Hi 1) When considering the risk of distributors acting against the insurer the example given for taking advantage of a loop hole in product design relates to smoker/non-smoker rates so feels like an example of u/w methodology being different. Can you give examples of non u/w related loopholes in product design? 2) What risk management tools can be used to protect against staff committing fraud? For customer fraud, u/w, claims management and legally sound Ts&Cs will prevent, and for other third parties property and IT security can be used to prevent access. Is there anything else that can be used to protect against customer/third party fraud? Thank you, Rachael
And a 3rd question: 3) How can we reduce the risk of management systems and controls failing? I think we first ensure the systems and controls are robust, and well documented. We also ensure staff are well trained, and data checking can also support this. Are there any other ways we can reduce this risk or tools to help manage the risk? Thank you, Rachael
Hi Rachael 1) Other possible product design loophole examples could be variations on charges not exactly matching expenses by timing and/or amount. So, encouraging clients to switch funds very actively if switching charges do not apply perhaps. Or if there is a benefit or premium size beyond which terms get worse, encourage clients to take out 2 small policies (at the better terms) rather than 1 large policy at the worse terms. 2) Some of the suggestions that you suggest for other stakeholders can be used for staff too, eg IT security. Other protections against staff fraud could be: requiring multiple authorisations (eg 2 signatures) on any payments, maximum amounts staff can authorise before having to refer upwards, compliance training. A slightly more extreme one would be a requirement for staff to take 2 continuous weeks' leave each year (to protect against fraud being committed on some regular, weekly process). 3) I can't think of much beyond what you mention! Perhaps regular monitoring not just of compliance with the controls, but that the systems and controls themselves continue to be fit for purpose given changing business and emerging risks. Hope these help! Lynn
