The Insurance Fraud Register - successes so far and future strategy
[Check Against Delivery]
Today, I’m going to talk to you about the IFR journey so far, the challenges we’ve faced, our direction of travel, and the impact we expect the IFR to have on the fraud landscape.
Counter fraud capability within the insurance sector has come a long way since the ABI established the Crime and Fraud Prevention Bureau back in 1995 – which in many ways become the forerunner to the Insurance Fraud Bureau which continues to operate successfully today.
The last few years in particular have been very fruitful with the establishment of IFED in January 2012 and the forthcoming arrival of the MyLicence project this summer.
Sandwiched between these two laudable initiatives is the industry’s latest weapon, the Insurance Fraud Register.
I don’t want to dwell too much on what the IFR is - because I’m sure the vast majority of you will already be familiar. But – in brief – it is the first industry-owned, cross-sector register of known insurance fraudsters across all product lines – whether they are general, life or health. It will hold details of first party fraudsters, third party fraudsters, suppliers and professional enablers of fraud who have committed fraud at any stage during the policy lifecycle.
Neither do I wish to dwell on the technical aspects of how the IFR will operate. Instead, my role today is to bring you up to speed with where we’ve got to so far and where we hope to go.
I’m not going to stand here and pretend that it hasn’t taken us a long time to get where we currently are. So why is this?
Put simply, it’s because we wanted to get it right from day 1.
The IFR Steering Board spent considerable time developing the governance framework and standard contractual arrangements. Above all, we wanted to ensure that the provisions on privacy and security of data are robust and transparent.
While we want to do all that we can to protect our genuine customers who are understandably sick of footing the fraudster’s bill by way of increased premiums, it’s equally important that they’re reassured that only those who are known to have committed fraud will appear on the register. We also want to promote the fair treatment of customers. We recognise of course that the vast majority of our customers are honest and should be provided with excellent service, including the prompt payment of genuine claims.
Getting the contract right was time-consuming and energy sapping – but that comes with the territory when you have a ‘take it or leave it’ agreement. In the IFR Board’s view, it was far better to spend time getting it right up front, than face a legal quagmire – and possible reputational damage – further down the line.
So what will the IFR mean for those that commit insurance fraud?
We’re mindful that the consequences for someone that appears on the IFR can be grave. And that is the right outcome. We are taking a tough stance – and for that, quite frankly, we make no apologies. Only by taking such an approach can we deliver protection for honest customers.
So what are the consequences of appearing on the IFR?
- At the very least, fraudsters will find it harder to obtain insurance;
- And – when they can obtain it - they are likely to be paying considerably more;
- They may also find it harder to obtain other financial services, including mortgages;
- With the enforcement capability now provided by IFED, there is a very real possibility that they’ll be investigated further, brought to justice and end up serving a custodial sentence;
- And a conviction or caution can, in turn, create difficulties, should you wish to travel overseas.
Because the register is the first of its kind within the insurance sector and the consequences of appearing on the IFR can be severe, it’s been vital to ensure that the IFR incorporates the necessary checks and balances to ensure its integrity.
I’ve already mentioned the robustness of the contractual arrangements. These set down strict mandatory criteria around what can and cannot be loaded – based on the robust definition of ‘fraud’ adopted.
The IFR definition is effectively two-fold in that it:
- Firstly, requires the insurer to show that the individual has intentionally and dishonestly made a gain or prevented a loss by false representation, a failure to disclose, or abuse of a position of trust; AND
- Secondly, one or more of a number of outcomes must have occurred. For example:
o The policy application has been refused;
o The claim has been repudiated;
o The insurance policy has been voided, terminated or cancelled;
o The relationship with the supplier or provider has been ended.
We held early discussions with the Information Commissioner’s Office. They were of the opinion that, to supplement the generic fair processing notice, insurers’ should advise individuals who will be loaded onto the register that they have breached the fraud condition in the insurance contract.
There are a number of other safeguards built into the process:
- There is no ‘retrospection’ – only frauds that are identified after an insurer has signed the UA will be loaded;
- The data has to be refreshed every 7 days;
- The data has to be deleted after 5 years;
- It is not an automated decision-making tool – there must be some human intervention;
- There is a mechanism for auditing insurers’ processes;
- An individual can find out what information is held about them on the register by making a data subject access request; and
- Perhaps most importantly we have devised a complaints policy that the individual can invoke if they feel that they’ve been wrongly added to the register.
And we haven’t developed the IFR in isolation.
Aside from talking to the ICO, we’ve spoken with a host of other government departments and also with influential consumer bodies – Which? the FSCS and Liberty - to take on board their feedback and ensure that the introduction of the IFR did not come out of the blue.
