Fraud losses are an ongoing risk to businesses from all industries, from the smallest to the very largest. It has been estimated that a typical organization loses 5% of its revenues every year to fraudulent activities. [1] What is perhaps not readily appreciated is how much of this risk is generated from within an organisation. Research from Willis Towers Watson shows that the average loss reported under crime insurance nearly doubles when there is employee involvement compared to frauds that were wholly attributable to external sources.
The analysis of claims data suggests that this large difference in cost could be directly linked to the duration of the loss. The data shows that losses from internal sources take up to more than seven times as long to discover. This is not surprising as employees have the inside knowledge to avoid detection, allowing their thefts or frauds to continue for a longer time and thereby increasing the size of the loss. When we look at all claims under crime/fidelity policies, on average it takes 319 days from the start of the theft/fraud to the organization uncovering the fraud. But when no employees were involved, this period drops to just 105 days. Conversely when at least one employee is involved in the crime, this period increases to 748 days. Generally, the longer a crime goes undetected, the more expensive it will be to an organization.
The types of theft and frauds vary from straightforward theft and “low level” fiddling of expenses to elaborate frauds that require extensive planning. And it is not just the wider workforce that are responsible for these crimes against the company, some of the largest frauds we have seen involve the most senior levels of management. Directors/managers can have large oversight and authority, which can give the opportunity to carry out a fraud with little fear of detection. Often a director or senior manager will be very familiar with the authorisation procedures and can sometimes in effect authorize their own crime. The overwhelming majority of internal fraud losses analyzed by Willis Towers Watson were due to inadequate controls or controls that were easily bypassed. So, what can be done to reduce or prevent internal fraud? A robust controls framework combining detective, corrective and preventative mechanisms is an essential starting point. The best control mechanisms must be embedded in the business and regularly tested by someone outside the business area.
In most cases, an annual CPA audit is a prerequisite for crime underwriters. However, a common misconception is that external auditors – who are sometimes inaccurately perceived as being some sort of account ‘detectives’ or ‘investigators’ – will likely be able to uncover any fraudulent activity that may occur. That may be true to some extent but the very nature of fraud is collusive, at times preventing even the most experienced professional from uncovering its existence in a timely manner.[2]
We also recommend the following:
While each of the above-mentioned safeguards are important, they are most effective when implemented collectively. There are many measures you can take to help protect your business; however, no measure is fool proof. If a fraud occurs, having insurance is critical.
Fidelity/crime policies respond to internal theft or fraud losses, among other named perils. Crime coverage can vary by insurer and some key triggers to consider is whether the policy is written on a “loss discovered” form, which applies to loss that is discovered during the policy period regardless of when the act/loss took place, or a “loss sustained” form, which applies during the policy period in which the loss is actually sustained. This is an important distinction to be aware of. Although loss sustained forms are still in circulation, loss discovered forms have become market standard. Under a “loss discovered” form, when the insured first becomes aware of facts that would cause a reasonable person to assume that a covered loss has occurred (even if all the facts about the loss are not yet known) is a key consideration for coverage.
Unlike liability policies, crime is a first party indemnification policy that requires a sworn proof of loss. Typically, the insured must provide the insurer with written notice as soon as practicable, but no later than 30 to 60 days after the discovery occurs. In addition, the insured must provide a sworn proof of loss within four to six months after discovery. The proof of loss may require hiring of forensic accountants or other professionals to determine the extent of loss and provide supporting evidence.
Policyholders should keep in mind that in general, fidelity/crime policies include a condition cancelling coverage for any employee as soon as the policyholder, or any director or officer, learns of a criminal, dishonest or fraudulent act committed by that employee. Continuing to employ an individual after discovery of dishonest conduct could put the policyholder at risk of forfeiting coverage for any subsequent loss caused by that employee’s further misconduct.
In conclusion, in order to minimize losses from employee infidelity, early detection through strong independent controls is key. However, even the best controls won’t make a company completely immune from employee fraud losses. In those cases, it is vital to notify the loss as early as possible and be aware of the requirements/conditions under the policy.
Willis Towers Watson hopes you found the general information provided in this publication informative and helpful. The information contained herein is not intended to constitute legal or other professional advice and should not be relied upon in lieu of consultation with your own legal advisors. In the event you would like more information regarding your insurance coverage, please do not hesitate to reach out to us. In North America, Willis Towers Watson offers insurance products through licensed subsidiaries of Willis North America Inc., including Willis Towers Watson Northeast, Inc. (in the United States) and Willis of Canada, Inc.
1 https://www.incorp.com/help-center/business-articles/employee-theft-and-fraud-part1
2 https://www2.deloitte.com/content/dam/Deloitte/xe/Documents/About-Deloitte/mepovdocuments/mepov9/dtme_mepov9_Blame_Game.pdf
