Insurance fraud can be a beast, costing the average organization as much as 5% of its revenues. The bigger the beast – that is, the higher the fraudster’s seniority level on the company’s organizational chart – the higher the damage and the losses the fraudster is likely to cause, according to the Association of Certified Fraud Examiners (ACFE) 2016 Global Fraud Report.
Brutish Legends: Examples of Insurance Fraud
Instances of fraud abound, including these thefts:
- The SEC reached a $25 million settlement with a viatical life insurance company that allegedly defrauded thousands of terminally ill patients through the manipulation of their life insurance policies. Three former principals of the company oversaw the defrauding of approximately 31,000 investors by selling more than $1 billion of these fake policies.
- A high-placed whistleblower stepped forward and claimed that big insurance companies had been unleashed, systematically conning Medicare Advantage for years and ripping billions of dollars from the program by making patients look sicker than they were, searching patients’ health records electronically, and manipulating the diagnoses codes. The Justice Department is still investigating and uncovering fraudulent damages.
- In what may be the insurance industry’s most prominent example, the chief executive officer and chief financial officer of American International Group (AIG) acknowledged the company’s participation in and approval of two transactions that inaccurately portrayed AIG’s financial results over a four-year period. These inaccuracies led to AIG’s near collapse and required a monstrous $185 billion in federal rescue.
With instances of insurance fraud escalating, what lessons can regulators glean to become the king of the jungle. The eradication and escape of fraud will not happen overnight—if ever. Taming fraud and keeping it in check requires active collaboration combined with ongoing improvement that evolves over time. Below are four steps a company can take to protect itself.
1. Learn the Share of Insurance Fraud Risk Assessments and Processes.
The National Association of Insurance Commissioners (NAIC) risk-focused procedures have been in place for a while now. Beginning in 2018, there will also be risk-focused analysis procedures in place. Risk-focused procedures enable state insurance regulators to focus on where the risks truly are, rather than adhering to a traditional checklist approach. Additionally, the Own Risk and Solvency (ORSA) requirements call for insurance companies to issue their own assessment of their current and future fraud risk. ORSA further mandates that the risk assessments be performed at the holding company level, and allows state regulators access to the procedures that companies like AIG are implementing to identify risks and develop mitigation strategies for those risks.
2. Conduct Comprehensive Reviews of People, Processes, and Technologies.
Attempting to fix one process will likely not yield results. Internal controls should be viewed at a macro level, taking into account current internal controls and any existing gaps. The more thorough the review, the better the results.
3. Embrace a Collaborative Approach Through Leadership.
One of the key responsibilities of an internal auditor is to evaluate whether controls are properly designed, implemented, and working effectively. Companies with strong internal controls integrate the auditor as a part of a team approach, which also might include members from human resources, compliance, investigations, and security, among others. Working together in a spirit of cooperation means that each department brings its own perspective, strengthening the process.
4. Test and Defend Key Internal Controls in a Controlled Environment.
It is one thing to test internal controls under real-time conditions fraught with emotion. It is quite another to perform simulated, situational testing on technology and information-based tools, which provides a keyhole to event readiness. For example, scheduling testing on the availability of information via online Internet information platforms could reveal security flaws that can be addressed before actual fraud damage occurs.
Hear Insurance Fraud Protection Roar with CRI
Fraud can tear a company apart, and increasingly U.S. insurance regulators are urging insurance companies to conduct internal risk assessments so they can survive fraud attacks and minimize insurance fraud.
Insurance organizations are being held accountable to provide reasonable assurance that they are achieving objectives in these three categories:
- effectiveness and efficiency of operations,
- reliability of financial reporting, and
- compliance with applicable laws and regulations.
Contact CRI to help you implement comprehensive protocols such as fraud risk assessments, audits, and in-depth analyses of policies and procedures to help you slay the fraud savages who threaten your organization’s success and survival.