Financial Institutions Are by Their Nature Big Beasts: Interview With Brian Alexander

What are the largest risks and liabilities that financial institutions face? Do you think there are any specific risks especially relevant for financial institutions in Serbia? 

Аlexander: When we look at risk we look into the profile of the client and their inherent internal risks. 
 
Banks are perceived as rich in all societies and as such can be one of the first to be tested in legal cases. People are more likely to sue a bank than any other company as both they and their lawyers see them as lucrative targets. This coupled with the public perception of banks as being against the consumer means there is little sympathy in these cases. Professional Indemnity is the insurance which sees the highest losses for banks regularly due to these factors on a worldwide basis. 
 
With the perception of ready funds and financial data, a bank is one of the number one targets for hacking. We have seen the recognition of this by banks worldwide with high levels of security in this area. However, the security is only as strong as the weakest link and as discussed below this is the staff. Cyber Liability is a strong insurance product which helps in the case of lost data and liability carried under the law for this (GDPR etc.) but also in the clearing up after a hack. 
 
When we look at Serbia the focus is more on the crime element as the legal system is not yet at the level of the US or Western Europe in terms of recognising consumer rights (although it is moving more in this direction). Over the past 20 years, the main insurance risk in Serbia for banks has been from crime and in particular Internal Crime (Employee Infidelity as it is termed in the policies). 
 
Internal crime is one of the more difficult losses for an institution as it is both a breach of trust and also shows that controls were not as robust as was perhaps perceived. The second point is not always the case as trust is one of the key weak links in any system. When we look at typical fraud there is almost always an element where the person involved has managed to gain the trust to complete transactions on their own without oversight. The usual fraudster will have been in the organisation for at least 3 years but more typically 5-10 years and likely in the same role. They will be seen as reliable and good at what they do, likely working long hours and not taking many holidays. This leads to them not being monitored quite so much, because they have been so proficient over the years. 
 
In Serbia, we have seen fraud in the banks with losses over €1.000.000 several times and also a good deal of sub €1.000.000 losses as well. Internal crime has an almost limitless ceiling within a bank or Financial institution as most assets are dematerialised these days so movements of funds electronically are only really hindered by how to cover it up.
 
The days of the robber with a gun entering the branch being the main crime risk are long over and when we consider the sentence for robbing using a computer is around 2 years, robbing with a gun is 8-10 years, we can see it is better to use electronic means to rob. In terms of robbery by electronic means, it is almost always facilitated by a member of staff when practised in a bank.
 
When we discuss insurance with banks in Serbia and the greater region, the emphasis is always on crime insurance first and foremost as this is where we have seen the most claims. Insurers have the right to subrogation in the policies, but in my experience, very little ever gets recovered, so uninsured losses tend to be absolute. 



What is the unique value clients get from Directors and Officers insurance? 

Аlexander: Directors and Officers Insurance is a unique product in that it is protecting the decision-makers themselves and their assets. 
 
The insurance was created to ensure that the decision-makers in organisations could make bold choices in how to run the business without having to worry should it not work out as they had hoped. Of course, if they are reckless or criminal this will not be covered, but good faith decision-making will be. This allows an organisation to take calculated risks without the potential personal downsides that failure could bring personally.
 
The policy operates on two levels. The first is as essentially a legal expenses policy where accusations of wrongful conduct against an individual will be defended using the policy to pay legal fees, expert fees and the like. The second part is to pay any damages which are awarded against the director(s) as a result of the case. We can cover fines and penalties as long as the legal system in the country allows this.
 


Regarding underwriting risks, could you bring some insights into what the whole underwriting process for financial institutions looks like and what are the relevant limits here?

Аlexander: Firstly the limits are particular to each country and organisation based on their risk profile and willingness to bear risk. We have many peer examples that mean we can benchmark the organisation, but it is not a one size fits all process. This is where experience comes into play and setting the right levels of both limits and deductibles based on the above is one of the key roles of the broker in the process. 
 
When we get to the underwriting of the risk, the key here is information. The more the insurers have the more closely the premium will reflect the actual risk. Clients who give the bare minimum asked will have the biggest fluctuations in pricing. 
 
The main information the insurers are looking for is the number of staff (crime), fees and revenues (PI), assets (D&O) and unique data points (Cyber). All will look into the security and decision-making process of the bank and the latest financial information will be important too. The financials are an interesting point as for D&O their use is clear – a profit-making bank will be less likely to have their decision-making process examined leading to lawsuits – but for crime, it is important too as a failing bank can lead to staff feeling insecure and historically this leads to some committing fraud as they fear that there will be no money left to pay them in the event of redundancy. 
 
