Two aspects of this new counter fraud law need to be highlighted. The first is that it is aimed not at what a firm does in relation to fraud committed by people external to it, but at what a firm does to manage fraud exposures by people associated with it, such as its employees, suppliers and the like.
The second aspect that insurers need to pay careful attention to is the range of activities covered by this new law. It includes…
- dishonest sales and trading practices that hide information from consumers, investors and the like;
- dishonest practices by firms in financial service markets;
- misreporting on environmental, social and governance related matters;
- misreporting on the effectiveness of their goods and services.
Not about Bad Apples
This new law is not about ‘bad apple’ employees, for it includes a test that the fraud has to benefit the organisation. It is about bad decisions by employees, suppliers and the like, that end up benefiting the firm.
And this makes sense, for most unethical conduct in corporate settings is not down to bad apple employees, but down to bad decisions by employees.
And just to be clear about customers. This law is not about ‘bad customers’. Quite the opposite. The victims envisaged by this new law are customers themselves, as well as other suppliers and businesses.
Insurers were for many years required to act honestly, under one of the FCA’s Principles for Businesses. That direct reference to honesty is now gone, but it looks like it has now returned in a more strengthened format in this ‘failure to prevent fraud’ law.
How will this new approach fare then? My initial thought is ‘probably better than the old format’, judging by the lack of visible regulatory activity around that aspect of the old principle for business.
Beyond that however, I think that its impact will be determined to a large degree by information. The challenge in any court case is being able to gather the evidence to back up your case. So how can a consumer or firm gather that data?
This is where another possible development could have a bigger than expected impact. I’ve raised before the prospect and reasons for a statutory consumer advocate being appointed for personal insurances. One of their powers would be the ability to require firms in the relevant sector to disclose data to it. Put such an appointment (and I think it’s a when, not an if) together with this new law and you can see how the relative balance of informational power is affected.
Remember, this is not just about whether a cause brought under this new law can succeed, but also about it being able to be identified in the first place. If you consider investor reaction to the informal announcement that the FCA is going to be looking at premium finance, think of the impact that just bringing a ‘failure to prevent fraud’ case to court could have on an insurer.
Let’s take a look now at one aspect of how this new law could be applied. Dishonest practices by firms in financial services markets is specifically mentioned in the Government’s fact sheet about this new law as an example of the type of fraud that firms might commit. Not food markets, not energy supply, not transport nor technology but financial services.
What does that say about where legislators’ concerns lie? Did they conduct research in order to understand which markets might suffer most from this type of fraud. We don’t know, but let’s put it this way: their choice of sector to illustrate one aspect of the new law feels not without some significance.
No Longer Too Technical
Insurers have an old habit of positioning insurance as something that is too technical to be able to explain to people outside of the sector. Those people are expected, as an ABI executive once urged, to ‘just trust insurers on this’.
That sort of approach no longer holds any water. And this new law backs that up. No market practice in financial services is now too technical to be beyond scrutiny, away from those thought not to have insurers’ interests uppermost.
This will be hard for some people in insurance. Many ‘just want to get on with their jobs’. Yet that type of ‘free hand’ is very much on its way out, in this digital, social media world we all live in. People expect more from firms.
One way in which such shifts in public sentiment can be seen is around notions of corporate accountability. For a while now, this has been moving away from ‘just tell me’, to expect ‘show me, even to expect ‘prove to me’. There’s no turning back on such shifts, and insurers need to adapt to them.
Counter fraud is that part of an insurer most likely to be described as a ‘black box function’. And yes, a part of me understands why counter fraud has to operate in that way. It can’t work in ways that allow the fraudsters out there to get one over the insurer and in so doing drive up premiums for honest customers.
At the same time, another part of me is reminded that while countering fraud is the ethical thing to do, this is caveated by the need for counter fraud to be conducted in an ethical manner. This is not a brake on counter fraud people doing their job: it defines their job.
I’m prepared to describe counter fraud in insurance as a black box function because the institutions that oversee it, and the ways in which they work, are closed to any form of second or third party scrutiny.
Such views shouldn’t be news to the market. There have been academic papers setting out the problem. I’ve been raising the issue for several years. And what this new ‘failure to prevent fraud’ law does is raise the exposure carried by the sector from that opaqueness.
That exposure is higher than most in the sector think because counter fraud has suffered for a long time from poor accountability. And so my concern is that that history of limited accountability will impact the accountability for the wider counter fraud now expected from insurers and others under this new law.
Summing Up Insurers' Exposure
Just like any other sector, insurance is exposed to the requirements of this new law. Events around private investigators in Ireland in 2012, and around counter fraud databases in South Korea are examples of how systemic exposures can arise.
That exposure is heightened in insurance because of the long habit of black boxing its counter fraud operations. Insurers need to break that habit to ensure that the sector has the appropriate culture of accountability to meet the expectations coming in with this new ‘failure to prevent fraud’ law.
That exposure is further defined by the informational rebalancing that’s going on around insurance. No longer do insurers hold most of that informational power. It is being acquired and used by other stakeholders to the market.
And legislators have further shaped that exposure by illustrating the purpose of the new law with dishonest practices in financial services.
Insurers may look at this new law and think that, as they already do lots on counter fraud, there isn’t that much they need to do here. The opposite is in fact the case.