So where have we landed?
Following agreement of outstanding contractual matters, the insurers represented on the IFR Steering Board – the so-called ‘early adopters’ - executed the User Agreement in late November. And they’ve now begun to load initial records.
We’ve deliberately steered clear of a ‘big bang’ type approach. And - by way of an additional safeguard - all records are currently being double-checked by the IFB before they are ‘manually’ loaded onto the register using the portal facility. This principle will be followed in respect of initial records loaded by all insurers who subsequently use the register.
Because insurers are still ‘bedding down’ their own processes, we’re unlikely to see significant volumes coming through until the automated bulk download facility is in use.
So far there are a small number of records that have been loaded.
In terms of analysing these cases it is still very early days. The IFB is undertaking an initial ‘scoping’ exercise running its analytics against the data, for example, to identify and notify insurers which might currently be on risk.
If the IFB analytics reveal potential wider networks, then the matter may be referred to the IFB Ops team for possible development as an operation.
So what’s our general direction of travel?
While the IFR is being delivered by the IFB, it is sponsored by the ABI and is currently paid for wholly by the ABI membership. And ABI sponsorship is effectively reflected in the contract which provides that the IFR is initially available to ABI members - and members of the same group - who are also ABI members.
So it’s unlikely to come as any surprise to you that our primary focus is therefore on implementing a plan to on-board ABI members who wish to participate as quickly as possible. So far, 55 ABI members have formally registered an interest in using the IFR.
In putting together this plan, we’ve taken account of a number of key criteria:
- Firstly, the readiness of an organisation to participate – those insurers who have registered are inevitably at different stages of preparation. For example, some will have participated in the initial pilot exercise, attended a workshop, signed a NDA and begun internal technical work - whereas other will merely have formally registered their interest with the IFB.
- Secondly, the contribution an organisation will make to participation targets – ABI has year-end participation targets. By the end of the current year, we want at least 30% of the market using the IFR. And this figure rises to 56% by the end of the contract. I should stress that these are just our baseline figures – we do hope of course to exceed these targets. And because the register operates the principle of ‘reciprocity’- in that you have to put data in the IFR in order to get data out – logic dictates that the larger players are likely to contribute much of the data. However, ABI members inevitably come in all ‘shapes and sizes’ and we’re equally mindful that we need to ensure that there is a good spread of small and medium sized insurers using the IFR. Moreover, the IFR can be used across all product lines. So, again, we want to ensure that there is a good spread of products represented.
The IFB anticipates that it is currently able to on board insurers at a rate of 3 per month.
So I’ve spoken about the ABI members.
However, the contract does allow us to widen the scope of organisations that are able to participate. Aside from the 55 ABI members expressing firm interest, another 33 organisations with a ‘mixed bag’ background have registered.
We’re conscious, for example, that many of ABI’s Gibraltar-based members, a fair few of whom are very interested in using the IFR, are presently limited in joining if they transact business via a UK-based handling agent which is not a group company or an ABI member in its own right. So the IFR Steering Board has discussed ways of smoothing their participation.
So that’s one example of where we’re looking to broaden the scope. But there are of course others.
There are a number of different types of third party that have an interest in using the IFR.
There are some obvious advantages of wider participation:
- Increasing the critical mass of the database and enriching the intelligence shared;
- Making it more administratively convenient for some insurers to participate (e.g. where they outsource to TPAs, or are broker-led);
- Enhancing the capability of the IFR as a front-end screening tool (including at point of quote);
- Demonstrating to other financial services sectors that insurers wish to adopt a collaborative, non-competitive, approach to tackling fraud; and
- Meeting the expectation of the FCA for sectors to take a collective approach to combatting the financial crime risk.
However, these potential advantages have to be balanced against potential concerns:
- Significant resource would need to be deployed;
- And significant costs would be incurred - in taking this project forward, including in relation to feasibility studies and ‘process mapping’ to identify the different solutions;
- We’d also need to explore technical matters, undertake transaction modelling and to develop new audit processes to fit different business models;
- Moreover, (as was the case with the MyLicence initiative) there are issues to be resolved around whether certain stakeholders would contribute to funding, given that the end-beneficiary will be the insurer.
Additional robust governance arrangements would need to be implemented to mitigate the threat of error caused by more widespread use of the IFR. And the requirements of competition law have to be at the forefront of our minds in everything we do in relation to issues of “scope”.
It is also vital that consideration of third party access does not detract from the focus upon securing the participation of ABI members – the IFR’s primary customer base and source of funding.
