Paper starts with definition of Fraud, the paper then explains what causes an individual to do Fraud. This was then explained in detail with the help of a case study. Author then attempted to give different classifications of frauds and then types of Insurance frauds. Author then attempted to describe frauds at different steps of a life cycle of a proposal form in an insurance company (example taken is from a life insurance perspective). Then Author tried to give actual examples of Frauds in entire life cycle of a proposal form in a life insurance scenario. Author explained for a life insurance proposal form. Same is also applicable for Non-Life & Health insurance too (though the terms will be different, but the way of Frauds are almost similar). Further, Author Gives details on major Fraud Regulations in India. Author then highlighted different fraud control measures which can be taken by an insurer during entire life cycle of the proposal form. Cost aspects on Fraud Control measures at different stages of life cycle of the proposal form was also touched upon by the author. Author then explained in detail the Fraud control measures through Fraud Awareness sessions, Fraud Prevention mechanism, Fraud Detection mechanism and Fraud Response mechanism. Paper ends with conclusion drawn by the author through his entire study.
Definition of fraud –
The term ‘fraud’ generally includes actions such as theft, corruption, conspiracy, embezzlement, money laundering, bribery and extortion.
Fraud essentially involves using cheating to deceitfully make a personal gain for oneself and/or create a loss for another. Although definitions may vary but most are based around these general themes.
Why do people commit frauds?
There is no particularpurpose behind fraud and any clarification of it needs to take account of various aspects.
Looking from the fraudster’s perspective, it is necessary to take account of:
- motivation of potential offenders
- circumstances under which individuals can justify their potential crimes away
- opportunities to commit crime(s)
- perceived suitability of targets for fraud
- technical ability of the fraudster
- likely and real risk of discovery after the fraud has been carried out
- expectations of consequences of discovery (including non-penal consequences such as job loss and family stigma, proceeds of crime confiscation, and traditional criminal sanctions)
- actual consequences of discovery.
There are different views on why do people commit Frauds. As per researcher Tommie Singleton, PhD, University of Alabama:
Some individuals are honest all of the period.
Some individuals are dishonest all of the period.
Most individuals are honest some of the period.
Some individuals are honest most of the period.
What is “Fraud Triangle”
When studying the risk of fraud, auditors often mention to the “Fraud Triangle”, explained first by sociologist Donald Cressey. The “Angles” of the Fraud Triangle are made up of three features which are existent for fraud:
Steve Albrecht in his book Fraud Examination further gives details on reasons behind occurrence of:
- Pressure factors:
- Individual financial influences that may lead to fraud:
- Financial difficulties (33%)
- High personal debts or financial losses
- Inadequate income
- Living beyond one’s means (44%)
- Financial difficulties (33%)
- Individual conducts that may lead to fraud:
- Broad stock market or other types of speculation (starting a new business)
- Extensive gambling
- Illicit affairs
- Excessive use of alcohol or drugs (12%)
- Individual financial influences that may lead to fraud:
- Opportunity factors:
- Magnitude of fraud would decrease if the opportunity did not exist:
- Reasons for increased fraud risk:
- Crime requires a simple act
- Chances of being detected are very slim
- Reasons for increased fraud risk:
- Punishment is very light
- Mitigation factors:
- What if security was tight?
- What if comprehensive internal controls require an elaborate system?
- What if the likelihood of finding is high?
- What if punishment is severe?
- Personally Created Opportunities:
- Familiarity with operations (including cover-up capabilities)
- Close association with contractors, dealers, and other key people (22%)
- Unwillingness to share duties (21%)
- Organizational Characteristics:
- Weak internal controls
- Absence of periodic rotation in job duties
- Constantly operating under a crisis environment
- Little attention to details
- Poor morale
- Rationalization factors:
- How can you be proactive and know who will rationalize fraudulent behavior?
- Embezzlers don’t fit the criminal stereotypes; they appear to be trustworthy, sincere, likeable, sociable, etc.
