Insurance fraud is getting a lot of attention nowadays. In 1994, Congress made theft of insurance company assets a crime. Also, at last count, 36 states require insurers to report fraud to insurance departments, to put fraud warnings on claims forms or applications, or to maintain a fraud prevention plan or a special fraud investigation unit. By the year 2000, we can reasonably expect all states to have insurance fraud statutes.
What is insurance fraud? Most people would say it involves deceptive claims, perpetrated against an insurer. While that intuitive response is correct as far as it goes, it is incomplete. Insurance fraud includes, but is not limited to, claims fraud, and it can hurt a wide range of victims including policyholders, prospective customers, employees, and the insurance company.
No one knows how much insurance fraud costs. According to Conning & Co.'s Insurance Fraud: The Quiet Catastrophe, it is estimated that insurers lose approximately $120 billion annually in fraudulent claims alone, as follows: $95 billion in fraudulent health care claims, $20 billion in such property and casualty insurance claims, and $5 billion in life and disability claims.
While these figures are impressive, insurance companies do more than collect premiums and pay claims. Insurers invest trillions of dollars in securities and other investments, purchase millions of dollars in fixed assets, own billions of dollars in real property, spend millions on the services of vendors, agencies and professional consultants, and maintain massive amounts of information about insurance company operations, products, and customers. The list goes on and on. The insurance industry is at risk for fraud in each of these areas.
Fraud cases fall broadly into two categories: internal and external fraud. Internal frauds are those perpetrated against a company or its policyholders by agents, managers, executives, or other employees. External fraud schemes, on the other hand, are directed against a company by individuals or entities as diverse as medical providers, policyholders, beneficiaries, vendors, and career criminals.
Internal fraud often involves theft of proprietary information or other company property, improper relationships with vendors or consultants involving conflicts of interest, diversion of policyholder or company funds by employees, use of confidential information for investment purposes, or intentional misrepresentation by agents to prospective customers about the characteristics or future performance of company products.
External fraud can involve such schemes as fraudulent automobile, life, health or disability claims, the use of tax-advantaged insurance products for concealing the origins of illicit funds, or the negotiation of counterfeit checks.
Companies need to define insurance fraud as broadly as possible to encompass not only fraudulent claims and false statements on insurance applications, but also to include any theft or misappropriation of company or policyholder assets. The company should make it clear in word and deed that it regards any fraudulent activity as illegal and prohibited, and takes its legal and ethical responsibility for fighting fraud seriously. The responsibility for fighting fraud should clearly rest with company management as well as the employee rank and file. We suggest that the following responsibilities be established.
As recommended in the 1992 report on Internal Control-Integrated Framework by the Committee of Sponsoring Organizations (COSO) of the Treadway Commission, management should assume ownership of an organization's system of internal controls. This includes setting the tone of an organization as it relates to ethics and integrity, as well as establishing specific policies and procedures to ensure the effectiveness and efficiency of operations, the reliability of financial reporting, and compliance with applicable laws, regulations and company policies.
Consequently, in the area of fraud deterrence and detection, management should (a) identify the areas of exposure to fraud and the related fraud indicators and, (b) develop and maintain control policies and procedures specifically designed to combat fraud. The COSO principles specify that the internal control structure should include elements of the following:
In keeping with the requirements of various state fraud-related statutes, management should notify the company's internal fraud control organization of all suspected fraud as soon as possible.
If fraudulent activities are occurring, an employee often will be in the best position to recognize early that there may be a problem. For example, sudden changes in a co-worker's living habits, a co-worker's personal or family financial and/or health problems, or discovery of a related business owned by a co-worker's friend or relative can be harbingers of fraudulent activities.
As indicated above, employees should be trained to recognize the indicators of fraud and should be informed that it is part of their responsibility to maintain vigilance to such indicators in all areas of company operations with which they come into contact. If fraudulent activities are suspected or identified, employees should be directed to report them to their immediate superior or directly to the fraud control organization.
An internal fraud control organization should be established, if one does not already exist, to highlight and enhance the company's commitment to combat fraud. The mission of the organization should include:
Mr. Paliotta, CFE, CISA, CFSA, is assistant vice president, and Mr. Radigan, JD, CFE, is director-special investigations, of the Special Investigation Unit, of Metropolitan Life, New York.
Copyright in this article as an independent work may be held by the author.
