The FSA's perspective on insurance fraud
Speech by Philip Robinson, Financial Crime & Intelligence Division Director
Post Magazine Fraud Management Briefing
26th September 2007
Ladies, Gentlemen,
I am extremely pleased to have been invited to talk to the 8th edition of this Fraud Briefing organised by Post Magazine. As this is the first time I have been here I'd like to start by emphasising why financial crime issues should be taken seriously by the insurance sector and buttress this point by highlighting where we think the main risks lie. And I'll tell you more precisely how the FSA expects insurance firms to respond to the threats and tackle financial crime. In closing I will mention some of the challenges a proper implementation of anti-financial crime systems and controls poses to the insurance sector.
I. Financial Crime: why is financial crime an important issue for the insurance sector and where are the main risks?
The FSA's financial crime objective (contained in the Financial Services and Markets Act that gives us our statutory powers) is one of 4 statutory objectives we have been given. It complements our 3 other objectives, namely maintaining market confidence, consumer protection, and public awareness.
Our financial crime objective has a very broad scope, as it encompasses not only fraud and money-laundering (which includes terrorist finance) but also market misconduct and other crimes such as corruption and sanctions.
Our financial crime objective consists of "reducing the extent to which it is possible for a business to be used for a purpose connected with financial crime".
Let me first start by clarifying why we, at the FSA, think it is crucial for the insurance sector to remain vigilant with regards to financial crime risks affecting your industry. Many might take the view that since the general insurance sector is not covered by the Money Laundering Regulations, this area only constitutes a low risk sector. Well, we think differently.
The Proceeds of Crime Act 2005 does affect the insurance sector, as any other financial institution: firms do have a duty to report their suspicion of money-laundering through a suspicious activity report (SAR) to SOCA.
And let me reinforce this point. Because specific regulations aren't in place to cover general insurance does NOT mean that the threats are not real. They might not be as visible, but they surely exist. So the first message I want to leave with you today is that it is not the time to be complacent. Complacency only carries the risk of the insurance sector becoming a soft target for criminals seeking to launder legitimate or illegitimate crime proceeds.
And in fact this view is not just ours. The Financial Action Task Force (FATF) report on Money-Laundering and Terrorist Financing Typologies published in 2005 goes into some detail on the vulnerability of the insurance sector to money laundering. One of the main concerns of this report is that whilst the insurance market offers "increasingly sophisticated products to their customer, competing with other parts of the financial services industry", this "expansion and increasing sophistication has not been accompanied by a corresponding widespread awareness that insurance products at the same time have become increasingly more attractive to criminals".
And the UK Threat Assessment (UKTA) made by the Serious Organised Crime Agency (SOCA) reveals that retail banks and building societies, life assurance as well as general insurance are the sector of the UK financial services industry that SOCA identifies as susceptible to money laundering – reports such as the SOCA UKTA produce extremely valuable information and are aimed to inform you of trends and threats that might affect your sector, so I would strongly encourage you to read such reports!
Perhaps my role here is not to list all the cases in which fraudulent activities may happen within the insurance sector. But what I would like to do is to point at emerging or persistent financial crime risks that we think the insurance industry should be alerted to.
I would say that the main risks lie with a firm systems, staff and processes as well as customers. For example when one considers firms' systems, an increasing risk is poor information security: poor information security standards will make insurance firms more vulnerable to data compromise incidents, due to the extent of information that insurance firms usually hold on consumers, for instance, sensitive data contained in claims forms for instance.
The use of intermediaries may also increase the risk of a firm being used for a purpose connected with financial crime, since intermediaries on which the firm relies may be less diligent or have less efficient systems to detect criminal threats than the firm processing their business.
Let me now turn to consumer-driven fraud. This may be perpetrated opportunistically by a large number of consumers, without any visible repercussions for the vast majority of fraudsters involved. Our new financial crime outcome for the FSA is that consumers are better equipped to protect themselves from financial crime. They should also not commit financial crime themselves.
I will come back to these risks and how to combat them later in my presentation.
