Keeping ahead of the bear when facing unprecedented pressures

As we enter the second half of the 2020s, we’re facing into an unprecedented combination of internal and external pressures in how we manage fraud. How individual insurers respond will not only dictate the winners and losers in tackling fraud loss, but also the strength or vulnerability of the industry as a whole.

There are many factors driving these pressures and the effectiveness of approach and prioritisation of controlling fraud will vary according to insurer appetite and respective maturity in managing fraud. Simply looking to stay ahead of our competitors rather than the ‘bear’ of insurance fraud is too narrow a focus.

Three pressure points stand out as challenges and opportunities:

• the drive for internal value
• impact of evolving regulation
• and the good and bad use of AI and technology.

The drive for value: There is a clear and present pressure on reducing operational cost, delivering incremental margin and revenue from across the organisation, and senior stakeholder demand for assurance on return on investment. The internal drive for value is understandable, but comes with the risk that fraud controls may be reduced, de-prioritised alongside other business initiatives, or with investment only on solid ‘banker’ projects.

The winners are likely to be those firms that genuinely embed transformation and fraud controls within these programmes, as well as those that keep ahead of the pack with an entrepreneurial approach to counter fraud investment. Playing too safe runs the risk of falling into a position of laggard while peers are investing and racing ahead. Pursuing solely self-centric interests risks the degradation of our collaborative industry defences, creating vulnerabilities open to exploitation and attracting the return of the bad actors we may well have previously deterred.

An evolution in external expectations: Something has changed. The political, legislative and regulatory expectations of how we manage fraud have evolved from being on the periphery of the regulatory radar into something very tangible. From the re-energised Insurance Sector Fraud Charter, to the recent FCA review on how banks and payment organisations are sharing fraud data with the fraud prevention agency Cifas, external levels of expectations on how regulated entities manage and co-operate in tackling fraud have changed at both a sectoral and individual organisation level.¹

And, unlike its older sibling corporate criminal offences (bribery and facilitation of tax evasion) which felt less connected to the world of retail insurance, the failure to prevent fraud offence within the Economic Crime and Corporate Transparency Act² cuts close to home. Not least is the potential for risks to crystallise in areas specific to insurance processes and procedures. Maturity in overall fraud risk management is demanded, with insurance fraud and occupational / corporate fraud now increasingly merged.

The move and counter move game in technology:  We learnt from the LabHost arrests in April 2024³ that rent-a-fraud services by organised crime is big business, enabling the scaled provision of advanced technology to be sold at minimal cost to dishonest customers wishing to perpetrate fraud. We’ve heard concerns from our banking peers about how ‘fraud as a service’ is affecting them and we’ve seen it ourselves in the rise of counterfeit document submission to insurers. For example, fake No Claims Discounts and documents supporting fabricated claims are increasingly being provided by online wholesalers known as ‘template farms’. ‘Fraud as a service’ is as an issue we must face into, but a risk we’re only really starting to get to grips with. It’s also one where we are frequently limited by common language (one firms perception of identity fraud, is another firm’s ghost broking and yet another’s application fraud, for example) that hinders our broad industry understanding of the extent to which technology driven fraud as a service is impacting us.

Our exposure may currently be limited, partly because we’re only seeing it materialise on the periphery of our risk radar and partly because insurance is still, overall, a less attractive or profitable target for the business organised fraudster. But as our push for intelligent automation and straight through processing increases we must, with all prudence, accept our attractiveness as a target will also increase. And here, the move and counter move in the use of increasingly AI driven attacks combines with the impact of the value drivers; posing the question who will successfully stay ahead of the bear, and the extent to which laggards or late adopters will be overtaken by peers and left vulnerable and exposed.

Conclusion

We’re experiencing a unique confluence of internal and external drivers. The extent to which the sector both protects itself from attack and shows the maturity demanded by our regulators depends not on the individual capability of each firm, but the appetite and execution of collaboration.

With its focus on changing times, the ABI counter fraud conference 2025 is a timely, highly relevant reminder of the commitment required by individual firms to protect the sector and our customers as a whole.

Matt is a Director at WHITELK Consulting, a fraud management consultancy. He will be chairing a panel session at our Fraud Conference on 2 April, where the panel will explore how the insurance industry’s counter fraud governance and strategy continue to evolve beyond general insurance, remain fit for purpose and joined up with the wider insurance market. 

—–

Notes

¹ In January 2025, the Financial Conduct Authority published its review of payment services providers use of the Cifas National Fraud Database to record money mule activity (the use of accounts to channel the proceeds of fraud). The review highlighted opportunities for the greater reporting of money mule activity to the NFD, lack of real time use of the NFD to monitor accounts and lack of reciprocity in the sharing of money mule fraud data. The FCA recognised the crucial role of the role of Cifas (fraud data sharing) in preventing, detecting and disrupting financial crime activity.

² The Economic Crime and Corporate Transparency Act 2023 introduces a new offence of failure to prevent fraud.  The offence will make it easier to hold organisations to account for fraud committed by employees, or other associated persons, which may benefit the organisation.  It is intended to encourage more organisations to implement or improve prevention procedures, driving a major shift in corporate culture to help prevent fraud.  By nature of insurance business practices such as subrogation, claims revenue and retail uplift, there are risks specific to insurance.

³ In April 2024, authorities from 19 countries raided 70 addresses making 34 arrests and shutting down the LabHost platform, a ‘fraud-as-a-service’ phishing service charging $249 a month for selling phishing kits to criminals.  Depending on the subscription, criminals were provided an escalating scope of targets.