Financial Crime Takes Aim at Insurance:

Fight Back with AML and KYC Best Practices

FINANCIAL CRIME TAKES AIM AT INSURANCE PAGE 2

Financial Crime Takes Aim at Insurance

The murky world of financial crime—money laundering, cyber scams, data breaches, identity theft and more—is becoming more complex, prolific and widespread, with its perpetrators increasingly targeting non-bank industries. In fact, fraudsters have set their sights squarely on the insurance industry as a particularly vulnerable target because it is viewed as inadequately prepared to fight back.

Financial criminals know they only have to get fraud right once to accomplish their goal. Whereas insurers need to get financial crime prevention right every time to protect themselves. Otherwise, they are left with skyrocketing operational costs, tattered reputations and a higher exposure to regulatory fines.

These unfair odds don’t have to be a foregone conclusion. Insurers can mitigate their exposure by rethinking financial crime prevention.

Read this white paper to learn how the latest anti-money laundering (AML) and know-your-customer (KYC) best practices are positioning insurance firms to more successfully fight financial crime.

FINANCIAL CRIME TAKES AIM AT INSURANCE PAGE 3

USA PATRIOT Act Deems Insurance High RiskAfter 9/11, the U.S. redoubled its efforts to stop the flow of illicit money through our financial system by enacting the USA PATRIOT Act, which broadened the definition of “financial institution” to include other industries considered high risk for money laundering.

This includes insurance, whose members therefore are required to establish and maintain effective AML compliance programs that encompass five pillars: 1. Internal controls 2. Independent testing 3. Designated compliance officer 4. Staff training 5. Risk-based procedures for ongoing customer due diligence Although previously implied, the fifth pillar was officially imposed through the Financial Crimes Enforcement Network’s (FinCEN) Customer Due Diligence Rule1, which went into effect on May 11, 2018. ACAMS Today2 points out that, “With the implementation of this new Rule, a robust customer identification/customer due diligence (CIP/CDD) program is more important than ever.” It should include the following, the last two of which fulfill the fifth pillar: • Customer and beneficial ownership identification and verification • Understanding the nature and purpose of customer relationships to create risk profiles • Ongoing transaction and customer information monitoring In its Anti-Money Laundering Program and Suspicious Activity Reporting Requirements for Insurance Companies3, FinCEN provides industry-specific red flags for suspicious activity: • Buying an insurance product inconsistent with needs • Paying with cash • Terminating a policy early, “especially at a cost to the customer, or where payment is made by, or the refund check is directed to, an apparently unrelated third party” • Transferring the beneficiary to an unrelated third party • Being more interested in early termination features than investment performance • Unwilling to provide identifying information • Borrowing the maximum right after a purchase

FINANCIAL CRIME TAKES AIM AT INSURANCE PAGE 4

Changing Landscape Increases the Threat Although insurance companies have been responsible for AML compliance for almost two decades, today that responsibility is more crucial than ever. It also is more challenging and complicated.

EXTERNAL FORCES• Financial crime is growing: According to Deloitte4, financial crime is a $2.1 trillion illicit industry. The

number of fraudsters and fraud attempts grows daily, and their methods continuously become more sophisticated.

The ubiquitous use and reliance on computers and satellites provides a natural conduit for this illicit money flow, according to Kaplan Financial Education5.

In addition, ingenious tools, such as Malware-as-a-Service, are available to anyone on the dark web, so fraud perpetrators no longer need to be particularly smart or tech-savvy to succeed.

• Insurance is an emerging target: As long-time fraud targets—and facing intense regulatory scrutiny since the 2008 financial crisis—traditional banks have built very strong AML compliance programs that are more difficult for financial criminals to crack.

Seeking an easier score, fraudsters are turning to insurers. Insurance Thought Leadership6 (ITL) explains one reason: “What makes it difficult to detect and prevent fraud within an insurance firm is also what might make fraud attractive to criminals: the low number of transactions in insurance provide few tracks for tracking financial crimes.”

This appeal is compounded by the fact that many insurance products are sold by independent brokers and agents, whom Kaplan says, “are often unaware of the need to screen clients or question payment methods.”

• Regulators increase AML focus: Up until now, ITL notes, “insurance has been relatively ignored when it comes to its anti-money laundering practices in comparison with the attention regulators give to (traditional) financial institutions.” Many in insurance fully expect regulators to follow where financial criminals are going.