Finally, on the fraud side, we see organised fraud involving insurance claims as a key emerging risk. Using the UK Threat Assessment informed by the Industries own work outlines how criminals organise staged accidents, deliberately causing collisions between innocent victims (or their accomplices playing the victim's role) and then submit fraudulent insurance claims. Life assurance takeover fraud, whereby criminals gain access to the victim's account details and security information to redeem the policy, is also on the increase. Not only is this coning the industry of £400 million per year, which represents the sum earned through insurance fraud by organised criminal groups according to the ABI, this type of crime is as it puts life and health of innocent people at risk, and perhaps generates revenue for other criminal activities including terrorism and other serious crimes. So this is a new angle on our consumer protection objective: consumer protection is a key focus of the FSA and of our new financial crime strategy. Financial crime risks cannot only be measured only in terms of financial losses: staged accidents reveal how financial crime is concerned with public safety, the notion of public harm, and the protection of society at large.
So what about money-laundering risks, will you ask me?
To assist with improving awareness of the vulnerability of the insurance sector, the FATF has identified nine common ways in which the insurance sector may be used to launder money. The most frequent way identified by the FATF through which money can be laundered is 'International transactions'.
Complex transfers of money through bank accounts or cheques in different jurisdictions can complicate the control/identification of the source of funds by the insurer. The FSA is increasing its focus on international and cross-border activities: financial crime risks are heightened when firms expand into emerging markets where counterparties are not subject to equivalent anti-financial crime regulation.
And let me give you a brief example of how money can be laundered through international transactions (taken from the FATF report I've just mentioned):
A number of insurance companies, domiciled in the Isle of Man and the Bailiwick of Guernsey, were identified through information received in a narcotics smuggling investigation as having numerous policies that were paid for with drug proceeds. Narcotics proceeds were deposited into life insurance policies over a substantial period of time before 2001. These policies were primarily established by one 'master broker' who operated in Colombia and other South American jurisdictions. The policies that were identified as containing drug proceeds were funded in several ways. First, and most common, was via third-party wire transfers – they often originated from money brokers or casas de cambio. Once credited to the institution's account, the broker provided detailed information of how to apportion the wired amount and which accounts to credit the funds to. The insurer also received payments via third-party cheques and structured money orders (to avoid reporting thresholds). Finally, some policies were paid with funds from the commission accounts of the brokers. In this scenario, the brokers accepted cash from the client in Colombia and credited the client's policy with funds from his business operating account or as a part of his commission cheque.
The second possible way to launder money is through 'General insurance claim fraud involving goods purchased with illicit funds'. In this case, money is laundered by using illicit funds to purchase high-value goods and then lodging an insurance claim for loss or damage to those goods.
The seven other possible channels for money-laundering in insurance mentioned in the FATF report are 'early policy redemption', 'Collusion', 'Third-party payment of premiums', 'Life insurance single premium policies', 'Cash payments to purchase insurance', 'Fraud', and finally 'Abuse of cooling-off periods'.
Perhaps it would be worth adding to this list the 'overpayments of premiums' and 'high brokerage', highlighted by the IAIS as particularly attractive methods to launder funds. As a matter of fact, 'high brokerage' may be used to pay off third parties that are not related to the insurance policy, and this is often being made via strange premium routes.
The FATF has produced indicators that should raise suspicions of insurers, brokers or insurance intermediaries. Here are only a few of these indicators - I would encourage you to read the full list!
- High premium payments compared to verifiable legitimate income.
- Lack of concern by the policyholder over charges or costs for early redemption.
- Repeated and unexplained change of beneficiary.
- Unusually high commissions paid to broker/intermediary.
So I hope you can see with these indicators that fraud and money laundering are often strongly intertwined. For instance the criminal purchase of an insurance or reinsurance company may allow criminals to invest their proceeds behind the cover of an apparently legal company.
Another key outcome that we are satisfied that persons of questionable integrity do not manage, own or control firms active in the UK financial sector. But it is also our aim that that UK firms do not change their standard of integrity whilst doing business abroad. We take this issue very seriously: a 'two-standard' approach is not acceptable, and firms cannot change the way they do business, for instance through the use of illegal or inappropriate incentives because they think they can apply different standards whilst transacting abroad.
So the insurance sector needs to be aware of the importance of making the UK a clean place to do business. How? Well here is a brief picture of what the FSA expects from the firms we regulate.
II. What the FSA expects insurance firms to do?
The FSA regulates over 29,000 firms. We require firms we regulate to have effective systems and controls in place, adequately designed and effectively implemented, to address their financial crime risks in a proportionate way and prevent financial crime from occurring. For instance, in response to this increasing risk of information security, firms need to ensure that customer personal data is stored safely to reduce the risk of financial crime being perpetrated against them, other firms and their customers.
