Blending data & technology to improve compliance
Insurtech is playing a leading role in preventing and detecting improper payments or employee behavior.
People have been trying to defraud insurance companies almost as long as the concept of insurance was invented. Ensuring proper controls and anti-fraud monitoring inside the walls of today’s insurance company is nothing new. However, what is new is how technology is emerging to play a key role in the prevention and detection of potentially improper payments or rogue employee behavior.
In most organizations, analytics are becoming ubiquitous. The risk, legal and compliance functions, which traditionally solely relied on knowledge of rules, regulations, policy and law, are no exception.
Data science is changing how compliance is run
Until recently, ethics and compliance programs have traditionally focused on the legal aspects of policy, regulatory requirements, employee training and investigating (even policing) activities. A risk and compliance officer might also collaborate with the control and procurement functions to introduce financial and other diligence controls, but adherence to such processes was either left to other functions to enforce or subject to periodic audits that are inherently limited in scope, expensive, cumbersome, and disruptive to administer.
While no doubt important to the business, these activities often indicated trouble, either well after the fact or worse, when a crisis was already at hand. What is more, they uniformly lack data-driven insights that enable proactive decision making, risk mitigation and improve company performance.
The analysis of business transactions such as payments to third-party claimants, vendors, policy underwriting and premium collections, even employee expense reimbursements or communication/information patterns to proactively measure compliance effectiveness was typically delegated to the claims, internal audit or finance departments. As a result, traditional compliance deliverables tended to be reactive and disciplinary. They were also inclined to interest only a limited number of risk-oriented professionals within an organization. The phrase “compliance fatigue” has become a popular characterization where too many manual rules, policies and procedures tend to be viewed by the employees, and sometimes management, as business inhibitors to driving growth. This no longer needs to be the case.
Integrating data science and analytics resources into traditional compliance functions gives risk professionals a tremendous opportunity to drive better business transparency, which in turn drives better business performance. Taking a metrics-driven, coaching approach (vs. an authoritative, investigative, legal approach) to driving business integrity is helping risk and compliance professionals:
- Conduct better, more fact-based risk assessments, spotting high-risk geographies, product lines, or business units.
- Spot risks and anomalies, almost in half the time and cost.
- Conduct timely, relevant employee training that is interactive and continuously being adapted to changing risk landscapes.
- Reduce investigation costs by having data centrally organized and available.
- Enable compliance to present risks in a timelier, data-driven manner.
- Empower easier collaboration across functions to address core risk management challenges.
- Improve business performance and increase profitability.
Learning to walk before you fly
Over the last few years, the insurance industry has begun to embrace innovation and explore technologies that will streamline processes, increase efficiencies and save costs. Danielle Kaminski, Esq. COO of Periculus, states, “The use of AI is poised to reshape everything from customer engagement to underwriting and claims management. Tech platforms are currently being used to detect fraudulent claims by providing solutions including searching for patterns and identifying anomalies.”
According to Kaminski, “These solutions cut down on manual searches, increase accuracy and allow fraud analysts to focus on claims that are flagged. Ultimately, the solutions will save insurers from making payments on fraudulent claims, improving their bottom line, and benefiting their insureds by helping to lower premiums.”
We often hear the complaint that a company can’t utilize analytics in a compliance department because so much of its compliance program is “paper-based.” But here are some of the opportunities that risk and compliance professionals can evaluate within their organization to integrate technology into their compliance program:
- Robotization and workflow optimization. Compliance, especially within insurance companies, inevitably involves a high degree of process. An organization cannot certify which executives have been trained, which whistleblower reports have been investigated, which policyholders or third parties have been vetted without tracking and monitoring. If done well, automation can simultaneously remove mundane workflows and allow compliance to focus on the trends and pattern analysis that drive meaningful decision-making.
- Mobile. According to the research site Statista, there are more than 6 billion smartphone users worldwide in 2021. We predict that as training becomes increasingly mobile, those who can capture attention and communicate in a memorable way that translates well to a mobile device will have significantly more lasting power.
- Identifying relevant data sets. Traditional compliance assessments in insurance tend to focus on the extent to which a business is regulated, the jurisdictions in which it operates and the financial control environment, to name a few. Organizations that are investing in artificial intelligence will be investing in improving the data hygiene of their systems, particularly concerning how a company pays third parties or tracks sales to customers or distributors. Compliance insights do not need to come solely from compliance department data — in fact, in almost all cases, it is more insightful for business risks if it does not. For example, the data sets that a revenue management function would find desirable to review sales margins are the same data sets that would yield insights into fraud and abuse for compliance.
The advent of unsupervised learning
With so many companies looking at digital transformation and technology initiatives to reduce costs and seek competitive advantages, the continued buzz around artificial intelligence, particularly around the subset focused on machine learning, is an important element to understand and apply when seeking to enhance your risk and compliance monitoring functions. Specifically, the advent of unsupervised machine learning in compliance is particularly relevant given the conspicuous and hidden nature of fraud and corruptions schemes. But first, it is important to understand the differences between supervised versus unsupervised learning.
In supervised learning, the individual trains the machine using data that is “tagged.” This means that some records (e.g., transactions) are tagged with the correct answer, such as “relevant,” “potential fake claim,” “potential fake invoice,” and the like. It can be compared to learning with the supervision of a person who can fine-tune (supervise) and revise the model to find more statistically similar transactions.
Unsupervised learning does not need a human to supervise or train the model by feeding it known outcomes. Instead, the machine seeks to teach itself to improve the predictive model and work on its own to discover patterns and information that are statistically relevant. Model outputs include the key variables or transactions driving certain outcomes such as:
- What are the outlier or unusual transactions?
- What patterns and trends look suspicious?
- Who are the most anomalous claimants or customers, and why?
As a result, unsupervised learning algorithms enable you to perform more complex processing tasks, across more disparate data sets, as compared to supervised learning.
Compliance vision of the future
The compliance vision of the future provides risk and compliance professionals with ultimate visibility into the core business activities of the organization with preventive and detective controls that are designed to keep the business and employees out of trouble, while also improving business performance. Data science and the “operationalization” of key business risk metrics through analytics technologies available now are changing how compliance departments are run.
No longer is compliance just a legal, policy and internal investigations function of the business. Rather, compliance is part of an integrated team of legal, information technology, data science and accounting professionals working together to drive business integrity, business transparency and profitable growth using leading analytics techniques that drive, or at least influence, more responsible employee decision-making and integrity.
Expanding outside the company, some industries and groups have developed data-sharing consortiums, where companies contribute certain data into an aggregated database that all member organizations can access. This is a key trend among global companies that will significantly expand in the next decade — particularly as the use of blockchain technologies, data cleansing and data privacy/anonymization become more mainstream. Data sharing consortiums can help member organizations benefit from the collective data of the group to identify recurrent trends, high-risk third parties and protect themselves from known schemes in their group or industry.
In a 2019 Anti-Fraud Technology Benchmarking Report sponsored by the Association of Certified Fraud Examiners and the SAS Institute, 29% of companies surveyed currently contribute to such an anti-fraud/compliance consortium and another 21% said they currently do not contribute but would be willing to contribute in the future. Clearly, in this digital age, there is a demand for compliance professionals to embrace technology and develop insights that are shared both within the confines of the organization and perhaps among industry peers as well.
Henry Dicker (hdicker@lowersforensics.com) is senior vice president, client engagement at Lowers Forensics International. Vincent M. Walden, CFE, CPA, (vwalden@alvarezandmarsal.com) is a managing director with Alvarez & Marsal’s disputes and investigations practice.
Related: