A Framework for Managing Crime and Fraud

A Framework for Managing Crime

and Fraud

ASIS European Security Conference & Exhibition

Gothenburg, April 15, 2013

Torsten Wolf

Agenda

•

Introduction

•

Economic Crime Landscape

Introduction

About Zurich

Zurich is one of the world’s leading insurance groups, and one

of the few to operate on a global basis. Our mission is to help

our customers understand and protect themselves from risk.

With about 60,000 employees serving customers in more than

170 countries, we aspire to become the best global insurer as

measured by our shareholders, customers and employees.

We help individuals, small- and medium-sized companies and

global corporations around the world understand and protect

themselves from risk by offering a wide range of insurance

products, solutions and advisory services.

Group Security is a trusted advisor of choice, viewed as

business partner with security expertise, providing world- class

service that can adapt at the speed of change.

Group Security is a trusted advisor of choice, viewed as

business partner with security expertise, providing world- class service that can adapt at the speed of change.

V

IS

IO

N

S

IO

N

One Group Security acts as a business enabler, taking both preventive and reactive measures in order to secure Zurich’s aspiration of becoming the best global insurer.

We accept responsibility for the security and safety of Zurich employees, assets and activities, protecting them from internal

Introduction

Introduction

Business Protection Model

P e o p le Processes Event Security Security & Safety Governance Economic Crime Prevention & Detection Emergency Management Travel Security Personnel Protection Security Threat Management Governance Quality Business Customer Shareholder Employee Assets Reputation P e o p le N e tw o rk s Processes T o o lb o x T e c h n o lo g y

•

Introduction

•

Economic Crime Landscape

•

Economic Crime Framework

Economic Crime Landscape

Definitions

Exaggerated claims Fictitious claims

Claims

Fraud

Financial

Crime

Economic

Crime

Money Laundering/ Terrorist Financing Bribery/ Corruption

Sanctions

Internal/ employee crime and fraud External non-claims crime and fraud Theft

Economic Crime Landscape

Impact of Economic Crime

Impact on customer including increased premiums Loss of confidence in organization

Damage to reputation and brand Damage to stock value

Possible loss of market share

Closer regulatory focus and possible fines (Regulator) Cost of investigations and new internal controls

Accountability of company senior executives and possible legal action against them

Decline in staff morale Impaired business relations

Economic Crime Landscape

Key players in the insurance industry

Interme-diary Customer Third Party Service Provider Vendor External Party 1 3 Insurance Carrier 2 … _Reinsurer Distribution crime

1

Commission fraud Policy fraud Premium fraud Internal crime

2

Claims fraud (committed by employee) Salvage Sales incentives Identity crime

3

Surrender fraud

•

Introduction

•

Economic Crime Landscape

•

Economic Crime Framework

Economic Crime Framework

Mandate

Pressure Rationalization Opportunity

Fraud Triangle

Economic Crime Prevention and Detection,

prevent and detect criminal activities and security incidents to mitigate business

damage from crime. Investigate fraud and security incidents.

Economic Crime Prevention and Detection,

prevent and detect criminal activities and security incidents to mitigate business

damage from crime. Investigate fraud and security incidents.

Investigation Root cause analysis Continuous process Improve control environ-ment Assess

crime risk _Response

to incident Identify

crime risk

Crime detection

Governance & Quality People & Networks

Processes & Standards

Economic Crime Framework

Overview

Ethical policy (“Zurich Basics”)

Anti-crime Policy (“Zurich Risk Policy”) Anti-crime guidelines (“Global Security Standards”) Adherence monitoring Site visits Audit reviews Internal Control Framework Process Benchmarking Data mining Reporting of economic crime statistics Escalation of ‘significant’ incidents Zurich anti-crime professionals Internal support External support Peer organizations Communication/ training 1 4 5 7

Toolbox & Technology

Awareness training Fraud Risk Questionnaire Whistleblowing (“Zurich Ethics Line”) Reporting database Web conferences 2 3