- Personal Emotions that may lead to fraud:
- Strong community or social expectations to succeed (6%)
- Perception of being treated unfairly by the organization (9%)
- Resentment towards superiors
- Frustration with job
- Insatiable desire for self-enrichment or personal gain
- Wheeler – dealer attitude (18%)
Let us examine a case study based on the Fraud Triangle:
Case Study is of the Secretary Who Stole over £4.3 million from her bosses at Goldman Sachs. We will correlate all the aspects of the Fraud Triangle in this case study.
- Incentive/Pressure, such as a financial need, is the “purpose” for compelling the fraud.
Motivation Aspect of the Case Study:
- Secretary originally started down her fraudulent path because of financial difficulties she found herself in before starting work at the investment bank
- The motive behind the fraud as primarily greed though, with secretary spending her ill gotten gains on a luxury lifestyle, including villas, cars, jewellery, designer clothes and first class holidays. She has even admitted that she did not steal because she needed to, but because she could. She explained that she first started taking money basically to find out if she possibly will get away with it.
- She says that it then developed ‘a bit addictive’ and that she ‘got a huge thrill from knowing they had no impression what I was doing.
- Rationalization The individual committing the fraud regularlyjustifies the fraud. Justifications may include, “I’ll pay the money back”, “They will certainly not miss the funds”, or “They don’t pay me adequate.”
RationalizationAspect of the Case Study:
- She was able to rationalize her actions by convincing herself that she had earned the money she stole.
- De-Laurey believed that she earned the stolen amounts as a just prize for her dedication, discretion and devotion, and claims that she had the permission of her bosses to take money in return for her ‘vital services’.
- She vindicated her activities through the belief that her superiors had cash to spare.
- Opportunity The individual committing the fraud sees an internal control weakness and, considering no one will notice if funds are taken, initiates the fraud with a small amount of money. If no one notices, the amount will usually grow bigger.
- Opportunity Aspect of the Case Study
- In terms of opportunity, her bosses trusted her and held her in high regard. She had proved herself crucial, on both professional and personal fronts, and was given access to their cheque books in order to settle their domestic bills and personal finances.
- A little over a year after starting at Goldman Sachs, she began forging her bosses’ signatures on personal cheques to make payments into her own accounts. Realizing she had got away with it, she continued to steal money by issuing forged cheques and making false money transfers.
In any business, the risk of fraud can be reduced. Internal control measures can particularly reduce the “opportunity” angle of the Fraud Triangle.
- Final Conclusion on the Case Study:
- After four years of siphoning off vast amounts of money, she was eventually caught when her boss at the time decided to make a six-figure donation to his former college. He took a look at his bank accounts to see if he could cover the donation and was astonished to find the balance on the accounts so little.
- He investigated further and realized that large sums had been transferred to an unknown account.
- Secretary was the obvious suspect. By this time, she had actually stolen around £3.3 million
Fraud is classified under different categories as under:
Examples of Fraud: Asset misappropriation
- Theft of cash
- False payment requests
- Cheque fraud
- Billing schemes
- Misuse of accounts
- Inventory and fixed assets
- Improper revenue recognition
- Misstatement of assets, liabilities
- Other accounting misstatements
- Falsified employment credentials e.g. qualificationsand references.
- Other fraudulent internal or external documents
- Personal interests
Classification of Frauds in Insurance Industry:
Before we move to understand what Fraud Control measures the insurer should take, we need to understand what type of Frauds the insurer faces.
Basically, 3 types of frauds an insurer faces:
- Policyholder fraud and/or claims fraud-Fraud against an insurer in the purchase and / or execution of an insurance product, this also includes frauds at the time of making a claim.
Example- Exaggerating damages/loss, Fraudulent Death Claims, Medical Claims Fraud
- Intermediary Fraud-Fraud perpetuated by an insurance agent / corporate agent / intermediary / Third Party Administrators (TPAs) against the insurer and/or policyholders.
