Over the last 9 months, the specie market and the financial industry have seen the value of stored assets increase exponentially. At the mid-year point, for example, this report was tracking the value of gold as up 30 – 50% over 2019, while this update from The Economist around the same time saw the value of cash in U.S. circulation up 11% since February. On the surface, these increases appear as positive developments for those with ownership over the assets, but they are being driven by marketplace uncertainty due to the COVID-19 pandemic. Regardless of how or why it’s happening, this very real and rapid increase in value creates new insurance risks with immediate security implications for all involved.

We sat with Director of Global Operations Neil Watson and Director of U.S. Operations Mike Hyman to help us understand from both the UK and U.S. perspective how businesses can evaluate their security measures, discuss the most common mistakes businesses storing these assets make and forecast how these marketplace changes are disrupting risk assessments and insurance underwriting.

“As the pandemic has hit and times are tight, businesses have leaned on employees that aren’t necessarily adequately trained to move valuables around or audit inventory,” Hyman observed. “For example, if an employer asks a teller to conduct a cash delivery on behalf of the business, that person is not adequately trained to do that.”

“None of us have a crystal ball,” Watson noted.  “Is the price of gold going to continue to increase? We’re seeing questions around bullion storage, as well.  In the UK, there’s talk of cashless society, which could lead to layoffs, which could cause concern and upset. That would lead us to think more about employee management and infidelity. The risks are going to continue and we just need to be there for our clients to mitigate those risks as the trends ebb and flow.”

Think You’re Not at Risk? Think Again.

Our special 5-part Fraud Week Coffee Break Series continues today where we invite you to spend 10 minutes each day learning about various aspects of fraud detection and prevention through the eyes of our Certified Fraud Examiners and other fraud experts.

For this episode, we interviewed Steven Schwartz, Chief Revenue Officer for Periculus and a recognized innovation leader in the fields of risk management and cybersecurity. Periculus is a digital risk company specializing in helping small businesses measure, understand, and protect against digital risks so they can pursue growth. Before launching Periculus, Schwartz led strategy and insurance at Cytegic, one of the industry’s leading cyber risk quantification platforms, playing a vital role in the company’s successful acquisition by MasterCard in June 2020.

In its September 2020 Fraud in the Wake of COVID-19 Benchmarking Report, the Association of Certified Fraud Examiners (ACFE) reported, “Cyberfraud (e.g., business email compromise, hacking, ransomware, and malware) continues to be the most heightened risk for organizations, with 83% of respondents already observing an increase in these schemes and 90% anticipating a further increase over the next year.”

Many experts believe that organizations were simply unprepared from a cyber perspective for the pandemic and its resulting shift to a remote work environment where employees are now operating outside the usual infrastructure and oversight of their organizations.

As Schwartz explains, “We’re in an interesting time right now, where we’ve never been so polarized, yet so connected. With the increase in digital connectivity comes an exponential increase in the vulnerabilities and threats. The doors are open for attackers to exploit.”

Grab a cup of coffee and spend 7 minutes listening to Schwartz’s view on cyberfraud during COVID-19 and how organizations can better protect themselves moving forward.

How Can Organizations Better Protect Against Cyberfraud?

As with any type of risk an organization faces, it starts with an assessment to develop a true understanding of the risks you face and how those risks might impact your organization. From that place of understanding, you can make decisions about how to effectively mitigate or transfer those risks.

Schwartz explains it this way: “If you just tell me my risk is a 3 out of 5 and that’s all you tell me, I have no idea what that means to my business. But if you tell me I’m a 3 out of 5 with a financial impact of 2 million dollars, it becomes contextualized. And if we take that a step further and we’re able to demonstrate the controls you should invest in because they’re going to have the greatest impact in reducing your risk and financial impact and this is how much you should consider transferring via insurance, we can start to make sense of it all.”

We hope you enjoyed this Coffee Break episode. Come back tomorrow to hear from Neil Watson and lessons learned from real-life stories of fraud.

Looking at the Fraud Triangle During COVID-19

Today, we continue our special 5-part Fraud Week Coffee Break Series with another episode to address important fraud prevention topics with insight from our Certified Fraud Examiners and subject matter experts. Fraud Week is an annual movement, organized by the Association for Certified Fraud Examiners (ACFE), to champion the need to proactively fight fraud and help safeguard businesses and investments from the growing fraud problem.

