The most dangerous enemy is sometimes the one from within. That, at least, is how it can be for companies that fall victim to employees who commit fraud to enrich themselves or do damage to the firm.
Employee fraud can be the most difficult to uncover – people who work on the inside know how the systems work, and are able to cover their tracks in a way that outsiders do not. What’s more, in recent years, new global business models and sophisticated systems have increased the risk that security breaches will occur. At the same time, the economic downturn has led to greater levels of insecurity, employee dissatisfaction and motivation to commit crime.
An ounce of prevention is worth a pound of cure: risk management and internal controls are the best way to avoid loss. But no security system can keep up with every potential breach. If your company is the victim of a crime, from inside or outside the organisation, the surest way to provide balance sheet protection is through having the right kind of insurance protection. While the risk landscape has evolved significantly, the insurance markets have kept pace with new and innovative solutions. Crime insurance can provide effective risk transfer.
Signs of the times
Recent cases from around the region show that employee fraud is not limited to any sector of the economy or size of organisation. Government owned entities or private companies, whether small, medium or large in size, are not immune. In the news in recent years:
- The dean of a university medical school convinced patients to make payments totalling HK$4 million into the account of his wholly-owned private company.
- A “shopping addict” was caught transferring between HK$100,000 to HK$200,000 several times each month from the account of her small commercial printing firm, stealing in total HK$6 million.
- An estimated $7.9 million worth of watches and cash went missing from a luxury watch retailer in Singapore on December 26, 2008, a crime perpetrated by an employee.
- A sales representative at a medical supply company in Singapore made cheques out in his own name for 35 shipments of products over two years, pocketing almost $2 million.
- In Japan, an IT services company reported that a former employee had embezzled around $1 million by fraudulently selling personal computers that were stocked in the warehouse. He sold more than 300 computers in five years.
- Other recent frauds include the creation of “ghost employees”, fictional names on the payroll who claim salaries, embezzlement of large sums by senior executives, fraudulent accounting, and other innumerable employee crimes.
Employee crime brings with it more than just financial losses. In one recent case, a publicly listed corporation was forced to delay the publication of its financial report and subsequently restate its results from a profit to a loss, after embezzlement by one of its cashiers of a subsidiary office for some HK$24 million was discovered. When events such as this happen, the loss of confidence in the company is much greater than the financial loss, and a company’s share price can take a disproportionate hit.
Forms of insurance coverage
The good news is that companies that have appropriate insurance in place are covered should such an event take place.
There are two major forms of coverage against employee fraud: the fidelity guarantee, which is specifically designed to cover the insured against internal acts of fraud and dishonesty; and crime insurance, which covers a company against both internal and external crimes.
The fidelity guarantee is a traditional form of fraud insurance that has been around for many years. It is designed to cover the insured against loss of money or goods belonging to or held in trust for the company. It provides coverage against any act of fraud or dishonesty committed by listed employees during the period of insurance.
But companies must understand the limits of their fidelity guarantee in order to avoid any unexpected policy gaps.
First, claims are limited by employee up to a specified limit. Many companies that fail to periodically review these limits may find them significantly insufficient in today’s world.
What’s more, the act of dishonesty must be discovered no later than six to 12 months after the termination of the employee or the lapse of the policy. If a perpetrator has been careful in covering his or her tracks, the discovery may happen well past this period. And if the act has been going on for years, this will limit indemnity from insurers to the last policy that may still be in force at time of discovery.
Many risk managers feel that their company is well covered if a fidelity guarantee is in place. But many of the recent cases cited above would actually not be covered under such policies. For instance, fidelity guarantees often limit their coverage to “money”, specified as currency or banknotes. Most embezzlement today involves financial gain that does not include physical currency, through electronic fraud and the like.
Fidelity guarantees limit payouts to firms who have suffered from fraud or dishonesty. But in a recent HK$29 million case, the accused was acquitted of any wrongdoing. The firm still lost the money, but because the court found no act of fraud, under its legal definition, the company was left without coverage.
Crime insurance, on the other hand, is designed to cover firms against higher-level fraud, embezzlement and criminal acts committed by external parties. Employee fraud cover under these policies include the following:
• Coverage against events where the company sustains a direct financial loss as a result of a dishonest or fraudulent act committed by an employee
• Coverage on a claims-made basis – meaning that insured companies are able to claim for events many years after they have occurred
• Coverage against fraud committed by all employees, including directors and even unidentified employees – in cases where the firm knows there has been a loss, but cannot identify the perpetrator.
• Limits are calculated on an aggregate basis, not per employee
• Coverage is worldwide
Crime insurance also includes coverage against fraudulent acts or theft committed by third parties including:
• Loss in premises
• Loss in transit
• Computer fraud
• Fund transfer fraud
• Counterfeit currency
• Corporate credit card losses
Crime insurance also provides cover for ancillary expenses such as:
• Investigation costs and the cost of forensic accounting
• Data reconstitution costs, if your database has been damaged and must be rebuilt
• Defence costs
• Pre-loss consultant cervices such as risk management and security services, provided the insured agrees to share any material findings with the insurer
• Contractual and regulatory penalties
• Interest receivable or payable
• Reputation recovery costs
To claim under a fidelity guarantee, the company must discover the fraud within six to 12 months of the policy expiring. In contrast, crime insurance is written to ensure that the customer can claim for an event that occurred at any time in the past – it is fully retroactive, as long as the circumstances of the claim were unknown at the time of policy inception.
For instance, a company was established in 2000, with a number of criminal acts taking place in the next few years. These acts were not discovered until much later, by which time the company had taken out a crime policy. Under the terms of this contract, the company is covered for the earlier criminal acts, because the policy is fully retroactive.
When to buy crime insurance
The general perception of crime policies is that they have high premiums, involve high deductibles and require a complex application process. There is truth in all these. But this is explained by the fact that crime coverage is an important form of risk transfer designed to cover organisations against major fraud and other criminal acts.
It is not meant to cover lower level losses that might be more effectively protected by self insurance and by risk management and security measures. This deductible can be filled in by a fidelity guarantee or a money policy that provides coverage for robbery, theft or other financial crime, to ensure there is no gap.
The application process for a crime policy is thorough and comprehensive, but brokers and insurers are prepared to give a non-binding indication of whether the company will be insurable, and what premium levels are likely to be prior to entering into a formal application.
Many companies are more exposed to fraud from the inside than they expect or prepare for. Many firms assume they are covered for crimes under policies that are simply not designed for today’s conditions – global business models, fast moving wired economy environments, complex systems with significant potential for security breaches. These factors necessitate a sober analysis of your firm’s preparedness for the unexpected.
Internal controls are an important part of your company’s armoury against fraud, but they are not sufficient – if the worst happens you will need to be in a position to show that you have protected your organisation’s financial assets. It is more than just money on the line – it is your reputation.
While the risk landscape has evolved quickly, so has the insurance market’s response. Crime Insurance can provide effective risk transfer of crime risk.
About the Authors
Stella Tse is FINPRO Practice Leader, Greater China, and Gary Chua is FINPRO Practice Leader, ASEAN Region, for Marsh. This article first appeared in The Marsh Directors’ Series, October 2009.