Example- Adverse selection of clients for insurance cover, Inflating the premium, passing on the correct amount to the insurer and keeping the difference
- Internal Fraud-Fraud / misappropriation against the insurer by its Director, Management and / or any other office or employee (by whatever name called)
Examples- Misappropriating the funds, fraudulent financial reporting, forging signatures
These types of Frauds occur at different stages of Proposal’s Life Cycle. Life Cycle of proposal to policy can be depicted as per below figure: Fig. 4 – Life Cycle of Proposal Form
Major Frauds at Proposal Stage are:
- Misappropriating Fund
- Document Tampering/Misleading documentation
- Misrepresentation of Customer Profiling
- Non-Disclosure of Material Facts
- Bogus Business
Major Frauds at New Business Stage are:
- Medical impersonation/Rebating business
- Document Tampering/Misleading documentation
- Incorrect information during Pre Issuance Welcome Call(PIWC)
- Non-Disclosureof Material Facts/ Medical condition / Health/ Confidential information
Major Frauds at Policy Servicing Stage are:
- Falsifying and/or damaging/destroying documentation
- Signature Forgery
- Misrepresentation of Customer Profile
- Dishonoring of Renewal Premium Cheque
Major Frauds at Claims/ Surrender Stage are:
- Fraudulent Death Claims
- Fake Medical Documents at the time of Claims
- Bogus Claim
- Document Tampering/Misleading documentation
- Misrepresentation of Customer Profiling.
- Signature Forgery
Examples of actual Frauds from the insurance industry at these different stages of Life cycle:
At Proposal Stage:
- Collection of Cash from Customer & using it for issuance of new policy.
- Forgery or alteration of proposal form/Cheque /bank draft/financial instrument/account belonging to the company or any document submitted by the customer.
- Non-disclosure of the information provided by the customer. (Eg- Medical details /Income details etc.)
- Providing fake KYC/Confidential Report of Sales Representative/ Moral Hazard.
- Changing customer DOB/ Age proof etc. so that the customer can fit in a particular product.
- Report with wrong declaration or improper verification/Issuing fake receipt / fake policy.
- Falsifying and/or damaging/destroying documentation/OSV done for forged documents.
- Sourcing business to a nonexistent customer.
- Sourcing business without customer’s knowledge.
- Providing customer incorrect Mobile No./ Mail id for clearance of PIWC call.
At New Business stage:
- Intermediary in coordination issuing fake medical documents of customer.
- Signature forgery on PIWC Dispute Settlement Form, proposal form, Business Illustration etc.
- Not disclosing the medical condition of the customer in the proposal form.
- Tampering the Date of birth proof, Age proof, Income proof of the customer.
- Clearing the PIWC call on behalf of customer.
At Policy Servicing Stage:
- Documents Tampered for Change in Nomination, Change in Address, Fund Switch etc.
- Providing Intermediaries bank details for updation.
- Forging signatures or using facsimile signatures on the documents provided by customer. (Eg- Signature forgery on DGH, Assignment form etc.)
- Renewal premium cheque cashiered as New Business for Target achievement.
At Claims / Surrender Stage:
- Claiming the fraudulent death claim by intermediary or by policy holders.
- Fictitious Medical documents submitted in collusion with medical practitioners.
- Tampering of the death claim documents (Fake death Certificate/ 7/12 certificate /Doctors Certificate) at the time of claim.
- Bank account details tampered at the time of payout.
- Signature forgery on KYC documents of customer, Surrender form and Partial Withdrawal forms.
Fraud Regulations in India
- IRDAI Corporate Governance Guidelines 2016
Role and Responsibilities of the Board of Directors:
As an integral part of proper implementation of the business strategy, the Board should take action as under:
Establish appropriate systems to regulate the risk appetite and risk profile of the Company. It will also enable identification and measurement of significant risks to which the company is exposed in order to develop an effective risk management system
Establish effective Risk Management framework and recommend to the Board the Risk Management policy and processes for the organization
Formulation of a Fraud monitoring policy and framework for approval by the Board
To monitor implementation of Anti-fraud policy for effective deterrence, prevention, detection and mitigation of frauds.
