Financial Institutions Are by Their Nature Big Beasts: Interview With Brian Alexander

Brian Alexander, GrECo Group Practice Leader, shared his insights into struggles that Financial Institutions face regarding crime, the unique value clients get from Directors and Officers insurance and the specific insurance situation in Serbia. This interview was originally published in Svet bankarstva, a publication dedicated to banking sector developments in Serbia.

What are the main benefits of insurance solutions for financial institutions? 

Аlexander: Financial Institutions are by their nature big beasts. They have many interconnecting parts which raise the risk profile more than in traditional business. Each country has its particular quirks and so the experience of insurers and brokers from a risk perspective can be particularly telling as they get to see most of the institutions’ peers on a geographical basis so sometimes they can see issues arising faster than risk departments.
 
The main bank focused insurance of Bankers Blanket Bond (Crime), Professional Indemnity, Directors and Officers Liability and Cyber Liability have been in existence for many years, with a crime, in particular, having a history of 120 years, and in this time they have been tailored to the needs of banks and other Financial Institutions such as Investment Management (which has its specific product) so the cover is as broad as possible for the institutions. 

What are the largest risks and liabilities that financial institutions face? Do you think there are any specific risks especially relevant for financial institutions in Serbia? 

Аlexander: When we look at risk we look into the profile of the client and their inherent internal risks. 
 
Banks are perceived as rich in all societies and as such can be one of the first to be tested in legal cases. People are more likely to sue a bank than any other company as both they and their lawyers see them as lucrative targets. This coupled with the public perception of banks as being against the consumer means there is little sympathy in these cases. Professional Indemnity is the insurance which sees the highest losses for banks regularly due to these factors on a worldwide basis. 
 
With the perception of ready funds and financial data, a bank is one of the number one targets for hacking. We have seen the recognition of this by banks worldwide with high levels of security in this area. However, the security is only as strong as the weakest link and as discussed below this is the staff. Cyber Liability is a strong insurance product which helps in the case of lost data and liability carried under the law for this (GDPR etc.) but also in the clearing up after a hack. 
 
When we look at Serbia the focus is more on the crime element as the legal system is not yet at the level of the US or Western Europe in terms of recognising consumer rights (although it is moving more in this direction). Over the past 20 years, the main insurance risk in Serbia for banks has been from crime and in particular Internal Crime (Employee Infidelity as it is termed in the policies). 
 
Internal crime is one of the more difficult losses for an institution as it is both a breach of trust and also shows that controls were not as robust as was perhaps perceived. The second point is not always the case as trust is one of the key weak links in any system. When we look at typical fraud there is almost always an element where the person involved has managed to gain the trust to complete transactions on their own without oversight. The usual fraudster will have been in the organisation for at least 3 years but more typically 5-10 years and likely in the same role. They will be seen as reliable and good at what they do, likely working long hours and not taking many holidays. This leads to them not being monitored quite so much, because they have been so proficient over the years. 
 
In Serbia, we have seen fraud in the banks with losses over €1.000.000 several times and also a good deal of sub €1.000.000 losses as well. Internal crime has an almost limitless ceiling within a bank or Financial institution as most assets are dematerialised these days so movements of funds electronically are only really hindered by how to cover it up.
 
The days of the robber with a gun entering the branch being the main crime risk are long over and when we consider the sentence for robbing using a computer is around 2 years, robbing with a gun is 8-10 years, we can see it is better to use electronic means to rob. In terms of robbery by electronic means, it is almost always facilitated by a member of staff when practised in a bank.
 
When we discuss insurance with banks in Serbia and the greater region, the emphasis is always on crime insurance first and foremost as this is where we have seen the most claims. Insurers have the right to subrogation in the policies, but in my experience, very little ever gets recovered, so uninsured losses tend to be absolute. 



What is the unique value clients get from Directors and Officers insurance? 

Аlexander: Directors and Officers Insurance is a unique product in that it is protecting the decision-makers themselves and their assets. 
 
The insurance was created to ensure that the decision-makers in organisations could make bold choices in how to run the business without having to worry should it not work out as they had hoped. Of course, if they are reckless or criminal this will not be covered, but good faith decision-making will be. This allows an organisation to take calculated risks without the potential personal downsides that failure could bring personally.
 
The policy operates on two levels. The first is as essentially a legal expenses policy where accusations of wrongful conduct against an individual will be defended using the policy to pay legal fees, expert fees and the like. The second part is to pay any damages which are awarded against the director(s) as a result of the case. We can cover fines and penalties as long as the legal system in the country allows this.
 