The process begins with the filling in of the proposal forms and the discussion of relevant limits with the broker. The broker will then approach insurers that they know are interested in Serbia and acquire quotes on behalf of the client. These will then be analysed based on the cover offered and the price, after which they will be presented to the client with a recommendation on which is felt is best. 


What are the steps in the process of claim settlements, especially crime claims, for financial institutions? What are the main obstacles in this process? 

Аlexander: Claims handling is a relatively painless process for clients as most of the process is managed between the broker and the insurer. 
 
In terms of crime claims once the potential loss is discovered then it is time to tell your broker. They will then inform the client of the issue and the insurer will open a file. The full information is not required at this moment, just the potential of a loss. If there is suspicion of a loss then you should always notify it, there are time conditions on notification of a claim and these are strict because something left can develop into a larger loss. The insurers are experienced in handling claims like this as they see them from all over the world, so are best placed to know what to do. It is in the client’s interest to get them involved as soon as possible, even if it is just a suspicion.
 
Once it is established that something in all probability has happened then a loss adjuster will be appointed. They will speak to the client and establish the likely cause of the loss. They will conduct interviews and ask for relevant documents for the case. The faster they receive these the sooner the loss will be established and payment made. They are highly experienced companies and will likely have seen the scenario before so they tend to know what is needed to prove the claim. 
 
After their report is passed on to the insurers the insurer will then decide on what will be paid. In the main most claims are paid in full within 6 months for a crime claim. Very complex claims can take longer, but in the main, these are rare in Serbia. 
 
In the past, we have seen a reluctance to give information to the adjuster. This is due to perceptions of issues around confidentiality from the client. It should be known that it is not in the interests of the insurer or the adjuster to leak any information, indeed the adjuster must work based on complete confidentiality, and they will not do so as a breach of trust like this will have serious reputational issues and likely see them lose business as a result.

What are the main misconceptions that clients in Financial Institutions might have when it comes to crime insurance? 

Аlexander: The major misconception is that the claim will not be paid until there is a court case proving the loss has happened with the individual being found guilty. This is not the case. The insurance does not mention this within the contract and indeed it would make it a poor product if it did. The claims are paid based on probability, so there does not need to be 100% certainty that the loss happened as suspected. In cases where it is closer to 50:50, there will be a need for more information, but most are more like 80:20. The wording used is tried and tested and most scenarios have been seen before, so fast decisions and knowing where to look are the norm. Another misconception is that improper financial gain (theft of money for the perpetrators’ use) must be fully proven. Again there are many ways that this can be shown without the smoking gun of a bank account.
 
We also see that deductibles can be off-putting for clients. Crime insurance is one of the most ’used’ insurances and therefore reporting every claim has a much higher cost than say D&O. The deductible is there to keep it more affordable because in a scenario where every theft is covered from €0 then the insurer may need a member of staff just for this one client to handle the claims. Looking at it from this perspective the cost would be enormous before the risk is taken into account. For this reason, we always discuss crime in terms of catastrophe risk, i.e. one which is above the pain threshold for the bank. This is where the discussion with the broker is important as deductibles can have a serious impact on price.


What is the added value that an insurance broker brings to the clients in the finance industry?

Аlexander: Whilst the risk department of any bank will know its specific risk better than anyone else, the broker brings the breadth of experience of many clients to the table. Benchmarking your risk and having access to the worldwide market are two key drivers for getting the best deal. 
 
The idea of a broker being just an individual to take your risk to the market and provide a price is an old one and the modern broker will work with you as a risk consultant to ensure that you are getting the best coverage for the best price. Experience is key here as the more we have seen, the more we can bring to the conversation. In my time as both an underwriter and a broker, I have probably seen most claims and insurance policies for banks in South Eastern Europe and also worked with the insurers who are keen to do business here. I also paid most of the claims.
 
With a broker such as GrECo, we are a Central and Eastern Europe-based broker (this is all we do, Serbia is not just a number on a balance sheet it is core to our business), but with experienced individuals who have worked in the major insurance markets around the world. I was the leading underwriter of CEE Financial Institutions risks for over 15 years at Lloyd’s of London for example. This experience and breadth of knowledge allow us to be truly specialist brokers and risk consultants rather than a salesforce.