The Financial Crime Insider Threat

Global Director, Counter Fraud Analytics and Insurance Solutions, BAE Systems Applied Intelligence Read time: 4 mins
The insurance industry has woken up to the growing criminal threat. Dennis Toomey looks at how insurers are devoting increasing amounts of time and money to build appropriate defences. 
The Financial Crime Insider ThreatMuch of that investment has focused on the external threat, though, with only rudimentary efforts directed to date towards the equally potent risk posed by crimes committed or facilitated from within.
While this threat remains either misunderstood or poorly managed, criminal gangs will continue to breach insurers’ defences by placing agents within the workforce or directly recruiting genuine employees.
The reality is that the construction of cyber defences or anti-fraud programmes that neglect the malicious-insider threat is leaving insurers exposed. There is little point building a front door fit for a bank vault if the back door has been left wide open.
Insider fraudsters not only steal customer data and facilitate the payment of fraudulent claims, but they have also been known to act as intelligence officers for criminal enterprises. 
In the US, anti-fraud investigators have discovered the existence of brochures detailing what particular insurers will pay in a claim and even which specific claims handlers are most likely to part with the most. The collation of this level of detail has almost certainly been done with the aid of criminal insiders.
Employees are, in fact, some of the most common facilitators of fraud, with junior employees involved in 39 per cent of cases, ex-employees committing 34 per cent and senior or middle management 27 per cent, according to a recent study by Kroll.
Even if a company is fortunate enough to escape active criminal agents operating within its organisation, the threat of accidental collusion is ever present. It takes only one employee innocently clicking on the wrong link of a malicious email to penetrate even the toughest of cyber defences.

Identify the malicious operatives

Thankfully there are measures available to companies so they can start to identify the malicious (and accidental) operatives. Key among these is the smart use of analytics.
Some organisations are beginning to apply the analytics tools they use elsewhere in their business to HR data, trying to identify suspicious behaviour, spot accidental weak links and even predict which individuals may be susceptible to the temptations of crime.
The percentage of companies employing user-behaviour analytics tools has risen significantly, from 42 per cent in 2017 to 94 per cent in 2018, according to software firm CA Technologies.
Clearly the adoption of this level of employee monitoring requires care and a cultural shift – nobody wants to resort to Big Brother tactics. Rather than dismiss the idea however, insurers should focus on implementing these tools in a way that brings employees on board through a wider company culture of ‘security first’.
Insurers are right to build secure defences against financial crime and to invest in doing so. But they must ensure that they are comprehensive. Underestimating the very real insider threat – and the tools on offer to help root it out – risks leaving that back door jammed wide open.
To find out more, get access to the full research below.
Future-Proof Insurance

The fight-back starts here: Future-proofing insurers against financial crime

The most successful insurers tomorrow will be those that identify and attack future challenges now. Fraud is one of the biggest challenges the industry faces, yet insurers often only offer piecemeal, incomplete defences.
Find out more
Dennis Toomey Global Director, Counter Fraud Analytics and Insurance Solutions, BAE Systems Applied Intelligence 28 August 2019