FINANCIAL CRIME TAKES AIM AT INSURANCE PAGE 5

Customer OnboardingFront-line personnel

handle KYC/CDD

Watchlist ManagementCompliance personnelhandle WL screening &

adverse media monitoring

Risk Management

Risk personnel handletransaction monitoring,

risk scoring and risk modeling

INTERNAL CHALLENGES• Difficult balancing act: Many insurance firms struggle to balance competing needs: • Satisfying customer demands • Operating at peak efficiency • Fulfilling AML compliance obligations

• Disconnected functions: More often than not, wholly different departments handle the functions related to financial crime prevention, with only siloes between them and little to no interaction or communication.

Further, the diversification of product portfolios often results in multiple lines of business—with overlapping, unsynchronized customer interaction—leading to the same customer being verified or monitored multiple times without an organization realizing it.

• Omnichannel environments: Many insurers’ AML compliance programs were built for the in-person and by-phone environments of yesterday. However, today’s organizations use a variety of channels to reach customers: online, mobile, call center, email, chat box, etc. Financial criminals understand this and take advantage by hopping between channels to fool AML measures.

FINANCIAL CRIME TAKES AIM AT INSURANCE PAGE 6

Detailed ReviewThe following pages provide detailed analyses of the responses to each survey question, as well as insight into how they stack up to the industry barometer.

Holistic Financial Crime Prevention According to Deloitte, “It’s become increasingly clear that the current ‘check and report, catch and investigate approach’ is not enough to deal with the emerging forms of financial crime and the increasingly sophisticated groups who commit them.”

Instead, a holistic approach is required, where the various compliance and risk functions seamlessly interact and share information with each other and with their business line and operations partners.

CustomerOnboarding

KYC/CDD

RiskManagement

Risk Scoringand Modeling

Watch ListManagement

Screening andMonitoring

OperationsRegulatory Filing

!OperationsAlert/Case

Management

OperationsAuditing and

Reporting

BUSINESS

LINES

Forward-thinking AML and KYC Best PracticesCertain AML and KYC best practices facilitate this holistic approach and seamless flow of information.

Technology-driven Identity Verification

Whether at account opening or during other customer interactions, making sure the customer is who he says he is or appears to be is crucial to fighting fraud. Technology provides advanced ways to verify identity:

• Identity Document Verification: As Forbes7 explains, “Criminals are using stolen identification information to create synthetic identities they then use to gain access to financial services to perform nefarious activities such as money laundering.” Verification tools combat this practice by assessing and validating the authenticity of identification documents provided by customers when they open accounts or process transactions.

• Geolocation: If a criminal successfully phishes a customer and logs in with the stolen credentials, how will an insurer know? Geolocation, which Technopedia8 describes as, “the process of finding, determining and providing the exact location of a computer, networking device or equipment.” It uses GPS that’s built in to devices—as well as other identifying characteristics like IP addresses—to spot the user’s location and detect aberrations.

FINANCIAL CRIME TAKES AIM AT INSURANCE PAGE 7

• Biometrics: It is more difficult to steal someone’s identity or pose as a real customer when biometric data is in use. It hardens your AML and KYC measures in multiple ways:

- Authentication: Detects imposters through fingerprint, voiceprint or facial recognition as part of two-factor authentication.

- Behavior: Mobile device technology can track a user’s biometric footprint, i.e., screen touch pressure, tapping speed, etc., to develop a customer’s behavioral profile that helps verify their identity or detect an imposter or an emulator (a PC acting as a mobile device).

Comprehensive and Standardized Data Gathering

Part of a holistic financial crime prevention approach is creating comprehensive, standardized data sets by activity:

• Customer onboarding: Regardless of channel or product, collecting consistent KYC and CDD data.

• Customer service: Verifying identity data and noting patterns in day-to-day activities and requests, such as early surrenders.

• Billing and payment: Tracking the specifics of how and when customers pay their premium.

• Claim submission and payouts: Asking consistent questions via phone or app submission, noting claim frequency, claim timing after policy opening and repeated claim payouts.

• Claim composition: Creating standardized claim files by claim type.

• Mobile features: Utilizing the underlying architecture of mobile devices helps detect the presence of imposters and fraudsters.

- Device power settings: According to HelpNetSecurity9, fraudsters use desktop computers and emulation software “to create hundreds or thousands of virtual devices, which appear as uniquely legitimate users.” But emulators can’t fake the power settings and stats of a true mobile device.

- Device identifiers: IMEI and SIM numbers provide unique device identifiers that can be used to verify a user and alert you to unfamiliar devices.

- Device filesystems: An altered filesystem can signal a hacked phone.

