The fraudster may have deceived you but that doesn't mean you can't receive full compensation from your crime insurance carrier. Here's how to ensure you have an adequate fidelity policy and a professional fraud recovery team.  

A large bank discovered an internal fraud scheme that caused more than $5 million in losses. Though it seriously rattled bank executives, they assumed their crime insurance carrier would cover losses. Unfortunately, they hadn't read the policy in awhile; the bank only had $2 million in coverage. No one had changed the policy in 10 years despite record bank growth.

Locks may keep honest people honest but they won't stand in the way of determined thieves. Even with the best of internal controls, a corporate culture with integrity, and effective policies and procedures, a company still needs adequate, up-to-date crime insurance policies. It also needs an established fraud recovery team of diverse managers to quickly collect solid evidence to support an accurate insurance claim.
Regrettably, many firms don't read their policies or form a fraud recovery team until a fraud occurs. Others limit or even eliminate fraud insurance. And some companies' lack of organization, skill, or desire severely limits payment on insurance claims.

The fallout from poor fraud insurance planning can impede investigations, waste money and time, kill employee morale, and encourage potential fraudsters.

Crime insurance does more than reimburse a company for covered losses. It also provides a significant motivation for the recovery team to search out and identify potentially covered losses and fully explore the extent of the fraud scheme. This financial incentive is important, because many people are more inclined to simply write off a fraud or make a correcting entry, and leave the underlying cancer in place. So if an insurance policy is going to serve as the primary recovery method, it's important to understand it.

Crime Insurance Limits and Applicability

Crime policies are designed to protect against specific types of risks. Since crime claims are much less common than other types of insurance claims, many organizations misunderstand exactly what the policies provide.

Understand that your policy covers your loss, not (merely) a third-party loss or damages awarded against your company. Because specific policy language varies, your policy should cover all types of employee crime that could occur in your business.

One company discovered that a dishonest employee and some outside purchasing agents had been defrauding the company and its customers for years. The company promptly repaid its customers and then filed a claim for the full amount of both losses. The insurance company paid the direct losses to the company but disallowed the customer losses. The company should have read its policy a little closer. Instead of repaying the customers, it should have encouraged them to file crime claims of their own because the purchasing agents were employees of the customers. After reimbursing the customers they no longer had a loss; when the company's claim was denied, it either had to sue the customers or let the matter go.

As in the opening case, many companies discover that limits on their policies are too low. Because most organizations believe that it won't or can't happen to them, they set limits that fail to adequately protect them against the size of modern fraud schemes.

Deductibles

Installing an overly high deductible can be just like dropping the policy because it removes the incentive for companies to root out fraud and abuse.

So what should be your deductible limit? At what point is a company large enough to self-insure this type of loss? Some companies have deductibles of $10,000 or $20,000 while similar organizations are at $100,000, $250,000 or even $1,000,000. The difference is attitude. The company with the lower deductible is willing to aggressively pursue any potentially claimable loss because it knows that the hurdle rate is low enough to justify the exercise. But the company with the higher deductible is willing to simply write off losses, or let them go uninvestigated, rather than "throw good money after bad."

Riders

As with all policies, a variety of riders are available to customize the standard form. There are some standard riders you should carefully consider for the extra benefits they provide, particularly those that limit the definition of discovery and cover investigative costs associated with the claim investigation.

Riders will specify when the insurance company must be notified from discovery of the fraud and the officer, director, or risk manager who must know of the crime to "start the clock." Whether the organization is large or small, riders define discovery to a specific person, position, or level, which all support the organization's ability to respond.
Similarly, adding more coverage for investigative costs makes solid business sense. Uncovering and documenting repetitious, large-scale, or long-term fraud cases takes time. The natural tendency is to outsource this function and investigative costs coverage makes it a nearly no-risk proposition. But what coverage level is sufficient? Contact some outside fraud examiners and ask them how high the costs could be and then make the decision.

Preparing a Claim

While some people are familiar with the terms of fidelity policies, most have never made claims under them. These policies differ in several important ways from other types of policies. In disability and health insurance policies, insurance carriers partner with the insured. In worker's compensation, there is often a close relationship and interaction between the company and the carrier. Claims under fidelity policies place the two parties on opposite sides of the table. They are rarely partners and easily can fall into adversarial positions.
Interaction with the carrier begins when you notify the insurance company that the fraud has occurred. From that point, the company has a specific period of time to file documentation of the loss. While not common, lack of a timely, written notice can be grounds to disallow a claim, leaving the company with no effective means of recovery.
While minimal information is all that is required at this point, this is your opportunity to lay the groundwork for the claim. The more you educate the carrier, the better. Because these claims usually concern schemes unique to the specialized industry or company, the company should supply the carrier with detailed information throughout the process.
Establish and develop a good working rapport early with claims personnel. (Your risk manager should already know carrier employees from your periodic policy reviews.) If your company uses a broker, keep the broker informed to encourage a united approach with the carrier.

During the ensuing investigation (covered in the next section), the carrier officially is waiting for the company to present its proof of loss. However, many carriers would prefer advance indication and information so that they properly can position themselves to adjust the claim. Because many of these types of claims will involve substantial sums, this approach will aid the carrier to set proper reserve amounts and substantially will ease settlement negotiations.

To protect the company, a single contact should handle all direct communications with the carrier. Information relayed by telephone should be summarized and confirmed in writing, along with anticipated schedules, time lines, and outstanding document requests.
Your company has more in common with the claims representatives than might first appear. With a common objective and regular interaction, the company and the carrier can discuss and analyze complex issues as they arise. This is also a great opportunity to evaluate potential arguments and refine them before the official presentation.

Creating the Fraud Recovery Team

Ideally, before any fraud is discovered, you should have in place a recovery team of fraud examiners and senior managers, as well as members of the legal and risk management departments. They should already know the special requirements of a crime insurance claim.
Supplement the team with managers of affected areas as well as outside specialists including legal counsel, independent fraud examiners, claims consultants, and technical experts such as document examiners and information technology specialists. Legal counsel should retain and manage all the consultants to ensure that the legal privileges cover their activities as well.

By including attorneys on the team, the company can ensure that its notes and drafts are protected by various privileges, including the doctrine of self-critical examination, as well as the more-common attorney-client communications, attorney work product, and, in some instances, attorney-investigator privileges.

Many fidelity claims involve litigation at some stage, usually against the perpetrators. The attorney on the team can subpoena information from banks, casinos, mortgage companies, and other records that are protected by privacy statutes. Also, the legal representative can ensure that the team doesn't inadvertently expose the company to liability as it documents the scheme, investigates the involved parties, and assesses the damages caused by the fraud.

Unfortunately, companies often don't appoint the risk management executive to the team until late in the process. The risk manager is often the only person who knows the special requirements of dishonest employee insurance claims.

In one case, the company didn't even know it had a crime insurance policy until the risk manager was notified about the fraud in a management meeting. He joined the team, educated the members about the requirements of a successful fidelity claim, and guided them through the unfamiliar territory of carrier notice requirements and filing deadlines. Later, well into the investigation, the company realized the fraudster's assets weren't sufficient to cover the loss and the fidelity claim was the only viable economic recovery.

The team should be no larger than necessary, be led by one person, and have adequate time, resources, and executive support. In many organizations, several layers of management will want to be involved. The obvious results are meetings filled with extraneous people, talking too much, and getting little done. Instead, legal counsel should provide briefings of the team's actions to select managers. The execs are kept in the loop and the team can accomplish something.

On the best teams, the members have clearly delineated responsibilities, are empowered to act, and devise successful strategies. They not only bring fraudsters to justice but also submit accurate, detailed insurance claims.

Fraud usually is discovered by an accidental act or via a tip from the company fraud line, anonymous sources, or even involved employees. Because a tipster often has a private motivation, the team should determine if the allegation is credible and probable. If so, treat it as an active fraud; after all, it's better to find nothing than to leave a scheme in place.

By taking these steps, you begin to manage the fraud, rather than be abused by it. All of the actions that follow from this discovery must support your corporate objectives and recovery goals.

Identifying the Objectives

Even a balanced fraud recovery team can go astray. In one case, a multinational company discovered a fraud scheme and assembled a team of fraud examiners and representatives from the operations, audit, and legal departments with input from the risk management department. They initially made rapid progress, only to get bogged down trying to process the volume of material their inquiries were generating. Because there was no clear leadership, they differed on their objectives and wasted valuable time going in different directions.

The first reaction to finding a fraud is often anger. After all, the fraudsters have attacked the company and betrayed its trust. However, it's important to quickly move past retribution and identify your goals. For many companies these come in three primary categories: 1) punishing the fraudsters; 2) recovering the stolen funds; and 3) strengthening internal controls to lessen the chance that the scheme could reoccur. We'll just cover the first category here.

Punishment of wrongdoers is a legitimate corporate goal, but it can be complicated to execute. The team must plan for filing a criminal complaint, pursuing it in the civil courts, enduring media publicity, and dealing with employee morale issues, all of which could affect the insurance claim.

Criminal Prosecution - When a company files a criminal complaint with a law enforcement agency, the suspect faces potential incarceration or probation and will be publicly branded for his involvement. While some companies shy away from the resulting media publicity, a criminal conviction or guilty plea can be a strong factor in presenting a fidelity claim or litigating a civil lawsuit for damages.