Investigation Root cause analysis Continuous process Improve control environ-ment Assess

crime risk Response to incident Identify

crime risk

Crime detection

Economic Crime Framework

Economic Crime Framework

Organizational set-up

Group Security

Governance and leadership

Strategy, policy, framework, and methodology Driving execution

Interfacing with other functions

Countries

Execution of strategy

Implement policy requirements Development support

1

Global Business Solutions Group Security Expertise Center CEO COO Objective setting

Economic Crime Framework

Employee crime awareness training

Execution of local training mandatory Generic all employee training developed

Minimal local adaptation necessary (language) Deployed via HR system (tracking of participation) Option to continue with own solutions

Global training (Zurich Basics) Anti-crime module

Close collaboration with Compliance Participation mandatory

2

Crime awareness training Ethics training

Economic Crime Framework

Fraud Risk Questionnaire (1/2)

3

Comprehensive coverage Modular approach

Crime risk scenarios and anti-crime controls

Entity and/ or Business Area level Fully integrated into risk

assessment processes

Leveraging existing risk tools and methodologies

Execution facilitated through guidelines, training and

individual consulting

Continuous enhancement (external/ internal trends, management requests)

Development of new modules Refinement of existing modules

Economic Crime Framework

Fraud Risk Questionnaire (2/2)

3

External observations Internal analysis M a n a g e m e n t R e q u e s t Continuous FRQ enhancement

Economic Crime Framework

Internal Control Framework

•

Goal: Strengthen the internal control environment

•

Consistent view of crime risks and associated

controls

•

Set of minimum controls to address crime and

fraud

- Governance, roles and responsibilities - Risk assessment and response

- Collection and reporting of incidents - Investigations

•

Mandatory for all Business Units

Economic Crime Framework

Reporting

5

Goal: Transparency of economic crime and crime attempts

Database: Local data entry – central analysis to identify trends

Number of cases, potential loss, actual loss Report shared with governance functions and external auditor

Key findings shared with the members of anti-crime network

Potential financial impact above USD 250,000 Potential reputational exposure for the Group A CEO or a direct report to a CEO

Employee in a control function/ fraud role

Alleged/ actual accounting or financial statement improprieties (regardless of amount)

Systemic occurrence of particular fraud incidents Escalation of single economic

crime incidents

Business

Escalation criteria

Statistics of all incidents Economic Crime Report

Group Security

Group Legal

USD 50k

Economic Crime Framework

Pre-employment screening

6

Key component of effective anti-crime governance framework

Obvious benefits

- best hiring decision

- safe working environment

- avoiding cost of bad hiring decision

Investigations of incidents revealed perpetrators had criminal records

Various practices across the organization; impacted by local laws and regulations

Economic Crime Framework

Monitoring adherence

7

Self assessments

Review of work products

- operational risk assessments - economic crime statistics - investigation reports

Visits to selected countries Policy adherence review

Regular sign-off of Internal Control Framework

Investigation Root cause analysis Continuous process Improve control environ-ment Assess

crime risk _Response

to incident Identify

crime risk

Crime detection

Governance & Quality People & Networks

Processes & Standards

Economic Crime Framework

Wrap-up

Ethical policy (“Zurich Basics”)

Anti-crime Policy (“Zurich Risk Policy”) Anti-crime guidelines (“Global Security Standards”) Adherence monitoring Site visits Audit reviews Internal Control Framework Process Benchmarking Data mining Reporting of economic crime statistics Escalation of ‘significant’ incidents Zurich anti-crime professionals Internal support External support Peer organizations Communication/ training

Toolbox & Technology

Awareness training Fraud Risk Questionnaire Whistleblowing (“Zurich Ethics Line”) Reporting database Web conferences

Business added value

Reduced cash outflows Recovery of damages

No bad press hurting reputation

Increased confidence of investment community Lesser attention by regulators

Reduced likelihood of fines Deterrence of crime attempts Positive staff morale

Economic Crime Framework

Added value

Pressure Rationalization Opportunity

Fraud Triangle

Economic Crime Prevention and Detection,

prevent and detect criminal activities and security incidents to mitigate business

damage from crime. Investigate fraud and security incidents.

Economic Crime Prevention and Detection,

prevent and detect criminal activities and security incidents to mitigate business

damage from crime. Investigate fraud and security incidents.

Thank you!

Contact details

[email protected]

+41 44 625 26 53