraud that hurts the company also hurts employees downstream. Then, employees should be trained in how fraud happens, how to recognize it, and how they can provide tips to the company to help stop it.
Tips from employees are often the way that fraud is first discovered. In fact, according to the Association of Certified Fraud Examiners (ACFE) 2018 Report to the Nations, employee tips account for 40% of all fraud cases being detected. Of this 40%, 53% of tips are from employees of the victim organization, 32% are from individuals outside of the organization such as customers, vendors and competitors, and the remaining 15% of tips are from anonymous whistleblowers. (4)
You should also have business processes and signals in place that demonstrate to employees that someone is “watching the store.” You don’t need to have “in your face, all the time” demonstrations of surveillance, as that can affect morale negatively, but there should be visible indicators that the company takes governance and good behavior seriously, and that it does not rely merely on “scout’s honor.” Somewhere between “unconditional trust” and a “police state” lies the right answer, and the good news is that there is a lot of playing field in the middle that is acceptable to both employer and employee.
However, prevention is not a “silver bullet,” and thus detection is also needed. The basics of detection would include solid accounting systems with people tasked with looking for unusual cash flows, changes in cash flows, expense categories that, as a per cent of total expenses or revenues, are unexpectedly high, etc. The first step is to determine if fraud is happening, and the magnitude of the problem. If you determine that it’s happening, then you must figure out the where, the how and the who.
To ensure that the company becomes aware of fraudulent activity, it should develop Key Risk Indicators (KRIs) for fraudulent activity and assign Responsible Parties for gathering the data inputs and monitoring either changes or sustained troubling scores for the indicators. These indicators should be visible not just to the Responsible Parties, but also to Senior Management, Department Heads, etc. These fraud KRIs should be fed into an Enterprise Risk Management system, considered part of Operational Risk, and be reported to Senior Management on a regular basis. This type of visibility negates the excuse of “gee, I wasn’t really watching that.”
Additionally, there should be clear escalation paths for these instances, as well as protocols for confidentiality, as the downside risk of employees who are wrongly accused is steep for all parties involved, but clearly more so for some than others.
AI and Predictive Analytics can help you understand which employees are most likely committing fraud, based on a number of behavioral measurements and observations. People who are in debt, living beyond their means, going through difficult / uncertain times, both personal and professional, are more likely to do things that “they otherwise wouldn’t do,” and behave in ways that are unusual. These behaviors might involve changing work schedules, taking on or sloughing off certain work duties, not taking vacations, etc. Making use of tools and analyses that can help you distinguish between employees with suspicious behaviors from those without them can be a big help in identifying the sources of fraud.
Strategic Risk Associates (SRA) is a technology solutions provider and Risk Management consulting practice serving the Financial Services, Insurance and Technology Industries. SRA's proprietary technology and methodology were built “by Insurance Executives, for Insurance Executives” thus enabling clients to navigate risk and drive growth.
SRA Watchtower for Insurance is the holistic risk intelligence platform built to inform, enlighten, and empower Insurance executives and boards.
(1) iii.com Background on: Insurance fraud August 3, 2021
(2) benefitspro.com: 8 kinds of employee fraud and how to prevent it. By Marlene Satter | August 12, 2019
(3) iii.com Background on: Insurance fraud. August 3, 2021
(4) Employee Fraud Detection and Prevention: Ethan Lane, CPA, March 26, 2019