Tag Archives: money laundering

Can Insurers Stop Financial Crimes? Yes

What makes it difficult to detect and prevent fraud within an insurance firm is also what might make fraud attractive to criminals: The low number of transactions in insurance provide few tracks for tracing financial crimes. Outside of premium payments and claim submissions, insurance customers engage in relatively few transactions (compared with banking customers) from which companies can build and test anti-money laundering models on their own. And, while insurance is a heavily regulated industry, it has been relatively ignored when it comes to its anti-money laundering practices in comparison with the attention regulators give to financial institutions. For these reasons, some fear that an annuity account, for example, might be just the place a nefarious character would park funds as part of a larger money laundering scheme.

The Next Focus for Regulators

Immediately following the financial crisis of 2008, regulators were laser-focused on big banks’ policies and procedures for deterring financial crimes. Those that didn’t comply with the U.S. Patriot Act and Bank Secrecy Act were hit with hefty fines. No wonder: It is estimated that almost 70% of illicit finance flows through legitimate financial institutions, while less than 1% of global trade is seized and frozen. Regulators are now turning their attention to non-traditional banks like Western Union (which expects to pay compliance-related charges of up to 4% of its revenue in 2017) and PayPal (which in 2015 agreed to pay $7.7 million to the Treasury Department’s Office of Foreign Assets Control for sanctions violations). Insurance companies feel they are the next industry to receive the attention of examiners and are acting to comply with know your customer (KYC) and anti-money laundering (AML) rules.

At stake for insurers is not just large penalties if a regulatory agency feels that anti-money laundering policies don’t meet expectations. Risk to reputation is of top concern to insurers, which understand that it takes only nanoseconds for customers to find an alternative carrier or for investors to learn on social media that their institution was used in organized crime or, worse yet, funding for terrorist activities. A regulator’s ability to directly affect an insurer’s bottom line is also a major threat. A regulator could, for example, hamper the insurer’s expansion efforts, preventing it from entering a market or from acquiring a business because it lacks the right safety controls.

See also: Cognitive Computing: Taming Big Data  

How Insurers Can Mitigate Money-Laundering Activities

To avoid this, I recommend to my clients that they focus on evaluating the entire AML and KYC function across the enterprise, cleaning and enriching the data that firms already have and bolstering AML efforts with outside expertise.

Clean and Enrich Your Data

The availability of high-quality data that is meaningful and predictive lays the foundation for an effective financial crimes prevention strategy. This critical first step is often overlooked and no easy feat for the typical insurance carrier that operates in silos and segregates information within different systems and lines of business.

Before investing in new tools and technology, partner with data remediation experts to assess the quality, completeness and predictive power of the customer profile data and fill in missing data to ensure that KYC and AML systems work effectively.

Establish a Consistent, Enterprise-Level Customer Onboarding, KYC and AML Process

Regardless of the many products and channels your insurance company offers, you need to establish a single, consistent process for monitoring, evaluating and onboarding customers.

Many insurance companies bring in an IT partner to assess their AML and KYC policies and procedures, as well as how technology can be leveraged to improve effectiveness. The right partner will help you define an onboarding strategy with a strong customer experience component and establish the roles and responsibilities for different lines of defense. This includes the agents who capture the customer information and onboarding; the financial crimes unit that monitors transactions and customer behavior; and the internal audit group, which ensures all policies and procedures are followed and measures their effectiveness at preventing financial crimes.

In addition, with clean data and an enterprise-level AML process, you’re ready to customize off-the-shelf generic AML models with observed client performance, data from public sources and third-party data feeds for the industry.

Look Outside Your Industry for AML Expertise

Insurers can learn a lot from compliance experts in other industries, such as banking, law enforcement and the public sector. Your recruitment efforts should focus on building financial crime teams with people from these sectors.

Find opportunities to share stories and best practices with compliance professionals outside your industry. Attend conferences focused on financial crime and regulation where the attendee list includes both banks and insurance firms.

See also: Big Data? How About Quality Data?  

Insurers whose AML strategy is built on meaningful and predictive customer data and that create a culture of compliance that permeates all areas of the company, will succeed at strengthening their mandated AML/KYC functions. While these changes can’t happen overnight, by pulling in expertise from outside the industry insurance companies can make great strides toward protecting their assets from fraudulent activities.

parties

In Third Parties We (Mis)trust?

