Amid an uptick in claims, underwriting stringency is increasing and some insurers have left the market. Companies’ strong internal controls could make all the difference.
The crime insurance market is experiencing an uptick in claims frequency and severity – with four or five claims of more than $5m occurring in recent weeks.
Social engineering – where a fraudster impersonates a senior manager, vendor or a financial institution – continues to affect companies, with fraudsters’ techniques becoming ever more sophisticated and difficult to spot. In fact, almost seven in ten companies say they've experienced phishing and social engineering, according to Accenture.
Most claims are from traditional forms of ‘asset misappropriation’
However, most crime claims are from more traditional forms of ‘asset misappropriation’ (where an employee steals or misuses their employer’s resources – eg, theft of company cash, false billing schemes, or inflated expense reports).
Insurers are concerned about an upward trend in loss notifications. Most are no longer willing to reduce crime premium rates, though there have not necessarily been any big increases either. There have been some increases in retention levels, however, with insurers more often wanting policyholders to have more skin in the game.
Some insurers have recently left the market – including Axis and Navigators – because of bad loss ratios. Further market exits may be likely. Lots of carriers only write crime as ‘accommodation business’ – ie, not as standalone insurance but only with another form of business from which they make a profit. As a result, companies only going to market looking to buy crime insurance will have fewer insurers to choose from.
It is harder for underwriters to relate the risk of some forms of crime with particular regions.
Underwriting scrutiny has risen in recent years. Some insurers are looking more specifically at companies’ risks and distinguishing more between different parts of their business. For example, insurers might offer lower retentions and fewer exclusions for a company’s head office (where controls are often very good) compared with a subsidiary with less stringent controls.
The increasingly digital and anonymous nature of many forms of crime has shifted the nature of the risk and how underwriters quantify them. It is now much harder for underwriters to relate the risk of some forms of crime with particular regions.
In fact, countries with historically low levels of crime (for example, many parts of Scandinavia – where companies might have previously been perceived as a “good risk”) could potentially be more exposed to sophisticated forms of crime (for example, the ‘fake president’ scam), because of possibly lower levels of vigilance and fraud awareness.
Because of the lack of public information on specific companies’ level of fraud, theft and other forms of crime, underwriters are reliant on the internal controls that policyholders describe.
It is important to have a good story to tell regarding compliance and controls. Internal control weaknesses were responsible for nearly half of frauds, according to the Association of Certified Fraud Examiners’ (ACFE) 2018 Global Study On Occupational Fraud And Abuse. Data monitoring/analysis and surprise audits are correlated with the largest reduction in fraud loss and duration, according to the ACFE. Yet only 37% of victim organisations implemented these controls.
If possible, it can be advantageous for companies to involve their CFO in the insurance-buying process – for example, in order to describe their company’s culture, reporting lines for accounting irregularities, and employee training and awareness around the signs of fraudulent behaviour.
Because of the changing nature of social engineering, it is worth considering an 'all risks' type of crime insurance.
Tips are by far the most common initial fraud detection method, responsible for 38% of all detections of asset misappropriation, according to the ACFE. They are followed by internal audit (15%) and management review (13%).
Organisations with hotlines detect fraud by tips more often: 46% of cases are detected by tip within companies with hotlines, compared with 30% of cases within companies with no hotlines.
Tips for buyers
There are many different types of crime insurance but most are structured on a “named-perils” basis, ie, by stating the type of criminal acts that are insured. Because of the changing nature of social engineering, it is worth considering an “all risks” type of crime insurance. This covers losses due to criminal, malicious or fraudulent acts inside the company or perpetrated by external parties.
Though traditional crime insurers (such as AIG, Zurich, Chubb) haven’t typically offered an “all risks” type of crime insurance, or have charged more for it, it is becoming more common.
The London insurance market’s ability to arrange co-insurance is not to be underestimated. This can be particularly beneficial for slightly more volatile businesses where insurers may not be comfortable assuming all of the risk.
Crime insurance buyers would be advised to look for a broker that can provide co-insurance via the London market, an “all risks” form and an international network. A broker for whom crime insurance is a lead product may also be better positioned to help them navigate the changing insurance marketplace, and to ensure the best possible claims settlement.
For more information, please contact Michael Lea on: