the risk of economic crime
Post on 25-Nov-2021
5 Views
Preview:
TRANSCRIPT
rechter Rand
right margin
marge droite
margine destra
GROUP SECURITY HERE TO PROTECT OUR WORLD
The Risk of Economic Crime
2012 ACFE European Fraud Conference
London, March 27, 2012
Torsten Wolf
Group Head of Crime and Fraud Prevention
2
Agenda
Introduction
Economic Crime Landscape
Economic Crime Framework
3
Introduction About Zurich
Zurich is one of the world’s largest insurance groups, and one of the few to operate on a truly global basis. Our mission is to help our customers understand and protect themselves from risk. With over 60,000 employees serving customers in more than 170 countries, we aspire to become the best global insurer as measured by our shareholders, customers and employees.
4
Group Security is a trusted advisor of choice, viewed as
business partner with security expertise, providing world-class
service that can adapt at the speed of change.
VIS
ION
M
ISS
ION
One Group Security acts as a business enabler, taking both
preventive and reactive measures in order to secure Zurich’s
aspiration of becoming the best global insurer.
We accept responsibility for the security and safety of Zurich
employees, assets and activities, protecting them from internal
and external threats.
Introduction Group Security: Vision and Mission
5
Introduction Business Protection Model
People
Processes
Event
Security Security
& Safety
Governance
Economic Crime
Prevention &
Detection
Emergency
Management
Travel
Security
Personnel
Protection
Security Threat
Management
Governance
Quality
Business
Customer Shareholder
Employee
Assets Reputation
Peo
ple
Netw
ork
s
Processes
Standards
To
olb
ox
Tech
no
log
y
6
Introduction
Economic Crime Landscape
Economic Crime Framework
Agenda
7
Economic Crime Landscape Definitions
Exaggerated claims
Fictitious claims Claims
Fraud
Financial
Crime
Economic
Crime
Money Laundering/ Terrorist Financing
Bribery/Corruption
Sanctions
Internal/employee crime and fraud
External non-claims crime and fraud
Theft
8
Economic Crime Landscape Impact of Economic Crime
Impact on customer including increased premiums
Loss of confidence in organization
Damage to reputation and brand
Damage to stock value
Possible loss of market share
Closer regulatory focus and possible fines (Regulator)
Cost of investigations and new internal controls
Accountability of company senior executives and possible
legal action against them
Decline in staff morale
Impaired business relations
Hidden “costs” by far outweigh direct financial impact!
9
Economic Crime Landscape Key players in the insurance industry
Interme-
diary
Customer
Third Party
Service
Provider
Vendor
External
Party
1
3
Distribution crime 1
Internal crime 2
Identity crime 3
Insurance
Carrier
2
Focus areas
… Reinsurer
10
Economic Crime Landscape Key players in the insurance industry
Interme-
diary
Customer
Third Party
Service
Provider
Vendor
External
Party
1
3
Distribution crime 1
Internal crime 2
Identity crime 3
Insurance
Carrier
2
Focus areas
… Reinsurer
11
Economic Crime Landscape Distribution crime (1/5)
Policy Premium
Customer
Investment
Refunded premium
Claims/ Maturity
Policy Premium
Investment
Refunded premium
Claims/ Maturity
Commission
Policy Premium
Investment
Refunded premium
Claims/ Maturity
Intermediary
- internal
- external
! !
!
!
!
!
!
!
!
1
! Risk areas
Insurance
Carrier
1
2
3
12
Commission
Indemnity commission fraud (incl. Ponzi-type schemes)
Converting direct business (no commission) to
intermediary business; collusion required
Economic Crime Landscape Distribution crime (2/5)
1 1
2
3
Generation of unjustified commission payments
13
Policy and
premium
Withholding customer premium
Providing incorrect information on policy application,
for example
- Nationality
- Age
- Membership of associations
- Smoker status
- Medical history
- Dangerous hobbies
Economic Crime Landscape Distribution crime (3/5)
1 1
2
3
Insufficient premium to cover risk (insurance carrier) and
lack of insurance cover (customer)
14
Investment
Withholding customer money
- Legitimate company investment product
- Fake investment product using company brand
Economic Crime Landscape Distribution crime (4/5)
1 1
2
3
Impaired reputation (insurance carrier) and loss of
capital (customer)
15
Preventive
controls
Comprehensive due diligence when appointing new
intermediary
Due diligence checks for existing intermediaries
(sample basis)
Second approval/independent counter signing
Documentation to policyholder not the intermediary
Economic Crime Landscape Distribution crime (5/5)
1 1
2
3
Detective
controls
Regular monitoring of new business
Qualitative and quantitative analyses of management
information
Red flags that may indicate potential crime
Consider: commission exposure based on length of
relationship
16
Economic Crime Landscape Key players in the insurance industry
Interme-
diary
Customer
Third Party
Service
Provider
Vendor
External
Party
1
3
Distribution crime 1
Internal crime 2
Identity crime 3
Insurance
Carrier
2
Focus areas
… Reinsurer
17
Economic Crime Landscape Internal crime (1/6)
Employee
Financial statement/
accounting
Salary/payroll
Incentives/bonus
Expenses
Vacation/overtime
Claims (by employee) !