Technology is transforming trust. Never before has there been a time when it’s been easier to start a distant geographical relationship. With a credible website and reasonable products or services, people are prepared to learn about companies half a world away and enter into commerce with them.

Society is changing radically when people find themselves trusting people with whom they’ve had no experience, e.g. on eBay or Facebook, more than with banks they’ve dealt with their whole lives.

Mutual distributed ledgers pose a threat to the trust relationship in financial services.

The History of Trust

Trust leverages a history of relationships to extend credit and benefit of the doubt to someone. Trust is about much more than money; it’s about human relationships, obligations and experiences and about anticipating what other people will do.

In risky environments, trust enables cooperation and permits voluntary participation in mutually beneficial transactions that are otherwise costly to enforce or cannot be enforced by third parties. By taking a risk on trust, we increase the amount of cooperation throughout society while simultaneously reducing the costs, unless we are wronged.

Trust is not a simple concept, nor is it necessarily an unmitigated good, but trust is the stock-in-trade of financial services. In reality, financial services trade on mistrust. If people trusted each other on transactions, many financial services might be redundant.

People use trusted third parties in many roles in finance, for settlement, as custodians, as payment providers, as poolers of risk. Trusted third parties perform three roles:

  • validate – confirming the existence of something to be traded and membership of the trading community;
  • safeguard – preventing duplicate transactions, i.e. someone selling the same thing twice or “double-spending”;
  • preserve – holding the history of transactions to help analysis and oversight, and in the event of disputes.

A ledger is a book, file or other record of financial transactions. People have used various technologies for ledgers over the centuries. The Sumerians used clay cuneiform tablets. Medieval folk split tally sticks. In the modern era, the implementation of choice for a ledger is a central database, found in all modern accounting systems. In many situations, each business keeps its own central database with all its own transactions in it, and these systems are reconciled, often manually and at great expense if something goes wrong.

But in cases where many parties interact and need to keep track of complex sets of transactions they have traditionally found that creating a centralized ledger is helpful. A centralized transaction ledger needs a trusted third party who makes the entries (validates), prevents double counting or double spending (safeguards) and holds the transaction histories (preserves). Over the ages, centralized ledgers are found in registries (land, shipping, tax), exchanges (stocks, bonds) or libraries (index and borrowing records), just to give a few examples.

The latest technological approach to all of this is the distributed ledger (aka blockchain aka distributed consensus ledger aka the mutual distributed ledger, or MDL, the term we’ll stick to here). To understand the concept, it helps to look back over the story of its development:

 1960/’70s: Databases

The current database paradigm began around 1970 with the invention of the relational model, and the widespread adoption of magnetic tape for record-keeping. Society runs on these tools to this day, even though some important things are hard to represent using them. Trusted third parties work well on databases, but correctly recording remote transactions can be problematic.

One approach to remote transactions is to connect machines and work out the lumps as you go. But when data leaves one database and crosses an organizational boundary, problems start. For Organization A, the contents of Database A are operational reality, true until proven otherwise. But for Organization B, the message from A is a statement of opinion. Orders sit as “maybe” until payment is made, and is cleared past the last possible chargeback: This tentative quality is always attached to data from the outside.

1980/’90s: Networks

Ubiquitous computer networking came of age two decades after the database revolution, starting with protocols like email and hitting its full flowering with the invention of the World Wide Web in the early 1990s. The network continues to get smarter, faster and cheaper, as well as more ubiquitous – and it is starting to show up in devices like our lightbulbs under names like the Internet of Things. While machines can now talk to each other, the systems that help us run our lives do not yet connect in joined-up ways.

Although in theory information could just flow from one database to another with your permission, in practice the technical costs of connecting databases are huge. Worse, we go back to paper and metaphors from the age of paper because we cannot get the connection software right. All too often, the computer is simply a way to fill out forms: a high-tech paper simulator. It is nearly impossible to get two large entities to share our information between them on our behalf.

Of course, there are attempts to clarify this mess – to introduce standards and code reusability to help streamline business interoperability. You can choose from EDI, XMI-EDI, JSON, SOAP, XML-RPC, JSON-RPC, WSDL and half a dozen more standards to “assist” your integration processes. The reason there are so many standards is because none of them finally solved the problem.

