Commercial Underwriting

Do You Really Know Your Customer?

The long-term success of an insurer depends on a great many factors. One of the most important factors is ‘selection at the gate’.

This applies to the private market, but most certainly to the commercial market as well. The number of contracts on the commercial market may be lower, but the risks are typically much greater. This e-book deals with the question of how automated risk assessment can play an important role in the commercial risk underwriting process.

Gathering information and making an informed choice

A contract that is successful for both the client and the provider depends on the initial analysis and the choices made based on that analysis. The prospective client will make inquiries, compare providers and choose the provider that best suits the requirements.

The same applies to the provider. At least, that is how it should be. The client must fit within your strategy and identity. The client should align with your strategy and be within your risk threshold.

Accepting any client may temporarily boost sales, however, in the long run it will be counter-productive and harm the company interests. It has to be the ‘right’ client.

The criteria for the ‘right’ client requires a clear company strategy that is understood by the employees. Employees, usually underwriters or account managers, must also be capable of following this strategy meticulously in their daily work. To do so, they need proper 'tools' that enable them to take the right decisions and that keep them from becoming too opportunistic.

Insurance professinals discussing Fraud Mitigation as a Priority

A transparent triangle symbolizing the fraud triangle

Learning the hard way

Construction company ‘Sky-High’, specialized in working at high altitudes and needs a telescopic crane which is expensive equipment This type of crane is worth approximately half a million dollars. Sky-High approached several leasing companies for funding. Heavy-lease made a good offer and a contract was concluded. Heavy-lease financed half a million. The first months Sky-High paid the lease amount on time. However, after 3 months it stopped. Still not immediately alarmed, Heavy-lease sent the standard payment reminders. When the reminders did not result in payment either, they tried to contact Sky-High. All in vain. Sky-High turned out to have been discontinued and the owners had done a runner, taking along Heavy-lease's half a million. They hadn't even bothered to buy the crane! It also turned out that a front man had been used for the payment.

Heavy-lease might have prevented this debacle if they had carefully investigated Sky-High before entering the contract. Then they would have found out that the company had only recently been started and that the owner had previously been involved in a series of liquidations of companies. They would also have found out that the representative of the company selling the crane in reality did not work for this company and that the bank account into which the half a million had been paid, had only recently been opened and was someone else's account.

Heavy-lease was hungry for sales and forgot to gather sufficient information before taking a decision. As a result, e they have bought an automated system for risk assessment which expedites the selection process with reliable information.

Know Who Your Client Is (KYC)

Why should you know your client well? A good business relationship is based on granting each other the pleasure of making the transaction out of mutual interest. Good personal contact often is decisive. But however good the personal contact may be, there are a number of important points in which you still don't know your client.

In addition to the company interest, there is a societal interest in knowing your client well. After all, you have to comply with a number of statutory obligations and regulations, especially in connection with counteracting money laundering and financing terrorism. We’ll get back to this later.

Like in the above example of the lease transaction, serious mistakes often are fairly easy to prevent. In the past, the account manager or the underwriter spent a lot of time trying to retrieve information manually. As a result, gathering information was cursory and sometimes skipped altogether. Today, this can be done accurately and virtually real-time with automated data analysis.

Straight Through Processing (STP)

With STP, you can get to know your client in a matter seconds. The system checks the sources that are pertinent, combines information and ‘validates’ the outcome in terms of risk level.

When very few or no risks are identified, there is an immediate green light to complete the transaction. Risk assessment within an STP process can be geared to the company strategy. If the company, for instance in a stage of growth, would like to expand the customer base faster, the system can be configured such that the risk threshold is slightly lowered.

In the above scenario, more clients would be accepted via the STP process and for those clients that are not accepted, the light jumps to yellow or red. In such cases, the system will recommend that the account manager or the underwriter carry out specific additional checks, include extra conditions in the contract, calculate a higher risk premium or reject the contract.

In the process of automatic checks, the construction company used in the previous example would immediately have been given a yellow or maybe even a red light. The system would have retrieved noteworthy elements from the various databases and flagged them as risky. As a result, the leasing company would have steered clear of an undesirable client, and not have had to incur high expenses and a lot of time on investigation, the recovery of the money - if at all possible - and the settlement of the legal aspects.

