Guernsey Financial Services Commission Guidance Note on Insurance Fraud

1 GUERNSEY FINANCIAL SERVICES COMMISSION GUIDANCE NOTE ON DETERING, PREVENTING, DETECTING, REPORTING AND REMEDYING INSURANCE FRAUD Introduction Fraud is a serious risk to the insurance sector and can have an effect on clients and policyholders. Losses caused by fraudulent activity affect insurers’ profitability and potentially their financial soundness. To compensate for these losses insurers increase premiums resulting in higher costs for policyholders. Fraud can also affect consumer and shareholder confidence, the reputation of the insurer, or intermediary, the reputation of the insurance sector and potentially the reputation of the Bailiwick. According to the UK Insurance Fraud Taskforce1 the Association of British Insurers (“ABI”) estimates that the cost of detected insurance fraud is £132bn per annum, with undetected insurance fraud estimated at £2.1bn per annum. Fraud is a risk to all participants in the Guernsey insurance market, including insurers, captive insurers and intermediaries. There are a number of specific types of fraud that could affect Guernsey insurance market participants, including internal fraud, policyholder/claims fraud and intermediary fraud, which are discussed in more detail in this guidance note. The Finance Sector Code of Corporate Governance requires a company to maintain internal controls to safeguard the company’s assets and to manage risk. Insurers specifically are required to establish, and operate within, effective systems of risk management and internal controls. The minimum criteria for licensing, which includes fraud controls also requires adequate systems of control. This note aims to provide guidance to licensees in establishing their fraud procedures and controls. What is Fraud? Fraud can be generally defined as a deceptive act or omission intended to gain dishonest or unlawful advantage for a party (the “fraudster”) or other parties. This could be achieved, for example, by:  Misappropriating assets;  Deliberately misrepresenting, concealing, suppressing or not disclosing material facts relevant to a financial decision, transaction or perception of an insurer’s status;  Abusing responsibility, a position of trust or a fiduciary responsibility. Fraud in the insurance industry can generally be broken down in to three main types:

1 Insurance Fraud Taskforce: final report – January 2016 https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/494105/PU1817_Insura nce_Fraud_Taskforce.pdf

2  Internal fraud, against the insurer, or intermediary, by a director, manager or member of staff on his/her own or in collusion with others internally or externally.  Policyholder and claims fraud against the insurer in the purchase of and/or execution of an insurance policy by one or more people by obtaining wrongful coverage and/or payment.  Intermediary fraud against the insurer or policyholders. This could include false representations, failure to disclose information or abuse of position. Insurers and intermediaries are also susceptible to other forms of fraud that are not specific to the insurance sector, such as fraud committed against the insurer or intermediary by contractors or suppliers. Fraud in or on Insurers Risk Assessment, Procedures and Controls Insurers should understand the risk of internal fraud, policyholder/claims fraud and intermediary fraud in their business and establish procedures and controls to effectively manage these risks. Procedures and controls for managing fraud risk should be determined following a risk analysis, which should take account of the following factors:  The size of the insurer  Group, responsibility and organisational structure  Products and services offered  Market conditions The policies and procedures should:  Require high standards of integrity from its directors, management and staff as part of their business values and organisational culture.  Set realistic business objectives and targets and allocate sufficient resources for the directors, management and staff to meet them.  Facilitate the organisation and collection of management information with respect to fraud in insurance, making it available in a timely manner for the board of directors and management to monitor developments and take appropriate action. This information should be used to periodically evaluate the effectiveness of policies, procedures and controls and make changes where necessary.  Establish and maintain an audit function to test risk management procedures and controls. Insurers should also consider the risk of fraud when considering their mission, strategy and business objectives and when considering operational procedures and controls, in particular with regard to:

3  Developing products  Accepting clients  Hiring and firing of management and staff  Outsourcing  Handling claims Insurers should also consider the risk of fraud arising from their distribution methods, the amount of contact and/or the reliance on third parties can differ depending on the distribution method and affect the risk of fraud. Procedures and controls should be tailored to the distribution methods used and particular care should be taken with technologies such as the internet. Insurers should also have policies and procedures in place to respond adequately and where necessary, urgently to suspected cases of fraud, possibly including fraud investigation. Training Directors, management and staff should receive training relevant to their responsibilities in the insurers’ anti-fraud policies, procedures and controls, including internal rules such as codes of conduct and the requirement to report suspicions of fraud. Staff in specific roles where the risk of potential fraud is higher should receive more extensive training in the following areas: the relevant laws, anti-fraud policies, procedures and controls, fraud methods, trends and indicators, detection methods and internal reporting procedures. Fraud in Captive Insurance Although captive insurance companies (“captives”) predominantly insure the risks of its parent company or related companies, they are bone fide insurance companies, therefore they face similar risks to commercial insurers. Most captives outsource their management to insurance managers, therefore insurance managers should also be aware of the fraud risks and the issues noted above. Captive directors and managers should be aware of the following when considering the fraud risk in captives:  Parental company financial strength  Who are the insured  Location of parent  Third party involvement, eg intermediaries  Ownership structure Some captive structures will have a higher risk of being used for fraudulent purposes, including those writing third party business and Producer Owned Reinsurance Companies. Managers should be aware of the additional risks in these structures.

4 Staff of insurance managers should receive training in anti-fraud policies, procedures and controls, including internal rules such as codes of conduct and the requirement to report suspicions of fraud. Also, managers should consider whether a specific person should be responsible for anti-fraud measures, for example the compliance officer, who should receive additional training, as outlined above. Fraud in the Insurance Intermediary Sector Intermediaries play an important part in the insurance chain, including distribution, underwriting and claims settlement. Intermediaries have a position of trust between the policyholder and insurer and this can easily be abused by the intermediary or members of its staff. Intermediaries can also be susceptible to internal fraud by directors, management or staff. An intermediary should:  Ensure that its directors, management and staff are fit and proper.  Have a policy that requires high standards of integrity from its directors, management and staff as part of their business values and organisational culture.  Set realistic business objectives and targets and allocate sufficient resources for the directors, management and staff to meet them. Staff of intermediaries should receive training in anti-fraud policies, procedures and controls, including internal rules such as codes of conduct and the requirement to report suspicions of fraud. Also, intermediaries should consider whether a specific person should be responsible for anti-fraud measures, for example the compliance officer, who should receive additional training, as outlined above. Reporting Suspicions of Fraud Insurers, managers and intermediaries should have procedures requiring directors, management and staff to report suspicions of fraud to a designated individual. Insurers should also have a policy on the keeping of records of suspicions of fraud and fraud cases. The policy could provide for:  Criteria for the cases for which records should be kept;  The type of information that should be recorded;  The period for which information should be kept;  Access to the information;  Safeguards for retaining the information securely. In Guernsey, suspicions of complex fraud should be made to the Financial Investigation Unit within the Guernsey Border Agency at Ozanne Hall, Mignot Plateau, Cornet Street, St Peter Port, GY1 1LF, Guernsey. They may be contacted on 01481 714081 or fiu@gba.gov.gg. The Fraud section are also happy to provide advice on fraud matters. Fraud generates illegal proceeds, which are often laundered. If a director, manager or member of staff suspects or has reasonable grounds for suspecting that the proceeds of a fraud are being laundered or are related to financing terrorism, they should make a

5 report to the Money Laundering Reporting Officer, who will decide whether to make a Suspicious Transaction Report to the Financial Intelligence Service. Insurers, managers and intermediaries should notify the Commission of any fraud matters where:  The policies, procedures and controls of the insurer failed to detect the fraud and the matter has been brought to the attention of the insurer in another way (for example by the FIU), unless the FIU have specifically requested that such information should not be communicated to another person;  The fraud may present a significant reputational risk to the Bailiwick of Guernsey and/or to the insurer or intermediary;  The fraud may present a risk to the financial position of the insurer or intermediary;  It is suspected that an employee of the insurer or intermediary was involved; or  An employee of the insurer or intermediary has been dismissed for serious breaches of policies, procedures and controls. Information Exchange Fraudsters, in particular professional fraudsters, often target insurers simultaneously or consecutively. It is therefore important that insurers share information about fraudsters with each other, where possible. Fraudsters also often target a range of financial institutions and therefore insurers should be encouraged to share information about fraudsters with other financial institutions, where possible. In addition to information about fraudsters, insurers are also encouraged to share information about fraud risk, trends, policy issues, prevention and detection. Insurers are also encouraged to co-operate and share information, where possible, with those involved in combating fraud, for example, forensic accountants, loss adjusters, law enforcement authorities and supervisors. October 2018