As many of you will be aware, the FSA is moving increasingly to a principles-based approach to regulation. We do not, therefore, advocate a 'one-size fits all' approach, which would be overly burdensome for most firms. The risk-based approach will only succeed if the use of judgment by senior management prevails over a box-ticking approach. In other words, we're interested in how you think managing risks in your firm makes the most sense in relation to your products' vulnerabilities or your firm's specific channels of business for instance.
What we seek to assess when we visit a firm is whether a firm has a strong anti-fraud culture, with a clear and consistent lead being given from senior management and a clear allocation of responsibility for the day to day management of risk. We look at the staff training arrangements, and at how information on financial crime risks is captured and presented to senior management and to the board.
One of the FSA divisions carried out in 2006 some thematic work on claimant fraud in both the life and non-life sectors. Some of the weaknesses this work identified included a lack of management information as well as over-reliance on front line staff to report fraudulent activity. So what does this thematic work tells you?
Well that a 'clear allocation of responsibility' is crucial to fight financial crime risks. And senior management must play an active role in establishing the right cultural ethics and policies within their firm, and take financial crime issues seriously – but not just when a financial crime incident is discovered!
Senior management need to ensure that they receive timely, regular and appropriate management information to enable them to monitor the firm’s performance on fighting crime. Management Information should be qualitative, as well as quantitative. Firms need to determine proportionate key risk and key control indicators that are appropriate to their business.
Product proofing, adequate customer due diligence (CDD) as well as 'Know Your Intermediary' procedures are absolutely key for the insurance sector. Intermediaries cannot consistently meet their financial crime responsibilities if it is unclear whether they act for the customer or the firm. Insurers and brokers need to be clear on where they have responsibility – e.g., which party has responsibility for performing customer due diligence. Obviously, I am not trying to say that this is an easy route, since it is often difficult to identify who the customer of the insurance contract really is. And KYC on third parties receiving payments would be no easy task, but perhaps the ability to perform this type of 'reverse' CDD could greatly improve the transparency of the payments system.
Complex distribution channels (eg. sub-delegation) and multi-national transactions require a particularly robust anti-financial crime control environment and adequate audit arrangements.
Firms also have a duty to report significant frauds to us. And we look into these reported frauds carefully, since individual incidents may be indicative of more general and pervasive trends. Being aware of specific fraudulent patterns, we can then disseminate information to the relevant sector about these risks.
In March of this year, we launched a streamlined system for reporting financial crime in the insurance industry. Under the new system, insurance firms and intermediaries are being called on to tell us when they suspect criminal behaviour may be taking place. This may arise, for instance, when an insurer terminates an agency agreement with an intermediary where they see doubtful practice or suspect misconduct.
Examples of possible financial crime involving insurance fraud include:
- misappropriation of client money or money held under risk transfer agreements;
- falsifying customer details to obtain insurance business that would otherwise be turned down or be more expensive; and
Firm behaviours of this kind have led us to take action against a number of insurance intermediaries. As this is a voluntary initiative, so we REALLY need the insurance industry to work with us to turn this project into a useful and successful initiative in the fight against financial crime.
We have long recognised that the most effective way to tackle fraud is by working in partnership with our stakeholders, who encompass organisations and bodies including government, law enforcement, consumers and very importantly firms themselves. We want to foster an environment where information sharing is not only encouraged, but actively seen by all as a means both to reduce crime and to increase profitability. And this remark leads me to address some of the challenges we see in tackling financial crime in the insurance sector.
III. The Challenges to tackling financial crime in the insurance sector
The International Association of Insurance Supervisors (IAIS) published a Report on the Survey on Preventing, Detecting and Remedying Fraud in Insurance in May 2007; this report identified some problems in the battle against fraud, and I'd like to reflect on them. One of the main problems identified in this report is an 'inadequate fraud risk management'. I have mentioned below what the FSA expects firms to do in this regard, so I'll turn to the other issues, in no particular order, that were identified in the IAIS Survey. 'Public attitude' was highlighted as a major issue by the report. We cannot let the public think that 'it is ok' to commit fraud, because they take the view that their opportunistic fraud will not harm anyone. We need to get across the joint message that fraud is not a victimless crime, that inflating an insurance claim is just as unacceptable as any other dishonest behaviour, and that the cost of fraud is borne by us all, whether as customers paying higher prices, or investors receiving lower returns.