- Guidelines on Corporate Governance for Central Public Sector Enterprises (CPSE’s) issued by Department of Public Enterprises (DPE)
The guidelines on Corporate Governance for listed and unlisted Central Public Sector Entities (CPSEs) provide guidelines on following aspects:
- Board of Directors
- Audit Committee
- Remuneration Committee
- Subsidiary Companies
- Report, Compliance and Schedule of Implementation
The Board should implement policies and procedures which should include:
- staff responsibilities in relation to fraud prevention and identification
(b) responsibility of fraud investigation once a fraud has been identified
(c) process of reporting on fraud related matters to management
(d) reporting and recording processes to be followed to record allegations of fraud
(e) requirements of training to be conducted on fraud prevention and identification
Role of Audit Committee with respect to Fraud Management-
Reviewing the findings of any internal investigations by the internal auditors/auditors/agencies into matters where there is suspected fraud or irregularity or a failure of internal control systems of a material nature and reporting the matter to the Board.
The company may establish a mechanism for employees to report to the management concerns about unethical behavior, actual or suspected fraud, or violation of the company’s General guidelines on conduct or ethics policy
- Fraud Monitoring Framework
Insurance Fraud Monitoring Framework issued by IRDAI in January 2013 requires every insurer:
- To have appropriate framework to detect, monitor and mitigate occurrence of insurance frauds within the Company.
- To issue an Anti-Fraud Policy duly approved by the Board.
- To lay down procedures for internal reporting of frauds.
- To create awareness among their employees/ intermediaries/ policyholders to counter insurance frauds.
- To furnish periodic report FMR 1 & FMR 2 on frauds to the board and IRDAI providing details of:
- Outstanding Fraud Cases
- Closes Fraud Cases
Insurance Fraud Controls through Fraud Mitigation
Insurance Fraud Controls Measures which can be taken up in each step of Proposal’s Life Cycle are as follows:
- Proposal Stage
- Go Green Initiative-wherein insurers create an infrastructure for online filling of proposal form by customer. With this no misrepresentation of facts or frauds can be done by any intermediary.
- Roll out of Risk Score:
- To predict the chance of a proposal, resulting into early claim, before the proposal is underwritten. Early claims are those claims which comes in first 3 years of existence of insurance policy. Generally, insurers face such early claims due to misrepresentation of facts during proposal stage either by customers or by intermediaries.
- To prevent issue of policies likely to give early claims.
- Pre Issuance Welcome Calling (PIWC) is done to customer on the contact no. provided in the proposal form. PIWC is clear only when customer confirm that the details mention in proposal are correct.
All these initiatives requireone-time cost investment by the insurer to create the infrastructure.
- Diagnostic Centre – where Medicals of the customer gets conducted during pre-issuance of the policy
- Regular Audit of the Diagnosis Center.
- Industrial Data Sharing of the fraudulent diagnosis center.
- Diagnostic Center analysis (DC) is done pan India for Medical Claims cases & the DC’s from where the Medicals done & the claims are repudiated on the grounds of Dead Man Insurance, Bogus Business etc. are de-empaneled.
- De-listed Diagnostic Centers based on negative feedback received from the Industry.
These initiatives don’t require any major costs and can be done with the existing infrastructure of the insurer.
- Underwriting Stage-
- Risk Rating Project
- To predict the chance of a proposal, resulting into early claim, at the time of underwriting.
- To prevent issuance of policies which are likely to give early claims.
- Data of policies issued during the past financial years can be used to build the model.
- The variables considered for analysis can be customer demographics, policy information and intermediary behavior. Based on statistical analysis, significant variables can be derived for the predictive model.
Again this is one-time cost for insurer.
- Policy Servicing Stage
- Customer Walking mandatory for policy servicing changes. (Address Change/ Nomination Change).
- Thorough Check of high value customers before any payout.
- Roll out of ORMS [Operational Risk Management System] wherein Risk aspects is checked in all stages of Policy Servicing.
- Creation of an Incident Reporting platform and awareness to employees for reporting any Suspicious /Fraudulent instances.
First two initiatives will not require any cost, but last two initiatives will require one-time infrastructure investment for the insurer.
- Claims/ Surrender Stage
- Fraudulent Death Claims Detection Model:To predict the chance of a claim proposal, resulting into fraudulent claims using statistical model.
- Very Early Death Claim Analysis [VEDC]:Early Death claims which gets reported within one year of policy issuance is considered to be Very Early Death Claim. Analysis to be done on a monthly basis on VEDC.Call for initial observations from the Sales Intermediaries and Branch Head for all Very Early Death Claim intimated during the particular period. Actions can be initiated, if any adversity found.