At this point in time, there are no firm timescales around access for the different types of third parties. It’s important that the IFR is given room to bed-down for a suitable period before access is widened. But we do want to focus on third parties whose participation will benefit ABI members.
We’re planning on holding some workshops to discuss appetite and technical matters with both aggregators and software houses during 2014.
We do want the IFR to contribute to reducing fraud against ‘UK Plc’. We recognise, for example, that there are synergies between the IFR and the proposed Counter Fraud Checking Service – in that they both record known frauds. And we’re working alongside the Cabinet Office to help to ensure the CFCS becomes a reality – hopefully sooner rather than later.
I should stress that, governance is paramount. In considering extending scope, our overriding guiding principle is to ensure that the integrity of the IFR is not compromised.
In terms of other priorities, there are two things I’d particularly like to mention:
Firstly, while painstaking detail went into the system design which, in turn, was subjected to stringent testing, the register is very much in its infancy.
Inevitably, over time, system changes will be identified that will enhance the capability and functionality of the register and ensure that it is operating in line with best market practice. So we’ve developed a ‘change request’ process that enables us to make those enhancements. And the Steering Board is establishing a new Technical User Group that will discuss change requests, as well as reviewing and making recommendations on matters such as:
- Data formats
- Technical documentation
- MI reporting
Secondly, as the register will deliver tangible consequences, it provides a real opportunity to use the media to reinforce the deterrent message. We’ve seen how effective IFED has been at getting stories in the press and in securing high profile TV coverage. And we need to ensure that the IFR plays its part in further raising the profile and awareness of insurance fraud. But we want to pick our moments carefully and ensure that the messages we deliver are hard-hitting and effective in chipping away at the rather hackneyed public misconception that insurance fraud is a victimless crime.
The question has been raised as to whether the IFR represents the counter fraud silver bullet?
The answer is of course ‘No’. And the IFR was never positioned that way.
But aside from improving consumer confidence by providing a visible deterrent that delivers real consequences for fraudsters, and making insurers’ lives easier, the IFR meets the FCA’s regulatory expectation that insurers work collaboratively through collective action to mitigate the threat of financial crime.
In short, the IFR is an important new tool that will complement insurers’ other measures and enhance insurers’ overall capability. Remember also that the IFR can potentially be used by all ABI members – and in the longer term by others too.
I have not today touched upon the different ways in which the IFR can be accessed, but it is a flexible tool. It can be accessed in three different ways:
- Web portal – this will allow ad hoc searches to be done;
- Batch-based policy washing service – that will allow insurers to upload all new business and changes and get returned (overnight) a list of all matches;
- A2A – this allows instant ‘real time’ searches to be done and will be particularly useful for those insurers dealing on-line and will enable use of the IFR at the point of sale.
There are 3 additional points that I’d like to make:
- Firstly, the industry has invested a lot of time and money in making the IFR a reality. We do of course want as many insurers as possible using the IFR. Clearly, the more insurers that are contributing, the richer the intelligence and the more likely that the IFR will make a real, systemic contribution to mitigating fraud.
- Secondly, because there are different ways in which the IFR can be accessed, insurers can use it in the way that best fits with their own business needs and counter fraud strategy. Insurers - particularly small insurers - should not be under the misconception that the IFR is just a tool for the big boys with large fraud teams and sophisticated technical and analytical capability. It’s possible to load single cases on a manual basis through the portal – and this doesn’t require much resource or technical support. Over time, the insurer can progress if it so wishes to using the bulk download facility.
- Finally, we know from our operational experience that fraudsters are well- informed – they tend to look for chinks in the industry’s armour and will purposefully target the weakest link.
As such – while use of the IFR is a commercial judgement for each insurer - I find it difficult to imagine why an insurer would not wish to be part of the IFR.
So – in closing - I hope I’ve whetted the appetite of some of you in the audience that may be interested in using the IFR, but haven’t yet been in touch with the IFB.
The IFR is a powerful new tool in insurers’ weaponry. I think it represents a fantastic opportunity for the insurance sector to enhance its counter fraud capability, to underpin the deterrent message and to demonstrate to the general public, the Government and regulators alike that we remain committed to beating the fraudster and protecting our honest customers.
So if you haven’t yet become involved and you’d like to participate - or if you’d just like to find out a bit more about the IFR – please visit the IFR’s dedicated website: www.theifr.org.uk.
Here, you’ll find a form that you can submit online to register your interest. Once registered, you’ll be provided with login details for the members area in which you’ll find a wealth of information on the participation process and technical information (for example, access routes; transaction limits; audit framework) together with legal and technical documentation.
Mark Allen, Manager, Fraud & Financial Crime, ABI.