Take the problem of scaling collaboration. Say that two of us have paid the up-front costs of collaboration and have achieved seamless technical harmony, and now a third partner joins our union, then a fourth and a fifth … by five partners, we have 13 connections to debug, by 10 partners the number is 45. The cost of collaboration keeps going up for each new partner as they join our network, and the result is small pools of collaboration that just will not grow. This isn’t an abstract problem – this is banking, this is finance, medicine, electrical grids, food supplies and the government.

A common approach to this quadratic quandary is to put somebody in charge, a hub-and-spoke solution. We pick an organization – Visa would be typical – and all agree that we will connect to Visa using its standard interface. Each organization has to get just a single connector right. Visa takes 1% off the top, making sure that everything clears properly.

But while a third party may be trusted, it doesn’t mean it is trustworthy. There are a few problems with this approach, but they can be summarized as “natural monopolies.” Being a hub for others is a license to print money for anybody that achieves incumbent status. Visa gets 1% or more of a very sizeable fraction of the world’s transactions with this game; Swift likewise.

If you ever wonder what the economic upside of the MDL business might be, just have a think about how big that number is across all forms of trusted third parties.

2000/’10s: Mutual Distributed Ledgers

MDL technology securely stores transaction records in multiple locations with no central ownership. MDLs allow groups of people to validate, record and track transactions across a network of decentralized computer systems with varying degrees of control of the ledger. Everyone shares the ledger. The ledger itself is a distributed data structure held in part or in its entirety by each participating computer system. The computer systems follow a common protocol to add transactions. The protocol is distributed using peer-to-peer application architecture. MDLs are not technically new – concurrent and distributed databases have been a research area since at least the 1970s. Z/Yen built its first one in 1995.

Historically, distributed ledgers have suffered from two perceived disadvantages; insecurity and complexity. These two perceptions are changing rapidly because of the growing use of blockchain technology, the MDL of choice for cryptocurrencies. Cryptocurrencies need to:

  • validate – have a trust model for time-stamping transactions by members of the community;
  • safeguard – have a set of rules for sharing data of guaranteed accuracy;
  • preserve – have a common history of transactions.

If faith in the technology’s integrity continues to grow, then MDLs might substitute for two roles of a trusted third party, preventing duplicate transactions and providing a verifiable public record of all transactions. Trust moves from the third party to the technology. Emerging techniques, such as, smart contracts and decentralized autonomous organizations, might in future also permit MDLs to act as automated agents.

A cryptocurrency like bitcoin is an MDL with “mining on top.” The mining substitutes for trust: “proof of work” is simply proof that you have a warehouse of expensive computers working, and the proof is the output of their calculations! Cryptocurrency blockchains do not require a central authority or trusted third party to coordinate interactions, validate transactions or oversee behavior.

However, when the virtual currency is going to be exchanged for real-world assets, we come back to needing trusted third parties to trade ships or houses or automobiles for virtual currency. A big consequence may be that the first role of a trusted third party, validating an asset and identifying community members, becomes the most important. This is why MDLs may challenge the structure of financial services, even though financial services are here to stay.

Boring ledgers meet smart contracts

MDLs and blockchain architecture are essentially protocols that can work as well as hub-and-spoke for getting things done, but without the liability of a trusted third party in the center that might choose to exploit the natural monopoly. Even with smaller trusted third parties, MDLs have some magic properties, the same agreed data on all nodes, “distributed consensus,” rather than passing data around through messages.

In the future, smart contracts can store promises to pay and promises to deliver without having a middleman or exposing people to the risk of fraud. The same logic that secured “currency” in bitcoin can be used to secure little pieces of detached business logic. Smart contracts may automatically move funds in accordance with instructions given long ago, like a will or a futures contract. For pure digital assets there is no counterparty risk because the value to be transferred can be locked into the contract when it is created, and released automatically when the conditions and terms are met: If the contract is clear, then fraud is impossible, because the program actually has real control of the assets involved rather than requiring trustworthy middle-men like ATM machines or car rental agents. Of course, such structures challenge some of our current thinking on liquidity.

Long Finance has a Zen-style koan, “if you have trust I shall give you trust; if you have no trust I shall take it away.” Cryptocurrencies and MDLs are gaining more and more trust. Trust in contractual relationships mediated by machines sounds like science fiction, but the financial sector has profitably adapted to the ATM machine, Visa, Swift, Big Bang, HFT and many other innovations. New ledger technology will enable new kinds of businesses, as reducing the cost of trust and fixing problems allows new kinds of enterprises to be profitable. The speed of adoption of new technology sorts winners from losers.