!
2 1
2
3
Insurance
Carrier
18
Claims
(crime committed
by employee)
Transfer of unclaimed legitimate claims into own bank
account
Falsification of claims for existing policyholders;
payment to friends, family or own bank account
Reopen closed legitimate claims to generate additional
payments for invented additional services
Inflate the cost for settling a claim (collusion with third
party)
Economic Crime Landscape Internal crime (2/6)
2
Unjustified claims payments (insurance carrier), loss of
money and negative claims history (customer)
1
2
3
19
Salvage
Underestimated value of salvage goods for onward
selling to third parties (collusion), for example
- Stolen and recovered cars (after claims settlement)
- Scrap value of accident cars
Economic Crime Landscape Internal crime (3/6)
2
Lower than expected return on salvage goods
1
2
3
20
Sales incentives
(bonus and
commission)
Submission of fake policy applications
Alteration of policy applications (cover not requested by
customer)
Entering (with knowledge of customer) incorrect details
on policy application to reduce the policy premium
Economic Crime Landscape Internal crime (4/6)
2
Unjustified incentive payments, but also: insufficient
premium to cover risk (insurance carrier) and lack of
insurance cover (customer)
1
2
3
21
Expenses
Purchasing goods on company account and reselling
for personal gain
Entertaining friends or relatives at company expense
Submitting fraudulent expense claims
Economic Crime Landscape Internal crime (5/6)
2
Unjustified cash outflow and potential impairment to
reputation if not addressed
1
2
3
22
Preventive
controls
Pre-employment screening (in accordance with
local law and regulations)
Vetting of staff when promoted into sensitive
positions
Execution of management controls (deterrence)
Economic Crime Landscape Internal crime (6/6)
2
Detective
controls
Execution of management controls (detection)
Qualitative and quantitative analyses of
management information (e.g., credit card
expenses)
Red flags that may indicate potential crime
1
2
3
23
Economic Crime Landscape Key players in the insurance industry
Interme-
diary
Customer
Third Party
Service
Provider
Vendor
External
Party
1
3
Distribution crime 1
Internal crime 2
Identity crime 3
Insurance
Carrier
2
Focus areas
… Reinsurer
24
Economic Crime Landscape Identity crime (1/4)
Customer
Claims/ Maturity Claims/ Maturity
Claims/ Maturity
Intermediary
- internal
- external
3 1
2
3
Insurance
Carrier
!
25
Acquisition of victim’s
personal information Misuse of the
information
Criminal: Enjoying
the benefits
Victim: Repairing
the damage
1
2
3
Economic Crime Landscape Identity crime (2/4)
3
Identity theft
26
Account takeover
Surrender fraud
Reputation damage
Regulator action
Financial indemnification
1
2
3
Economic Crime Landscape Identity crime (3/4)
3
Identity fraud
Acquisition of victim’s
personal information Misuse of the
information
Criminal: Enjoying
the benefits
Victim: Repairing
the damage
27
1
2
3
Economic Crime Landscape Identity crime (4/4)
3
Stewardship of
customer data
Control
environment
Identification and verification procedures
Training of call handlers
System blocks preventing electronic processing
Due diligence (intermediaries/employees)
Use of economic crime indicators
Avoid customer data from falling into the hands of
fraudsters
Implement and execute preventive/ detective controls
Maintain the effectiveness of controls
Business quality control checking
“Learning from mistakes”
Regular, assessed economic crime awareness training
Internal audit reviews
28
Introduction
Economic Crime Landscape
Economic Crime Framework
Agenda
29
Economic Crime framework Mandate
Pressure Rationalization
Opportunity
Fraud Triangle
Economic Crime Prevention and Detection,
prevent and detect criminal activities and security incidents to mitigate business
damage from crime. Provide investigative support on request.
