One can easily look at market level counter fraud operations in the UK and judge the intelligence to be strong, the organisation well established and public support evident. There is a danger however that it will turn out to be a house of cards. All it will take is for an issue to nudge it and the weaknesses in its organisation will collapse public support, perhaps even bring about political intervention.
What might trigger such a nudge? And where might it come from? Well, all I will say at this point is that I think it is already in play. The first domino has already been tipped. How that play evolves will be shaped by certain inter-linked events. The sector needs to think outside of its box and take steps to contain those events. There is time for this, given the right energy and commitment, but not a lot of time.
The UK Framework
Let’s take a look then at the market level framework for counter fraud operations in the UK. It is in fact far from clear, something which from a governance perspective is a red flag. Here are the components that are most to the fore…
- Insurance Fraud Bureau (IFB);
- General Insurance Fraud Committee (GIFC);
- Insurance Fraud Enforcement Department (IFED), part of the City of London police;
- Motor Insurers’ Bureau (MIB).
The IFB runs the Insurance Fraud Register (IFR), which is in the process of being combined with the GIRC’s Insurance Fraud Intelligence Hub (IFIHub).
The MIB runs various operational aspects of the IFB and supports it through long established databases such as CUE (the Claims and Underwriting Exchange) and MIAFTR (the Motor Insurance Anti-Fraud Theft Register).
The GIFC’s influence is significant. For example…
- it developed a ‘proactive cease and desist model’ for IFED to use;
- it developed the Annual Detected General Insurance Fraud Statistics;
- it designed a set of ‘consistent fraud classifications across the ABI, IFB and IFED’;
- it is seeking to lobby the government for the adoption of an insurance sector fraud charter
- it is designing a ‘powerful new fraud detection solution’, using AI and ‘next-generation analytics to detect a wide range of current and emerging threats’.
The GIFC often talks about ‘working closely with the Association of British Insurers’ (ABI), but I’ve been told that it is ‘connected with the ABI’. It oversees the effectiveness of both the IFB and IFED. To all intent and purpose then, the GIFC is a committee of the ABI, but sits to the fore on counter fraud issues. Why? Because the ABI lobbies on many things and might have wanted the GIFC to give a different and more stand-alone feel to counter fraud lobbying.
Comprehensive but Exclusive
This activity shows just how comprehensive the insurance sector’s approach is to counter fraud. It also shows how exclusive an approach it is. This is ‘insurer only’ governance, without the involvement of anyone independent or consumer orientated. And any expert in governance per se will tell you that governance without some element of independence or challenge is weak governance.
Take a look back at those bullet points again. The statistics, the classifications and the analytics – none of these have been subject to any form of outside scrutiny. The public have no idea how the insurance people who run them have weighed up the balance of interests and interpretations.
Some of you may think that this is all just technical stuff, best left to the experts. And the IFB, the IFED and the GIFC are full of experts. Yet I’m not so sure that such experts should be the only ones to decide what, in insurance fraud circles, is meant by fraud, what is meant by suspected, and what is meant by proven. In the UK’s long judicial history, such things have always been debated and agreed in public forums.
Take ‘cases of suspected application fraud’ in UK motor insurance. As I examined in this earlier article, volumes of suspected cases of application fraud grew from 260,660 in 2018, to 631,631 in 2019. Values jumped likewise in the same period. And this only came to light when a purchaser of ABI fraud data (it is very expensive to buy) included it in a trade magazine article. I can’t understand how application fraud in an established line of business can more than double in a twelve month period. Unless of course, definitions or categorisations are moved around a bit.
Given that such data will form the bedrock of GIFC lobbying, and most possibly system design as well, such swings must be taken seriously, from both a fraud perspective and a governance perspective.
It’s important to understand that I’m not saying here that the GIFC, IFED and IFR have been doing anything they shouldn’t have been doing. What I am saying is that what they have been doing does not seem to have been subject to independent scrutiny, and by independent, I mean by experts outside of the insurance sector.
Lacking Inherent Strength
Counter fraud is not an objective thing. In the overall UK justice system, what is meant by fraud, proven or suspected are all social constructs that have been shaped and refined over time by a range of contributing parties. That process is central to its inherent strength. Through that strength of process, the public put a lot of their faith in it.
With insurance counter fraud, it has been shaped and refined behind closed doors, without input from outside experts. It is this that makes it a house of cards. These insurance experts have been doing their best to build it well for lasting impact, but have not incorporated, as any good governance framework should, the independent voices to check and challenge whether there are any risks of it collapsing or doing something weird.
Is this just how insurance does things then? It doesn’t have to be. Consider the US insurance market, whose ‘Coalition Against Insurance Fraud’ (CAIF) has a balanced representation from insurers, regulators and consumer groups. That balanced representation gives the CAIF much stronger foundations than, in my opinion, the GIFC or IFB.
As I said at the outset, I believe the nudge that could trigger a challenge to the UK market’s approach to counter fraud is already in play. I expect to see it emerge more clearly in 2023. So what might a typical insurer do? I think they should pay attention to three things...
- frame your own expectations of what you need from how market level counter fraud operations are organised. Look to your own organisation as an example, or to what the investor arms of large insurers expect of the firms they put your money into. How similar are those expectations?
- look at how your enterprise risk assessment has weighed up the reputational risks associated with a serious challenge to counter fraud accountability. Has it been considered, and has it been undertaken with the right level of independence and challenge?
- those two earlier points should give you enough to evaluate whether some form of audit needs to be carried out. Whether you carry one out or not, set down your reasoning and workings for this decision, for it will be asked for at some point over the next year or two.