Insurance agent fraud

Using data analytics for detection of premium misappropriation

By Sheechean Ho, CFE

Here are ways insurance agents can misappropriate funds:

  1. Lapping: They steal premiums and cover them up by crediting a fake customer account with another customer’s premium.
  2. Skimming: They steal premiums before the payments are credited into the customers’ accounts maintained by the insurer.
  3. Fictitious policies: They create these by “investing” their own money as premiums. They use money from insurance companies’ incentive programs and bonuses to cover the “investments.” After they receive this money, they let the fictitious policies lapse. Crooked agents can also sell policies to customers and then neglect to file the policies with the carriers. Most customers don’t want to file claims on policies, especially early in the terms, because they fear that their premiums will rise. Therefore, the agents keep all documentation on the policies instead of turning it over to the carriers. The agents are able to skim the customer’s payments because the carriers don’t know the policies exist. (See the ACFE 2014 Fraud Examiners Manual, 1.306.)
  4. Forgery: They forge policyholders’ signatures to steal premiums and cash values of insurance policies.
  5. Churning: They persuade their customers to terminate their existing policies and buy new ones so they can earn extra commissions. Usually, they don’t tell the customers that they’ll lose money by switching to new policies.

Forensic data analysts can find anomalies or outliers in data sets of insurance policies and drill down to minimize these potential frauds in insurance premium payments. 

Here are some of the most common examples of fraud risk criteria or analytic parameters: 

  1. Analyses on data from policies, policy holders and agents: Analysts can examine trends, product types and premium payments. Also, they can search policies to map relationships among agents and policyholders to identify premiums paid by non-family members. It may also be unusual if a long-term policyholder abruptly stops payments.
  2. Fuzzy matches on names and addresses, bank accounts and telephone numbers: Often, policyholders completely trust their agents to handle all insurance policy details. Risk is high and fraud awareness is low. Don’t be surprised to see plenty of personally identifiable information (PII) matches.
  3. Identity card check and analysis: In some countries, identity cards contain PII such as gender and addresses plus date and location of births, which can be useful in identifying anomalies and verifying information stored in company databases. Analysts can easily spot unmatched data by setting parameters with policyholders’ identity card numbers. Further investigation of the unmatched data may potentially discover fraudulent agents who used fictitious identities to create fake insurance policies.
  4. Lapsed policies: If policyholders fail to pay premiums, their policies could lapse, and they could lose the cash values. Similarly, if a fraudulent agent created fictitious policies to achieve sales targets and receive sales incentives, he would likely let those policies lapse. Analysts can drill down into policy portfolios to discover unusual patterns in the frequency and the quantity of lapsed policies, which could indicate fraud.
  5. Change of ownership details and cash-value withdrawals: As we can see from the opening case, one of the easiest ways to defraud policyholders is to forge their signatures, change some details of their bank accounts and telephone numbers and withdraw cash values. Typically, an insurer would make a telephone call to the policyholder to verify the withdrawal, but the fraudster wouldn’t have to worry because he changed the PII, and the crime couldn’t necessarily be traced back to him, at least at first. As in the opening case, when the fraud is eventually discovered, the fraudster is long gone. Using data analytics in identifying patterns of policy withdrawal after change of ownership details can be very useful in detection of this type of insurance fraud.
  6. Date-gap analysis to detect churning: Analysts can identify the dates between the terminations of existing policies and customers signing new policies for insurance products with similar features. Short date gaps can indicate that agents persuaded the customers to cancel their policies and purchase new ones so the agents can earn extra commissions.

Most of the initial results from the data analytic attempts in these very common risk criteria will be false hits so CFEs will further investigate to affirm the nature and authenticity of the transactions. Hence, CFEs will need to apply some business sense on the analyses to identify the highest-risk transactions. 

We may consider an insurance policy as high risk and worth the time to further drill down when these criteria are met:

  • The policy has lapsed for months.
  • Unmatched data is discovered on a policyholder’s identity card. For example, company records show that the policyholder is a male, but the identity card number indicates the person is female.
  • The contact details of the policyholder were recently changed.
  • The cash value of the policy was withdrawn immediately after the contact details were changed. 

CFEs should analyze the policies frequently to detect fraud early and minimize losses.


CFEs could find many reasons not to analyze insurance policies to detect thieving agents: too many false hits, resource constraints in investigating all the red flags and the practicality of implementing regularly. However, I believe surmounting these hurdles will yield serious fraud. Most insurance agents are honest, but it only takes a few crooked ones to incur some huge costs.