For this episode, we interviewed Carlos Rivera, CFE, MAFF, Senior Vice President – Caribbean & Latin America of Lowers Forensics International and Grant Mizel, Financial Analyst, Emerging Markets for Lowers Risk Group. Rivera and Mizel offer their insight to help us understand the importance of situational awareness to an organization’s ability to detect and prevent fraud. They point to the Fraud Triangle as a model for understanding why fraud happens, but also recognize that without situational awareness, the Fraud Triangle is meaningless.

Grab a cup of coffee and spend 7 minutes with Rivera and Mizel:

Formulated in 1953 by criminologist Donald Cressey, the Fraud Triangle theorizes that fraud occurs when a perpetrator feels financial pressure, they are presented an opportunity, and/or they can rationalize the theft. For the Fraud Triangle to be valuable, organizations must be situationally aware. What’s going on in, around, and outside your organization? Which of these internal or external factors might be impacting the opportunities, rationalizations, and incentives that can lead people to commit fraud?

As Rivera points out, “Removing separation of duties and internal audit departments certainly creates the opportunity for employees to commit fraud. However, you have to consider the financial pressure and rationalization that goes along with a national catastrophic situation. In many instances, you’ll have employees who receive salary cuts that may not only feel financial pressure but also rationalize it by claiming what they believe is rightfully theirs, or you may see an employee rationalize through necessity which I believe can be just as powerful of a motivator.”

The COVID-19 pandemic has, unfortunately, led to situations where people have less supervision, more opportunity, and way more financial pressure than before.

As a result, in its September 2020 Fraud in the Wake of COVID-19 Benchmarking Report, the ACFE reported, “77% of respondents said they had observed an increase in the overall level of fraud, with one-third noting that this increase has been significant.” Furthermore, the ACFE reports, “Our findings indicate this uptick is likely to continue; 92% of respondents expect to see a further increase in the overall level of fraud during the next year, and nearly half expect that increase to be significant.”

Mizel remarks, “You talk about the Fraud Triangle and opportunity, when you give folks the opportunity, they are most likely going to take advantage. You can head that off by putting structures in place, rigor, documentation, automated processes… when you think about the employee, it’s not strange from a fraud examiner’s perspective that someone without oversight would take advantage of the situation.”

We hope you enjoyed this Coffee Break episode. Come back tomorrow to hear from Steven Schwartz, Chief Revenue Officer of Periculus, about cyberfraud during COVID-19.

Business Continuity Plans (BCPs) are funny things.

At their most basic, BCPs are the real-world response to the old “Hope for the best, Plan for the worst” adage.  It’s honest recognition that being stuck between a rock and hard place is better with a hammer, albeit with no guarantee that the hammer is big or small enough to be helpful.

Nonetheless, a well-conceived BCP provides peace of mind, like insurance does, with the added satisfaction that only authorship (or ownership?) brings.  The rub, of course, is that every BCP is, at the end of the day, still just a plan.  As boxer, actor, felon, playwright and corporate strategist ’Iron‘ Mike Tyson once famously said, “Everyone has a plan until they get punched in the mouth.”

Indeed.  Because sometimes pipes break in the 2^nd floor ceiling of your office and leak antifreeze everywhere.  And because, other times, there’s COVID-19.

The benefit of having a BCP plan in place to manage either situation is that, well, there is at least a plan.  And despite what Kid Dynamite says, the real truth is that any company with a plan retains, at the very least, a fighting chance to get back up after they’ve been hit.

For Lowers Risk Group, like many others, COVID hit our industry, our business – our people.  We were fortunate, though: our Business Continuity Plan was 5 years in the making.  It didn’t matter, until it did.

Back in 2015, CTO David Lowers, Chief Security Officer Joe Labrozzi and Director of IT and Security Chris Sosnoski recognized the need for our growing staff to have partially, if not fully, remote capabilities.  What was initially driven by space concerns evolved with the access to and the ability of new technology to support fully secure, remote work that reduced cost, increased efficiency and enabled greater flexibility that could support new business opportunities within Lowers Risk Group.  With this foundation in place, Lowers, Sosnoski and Labrozzi were able to take the organization’s global footprint of over 550 people (spread over 3 continents) to fully remote in less than 2 weeks with zero business interruption when COVID hit.

And though Facilities might disagree, being fully remote due to COVID made the impact of that leaky pipe one less headache to manage when stress levels are already elevated.

We asked Labrozzi and Sosnoski to tell #OurStory of transition to a fully remote work environment.  We asked them what made it possible and to share a few insights that could help other organizations with the creation and implementation of their own BCPs to author their future resilience.  Below is a transcript of our conversation.

On behalf of the entire organization – thank you both for your efforts and keeping the organization on its feet as COVID hit.  How did your teams manage this transition?

