“Keeping up with the Joneses” is an idiom that bespeaks of shallow and self-serving actions, but when it comes to operational and risk management, it is an imperative. Better yet, when it comes to operational and risk management, being the “Jones” is probably better. Good operational and risk management is a moving target though, and it requires diligence in processes, process change management, and the tools used.
The Importance of Wholistic Operational Risk Management in Insurance
The insurance risk and operational risk mitigation landscape has changed significantly in the past five years, and those who are not taking a more strategic, wholistic view toward risk mitigation management across functional silos will inevitably be targeted by those who seek illicit gains from our industry. While there will always be some fraud that slips through and is reflected in the morbidity and mortality experience, those who are laggards in adopting a wholistic strategy will likely be disproportionately targeted for fraudulent activity whereas those that are proactive will reap the benefits of better mortality and morbidity experience than the industry as a whole.
Adapting to Changes in Operational Risk Management
Operational risk management is far different today than even 5 years ago. Our social environment, consumer attitudes, distribution systems, technology, and processes have dramatically changed and so must insurance companies.
Surveys show that consumer attitudes, particularly amongst those under age 45, toward non-violent deception and even crimes are more acceptable.[1] The vast amount of information available on the world wide web and the dark web about how to facilitate fraud has never been greater at a time when attitudes toward non-violent crimes have become more accepting. Unfortunately, those seemingly more accepting of non-violent crimes are a significant portion of our population and are the same people who are purchasing insurance and, in claim disputes, may be sitting on juries hearing cases. This shift in attitudes mean that up-front controls need to be more effective so that the fraud is caught before policies are issued, and certainly before a claim ensues.
From a technological standpoint, Moore’s Law seems to apply. The technology used by insurance companies is continuing to increase at a rapid pace including the use of AI and machine learning – and these changes in technology are also being used by bad actors who can often employ new tech more quickly than insurance companies. The benefits of the newly available technology to help improve processes have been great, but in the words of Frank Abagnale[2], there will always be those who exploit changes in technology for their own gains. Changes in process necessitate thoughtful and considerate changes in controls that anticipate not only previous risks but new ones.
Coupled with the increased direct-to-consumer distribution models, identity crimes are easier than ever to perpetrate and are one of the top crimes for the day. While agent-involved insurance crimes still abound, no longer are the days when an agent or paramedical examiner had to be corrupted.
Strategic Solutions for Today’s Operational Risk Management Challenges
Historically, insurance operations were segregated into functional silos where each silo conducted its own risk assessment and controls. Today’s demands call for a more wholistic and strategic approach towards enterprise and operational risk management, starting with the sales process and concluding with the benefit fulfillment process. In between lie areas such as underwriting, new business, and policy holder administration.
No area operates in a vacuum, and operational changes are inevitable if not required to stay competitive and improve the customer experience. Changes will inevitably have the potential for gaps in controls that can be exploited, if only temporarily. A wholistic approach requires cooperation and feedback loops from each process owner, and for each owner to understand the types of fraud that may be perpetrated against the company. Also, understanding each functional area’s processes, and in particular, changes to processes, can help each of the areas stay informed as to the changing risk profiles from operational changes.
SIUs are great places for the education of the different areas to begin, but the scope for risk mitigation extends beyond most company’s SIU mandates. For example, the industry has recently seen agent commission schemes in which a corrupt agent submits applications using stolen or synthetic identities. Everyone from new business, accounting, policy holder services, and claims should understand these schemes and how they may manifest in their respective areas.
Identity-related crimes are the fastest growing crime today. According to Experian, the FTC logged more than 1 million identity theft reports in 2023 accounting for 2.6 million cases of related fraud and $10.3 billion in losses.[3] Identity crimes can manifest in any area in an insurance company from agent activity through benefit fulfillment, and often the perpetrators will stage their “bust out” after the contestable period in a life policy has expired. To combat such crimes, a wholistic strategy is the most effective.
One area that is often overlooked by many companies is the utilization of tools to reduce risks of fraud. In a world becoming dominated by electronic transactions and where human interactions are becoming fewer, understanding who is on the other side of that transaction is paramount. Often, tools used in one area are not always shared with other areas. This creates gaps and inefficiencies which can lead to greater risks.
Enhancing Fraud Prevention with a Proactive Risk Management Strategy
An effective risk management strategy is not only more effective and efficient in detecting and thwarting potential risks, but it also often sends a signal to the organized crime groups that their efforts will not be rewarded. Since illicit actors seek the path of least resistance, they will often avoid those with a strong, wholistic approach in favor of those with gaps that can be more easily exploited.
Building a Resilient Future with Proactive Operational Risk Management
Today’s landscape calls for a more proactive and comprehensive approach toward enterprise and operational risk management. Changes in technology and society are enabling greater capabilities by insurance companies to improve the customer experience and detect illicit activities, but illicit actors also have access to many of these same capabilities. In addition, attitudes toward non-violent crime have made insurance fraud more acceptable to more people. A wholistic risk management approach can be more effective and less costly than a more traditional, functional approach.
For more information on how Diligence International Group can assist you in fraud education and risk management, please contact us at [email protected], or call us at 800-660-4202.
[1] “Who Me?” Who Commits Insurance Fraud and Why, Coalition Against Insurance Fraud and Verisk, p 6
[2] Frank Abagnale was convicted of many counts of counterfeiting and bank fraud, and he was the subject of the popular movie “Catch Me If You Can.” He was later hired by the FBI to help in the anti-fraud efforts and is a frequent speaker on his life and fraud.
[3] Akin, Jim, Experian, U.S. Fraud and Identity Theft Losses Topped $10 Billion in 2023, July 25, 2024.