Research conducted by the ABI has found that false claims cost the insurance industry over £1.5 billion a year. This adds around 5% to the premiums paid by honest customers. Moreover, the ABI response to the Fraud Review published in April 2006 states that one of the most worrying aspects of insurance fraud is the extent to which it is socially acceptable. So awareness and education of customers are key, to change mentalities. An earlier survey revealed that 37% of respondents admitted they would not rule out inventing a claim, and 47% would not rule out exaggerating a claim. These numbers indicate that the actual incidence of fraud may be higher than admitted by respondents.
'Ineffective regulation and law enforcement' was also cited as a main obstacle to deal with fraud in insurance. Well it is not because no sufficient priority is given to insurance fraud that we should not endeavour to combat it. The fact that it is difficult to prove fraud is not an acceptable outlet to give up the fight. In the UK the Fraud Review Team at the Attorney Generals office needs the Industry's support if it is to succeed in successfully implementing the findings of the Fraud Review which will address this shortfall in the UK.
Indeed, ineffective detection and prosecution of fraud often goes hand in hand with the 4th problem mentioned in this report, namely 'commercial interest'. As the report explains, "this category represents the issue that the cost-benefit analysis of anti-fraud measures is not always, at least not in the short term, in favour of fraud prevention and detection". In fact, fraud detection can appear to be quite expensive compared to hiding the direct costs of fraud. We need to overcome this commercial inertia, not least because of the reputational damage of having poor fraud prevention highlighted by an FSA enforcement action.
The 5th problem highlighted by the IAIS report was the 'opportunities for fraudsters'. This points to the fact that some complex characteristics of insurance products coupled with the increasing possibilities of information technology, makes it extremely difficult to detect and to prove that fraud has occurred. Obviously this description would apply to money-laundering as well. And let me illustrate briefly this point. On 13th September, the Insurance Times published an article on internet fraud, warning us that "The internet is becoming a haven for insurance fraud. A survey had found that 75% of motor policy frauds were committed online and 96% of frauds involving contrived claims were cases where the policy was taken out online. The explanation given was that it is difficult to lie directly to a broker, while the internet allows the shield of anonymity".
'Information sharing and cooperation' closes the list of 'problems' highlighted in the IAIS report. As I have mentioned earlier, we at the FSA think a partnership approach is likely to reap a lot more benefits for all the stakeholders involved in the fight against financial crime than working in silo. So we have been really pleased by industry initiatives to collaborate to fight serious fraud, putting in place advanced data sharing processes. That is why we strongly supported the insurance industry's initiative to set up the Insurance Fraud Bureau in July 2006, and I don't need to repeat the merits we see in such initiative, since you've heard this morning John Beadle's presentation. And much more can be done, it seems, to reinforce the cooperation between insurers themselves, as well as between insurers on one side and law enforcement and regulators on the other, to increase our impact against financial crime in the insurance sector.
But many of you may also ask how can you tally your fraud strategy with other FSA obligations, for instance the Treating Customers Fairly (TCF) initiative? What I would reply is simple: a firm’s culture needs to support both the reduction of financial crime and treating customers fairly. Indeed, both need to be integral to the design of firms’ systems and controls; and any tensions between these, real or perceived, need to be managed, as firms have a duty to ensure their desire to offer a good customer service and treat their customers fairly does not impede the fight against financial crime.
But what about the risk of penalising honest customers, you will reply? Senior management need to ensure they have appropriate systems and controls for investigating claims for possible frauds which are proportionate to the level of risk.
Using anti-fraud techniques or forensic analysis can be expensive, which may account for the fact that low level fraud may encounter limited resistance from insurers. We strongly hope that the National Fraud Reporting Centre will reverse this trend.
Finally, it is true that innocent non-disclosure/misrepresentation can occur and firms need to bear this in mind in setting their claims procedures. Developing a sophisticated and risk-sensitive set of indicators for claimant fraud will enable firms to manage claims in a way that addresses the risk of fraud in a proportionate and manner, whilst ensuring fair treatment of their customers.
I hope I had some success this afternoon in raising awareness of the financial crime risks we have identified in the insurance industry – and the better we understand such risks, the better we will be able to mitigate them. The time is ripe to increase our effectiveness by working more closely in partnership raising our game not only on the fraud side, but also in the area of money-laundering. By working together to combat financial crime the UK insurance industry will gain further strength and credibility, and remain a leading and attractive centre for global business.
Thanks for your attention.