Sosnoski
Our ability to go remote during COVID was strategic and began 5 years go.  Wholesale Screening Solutions, our largest division at Lowers Risk Group, was beginning to test our space limitations.  At that time, the VA HQ had about 400 people on-site.  Additionally, the Wholesale team recognized a need that they had to hire in different areas, not just in VA HQ.  We were tasked with how to support that, and it was clear we had to embrace the cloud.  Buy-in from David and other executive leadership there was the first step.

Labrozzi
What really drove the process was what was happening in Wholesale’s Georgia office, our first off-site campus.  We needed a base to get our people into the courts to do research.  That organically began to create resiliency in our operations – rather than rent out trailers, for example, in the event of something happening, our second location offered redundancies as technology matured.  As we gained more experience managing this remote location in GA from our VA HQ, we saw it was possible to have and manage a remote workforce while still doing secure work.  We then built a series of processes around this concept that laid the foundation for more remote work, and we’ve been working at that ever since.

Sosnoski
Right before COVID hit, for example, we launched phase 1 a Unified Communications as a Service (UCaaS) initiative with plans to roll-out Phases 2 and 3 in the coming months.  What would have been a much more measured roll-out was accelerated by COVID.  But, had we not been building towards that – not just with the UCaaS launch, but all the work leading up to the launch – it would not have been as easy or seamless.  However, we had our BCP in place and were able to activate it,.  Our teams stepped up and, again, the full support of leadership helped make it happen.

What were the steps you were taking to build that initial foundation over 5 years?

Sosnoski
The goal was always to keep the working experience as secure and as available as possible, so it was about taking small bites at the apple.  Exploring, testing, and implementing remote training, for example.  Cloud-based email.  Our UCaaS environment.  We were able to leverage cloud resources like Microsoft, Adobe, Salesforce, AWS and Zscaler to achieve this.

The complicating factor was the cost associated with it – we had to be willing and able to spend monthly on subscription services.  For a while, that was a barrier, but we continued to make the business case while moving from a hybrid environment to a cloud environment.  Transitioning the phone system to UCaaS, for example, was a two-and-a-half-year effort to make happen and now our teams are loving the flexibility it offers.  Our teams can do remote assessments and maintain contact with each other and clients easily.

How did you each manage the workload during the COVID transition to remote work?

Labrozzi
Teamwork.  At VA HQ, Chris and I have sat next to each other for years, so we have a great working relationship – that’s part of the culture at LRG, which is probably also a reason the transition was smooth.  But it’s about the quality of who you work with.  Chris’ IT team knows what needs to get done – they’re reliable and fast.  I focused on the human capital element, making sure that we were dealing effectively with any productivity concerns, making sure teams were staying connected.  We all operate from a leadership mindset and depend on each other to play our parts.

Sosnoski
The real risk in remote work is not technology, it’s management process.  My team trusts each other to get things done.  When COVID hit, we found a useful strategy was to use quick, daily stand-up meetings.  For the most part, these types of meetings continue in some capacity across all departments; I know upper management remains committed to finding one-on-one time for their direct reports.  Process is super important in all this, but equally so is everyone’s ability to do their job.

Any key takeaways to offer other organizations from your experience?

Sosnoski – I think there’s really three that worked for us:

• We started planning early and had already explored the risk environment, developed the processes that would provide us a path of least resistance to continuity and had leadership buy-in.
• We identified the right digital tools and had assessed, budgeted for and tested them as part of the plan strategically; having to do this during COVID would have been very difficult.
• We were all aligned on the work that had to be done to achieve the vision; for us that was finding a secure, scalable and available environment to perform our risk mitigation work.

Lowers Risk Group provides comprehensive enterprise risk management solutions to organizations operating in high-risk, highly regulated environments and organizations that value risk mitigation.  Our human capital and specialized industry enterprise risk management solutions protect people, brands, and profits from avoidable loss and harm.  With Lowers Risk Group you can expect a strategic, focused approach to risk assessment, compliance, and mitigation to help drive your organization forward with confidence.  Contact us.

By Neil Watson and Keith Gray

Insurance loss happens for many reasons.  For a business, common causes include armed robbery, theft, customer injury, floods, fires, and storm damage; but any natural disaster, large-scale event, or man-made act can bring about a claim.  When an event involves the loss of physical stock or damage to property, the loss is immediate, and it creates an urgent need for the business owner to settle the claim so that the business can resume operations and avoid further lost revenue.