Make no mistake: The core generation of value has not changed; banks are trusted third parties. The implication, though, is that much more will be spent on identity, such as Anti-Money-Laundering/Know-Your-Customer backed by indemnity, and asset validation, than transaction fees.

A U.S. political T-shirt about terrorists and religion inspires a closing thought: “It’s not that all cheats are trusted third parties; it’s that all trusted third parties are tempted to cheat.” MDLs move some of that trust into technology. And as costs and barriers to trusted third parties fall, expect demand and supply to increase.

The Biggest Medicare Fraud Cases of 2015

Medicare does not keep records of how much it loses annually because of fraud, but the FBI, which oversees the investigation and prosecution of those alleged to have participated in fraud, estimates that 3% to 10% of all Medicare billings are fraudulent. The FBI task force believes that healthcare fraud costs taxpayers “tens of billions of dollars a year.”

Here is an overview of some of the biggest Medicare fraud cases of 2015:

  1. In June 2015, 243 healthcare providers across the country were charged individually with Medicare fraud. This was the largest-ever coordinated takedown in the history of the National Medicare Fraud Strike Force history. Doctors, nurses, pharmacists, home health workers and other healthcare professionals were all indicted for falsely billing Medicare for approximately $712 million in various fraudulent schemes. The healthcare providers allegedly:
  • Billed for services that were not rendered
  • Charged for equipment that was never delivered
  • Billed for care that was not needed

Specific criminal charges include:

  • Conspiracy to commit healthcare fraud
  • Violating anti-kickback statutes
  • Money laundering
  • Identity theft

Healthcare providers nationally were included in the sweep of the task force. Charges were brought in Texas, Louisiana, Florida, California, New York and elsewhere. The defendants face years in prison in addition to having their assets forfeited to the government and having to repay the amount of money they fraudulently obtained.

In a press release announcing the takedown, the attorney general for the U.S. expressed the commitment of the Department of Justice to continue its “focus on preventing wrongdoing and prosecuting those whose criminal activity drives up medical costs and jeopardizes a system that our citizens trust with their lives.”

  1. Also in June 2015, the former president of a Houston hospital was sentenced to more than 40 years in federal prison and ordered to pay $46.8 million in restitution to Medicare. His son and two other co-conspirators were also found guilty of receiving kickbacks, conspiracy to commit Medicare fraud and money laundering. The scheme involved billing Medicare for psychiatric services that were never provided to patients. The total amount of money fraudulently received by all participants was estimated to equal $158 million.
  1. In October 2015, Millennium Health in Boston, formerly Millennium Laboratories, admitted to billing Medicare and other governmental healthcare programs more than $256 million for laboratory tests that were either unnecessary or never actually performed. The lab also provided kickbacks to physicians for referring patients for testing. Millennium, with headquarters in San Diego, is one of the largest urine-testing laboratories in the U.S. According to the Massachusetts U.S. attorney, “Millennium promoted indiscriminate and unnecessary testing that increased medical costs without serving patients’ real medical needs. A laboratory which knowingly conducts medically unnecessary testing operates unlawfully and squanders our precious federal health care resources.”
  1. In August 2015, a New York man who operated several healthcare clinics for treating HIV/AIDS patients was sentenced to more than seven years in federal prison for defrauding Medicare out of more than $31 million. He billed for treatment that patients did not need and often were not given. Medicare was billed for infusion or IV treatment for many patients who never received treatment. Some patients who were provided infusion therapy were administered doses that were highly diluted.
  1. Two psychologists were recently added to an indictment to join two of their cohorts who had previously been charged with defrauding Medicare of more than $25 million. The psychologists are owners of two companies that provide psychological testing to nursing home patients in four Gulf Coast states: Alabama, Florida, Louisiana and Mississippi. The problem is that the psychologists allegedly billed Medicare for tests that were not medically necessary and, in many cases, were never performed. The case is pending, and the press release notes that the defendants are presumed innocent until proven guilty.

The Medicare Fraud Strike Force, since its formation in March 2007, has charged 2,300 defendants with fraudulently billing more than a total of $7 billion. The task force is committed to continuing its work to hold providers accountable so that the number of fraudulent providers will decrease.