December 6, 2019 by Dan McKenzie, Principal Solution Architect, Financial Crimes, SAS
Cutting-edge developments in analytics, machine learning and artificial intelligence promise powerfully enhanced anti-fraud capabilities for insurers. Software can recognize and even learn patterns that detect and prevent fraud, while speeding customer service and reducing false positives.
“Enhance” is the key word. The most sophisticated software tools are worthless if they aren’t built on a solid foundation of business processes. Steps 5 and 6 of an anti-fraud strategy aren’t helpful if Steps 1 and 2 are neglected.
Fundamentally-sound business practices deliver results on their own. But when they are the core of a platform designed to feed those high-tech, analytical tools, the results can only improve.
Rules about rules
The simplest tools are the most powerful. Years of underwriting and investigative experience teaches the patterns of customer and provider behaviour that should be red flags. For example, do personal injury and auto property damage correspond? Can four people suffer soft-tissue damage from a minor fender-bender? Was the accident reported to police? How recently was the policy taken out? What’s the value of the car? People stage accidents with 1990-era Toyota Tercels, not brand-new Maseratis.
Similar rules aimed at third-party service providers can ferret out even more fraud. A customer can defraud a company out of a few hundred or thousands of dollars, but providers can cost companies millions. The “Impossible Day” is a standard: you can’t provide 27 hours of service if you’re open nine to five. Do all of a provider’s invoices bump up against the limit for reimbursement? Do the costs of services line up with the industry average? Is a supplier submitting a large number of invoices for customers who work for the same company?
This doesn’t require a huge software solution. A SQL database is enough for a basic set of rules. A dozen rules is a good starting point. Too many rules return too many false positives.
Keen-eyed adjusters will catch these red flags, but there is a limit to how much a human being can review. Applying an automated rule set allows an insurer to vet all claims.
Here are a few rules about the rules:
• They must be simple.
• They must provide output that is
easy to understand, and upon which
it is easy to act.
• They are not static. They must be adapted or retired as circumstances change.
• They don’t all carry the same weight.
Accentuate the negative
Negative lists are another fundamental tool. They spell out banned businesses with which the organization will not work, and/or business partners that will be subject to a greater degree of scrutiny.
Organizations take pride in the comprehensiveness of their negative lists and maintain them zealously. They are a pillar of banking, money-laundering and insurance fraud strategies. Negative list data must be used when onboarding a customer, provider or employee, and whenever sending money out of the organization.
Like rules, negative list data are dynamic. Blacklisted suppliers shut down operations and start new ones with new identity information. Fortunately, it’s very difficult and expensive to create a new identity that will survive scrutiny, so the majority of fraudsters recycle identity information. They shorten or change names, blend fields — addresses, phone numbers — from a variety of identities.
Output from different lists must be treated differently. Phone numbers are retired and returned to the carrier pool relatively quickly, so they stay “bad” for only a few months. Address changes take more time, so they stay bad longer. Driver’s licence numbers are gold: like social insurance numbers, they are nearly impossible to change, and stay bad for good.
Building on the basics
Based on the fundamentals, insurers can use new technologies to enhance their anti-fraud strategies. Rules provide a toe-in-the-water opportunity for predictive analytics (PA). PA can help determine the weighting of various rules and model behaviour, focusing an investigator’s time on the most likely fraud candidates.
There are quick wins when applying artificial intelligence (AI) and machine learning (ML). AI can hone the weighting and thresholds of rules. Because AI and ML are self-teaching, they can detect previously unknown patterns of behaviour that correspond to fraud. They are also useful for anomaly detection. Rules alone are difficult to apply to providers because of the variety of industries involved. ML can build rules based on industry norms and practices.
Social network analysis can reveal connections among suspect identities. Don’t confuse it with social media or consumer-oriented social platforms, though they can be included. For example, a financial services provider can use list data across lines of business, including insurance, and discover thousands of undetected fraud risks. Social network analysis displays the links among various identities as a web, with suspect connections highlighted. If a particular identity’s web is three-quarters red, there’s a strong possibility of fraud.
These technologies are not Step 1 or 2. Don’t underestimate the power of doing the fundamentals right. Start with a roomful of your best talent — underwriters, adjusters, investigators, and IT staff — and a whiteboard. Choose your rules carefully, be rigorous with negative lists, and build out automation from there.
Dan McKenzie of SAS has more than 15 years of experience in anti-money laundering and detecting insurance fraud. He has more than 25 years of experience in financial services.