Regarding underwriting risks, could you bring some insights into what the whole underwriting process for financial institutions looks like and what are the relevant limits here?

Аlexander: Firstly the limits are particular to each country and organisation based on their risk profile and willingness to bear risk. We have many peer examples that mean we can benchmark the organisation, but it is not a one size fits all process. This is where experience comes into play and setting the right levels of both limits and deductibles based on the above is one of the key roles of the broker in the process. 
 
When we get to the underwriting of the risk, the key here is information. The more the insurers have the more closely the premium will reflect the actual risk. Clients who give the bare minimum asked will have the biggest fluctuations in pricing. 
 
The main information the insurers are looking for is the number of staff (crime), fees and revenues (PI), assets (D&O) and unique data points (Cyber). All will look into the security and decision-making process of the bank and the latest financial information will be important too. The financials are an interesting point as for D&O their use is clear – a profit-making bank will be less likely to have their decision-making process examined leading to lawsuits – but for crime, it is important too as a failing bank can lead to staff feeling insecure and historically this leads to some committing fraud as they fear that there will be no money left to pay them in the event of redundancy. 
 
The process begins with the filling in of the proposal forms and the discussion of relevant limits with the broker. The broker will then approach insurers that they know are interested in Serbia and acquire quotes on behalf of the client. These will then be analysed based on the cover offered and the price, after which they will be presented to the client with a recommendation on which is felt is best. 


What are the steps in the process of claim settlements, especially crime claims, for financial institutions? What are the main obstacles in this process? 

Аlexander: Claims handling is a relatively painless process for clients as most of the process is managed between the broker and the insurer. 
 
In terms of crime claims once the potential loss is discovered then it is time to tell your broker. They will then inform the client of the issue and the insurer will open a file. The full information is not required at this moment, just the potential of a loss. If there is suspicion of a loss then you should always notify it, there are time conditions on notification of a claim and these are strict because something left can develop into a larger loss. The insurers are experienced in handling claims like this as they see them from all over the world, so are best placed to know what to do. It is in the client’s interest to get them involved as soon as possible, even if it is just a suspicion.
 
Once it is established that something in all probability has happened then a loss adjuster will be appointed. They will speak to the client and establish the likely cause of the loss. They will conduct interviews and ask for relevant documents for the case. The faster they receive these the sooner the loss will be established and payment made. They are highly experienced companies and will likely have seen the scenario before so they tend to know what is needed to prove the claim. 
 
After their report is passed on to the insurers the insurer will then decide on what will be paid. In the main most claims are paid in full within 6 months for a crime claim. Very complex claims can take longer, but in the main, these are rare in Serbia. 
 
In the past, we have seen a reluctance to give information to the adjuster. This is due to perceptions of issues around confidentiality from the client. It should be known that it is not in the interests of the insurer or the adjuster to leak any information, indeed the adjuster must work based on complete confidentiality, and they will not do so as a breach of trust like this will have serious reputational issues and likely see them lose business as a result.

What are the main misconceptions that clients in Financial Institutions might have when it comes to crime insurance? 

Аlexander: The major misconception is that the claim will not be paid until there is a court case proving the loss has happened with the individual being found guilty. This is not the case. The insurance does not mention this within the contract and indeed it would make it a poor product if it did. The claims are paid based on probability, so there does not need to be 100% certainty that the loss happened as suspected. In cases where it is closer to 50:50, there will be a need for more information, but most are more like 80:20. The wording used is tried and tested and most scenarios have been seen before, so fast decisions and knowing where to look are the norm. Another misconception is that improper financial gain (theft of money for the perpetrators’ use) must be fully proven. Again there are many ways that this can be shown without the smoking gun of a bank account.
 
We also see that deductibles can be off-putting for clients. Crime insurance is one of the most ’used’ insurances and therefore reporting every claim has a much higher cost than say D&O. The deductible is there to keep it more affordable because in a scenario where every theft is covered from €0 then the insurer may need a member of staff just for this one client to handle the claims. Looking at it from this perspective the cost would be enormous before the risk is taken into account. For this reason, we always discuss crime in terms of catastrophe risk, i.e. one which is above the pain threshold for the bank. This is where the discussion with the broker is important as deductibles can have a serious impact on price.


What is the added value that an insurance broker brings to the clients in the finance industry?

Аlexander: Whilst the risk department of any bank will know its specific risk better than anyone else, the broker brings the breadth of experience of many clients to the table. Benchmarking your risk and having access to the worldwide market are two key drivers for getting the best deal. 
 
