KnowIT for Insurance & Reinsurance
Practical Guidance for Managing "The Employee Risk" - Some Key Pointers
Specifically, within the Insurance and Reinsurance environments, 'Risk Managers' regularly experience fraudulent activity emanating from the company's own work force and it is only with the assistance of robust controls and the employment of dedicated Software that these activities are mitigated
The chief tools of the mitigation for employee dishonesty fall into two categories: -
Employee 'dishonesty' is statistically the most prevalent when the perpetrator believes he is unseen in a large workforce and / or has access to sensitive information, the sale of which would prove to be very attractive.
Employing strict audit controls with the support of monitoring tools such as KnowIT reduces the exposure to this type of activity by providing the 'Administrator' with 'sight' of all digital transaction movement.
Examples of the KnowIT application movement monitoring include the following capabilities:
1. Productivity - by time log and activity monitoring.
2. Application Tracking - by monitoring applications are being used in a given time frame.
3. Insider breach - by tracking the dedicated travel route from 'cradle to grave'.
4. Network Activity - by measuring and flagging unusual bandwidth usage.
5. Password Manager - by employing Biometric fingerprinting for file protection.
All of the following examples of Employee 'dishonesty' would have been discovered as much earlier stages and in a number of cases prevented had KnowIT been deployed to the company network.
Contemporary examples include: -
The sale of a company's confidential trade or business information, see Arthur J Gallagher v Skriptchenko and Others
KnowIT: Insider Breach via document tracking (3) would have highlighted the unusual direction of travel
Direct or indirect bribery, see Allianz Insurance case 2017 involving 3 former employees 2017
KnowIT: Productivity (1) would have highlighted the unusual work patterns of the 'dishonest' employees.
The manipulation of accounting software in order to promote fictitious service providers and aiding and abetting third parties in any such activities, see case involving former Ageas employee in 2016
KnowIT: Application Tracking (2) would have highlighted the unusual utilisation of Application
Employees assisting third parties by conspiring with outside parties to defraud an employer is further enhanced by the evolution and development of 'Social Engineering Fraud' as one of the most prevalent mode of operation. This expression covers a range of techniques deployed by fraudsters to deceive and manipulate innocent parties into divulging confidential information-such as passwords or transferring funds.
KnowIT: Password Manager (5) would have prevented any such instances of password cloning.
The second category is external mitigation through external advisors.
An enduring risk for companies which are publicly listed is the risk of Insider Trading which is frequently but not exclusively also an employee dishonesty risk. The FCA has introduced the Market Abuse Regulations under which, following a regulatory Investigation, charges may be brought against individuals which may result in significant fines and / or custodial sentences of up to seven years.
Although Insider Trading risk is normally associated with a takeover or merger scenario involving two listed companies, in practice it can arise in the context of an impending de-listing. A typical example being where a Private Equity house enters into negotiations with a listed company for the latter's purchase or the purchase of a sub-group of the listed company.
The "Fruit and Nob" case is a typical example involving a former Deutsche Bank Manning Director and his coterie, which has turned out to be one of the UKs' largest insider trading case.
KnowIT: Network Activity (4) & Insider Breach via document tracking (3) would have assisted the Administrator by flagging unusual manoeuvring of documents and a large variance in Network activity as a result of those document movements.
Insurance brokers frequently receive confidential information about the business plans of listed companies which may include early notice of merger and acquisition plans via the unusual renewal Directors and Officers liability placements. Such information exposes the relevant employees to the temptation of trading on such information.
As shown above, the risk of Market Abuse by Employees can be addressed effectively with the assistance of Monitoring tools such as KnowIT and through internal processes for those Employees known to be "in scope" of Market Abuse Regulations by highlighting and describing the consequences of ignoring those restrictions.
For more information on KnowIT in the first instance please get in touch using the JDCC contact details