- Roll out of Fraud Risk MIS (Online MIS reports):The Very Early Death Claim reports can be provided to Sales Personnel. These reports can be built and mapped as per the sales Hierarchy.Death Claim intimations can be populated on real time basis.
- Industry Feedback: Flagging of policies based on negative feedback received from the Industry.
These Initiatives will require one-time cost for the insurer.
Insurance Fraud Controls through Awareness sessions on Frauds
Fraud Awareness Day
Many companies celebrate fixed dates of a year asFraud Awareness Day.
They take following initiatives to spread awareness about Fraud awareness.
- Theme based poster competition for employees.
- Online quiz on Fraud Management.
- Mouse Pad with Fraud Management message – gets distributed to all employees.
- Fraud related videos gets created highlighting effects of misconduct
- Coffee Mugs with Fraud Management theme based Logo.
- Pledge Calendar aimed on personal ethics & Conduct.
Now, let us see few examples wherein cost involvement is almost negligible.
- Insurance Fraud Controls throughProfiling the Fraudster:
- Who start out from the beginning planning to commit fraud.
- Can be short-term players, e.g. who use stolen credit cards; or can be longer-term, like bankruptcy fraudsters & those who execute complex money laundering schemes.
- Who start off truthful but turn to fraud when times get tough or when life happenings, such as annoyance at being passed over for promotion or the requirement to pay for care for a family member, change the usual mode.
- Who just carry on trading even when, objectively, they are not in a situation to pay their debts. This can apply to normal traders or to key business people.
How to establish a sound ethical culture in any organization:
- A mission statement that refers to quality or, more unusually, to ethics and defines how the organization wants to be regarded externally
- Clear policy declarations on business ethics and anti-fraud, with clarifications about tolerable behavior in risk prone situations
- A method through which supposed fraud can be informed
- An extensive audit procedure which focuses on areas of risk
- Organization who are seen to be dedicated through their actions.
- A code of ethics or an anti-fraud policy is not adequate to prevent fraud though. Ethical behavior needs to be rooted within the culture of an organization.
- To demonstrate commitment, resources should be allocated to communicating ethics and values to all employees, suppliers and business partners, and providing training programs where necessary.
- Promise from senior management and ‘attitude at the top’ is key.
How to establish a Sound Internal Control systems in any organization:
- An internal control system includes all those policies and procedures that taken together, support an organization’s effective and efficient operation.
- Internal controls typically deal with factors such as approval and authorization processes, access restrictions and transaction controls, account reconciliations, and physical security.
- Internal controls to minimize fraud should, where possible, address fraud red flags.
- Wherever new internal control procedures are announced, they should be documented clearly and simply. Internal controls should be frequentlyrevised as part of the risk management process, and there should be continual improvement of controls.
- Ultimately, the internal control system should be embedded within the culture and operations of an organization.
Let us understand Weak Internal controls with a help of a case study:
Case is of No process of Pre-Employment Screening in a company
- A finance house needed an extra junior accountant for a short period of time. The company went to a reputable agency and employed an appropriately qualified person.
- The company relied on the agency’s screening policy which had failed to uncover a series of discrepancies in the accountant’s personal history, including a false address. The accountant removed a company chequebook from his work place and used it to make a series of high value purchases on his own behalf.
- The matter came to light when a routine enquiry was made with the finance house to verify the issue of one of the cheques. By this time the short-term accountant had left the organisation. He could not be traced and the matter was referred to the police.
Fraud Indicators: Warning Signs
- It is unlikely to eradicate all fraud.
- No system is completely fraud proof, since many impostors are able to evade control systems put in place to stop them. However, greater care paid to some of the most common indicators which can provide early warning that something is not quite right and increase the likelihood that the impostor will be discovered.
- Warning signs have been defined as organizational indicators of fraud risk
- Warning Signs can be classified under four Risks:
1) Business risk
2) Financial risk
3) Environmental risk
4) IT and Data risk
Fraud Indicators: Fraud Alerts
- Fraud alerts have been described as specific events or red flags, which may be indicative of fraud. Some of these Red Flags are as follows:
- Unidentified emails/letters/telephone calls.
