Dirty money

The 2005 third EU Anti-Money Laundering Directive, plus guidelines issued by the Financial Action Task Force (FATF), oblige insurance companies to harden their defences against money laundering and terrorist financing. Companies are required to have - and be able to demonstrate that they have - adequate internal policies, procedures and controls in place to detect and prevent money laundering.

In addition, the Directive requires identity checks on customers opening new policies, stricter checks on politically exposed people and checks on any transaction over €15,000.

If companies fail to comply with these requirements, or are found to be transacting business with listed individuals, companies or countries, insurers face considerable fines and the possibility of criminal charges being brought against their directors.

While regulation in the insurance industry isn't new, it is true to say that, to date, regulators have focused more attention on banking institutions. There is now clear evidence that regulation will be enforced with increased vigour in the insurance industry.

The rules introduced in October 2005 by America's Financial Crime Enforcement Network (FinCEN), which will enforce US insurance companies to establish anti-money laundering programmes and file suspicious activity reports, is just one example of global moves to enforce compliance.

Rosemary Turley, a director of financial crime and compliance software company Norkom, points to action both in Europe and the US that will force insurance companies to step up to the mark. "Regulation has existed for some time that requires insurance companies to take action. However, that regulation will now be pursued with more vigour as regulatory attention - firmly focused on the banks in recent years - turns to the insurance industry."

There are, says Turley, valuable lessons that insurers can draw from the banking industry's experience, as it prepares for new heat in the regulatory climate. "First, automation is vital. The regulation makes it clear that every financial institution should establish an anti-money laundering programme that is commensurate with its size, location and activities. Given the sheer volume of transactions, it's impossible to imagine that even a moderately sized firm could hope to undertake the systematic monitoring of transactions and payments across all parties demanded by the regulator by using a manual system."

Turley also advises companies to look to the future and tackle the issue of compliance on a global rather than regional basis. "The majority of the world's major insurance companies operate internationally. Though regulatory requirements may differ in detail from one region to the next the general approach will be similar. Allowing regional operations to develop systems and solutions in a piecemeal fashion will prove both expensive and inefficient. Only by establishing a universal approach - consistent but flexible enough to accommodate local variations - can companies limit their exposure."

Finally, Turley urges an holistic approach. "Insurers will be forced to examine their

regulatory exposure and adopt technology that will enable them to detect, investigate and report suspicious behaviour. But, while money laundering doesn't hit the insurers' bottom line, other areas of financial crime, including fraud, do.

"Choose technologies and processes that can be adapted to tackle a range of financial crime types. In short, use the same investment and effort to do what the regulator demands you do in order to protect the community and to do what your company needs to do to protect its long term financial performance," she adds.

The ABI estimates that fraud costs the UK insurance industry £4.6bn a year while America's Coalition Against Insurance Fraud puts the cost for the US industry at $26bn.

The Baloise Group became one of the first European general insurance providers to introduce automation to fight financial crime.

Baloise anti-money laundering group compliance officer Peter Kalberer says: "Regulatory demands, coupled with a strong desire to protect our business and our customers, gave us the impetus we needed to invest in technology.

"With more than two million policies and transactions a week, we knew that automation was the only practical way to be sure that each customer and policy was consistently checked against industry lists and any suspicious incidents reported to the regulator."

Though there are lessons that can usefully be drawn from the banking industry, there's one additional burden that will weigh heavily on the insurance industry. As is already the case in the US, it seems likely that future EU regulation will expect the insurance product provider to take direct responsibility for the anti-money laundering diligence of the brokers and intermediaries that sell their products.

Turley points out that a large proportion of insurance business is sold through third parties. That means any solution an insurer considers must be extendable to independent third party operators.

The new rules from FinCEN state that: "Given their direct contact with customers, insurance agents and brokers must be integrated into an insurance company's anti-money laundering programme and monitored for compliance. An insurance company's anti-money laundering programme must also include procedures for obtaining relevant customer-related information for an effective programme, either from its agents brokers or otherwise."

This is a point that Baloise is taking very seriously. "In addition to our policyholders we are monitoring all business relationship with external partners," says Kalberer. It is crucial that all insurance related companies embrace such an approach. IT

Six valuable lessons that insurers can draw from the banking industry's experience, by Norkom's Rosemary Turley

1. Automate early - no manual system, no matter how diligently pursued, will protect your interests or satisfy the regulator.

2. Where appropriate take an international approach - centralised policies protect the business but are flexible enough to accommodate regional regulatory variations.

3. Consider your partners - you'll be held responsible for their compliance.

4. Maintain detailed audit trails - the regulator can open up investigations retrospectively on any transaction and will expect you to have years of historical data at your fingertips.

5. Use the impetus of regulatory demands to address your exposure to crime - adopt a solution that can be used to detect fraud and other crime as well as money laundering.

6. When automating processes, look for technology that is proven to work across international operations and across multiple organisations.

Risk to insurance companies
"Insurance entities have become major
targets of money laundering operations because of the variety of services and investment vehicles offered that can be used to conceal the source of money. Money laundering poses significant reputational and financial risk to insurance entities, as well as the risk of criminal prosecution if they become involved in laundering the proceeds of crime." International Association of Insurance Supervisors