ICP 21 Countering Fraud in Insurance

The supervisor requires that insurers and intermediaries take effective measures to deter, prevent, detect, report and remedy fraud in insurance.

[ + ] 21.0

Introductory Guidance

21.0.1

Fraud in insurance (including reinsurance) is a deceptive act or omission intended to gain advantage for a party committing the fraud (the fraudster) or for other parties. Most jurisdictions have legal provisions against fraud in insurance. In many jurisdictions, instances of fraud are criminal acts.

21.0.2

Fraud in insurance can take many forms and be perpetrated by any party involved in insurance, including insurers, insurers’ managers and staff, intermediaries, accountants, auditors, consultants, claims adjusters, third party claimants and policyholders.

21.0.3

Fraud poses a serious risk to all financial sectors; fraud in insurance results in reputational as well as financial damage and social and economic costs. In the insurance sector, both insurers and policyholders bear the costs. Losses caused by fraudulent activities affect insurers’ profits and potentially their financial soundness. To compensate, insurers raise premiums and this results in higher costs for policyholders. Fraud may also result in the policyholder discovering that they are not insured for risks they believed were covered, which can have a material impact on both customers and businesses. For these reasons, fraud may reduce consumer and shareholder confidence. It can affect the reputation of individual insurers, insurance groups, the insurance sector and, potentially, economic stability more broadly.

21.0.4

Countering fraud is in principle the concern of the individual insurers and intermediaries. Insurers and intermediaries need to understand and take steps to minimise their vulnerability to fraud.

21.0.5

Responsibility for ensuring that insurers and intermediaries have adequate fraud risk management ultimately lies with the Board and Senior Management of the insurer or intermediary.

21.0.6

The supervisor is one of the competent authorities that has an important role to play in countering fraud in insurance in its jurisdiction. There may be jurisdictions where several authorities have a responsibility for deterring, preventing, detecting, reporting and remedying fraud in insurance.

21.0.7

Fraud in insurance is an issue for supervisors if the risk of fraud is not addressed adequately. Therefore, supervisors should pay appropriate attention as to whether insurers and intermediaries have adequate and effective policies, procedures and controls in place to deter, prevent, detect, report and remedy fraud (see Application Paper on Deterring, Preventing, Detecting, Reporting and Remedying Fraud in Insurance).

21.0.8

The increasing integration of financial markets and the growing number of internationally active insurers and intermediaries make fraud and its potential global implications an important issue to address at the international level. Therefore, it is important that supervisors communicate with one another in addressing fraud across jurisdictions.

21.0.9

The supervisor should consider the application of these standards, particularly for intermediaries, taking into account that there are various business models ranging from sole traders to large enterprises.

[ + ] 21.1

Fraud in insurance is addressed by legislation which prescribes adequate sanctions for committing such fraud and for prejudicing an investigation into fraud.

21.1.1
Legislation should contain offences and sanctions for committing fraud and for prejudicing an investigation into fraud. It should also provide the ability:
  • to obtain documents and information, together with statements made by relevant individuals, for intelligence and investigation purposes, for disclosure to appropriate authorities;
  • to restrain assets which represent, or are believed to represent, the proceeds of fraud; and
  • to confiscate assets which are, or are believed to be, the proceeds of fraud.
21.1.2

It may be helpful for anti-fraud legislation to provide appropriate civil and criminal immunity for fraud reporting in good faith, including where no fraud was subsequently found to have occurred.

[ + ] 21.2

The supervisor has a thorough and comprehensive understanding of the types of fraud risk to which insurers and intermediaries are exposed. The supervisor regularly assesses the potential fraud risks to the insurance sector and requires insurers and intermediaries to take effective measures to address those risks.

21.2.1

The supervisor should identify the main vulnerabilities in its jurisdiction, taking into account independent risk assessments where relevant, and address them accordingly. These are not static assessments. They will change over time, depending on how circumstances develop, and how threats evolve.

21.2.2
The supervisor should have a thorough and comprehensive understanding of:
  • the activities undertaken and products and services offered by insurers and intermediaries; and
  • internal, policyholder, claims and intermediary fraud.
21.2.3

The supervisor should consider the potential fraud risks alongside other risk assessments (including governance and market conduct) arising from its wider duties and be aware of the relevance of fraud to the duties it carries out in respect of other ICPs and standards.

[ + ] 21.3

The supervisor has an effective supervisory framework to monitor and enforce compliance by insurers and intermediaries with the requirements to counter fraud in insurance.

21.3.1

The supervisor should issue anti-fraud requirements by way of regulations, instructions or other documents or mechanisms that set out enforceable requirements with sanctions for non-compliance with the requirements.

21.3.2

The supervisor should issue guidance to insurers and intermediaries that will assist them to counter fraud effectively and to meet the requirements set by the supervisor.

21.3.3

The supervisor should have sufficient financial, human and technical resources to counter fraud, including the resources needed to be able to issue and enforce sanctions in relation to complex cases where insurers or intermediaries oppose such sanctions.

21.3.4

The staff of the supervisor engaging in anti-fraud activity should be appropriately skilled and provided with adequate and relevant training on countering fraud. Examples of issues to be covered under adequate and relevant training for the staff of the supervisor include fraud legislation (including offences), fraud typologies, techniques to be used by supervisors to ensure that insurers and intermediaries are complying with their obligations, and the issue and enforcement of sanctions. Similarly, insurers and intermediaries should provide relevant training on anti-fraud measures to Board Members, Senior Management and other staff as appropriate.

21.3.5

The supervisor should take account of the risk of fraud at each stage of the supervisory process, where relevant, including the licensing stage.

