| 1. | A Company must have policies, procedures and controls to minimise the risk of internal and external fraud in the following areas, at a minimum:| | | a. | Product development;
| | b. | Onboarding clients;
| | c. | Hiring and dismissal Staff;
| | d. | Outsourcing;
| | e. | Claims' management and settlements; and
| | f. | Dealing with practitioners of Insurance Related Professions.
|
|
|
| 2. | Insurance fraud categories include:| | | a. | Internal fraud, which is committed by a Board member, Senior Manager or other member of Staff on his/her own or in collusion with others who are either internal or external to the Company.
| | b. | Insurance Related Professions' fraud, which is committed by practitioners against the Company, policyholders or beneficiaries.
| | c. | Policyholder fraud, which is committed against the Company in the purchase and/or execution of an insurance product by one or more persons by obtaining wrongful coverage or payment.
|
|
|
| 3. | Preventive policies, procedures and controls to manage internal fraud must include:
| | | a. | Creating a culture based on integrity;
| | b. | Developing and maintaining policy and guidelines on ethical behavior;
| | c. | Adequate supervision of Staff;
| | d. | Performing pre-employment and in-employment screening of permanent or temporary Staff;
| | e. | Documented job descriptions;
| | f. | Periodical job rotation and mandatory vacations for Staff in fraud sensitive positions;
| | g. | Observing the "four eyes" principle.
| | h. | Segregation of duties;
| | i. | Having procedural safeguards over the use, handling and availability of cash;
| | j. | Establishing a transparent policy in dealing with internal fraud by Board members and Staff, including a policy on reporting to the relevant law enforcement agency;
| | k. | Establishing a clear dismissal policy for internal fraud cases in order to deter potential perpetrators.
|
|
|
| 4. | Preventive policies, procedures and controls to manage policyholder fraud must include:
| | | a. | Customer due diligence prior to inception.
| | b. | Requesting additional supporting documents to verify the policyholder's sources of wealth.
| | c. | In terms of claims settlement, procedures must include:
| 1. | Using professional judgement based on experience;
| | 2. | Identifying red flag lists;
| | 3. | Conducting peer reviews;
| | 4. | Reviewing internal and/or external databases or other sources;
| | 5. | Using information technology tools, such as voice stress analysis, data mining, neural networks and tools to verify the authenticity of documents; and
| | 6. | Interviewing claimants.
|
|
|
|
| 5. | Preventive policies, procedures and controls to manage Insurance Related Professions' fraud must include:
| a. | Having in place a documented policy and procedure for the appointment of new practitioners of Insurance Related Professions.
| | b. | Having an application form and terms of business agreement that have to be completed and signed by the practitioners of Insurance Related Professions.
| | c. | Ensuring the application form requires applicants to disclose relevant facts about themselves, including qualifications, experience, and qualifying body.
| | d. | Verifying the financial soundness of the applicant and checking references.
| | e. | Having an effective sanction policy in case of non-compliance by the practitioners of Insurance Related Professions.
|
|
| 6. | A Company must collect information in respect of insurance fraud from the market and to provide same to the Board and Staff. Such information must be used to evaluate the effectiveness of policies, procedures and controls, and to make changes were necessary.
|
| 7. | A Company must establish and maintain an independent audit function to test fraud, fraud risk management, procedures and controls.
|
| 8. | A Company must encourage Staff to report all irregularities and must have a whistle blowing policy in place for this purpose.
|
| 9. | A Company's fraud management strategy must be aligned with the Risk Profile of the Company. In determining the Risk Profile, the following factors must be taken into consideration:| | | 1. | size of the Company;
| | 2. | organisational structure;
| | 3. | products and services offered;
| | 4. | payment methods used for premiums and claims;
| | 5. | types of policyholder; and
| | 6. | market conditions.
|
|
|
| 10. | A Company must retain records of all reported cases of fraud along with the findings, and must establish standards relating to the turnaround time for the assessment of fraud, documentation of analysis and keeping records of fraud incidents.
|
| 11. | A Company must have effective reporting systems to the Board in terms of frequency of incidents, along with recommendations to address the issues.
|
| 12. | A Company must report any suspected or confirmed fraud cases to the proper law enforcement authorities immediately and notify the Central Bank of such reporting.
|
| 13. | A Company must provide the Board and Staff with guidance on fraud indicators and training on preventing, detecting, reporting and remedying fraud. Such training must be commensurate with the position that the person holds within the Company.
|