- Emails sent at uncommon times, with needless attachments, or to unfamiliarendpoints.
- Discrepancy between earnings and lifestyle.
- Supplies purchased in excess of need.
- Higher than average number of failed login attempts.
Tools & Techniques for Fraud Detection:
- Background reading
- To keep up to date with fraud inclinations and matters.
- The Internet is also a treasured, and gigantic, research tool.
- Comparisons of one financial period with another; or the performance of one cost Centre, or business unit, with another; or of overall business performance with industry standards, can highlight anomalies worthy of further investigation.
- Risk Management Process
- To detect, analyze, evaluate, treat, monitor frauds.
- Systems analysis
It is significant to inspect the systems in place and identify any weaknesses that could be chances for the impostor.
- Specialist software
Such as audit tools for data identical analysis can substantiate very useful. Additional tools allow for examination such as real time transaction assessment, targeted post-transactional review, or strategic investigation of management accounts.
- Exception reporting
Many organizations can generate automatic reports for results that fall outside of prearranged threshold values (exceptions), allowinginstant identification of results differing from the standard.
D) Insurance Fraud Controls through Fraud Response:
Following Fraud Response steps helps an insurance company to control frauds
The fraud response plan is anofficial means of setting down clearly the measures which are in place for dealing with detected or suspected cases of fraud.
It is planned to provide measures which allow for evidence gathering and collation in a manner which will simplify informed decision-making, while safeguarding that evidence gathered will be permissible in the event of any civil or criminal action.
The fraud response plan should repeat the organization’s commitment to high legal, ethical and moral standards in all its actions and its approach to dealing with those who fail to meet those standards. It is important that all those working in the organization are aware of the risk of fraud and other illegal acts, such as dishonesty or damage to property.
Organizations should be clear about the means of enforcing the rules or controls which the organization has in place to counter such risks and be aware of how to report any suspicions they may have.
3) Roles and Responsibilities:
The division of responsibilities for fraud risk management will vary from one organization to the next, depending on the size, industry, culture and other factors.
However, the same should be documented and should made available public in the company.
4) The Response:
Realistic steps for reacting to detected or suspected instances of fraud include:
- Clear reporting mechanisms
- A thorough investigation
- Punishing of the persons responsible (internal, civil and/or criminal)
- Recovery of stolen funds or property
- Alteration of the anti-fraud strategy to avert similar conduct in the future
5) The Investigation:
Preservation of evidence: It is vitally important that control is taken of any physical evidence before the opportunity arises for it to be removed or destroyed by the suspect(s). Physical evidence may therefore need to be seized at an early stage in the investigation, before any witness statements are collected or interviews conducted.
Other Aspects- Physical & Electronic evidence, Interviews, Statements from witnesses, Statements from suspects
With the detail study on all aspects of Frauds, Reason behind Frauds, Causes of Frauds, Frauds at different stages of the Life cycle of a proposal, Frauds controls at different levels with or without cost interventions, Fraud Prevention, Fraud Detection and Fraud Response we can conclude below points:
- Reason behind a Fraud Need to be understood properly before taking proper fraud mitigations.
- Cost is not a major factor in controlling Frauds.
- Developing a Sound Ethical Culture plays a very vital role for fraud prevention in an organization.
- Organization should work in having sound Internal Control systems to prevent Frauds.
- Fraud Detection Mechanisms should be Robust. Indicators and Warnings should be properly analyzed with the help of Fraud Detection Tools & Techniques.
- Fraud Response System has to be clearly documented and timely acted upon.
- Insurers are responsible for Policyholders’ Money, so any leakage in the system through frauds can question the existence of an insurer.
- Regulators has clearly earmarked the guidelines to have sound Fraud Control system in place. So, it’s not the choice to have fraud control system or not for an insurance company.
- Utility of Investing in Fraud Control measures far exceeds in benefits than Cost.
- Cost is not the only Investment for Fraud Control Measures. The other investments are making sound ethical culture for the organization, Commitment & Time of Top Management, Importance given to Fraud Awareness sessions, Trainings etc.