FINANCIAL CRIME TAKES AIM AT INSURANCE PAGE 8

Centralized Data Access and Real-time Data Integration

In a siloed world, all of the above information is gathered by various departments and stored separately. With a holistic approach, data is gathered by the appropriate department, but is then available to all relevant departments in real time.

The next generation technology of application program interfaces (APIs) makes this possible. Otherwise known as a gateway system, it facilitates the complete integration of any number of disparate systems, i.e., customer relationship management, claims, payments, watch list screening and risk management.

The result of this integration is a unified, cohesive view of customers that encompasses every bit of data on them and every interaction with them, no matter who gathered it or who dealt with them. That centralized data is then available on demand across the organization for real-time decision making.

Enriched Customer Risk Profiles

When systems and departments are gathering and sharing comprehensive customer data, insurers are able to create deeper and more informative customer risk profiles. This facilitates financial crime prevention in multiple ways:

• Risk-based authentication: Customer fraud risk scores determine the required authentication context (user identity, IP address, device fingerprint, session speed, time of day, etc.) and authenticating factor (security question, hardware token, mobile token, email token, biometrics, etc.). A customer with a higher risk rating would require more corroborative identity verification than a customer with a low risk rating.

• Heightened awareness: Unusual or suspicious activity by a higher risk customer raises the loudest alarm bell.

• Risk models: Grouping customers by geography, product or other characteristics informs strategic decision making. If a particular market or product has a heavy concentration of high-risk customers, a plan can be developed for re-balancing that risk, which will also lower operational costs and improve the bottom line.

FINANCIAL CRIME TAKES AIM AT INSURANCE PAGE 9

Artificial Intelligence

Financial criminals keep evolving to stay one step ahead of AML defenses, but artificial intelligence now gives insurers the power to evolve their defenses faster still.

This new technology can sift through and analyze information at a faster pace, at a greater capacity and more extensively than can humans. It bolsters financial crime prevention in multiple ways:

• Customer anomalies: Creates a pattern of normal behaviors and activity and detects excessive or unusual activity.

• Customer networks and segmentations: Uncovers links between claims and/or customers, as well as fraud trends across your entire insured database.

• Non-static rules: Simplifies manual rule management and adapts rules based on evolving information, keeping fraudsters from identifying rules.

• Risk models: Reduces manual model management and enhances modeling by using the networks and patterns identified in real time by artificial intelligence.

• Predictive analytics: Improves strategic decision making by providing a more accurate forecast of the future.

• Reduced false positives: Creates efficiency by reducing unnecessary work and focusing resources on actual fraudsters.

The Status Quo Is Not an Option Risk.net10 warns that, “The sheer volume of ‘dirty money’ escaping the net—combined with the rate of false positives in AML efforts—means maintaining the status quo cannot be an option.” To continue ‘as is’ requires either hiring infinite human resources or accepting an overwhelming amount of fraud risk.

Instead, insurers need the power of AML and KYC best practices that help them contextually look across all channels, not a singular claim or transaction, to detect fraud. The resulting risk data can then guide strategic decisions that increase revenue, reduce operational costs and mitigate further risk.

FINANCIAL CRIME TAKES AIM AT INSURANCE PAGE 10

ABOUT CSI REGULATORY COMPLIANCE CSI takes risk management and regulatory compliance seriously; we know you do, too. Since regulations constantly change, we’ve developed comprehensive solutions that address today’s requirements and adjust to meet tomorrow’s demands. Our industry-leading solutions include consulting, social media compliance, testing and watch list screening. Financial institutions and businesses alike trust CSI’s expertise to enhance their compliance programs and reduce operational costs.

For more information about CSI, visit www.csiweb.com.

Resources:1 Fincen.gov/news, FinCEN Reminds Financial Institutions that the CDD Rule Becomes Effective Today

2 ACAMS Today, “Implementing the Fifth Pillar of BSA: The Role of the Third Line of Defense”

3 Fincen.gov/resources, Advisory Information: FIN-2008-G004

4 Deloitte, “Fighting fraud with analytics: The future of investigations”

5 Kaplan Financial Education, Anti-money Laundering: How to spot money laundering in insurance

6 Insurance Thought Leadership, “Can Insurers Stop Financial Crimes? Yes”

7 Forbes, “Three Anti-Money-Laundering Trends Financial Institutions Should Know In 2019”

8 Technopedia, Geolocation

9 HelpNetSecurity, “Online fraudsters’ preferred tools and techniques revealed”

10 Risk.net, “Making machine learning work for AML”

RCG_081419_401_V1