Some industries require that a company file a criminal referral. If criminal prosecution is one of the corporate objectives, one of the team members must be familiar with criminal procedures. This person will provide the law enforcement agency with the case's facts and evidence. Because white-collar crime is not a high priority for many jurisdictions, the team must submit as much evidence as possible before any law enforcement agency considers its own investigation.

After the team tells law enforcement of the crime, the company is no longer an advocate but is now the victim, and the prosecutor begins making the decisions; the company doesn't have any control of the prosecution and sentencing. Therefore, it's essential that the information given to law enforcement include all of the relevant details of the scheme, a detailed presentation of the facts, the key players, the key documents, and a list of relevant witnesses.

In a recent case, a company notified law enforcement too early in the process, which led to unintended consequences. An investigator from the police department, who joined the team, had a different perspective on the problem and its best solution, creating tensions in the group. Personal and professional conflicts limit the effectiveness of the internal investigation. The law enforcement investigator eventually was assigned to a more pressing case and effectively dropped the company's criminal investigation. In hindsight, the company realized that a more effective strategy would have been to complete the internal investigation and then present the facts and evidence to the prosecutor or law enforcement agency.

Civil Remedies - Once the internal investigation has progressed so that the team identifies the primary players, civil litigation becomes an option. The necessary elements to prepare the civil case are less complicated and more commonly understood.
The discovery procedures can give the company access to third-party records, depositions, formal "on the record" answers, and other tools to complete the documentation of the fraud.

In preparing the civil claims, local counsel will be invaluable in providing information about local rules and practices. In some jurisdictions, discovery is automatic, while in others it's delayed. It can be a problem to introduce new parties to the suit in some jurisdictions.
Finally, you'll need to work closely with the risk manager to coordinate the civil claim preparation. As stated earlier, the risk manager already has a relationship with the insurance carrier and is in the best position to manage the deadlines required under the policy.

Filing the Claim

Because you laid the groundwork with the carrier even before you convened the fraud recovery group, you're positioned to make a claim under the policy. Due to deductible issues, the specific facts or specific policy provisions, some companies elect not to file a claim. For those that will file a claim, the key to success lies in documenting the facts accurately, drafting the proof of loss, and gathering the attachments. These three elements will form your argument that the carrier should issue payment under the policy.

During the course of the investigation, the fraud recovery team will discover and process a large volume of data. This will include witness interviews, management reports, physical documents, analysis, and custom work product by the legal department and fraud examiners. The largest issue is managing the flow of data to distinguish relative importance and to provide a coherent explanation of the scheme.
Most white-collar crime cases amass hundreds if not thousands of documents. One team was faced with reassembling an entire year of accounting data deleted by the fraudster. Taking advantage of the opportunity the challenge presented, they rescheduled all the base documentation and allocated the charges to the proper accounts. While the task was larger than they would have liked, the end result was a clear illustration of the effect that cooking the books had on the company.

Witness cooperation is another essential element. In some cases the fraudster confesses or provides adequate information to reconstruct the scheme. In others, anonymous tipsters provide the first indication. Whatever the source, identifying and documenting those personal statements will strongly support the claim.

Proof of Loss - The proof-of-loss document is presented as a story to explain the scheme to the readers clearly and concisely and position them to be receptive is presented as a story to the company's arguments about coverage and damages. Make sure you're able to tell the story your way rather than just submitting raw facts on an insurance form, which could be misinterpreted.

To help expedite the process, cite the relevant support documentation throughout the claim. With all of the supporting affidavits, documents, analysis and worksheets, the carrier can trace readily the verbal arguments to the financial results of the scheme.

In the worst-case scenario - in which your company and the carrier enter into litigation - a complete and thorough proof of loss can make a conclusive difference in the eyes of a jury.

Your company - if it's smart - looks for fraud, and when it finds it (and it will find it) knows exactly how to handle it without being paralyzed by shock or anger. You already have an adequate crime insurance policy with customized clauses, deductibles, and riders. You contact the carrier and tell them the preliminary fraud examination results and keep the claims representatives informed throughout the process.

Your company calmly convenes the established fraud recovery team - replete with the risk manager, counsel, fraud examiners, and specialized experts - and gets busy with its investigation. Each team member, guided by the team's leader, competently and quickly gathers evidence. The team writes its concise narrative, filled with supporting exhibits, and submits it to the carrier. The insurance carrier analyzes the claim, verifies the information, and writes your company a big, seven-figure check.

Jonathan Turner, CFE, CII, is a founder and managing director of Wilson & Turner Incorporated, an investigative consulting firm, where he specializes in the prevention and detection of financial fraud and the investigation of employee crime. He is a frequent author and speaker on fraud investigation and recovery topics for the Association and other groups. He is a member of the Association's Editorial Review Board.