21.3.6
The supervisor should assess whether insurers and intermediaries have adequate fraud risk management systems in place which are reviewed regularly. Insurers and intermediaries should be able to demonstrate to the supervisor that they have effective management of their fraud risk and possible risks to their solvency or continuity caused by fraud. The supervisor should at least assess whether insurers and intermediaries:
  • have effective policies, procedures and controls in place to deter, prevent, detect, report and remedy fraud;
  • have an independent internal audit function and periodically carry out fraud-sensitive audits; and
  • have allocated appropriate resources to deter, prevent, detect, record and, as required, promptly report fraud to the relevant authorities.
21.3.7
The supervisor should use both off-site monitoring and on-site inspections to:
  • evaluate the effectiveness of the internal control system of insurers and intermediaries to manage fraud risks; and
  • recommend or require appropriate remedial action where the internal control system is weak and monitor the implementation of such remedial actions.
21.3.8

As particular fraud risks arise from claims, the supervisor should cover claims management processes in its supervision. This may include reviewing and assessing claims data, the quality of client acceptances, and claims handling processes. Regarding the risks of fraud occurring in the underwriting process, the supervisor should review relevant processes and controls, in particular those concerned with verification of customer information.

21.3.9

The supervisor should have the power to take appropriate corrective and remedial action where insurers and intermediaries do not implement anti-fraud requirements effectively or in cases of fraud committed by the insurer or intermediary. Depending on the severity of the situation and level of supervisory powers, this could include letters to management, directions, fines, the suspension of business, the appointment of alternative management and redress to customers.

21.3.10

Where a supervisor identifies suspected criminal activities in an insurer or intermediary it should ensure that relevant information is provided to the financial intelligence unit (FIU) and appropriate law enforcement agency and any other relevant supervisors.

[ + ] 21.4

The supervisor regularly reviews the effectiveness of the measures insurers and intermediaries and the supervisor itself are taking to deter, prevent, detect, report and remedy fraud. The supervisor takes any necessary action to improve effectiveness.

21.4.1

The review of effectiveness should take risk into account and assess whether established regulations and supervisory practices are being enforced.

21.4.2
This review could cover aspects such as:
  • the risks of fraud in the insurance sector and whether these are adequately addressed by the risk-based approach of the supervisor;
  • the adequacy of the supervisor’s resources and training;
  • whether the number and content of on-site inspections relating to anti-fraud measures are adequate;
  • whether off-site supervision of anti-fraud measures is adequate;
  • the findings of on-site inspections, including the effectiveness of training and implementation by insurers and intermediaries of anti-fraud measures;
  • action taken by the supervisor against insurers and intermediaries;
  • input from other authorities with anti-fraud responsibilities, such as information on fraud prosecutions and convictions;
  • the number and nature of requests for information from other authorities concerning anti-fraud matters; and
  • the adequacy of the requirements, guidance and other information provided by the supervisor to the sector which may vary on the basis of the business undertaken.
Such reviews should enable the supervisor to identify any necessary actions which need to be taken to improve effectiveness.
21.4.3
The supervisor should consider contributing to or promoting anti-fraud initiatives such as:
  • working with relevant industry and trade associations to encourage and maintain an industry-wide approach to deterring, preventing, detecting, reporting and remedying fraud;
  • the establishment of anti-fraud committees consisting of industry or trade organisations, law enforcement agencies, other supervisors, other authorities and possibly consumer organisations as a platform to address fraud in insurance – for example, by discussing trends, risks, policy issues, profiles and modus operandi;
  • the establishment of a fraud database on suspected and/or confirmed fraud attempts; insurers could be requested or required to submit information and statistics with respect to these attempts;
  • the exchange of information between insurers and intermediaries on fraud and fraudsters including, as appropriate, through the use of databases to the extent permitted by local legislation
  • the enhancement of consumer/policyholder awareness on insurance fraud and its effects through effective education and media campaigns; and
  • cooperation between organisations involved with combating fraud in the insurance sector, such as organisations for accountants, forensic auditors and claims adjustors.
21.4.4

Whenever a supervisor is informed of substantiated suspicious fraudulent activities which may affect insurers, intermediaries or the insurance industry as a whole, it should consider whether to convey warning information to insurers and intermediaries to the extent permitted by local legislation.

21.4.5

The supervisor should maintain records on the number of on-site inspections relating to the combating of fraud measures and on sanctions it has issued to insurers and intermediaries with regard to inadequate anti-fraud measures.

[ + ] 21.5

The supervisor has effective mechanisms in place, which enable it to cooperate, coordinate and exchange information with other competent authorities, such as law enforcement authorities, as well as other supervisors concerning the development and implementation of policies and activities to deter, prevent, detect, report and remedy fraud in insurance.

21.5.1
Mechanisms of cooperation and coordination should normally address:
  • operational cooperation and, where appropriate, coordination between supervisors and other anti-fraud competent authorities; and
  • policy cooperation and, where appropriate, coordination across all relevant anti-fraud competent authorities.
21.5.2

Where the supervisor identifies suspected fraud in insurers or intermediaries it should ensure that relevant information is provided to the FIU and appropriate law enforcement agency and any other relevant supervisors.

21.5.3

The supervisor should take all necessary steps to cooperate and exchange information with other relevant authorities. There should be contact by the supervisor with the FIU and appropriate law enforcement agency to ascertain any concerns it has and any concerns expressed by insurers and intermediaries and to obtain feedback on trends in reported cases.

21.5.4

The supervisor should consider appointing within its office a contact for anti-fraud issues and for liaising with other competent authorities to promote an efficient exchange of information.

21.5.5

The supervisor should maintain records on the number and nature of formal requests for assistance made by or received from supervisors or law enforcement agencies concerning fraud or potential fraud, including whether the request was granted or refused.