The idea of a broker being just an individual to take your risk to the market and provide a price is an old one and the modern broker will work with you as a risk consultant to ensure that you are getting the best coverage for the best price. Experience is key here as the more we have seen, the more we can bring to the conversation. In my time as both an underwriter and a broker, I have probably seen most claims and insurance policies for banks in South Eastern Europe and also worked with the insurers who are keen to do business here. I also paid most of the claims.
 
With a broker such as GrECo, we are a Central and Eastern Europe-based broker (this is all we do, Serbia is not just a number on a balance sheet it is core to our business), but with experienced individuals who have worked in the major insurance markets around the world. I was the leading underwriter of CEE Financial Institutions risks for over 15 years at Lloyd’s of London for example. This experience and breadth of knowledge allow us to be truly specialist brokers and risk consultants rather than a salesforce. 
 

Brian Alexander

Group Practice Leader Financial Institutions

T +43 664 962 39 17

The Consequences of Opening Up

What does this mean for crime and D&O insurance?

As the light at the end of the Covid-19 tunnel comes into view, what can we expect when we return to the office? Unfortunately, times of uncertainty tend to also be the times of higher fraud and also times of blame.

To look to the closest analogy, we have in recent times, the 2008 financial crisis is the nearest we have to an unprecedented event such as the Covid-19 crisis. When times were good mistakes and irregularities tended to be overlooked especially in the banking sector. As the liquidity crisis started to hit home it required everyone to open their books and see what their real position was. What they saw was often a mess of poor control and lax lending / borrowing. In the good times, controls had dropped – we need only look to USA where the practice of NINJA (No Income, No Job or Assets) or Self Certified loans was running rampant leading to systematic fraud and the collapse of several famous banks in the country. In UK there was a thriving industry in defrauding banks on Buy to Let loans which also brought down some venerable old names. Generally loan fraud was running rampant in the Western banking system.

The rise of crime and D&O policies for banks in CEE

In my own experience of dealing with banks in Central and Eastern Europe this was a time of increased claims on the Crime polices of the banks, a lot of things that would be overlooked in the past were now being looked at more closely and the number of fraud claims tripled in just one year. The amounts were relatively large and showed that there had been lip service paid to lending controls and controls around accounts of wealthy clients.

There was also the first real increase in litigation against banks and commercial entities as lenders and shareholders looked for somebody to blame. When money is lost there is always someone whose fault it is, particularly when investment companies are involved. This led to the start of the interest in Directors and Officers insurance on a large scale in CEE.

So what can we expect in the coming year as the economies open up?

Given past events we would expect to see the discovery of more frauds. The average timeline of a major fraud in a bank is around 18 months, so if we look at July as being a realistic time for most controls to be released then this will mean that the whole of the Crisis from the first lockdown onwards will almost exactly match this timeline. The lack of supervision whilst working from home will have tempted some to try to defraud their employer (statistically around 0.2-0.5% of employees are committing fraud at any given time, mostly petty), combine this with the uncertainty around whether there will be jobs to return to and you have a potent mix for crime to flourish. We can also add to this the fact that desperate businesses may have been susceptible to paying ‘gratuities’ to helpful loan officers – a very common form of employee infidelity.

As businesses survey the wreckage of the past 18 months they will also have a battle for survival. Investors will try to minimize their losses and are likely to resort to litigation when there is no other option. This will likely take the form of looking into decisions made by the boards in the run up to and during the lockdowns (Did they close too early? Were they too cautious? Did they not move quickly enough to take advantage of the new normal?). It should also be remembered that Liquidators see a Directors and Officers policy as an asset of the company.

More frauds to be discovered after the Covid-19 crisis

In conclusion, if we see a similar trend as in 2008, then we will expect an increase in events which can be covered by Crime and D&O insurance. There is no reason to doubt that this will be the case as the underlying issues are similar in that a strong worldwide economy was moving towards recession and a devastating event pushed it over the edge. The liquidity crisis of 2007 onwards came from a lack of trust forming as recession started to appear on the horizon, Covid-19 struck just as the fundamentals were turning as well. Policies in boom times by their nature are more lax than desirable as we move for growth.

As Warren Buffett said: “Only when the tide goes out do you discover who’s been swimming naked.”

Related Insights

Brian Alexander

Group Practice Leader Financial Institutions

T +43 664 962 39 17

“We are the friendly face who is there to ensure that the process runs smoothly.”

Brian Alexander, Group Practice Leader Financial Institutions, talks with Robert Lloyd, Director at ASL about trends in Crime & Cyber claims, the effects of Covid-19 on claims and the neutral and objective position of the loss adjuster.