Which risks?

Which information you would like to include in the assessment? This information should align with your strategy and risk appetite as well as comply with industry regulations.

A large number of public sources are available that can be consumed in an automated manner. Often, the combinations of sources result in a signal. Take for instance a company owner mentioned in the register of the Chamber of Commerce who also appears in the insolvency register and in the fraud register. Being mentioned in a register does not always mean a 'red light'. However, it may be a reason to look a little bit further or to contact the person involved.

There are so many possibilities when it comes to gathering information and limiting risks, even within the regulatory boundaries of the insurance industry.

For example, a finance company would like information about the debt position, integrity and payment morality of a prospective client. A fire insurer is another example. This type of insurer would like information about the fire hazard of the company to be insured, about the integrity of the owner and for instance about the location where the company is situated. Is it a location prone to fires or where the risk of the fire spreading to an adjacent building is greater than would commonly be the case?

One other example is a commercial property company. This type of company may benefit from information about the number of disputes the owner had with tenants and the reasons for the disputes.

Screenings can be customized and tailored to a specific purpose. Once a screening has been set up, it automatically becomes part of the process. When something changes in the product or the strategy, the screening can be geared to it without complicated, time-consuming processes being required.

Continuous Compliance

Gathering information about your client is important for reasons of continuity and growth of the company, but also for reasons of compliance. Nobody wants their company to be involved in money laundering or the financing of terrorism.

But if you don't pay enough attention, it might just happen. In many countries, banks, insurers, investment institutions and more recently leasing companies, have the obligation pursuant to anti-money laundering legislation and legislation combating the financing of terrorism, to carry out a mandatory client investigation and report any irregularities to the authorities.

All applications and claims by companies have to be checked to confirm that the company or the owners/authorized representatives, do not have ties with a country for which restrictive measures and sanctions apply, such as Iran, Syria and Russia. For that purpose, there are so-called sanctions lists.

Restrictive measures may also apply against certain individuals or companies. To that end the so-called PEP list (Politically Exposed Persons) is kept. Every terrorist attack or any criminal network that is broken up, results in new additions to the list. This also happens in the case of political appointments or discharges. Individuals who might have passed the screening without problems yesterday, may very well set off the alarm bells today.

Many companies check the files every three months. The frustrating thing in this is that it produces a large number of 'hits' in one go that need to be checked immediately. Even more frustrating is the idea that just one day later you are already lagging behind.

You can do better than that. Automated checks can turn compliance into a continuous process. The current sanctions and PEP lists are matched against the files of your company on a daily basis. That way you can always be sure that the companies you're doing business with still meet all compliance requirements set by the law and by yourself.

Ultimate Beneficial Owner Screening

Who exactly is the owner of the company you're doing business with? Your client's business card may say 'CEO', but is it true and which other directors and stakeholders are also involved in the company? Is there a parent company, maybe abroad, and what about sister companies or investors?

Screening the directors of a company that you want to do business with will provide you with such information. You want to know exactly who has an interest in the contract: the Ultimate Beneficial Owner(s) (UBO). In a number of countries this is now mandatory or will become mandatory very soon. It is something you could investigate yourself, for instance through the Chamber of Commerce, however, sometimes the structures are very opaque. The ownership structures can be multi-layered in a tangle of privately held corporations, holdings or foreign investors. The risk of a manual investigation is high if the information is not accurate. This not only results in a risk for the company itself, but it also means you're not compliant. Automated investigation reduces the risk of errors and can be done in real-time.

If the company mentioned in the first example, Heavy-lease had conducted such an investigation, it would have discovered that the owners had been embroiled in fraud and company liquidations before.

In the US, an estimated 100 billion dollars is lost annually due to VAT fraud. Part of it is may end up with terrorist organizations to finance their activities. Legitimate companies sell goods to Company A abroad. No VAT has to be paid on this transaction. Company A immediately resells the goods to a next company, Company B in the same country. On this transaction VAT is levied. Company A is then discontinued, and the VAT received disappears. Company A turns out to be run by known Jihadists.

