The use of private investigators by insurers is widespread, and there are fears that rogue PIs could embroil the insurance industry in a scandal as big as phone hacking
Some activities by private investigators (PIs) hired by insurance companies are unethical and illegal, says Association of British Investigators governing council member Gavin Robertson.
“Insurers would be absolutely horrified if they knew what was going on,” says Robertson, a former Metropolitan Police detective superintendent.
The insurance industry may be unaware of these activities, which range from intimidating witnesses to placing tracking devices on cars. But it is very much the sector’s problem.
Insurers were mixed up in two criminal cases involving PIs in February this year. In one, investigator Campbell Smith was jailed for eight months for selling data to insurers. Smith is also being investigated by Scotland Yard over accusations of hacking emails for the News of the World newspaper.
While the insurers Smith dealt with have not been named, the scandal risks tainting the industry’s image. In fact, Robertson says the sector is risking a public outcry if it fails to clamp down on rogue PIs.
“Hacking into phones and computers is incredibly easy and cheap to do,” Robertson says. “You can download a program from the internet for about $40 that will give you access to everything on a person’s PC.”
Combine this with the fact that PIs as a profession are not licensed and it’s clear that if you hire the wrong PI, such activities could be carried out in your firm’s name whether you have sanctioned them or not. The consequences can range from damage to a company’s brand, to a criminal conviction.
Robertson, who runs Robertson & Co, a 200-strong PI firm that works for insurers, insists disreputable investigators are in the minority and most do legitimate work for the insurance industry, with many regulated by organisations such as the Association of British Investigators.
He says: “PIs investigate insurance claims, either validating them or investigating fraud, and some offer tracing services, which involve finding a witness who may have moved or an insured individual who may be at fault, from whom an injured party wants to recover funds. All of this can be done lawfully.”
Insurers, loss adjusters and brokers all have the potential to need the services of a private investigator. Insurers and loss adjusters use them to investigate claims, while all three types of company could call in a PI legitimately when there are reasonable grounds for believing something illegal has occurred, such as a former member of staff stealing client data.
Loss adjuster and claims specialist QuestGates counter-fraud director John Freeman says: “If we have a highly specialist request, we may look to a PI.” For example, in the case of a yacht theft, the loss adjuster could use a PI to carry out a cross-border investigation. QuestGates requires the PIs it hires to adhere to the Fraud Investigations Code of Professional Standards and Ethics.
Axa takes a similar approach. Claims and underwriting director David Williams says: “We only use an investigation firm when we feel it is absolutely necessary.” Typically, this is when the firm has received a credible tip-off that someone has made a fraudulent claim.
Williams adds: “We only deal with firms with which we have had a very long relationship, and we have in-depth conversations with them about what they do. We would not allow filming outside school gates, for example, because we think that is wrong. We have had people filmed in their gardens, but we do not film people in their own homes. That would be in phone hacking territory.”
However, dangers arise when such controls either fail or are not in place, which is a particular problem with smaller insurers and “newer insurers cropping up offshore in jurisdictions like Gibraltar”, according to Robertson.
Insurance companies Zurich, Travelers and FBD hit the headlines in February this year after pleading guilty in Ireland to hiring private investigators to obtain social security information.
The companies admitted using PIs to collect individuals’ dates of birth, social security numbers, addresses, employment history and information on previous claims, in clear breach of the data protection act. In some cases, the files also included information on spouses.
All three companies were registered with the data protection commissioner to process certain personal data. However, this did not include social welfare information, which is not publicly available.
The companies were spared criminal convictions after agreeing to donate €20,000 (£16,600) to a homeless charity.
The first risk is that a PI will break the law, and there are three key danger areas here.
The first is entrapment, covered under the Police and Criminal Evidence Act 1984. Robertson says: “It is illegal to get a claimant to do anything they would not normally do - say if you were to let their tyres down or stick a five pound note on the floor to get a photo of them bending down.”
The second danger area is photographing people: under the Data Protection Act (DPA) 1998, photos can only be taken if the person has broken the law. The third is “blagging”, which is impersonating someone to get information, also banned under the DPA.
However, Robertson says insurers need to watch out for other activities that, while legal, are highly undesirable for the insurance industry because of their potential to wreck an insurer’s reputation.
For example, he warns than while surveillance of a claimant may be legitimately required, “lazy PIs will attach magnetic tracking devices to vehicles” to avoid the tricky business of following the car without being spotted. “There is no legislation preventing the use of tracking devices in the private sector, but if a device is found it causes an awful lot of trouble and risks huge reputational damage to the insurer.”
This damage could ripple out to the broker and client. “If you insure a big company - say, a John Lewis - you are acting in that company’s name. So if it becomes known that a tracking device was used, you could hurt the client’s reputation.”
Tracking devices, either radio or GPS-based, are also surprisingly easy to obtain. Robertson says: “They cost £100-£200 and the accompanying mapping software can be downloaded for free onto an iPhone.”
Worryingly, Robertson says their use is “very widespread”. As a result, a scandal could be just round the corner for the insurance industry. “There will be a public outcry against the use of tracking devices very soon,” he says.
More dialogue needed
So what can be done? While firms such as Axa and QuestGates have robust vetting procedures, Freeman suggests: “Licensing PIs would help.”
Robertson says: “Insurers seem to have an arm’s-length relationship with PIs, but more dialogue is needed. I want to see private investigating dragged out of the dark alleys and treated as the respectable trade it deserves to be.”
Checks are key
The Association of British Insurers (ABI) says insurers should vet PIs meticulously. It has a guidance document on its website abi.org.uk.
• ABI spokesman Malcolm Tarling says: “No insurer will want to use a PI in any way that could call their own and the insurance industry’s reputation into disrepute. Insurers will also want to ensure any evidence obtained is of the highest quality, to maximise the chances of any prosecution.”
• Gavin Robertson agrees that thorough vetting is essential: “When insurers choose a PI company, they must take up references from other insurers, insist on CRB checks and inspect the firm’s financial probity and that staff have professional indemnity insurance.”
• After this initial audit, Robertson says it is vital to carry out on-site spot checks on PI firms at least every two years. “A PI could find itself in financial difficulties and be tempted to cut corners,” he says.
• Checks are the key, Robertson says, to mitigating the risk of a hacking or vehicle tracking scandal.