30
Investigation
Root cause
analysis
Continuous
process
Improve
control
environ-
ment
Assess
crime risk Response
to incident
Identify
crime risk
Crime
detection
Governance & Quality People & Networks
Processes & Standards
Economic Crime framework Overview
Ethical policy (“Zurich
Basics”)
Anti-crime Policy (“Zurich
Risk Policy”)
Anti-crime guidelines
(“Global Security
Standards”)
Adherence monitoring
Site visits
Audit reviews
Internal Control
Framework
Process Benchmarking
Data mining
Reporting of economic
crime statistics
Escalation of ‘significant’
incidents
Staff vetting
Investigations
Zurich anti-crime
professionals
Internal support
External support
Peer organizations
Communication/ training
1
4
5
7
6
Toolbox & Technology
Awareness training
Fraud Risk
Questionnaire
Whistleblowing (“Zurich
Ethics Line”)
Reporting database
Web conferences
2
3
31
Investigation
Root cause
analysis
Continuous
process
Improve
control
environ-
ment
Assess
crime risk Response
to incident
Identify
crime risk
Crime
detection
Economic Crime Framework Improving the control environment
32
Economic Crime Framework Organizational set-up
Group
CAO
Group
Security
Expertise
Center
GSCC
CEO
COO
Objective setting
Group Security
Governance and leadership
Strategy, policy, framework, and
methodology
Driving execution
Interfacing with other functions
Countries
Execution of strategy
Implement policy requirements
Development support
Collaboration across entities
Subject matter expertise
Country support
1
GSCC = Group Security Country Coordinator
33
Economic Crime Framework Employee crime awareness training
Execution of local training mandatory
Generic all employee training developed
Minimal local adaptation necessary (language)
Deployed via HR system (tracking of participation)
Option to continue with own solutions
Global training (Zurich Basics)
Anti-crime module
Close collaboration with Compliance
Participation mandatory
2
Crime
awareness
training
Ethics
training
34
Economic Crime Framework Fraud Risk Questionnaire (1/2)
Comprehensive coverage
Modular approach
Crime risk scenarios and anti-
crime controls
Mandatory
Entity and/or Business Area level
Fully integrated into strategic/
operational risk assessment
processes
3
35
Execution facilitated through
guidelines, training and
individual consulting
Continuous enhancement
(external/internal trends,
management requests)
Development of new modules
Refinement of existing modules
Economic Crime Framework Fraud Risk Questionnaire (2/2)
3
External observations
Internal analysis
Man
ag
em
en
t R
eq
uest
Continuous FRQ
enhancement
36
Economic Crime Framework Internal Control Framework
Goal: Strengthen the internal control
environment
Consistent view of crime risks and associated
controls
Set of minimum controls to address crime and
fraud
- Governance, roles and responsibilities
- Risk assessment and response
- Collection and reporting of incidents
- Investigations
Mandatory for all Business Units
Process owner: Member of local executive
management
Quarterly sign-off evidences adherence
4
37
Economic Crime Framework Reporting
5
Goal: Transparency of economic crime and
crime attempts
Local collection — central consolidation and
analysis to identify trends
Number of cases, potential loss, actual loss
Report shared with governance functions and
external auditor
Key findings shared with the members of anti-
crime network
Senior Manager involved
Employee in anti-crime control role involved
Risk of significant reputational damage
Notification regulator required
Police investigations against employee
Potential or actual loss exceeding USD 50,000
Systemic occurrence of particular incidents
Any new type or unusual incident/activity
Escalation of single economic
crime incidents
Board of Directors
Business
Group Security
Senior Management
Escalation criteria
Statistics of all incidents Quarterly Economic Crime Report
38
Economic Crime Framework Pre-employment screening
6
Key component of effective anti-crime
governance framework
Obvious benefits
- Best hiring decision
- Safe working environment
- Avoiding cost of bad hiring decision
Investigations of incidents revealed
perpetrators had criminal records
Various practices across the organization;
impacted by local laws and regulations
39
Economic Crime Framework Monitoring adherence
7
Self-assessments
Review of work products
- Operational risk assessments
- Economic crime statistics
- Investigation reports
Visits to selected countries
Regular sign-off of Internal Control
Framework
Internal audit reviews
40
Investigation
Root cause
analysis
Continuous
process
Improve
control
environ-
ment
Assess
crime risk Response
to incident
Identify
crime risk
Crime
detection
Governance & Quality People & Networks
Processes & Standards
Economic Crime framework Wrap-up
Ethical policy (“Zurich
Basics”)
Anti-crime policy (“Zurich
Risk Policy”)
Anti-crime guidelines
(“Global Security
Standards”)
Adherence monitoring
Site visits
Audit reviews
Internal Control
Framework
Process Benchmarking
Data mining
Reporting of economic
crime statistics
Escalation of “significant”
incidents
Staff vetting
Investigations
Zurich anti-crime
professionals
Internal support
External support
Peer organizations
Communication/ training
Toolbox & Technology
Awareness training
Fraud Risk
Questionnaire
Whistleblowing (“Zurich
Ethics Line”)
Reporting database
Web conferences
41
Business added value
Reduced cash outflows
Recovery of damages
No bad press hurting reputation
Increased confidence of investment community
Lesser attention by regulators
Reduced likelihood of fines
Deterrence of crime attempts
Positive staff morale
Economic Crime framework Added value
Pressure Rationalization
Opportunity
Fraud Triangle
Economic Crime Prevention and Detection
Prevent and detect criminal activities and security incidents to mitigate business
damage from crime. Provide investigative support on request.
Questions
Thank you! GROUP SECURITY HERE TO PROTECT OUR WORLD
Contact details
torsten.wolf@zurich.com
+41 44 625 26 53
“Association of Certified Fraud Examiners,”
“Certified Fraud Examiner,” “CFE,” “ACFE,”
and the ACFE Logo are trademarks owned by
the Association of Certified Fraud Examiners,
Inc. The contents of this paper may not be
transmitted, re-published, modified,
reproduced, distributed, copied, or sold without
the prior consent of the author.
top related