Alexander: Can you tell us a little bit about how you got into adjusting?

Lloyd: I qualified as a chartered accountant in 2009 specialising in audit. Whilst this was great experience, I wanted more variation in my day to day work and the opportunity to travel internationally.

If I’m being completely honest, I came across ASL by chance. The role sounded extremely interesting – so I went for it. I met the Senior Directors at the time and they talked about trips to Latin America, cash being stolen from armoured cars and bank robberies. It was fascinating and I’m still captivated 11 years later!

Alexander: How does the adjusting process work?

Lloyd: We’re appointed by Insurers to investigate the facts of a claim and the amount of the loss. To do this, we provide the Insured with one or more written lists of information and documentation required.

If it’s a small loss, we may just correspond with the Insured through the Brokers. Alternatively, if it’s a large and/or complex loss, we will typically travel to the Insured, wherever they are in the world, and go through our questions with them face to face. Video meetings are increasingly playing a part too.

Once we have all the information, we prepare a report to the Insurers setting out our findings. Based on our report, the Insurers decide whether or not the claim is payable and, if so, how much.

It’s important to note that, whilst we are appointed by the Insurers, we provide a neutral and objective assessment of the claim.

Alexander: What are the benefits of the adjusting process to an insured (client)?

Lloyd: The loss adjuster facilitates the entire claims process. At the outset, we can help guide the Insured as to what they should and shouldn’t do – we can help them try to mitigate their loss and prevent a recurrence.

Then, by asking targeted questions, and requesting only relevant documentation, the adjuster is able to efficiently extract the information required by the Insurers to determine policy response. The adjuster also ensures that the Insured’s representations are properly and clearly communicated to the Insurers.

Additionally, the loss adjuster is someone that the Insured can speak with, along with their Broker, to discuss the status of the claim or simply to explain how the process works – we deal with crime and cyber claims every day and are therefore very comfortable with the process and the issues that arise. The adjuster should be a friendly face who is there to ensure that the process runs smoothly and that the correct outcome is achieved for all parties.

In those instances where coverage issues arise, and in order to manage expectations, the adjuster is also able to work with the Broker to explain these to the Insured.

Alexander: What are the current trends you see in Crime and Cyber claims?

Lloyd:

  • An ever-increasing number of social engineering frauds where an Insured is tricked, usually over email, into paying away money by fraudsters pretending to be a colleague, client or supplier. This affects both Banks and commercial entities with cover potentially available under crime and cyber policies.
  • More ransomware attacks. This is where criminals insert malware into an Insured’s computer system and encrypt data. It typically takes a week or more to get the systems back online resulting in a loss of income, which can be claimed under the business interruption section of a cyber policy.
  • Frauds involving transactions made via mobile telephone / cellphone – exacerbated by the growth of mobile banking in developing countries.
  • We continue to see numerous loan frauds across the world – and particularly in Eastern Europe. These often involve dishonest employees within Banks colluding to issue loans in return for kickbacks.
  • We’re seeing fewer claims involving the forcible theft of cash from Banks’ premises, ATMs and in transit. Perhaps that’s because running into a branch with an automatic weapon gives a much higher risk of being caught than trying a social engineering fraud or hacking into a Bank’s system. The amount that can be stolen by forcible theft is typically is much lower too!

Alexander: Has Covid-19 seen an increase in claims from what you see?

Lloyd:

  • We’ve seen a marked increase in ransomware attacks and social engineering frauds because remote working has presented the ideal conditions for these types of fraud.
  • There’s been a temporary drop off in more conventional fraud being notified – such as individuals stealing money from their employers. However, this is likely because Insureds have only recently returned to their offices, or are yet to do so, and so have not yet uncovered these schemes. The pandemic has created the ideal environment for fraud and we’re expecting to see significantly increased volumes of crime claims later this year and into 2021.
  • There have also been more loan frauds notified by the large Trade Finance Banks. This is because the pandemic has caused a number of their corporate clients to default – and the Banks’ subsequent enquires have led them to believe that some of those loans may have been obtained under false pretences. The Banks therefore notify the matter to their crime policies.

About ASL
ASL are market leading loss adjusters and forensic accountants. We specialise in dealing with crime claims made by Banks and commercial entities. We also handle cyber claims.

ASL’s professional staff includes chartered accountants and lawyers. This gives us the necessary expertise when it comes to quantifying complex losses and providing coverage analysis for the crime and cyber Insurers.

We have offices in London and Dubai and, since 1988, have handled assignments in over 100 countries.

Related Insights

Brian Alexander

Group Practice Leader Financial Institutions

T +43 664 962 39 17