In this case, checking the sanctions list and PEP list and a thorough investigation into the Ultimate Beneficial Owner might have prevented a lot of misery.

Authority to sign

Apart from establishing the actual interested parties, it is also important to know who is authorized to sign a contract on behalf of a company. Investigation at the Chamber of Commerce will provide this type of information, but it takes a significant amount of time. With automated risk control, it is possible to generate this information in real-time. All individuals within a company who are authorized to sign a contract, will be revealed. It will also become clear if and when more than one signature is required. These individuals can, if so desired, also be vetted in the manner described above. Naturally, it is up to the parties around the table to decide which of the known authorized individuals will sign in the end.

Better safe than sorry

Knowing who you're doing business with is essential to any company. Manually gathering and assessing the information required is a time-consuming and a costly process.

If the client information is incomplete, your client is typically put 'on hold' and this hold can last for weeks. Clients today demand a quick turnaround and a lengthy hold process puts your company at risk that a perfectly good client will move onto a competitor.

Automated risk control takes place virtually real-time so your client knows where they are in the process and receives the appropriate coverage.

The automated process also ensures that all important aspects are included during the assessment and that it is compliant with the statutory requirements. The risks of securing undesirable clients as well as non-compliance are strongly reduced. Clients that fall within the 'green' standards, are automatically accepted which creates bandwidth to focus on the clients that were not accepted straight away (yellow). It is possible they may be excellent clients after doing further investigation. Clients accepted on this basis, form a 'clean portfolio' and therefore contribute to a better operating result.

This operating result isn’t only of a material nature. Clients will notice it. They receive a good offer, fast. This contributes to a good image. Criminals who think they can take advantage of the company will be disappointed. Criminal networks are often familiar with the insurance companies that leverage automated risk control and the company's integrity will show. This also applies to compliance with statutory obligations. Continuous and transparent performance is important to your clients as well as to the company.

Build or Buy

There are several ways of implementing automated risk control within the company process. For instance, the use of SaaS solutions (Software as a Service) which are properly secured systems that aren't situated on company premises. These systems are continuously updated by the supplier in accordance with the latest insights and possibilities. Such a system can usually be set up quickly.

Automated risk control can also be set up 'on-premise' - that means within the company location. This is a more expensive approach, requiring more time and requires resources from the company's own IT organization, especially when the company chooses to develop the system themselves from scratch. The underperformance risk in developing a system yourself is rather large. You need specific expertise as well as capacity for developing and building it. The costs are usually high and limitless as regular updates are required. Moreover, there is a big risk that the system will become outdated by the time it is implemented and that the budget and the capacity will prevent the solution from being updated.

Identity

With only a limited number of specialists in the field of automated risk control, the question may arise whether your own identity will be sufficiently reflected in the outcome of the analysis. Isn't everyone doing the same thing?

Systems for automated risk control are set up on the basis of your own company strategy, your own business rules, your own compliance policy and your own 'risk appetite'. Any change in those factors can be updated by the system 'settings'. That way, the system is set up suited to the products, the ideal client profiles, the strategy and the desired image of the company. No bland uniformity, but a clear own identity.

Conclusion

The most important message we wish you to convey is that knowing your prospective client is of great importance in the corporate segment as well. That way, you avoid unpleasant surprises and strongly contribute to the company's continuity and positive result. Moreover, you're contributing to an improved discovery and prevention of certain societal risks such as tax evasion and terrorism.

Implementing an automated risk control system is the most effective, durable and cost-effective solution. All around the world, insurers are switching to such systems and realizing strong results.

About FRISS

FRISS is the leading provider of Trust Automation for P&C insurers. Real-time, data-driven scores and insights prevent fraud and give instant confidence and understanding of the inherent risks of all customers and interactions.  

 Based on next generation technology, the Trust Automation Platform allows you to confidently manage trust throughout the insurance value chain – from the first quote all the way through claims and investigations when needed.

Thanks to FRISS, trust is normalized throughout the organization, enabling consistent processes to flag high risks in real time.