This desire to quickly return to business as usual is a natural one, but in the wake of an event, it’s not uncommon for the resolution process to test the business owners’ resolve.  And while most claims post-incident are legitimate, from time-to-time, human emotions will complicate the process and create an environment that enables fraudulent activity, sometimes in unexpected ways.

Why Does Insurance Fraud Happen?

The Fraud Triangle provides all the insight required to answer this question.  Our team has written extensively on this, but Donald Cressey’s hypothesis in his book “Other People’s Money” says it all: Trusted persons become trust violators when they conceive of themselves as having a financial problem which is non-shareable, are aware this problem can be secretly resolved by violation of the position of financial trust, and are able to apply to their own conduct in that situation.”

It’s true that some fraudulent claims start out as legitimate but become ‘exaggerated’ during the claims process due to perceived opportunity.  In other cases, if the business is not doing well and is losing money, desperation can create enough pressure to commit fraud.  In rare cases, the fraud may involve large organized criminal gangs; these are often well-planned and involve multiple parties where the sole intent of the activity is a rational attempt to defraud an insurance provider.

It’s for these reasons that impartial guidance through the claims process is crucial.  As an insured, it is important to work closely with your insurance broker and the loss adjuster in preparing your claim and validating your losses.  Without this professional assistance and oversight, fraud can easily find its way into the conversation.

How Does Insurance Fraud Happen?

Below are a few examples of insurance fraud we’ve seen over the years at Lowers & Associates:

• ‘Padding’ legitimate claims to increase the claim amount
• Including losses from previous shortages or events within a big ‘single event’ claim
• Manipulating inventory, possibly running two sets of books, to allow for the tracking of actual inventory versus the falsely reported inventory
• Exaggerating the damage suffered as a result of a natural disaster (storm), or even causing some additional damage not caused by the original disaster
• Committing arson
• Staging accidents or thefts

The current COVID-19 situation globally, coupled with other localized events (recent looting losses in the U.S. or the extreme poverty facing certain areas in Brazil), is resulting in retail sales for certain sectors falling by over 50% and as much as 100%, which is clearly not sustainable.

In such unprecedented times as these, the possibility of a spike in fraudulent claims is a real concern. There is an increase in both the pressure and opportunity factors, resulting in an increased likelihood that potential perpetrators may rationalize their fraudulent thoughts and act on them as a result. For business owners, it can be hard to find consistency and understand what their default problem-solving steps should be.  When the Lowers & Associates team is presented with uncertainty, we often lean on process and procedure to identify a way forward in our work together with clients.  This path can always be informed by intuition, experience, and empathy, but for a business, without process and procedure to provide impartiality, the risk of insurance fraud increases significantly.

What Can You Do About It?

Ideally insurers would commission a pre-risk survey to establish security protections, stock levels, and standard operating procedures to satisfy themselves that the risk meets their requirements.  While this is recommended, it is not always feasible due to time or cost restraints.

Post-event, once a claim has been filed, relying on the findings of a law enforcement investigation may not be feasible due to timing or any related circumstances related to the event (especially if it’s large-scale or a natural disaster).  And even if law enforcement is doing an investigation on an event, it may not be a priority, creating an extended period of uncertainty.  Lastly, law enforcement may also be very hesitant to provide any info that they do have knowledge of, especially when it is an active investigation.

To manage this process, business owners and insurers need independent third parties that are flexible, have experience across multiple industries and can dedicate the appropriate time required to work through a claim (i.e. gathering facts, evidence and necessary documents) to support the basis of the claim.  For truly complex fraud matters, business owners and insurers should expect the third party to have a Special Investigations Unit (SIU) with extensive experience in technical surveillance countermeasures (TSCM) and counterintelligence that regularly work on international assignments.

With enterprise risk mitigation and insurance solutions that include UAV/UAS, special investigations, forensic accounting, loss adjusting and more, Lowers Risk Group stands ready to support our clients through the claims process with the speed, accuracy and dedication you’ve come to expect from over 30 years in the business.  To learn more, contact us.

About the Authors

Neil Watson brings nearly 30 years of insurance industry experience to Lowers & Associates, where he currently serves as Global Operations Director.  With key insurance industry relationships in both the London and International insurance markets, Neil’s primary responsibility is to grow all verticals and assist in building out L&A’s claims adjusting capabilities.

Keith Gray has been with Lowers & Associates for over 15 years and currently serves as the VP of Client Relations.  In his current role, Keith provides oversight with respect to program coordination, management of a nationwide team of industry professionals, investigation, and client communication.  Keith possesses a degree in Accounting and is certified as both a Certified Fraud Examiner (CFE) and Certified Anti-Money Laundering Specialist (CAMS).