The truth is, around 80 percent of all fraud businesses face starts from inside the company.
That's an uncomfortable feeling they shouldn't have to deal with every day.
Not to mention the increasing deception business owners face from outside threats.
The truth is, regardless of where it starts, it's unlikely they'll see any of it coming until it's too late.
Hugh Sprowson, Senior Underwriter at Argenta, talks about the role you can help play to handle that broken trust.
Joey Giangola: Mr. Mike Henning, how you doing today, sir?
Mike Henning: Good. How are you doing today?
Joey Giangola: I'm doing all right, Mike. I think we need to settle this debate first before we really get into anything serious, and that is the question of what is the best white collar/fraud based movie?
Mike Henning: Man, that is a good question. When I was actually doing a little research on this from a question you had asked me earlier on email, there's a new movie that came out, it's a true story about someone who committed fraud within their town of Dixon. It happened I think within the last 10 years. It was the controller of Dixon stole about 53 to $56 million from her small town of Dixon over 10 to 20 years. I think that's pretty good movie, and pretty good example.
Joey Giangola: What's the name of the movie, Mike?
Mike Henning: It's a documentary. I think it's The Horse Queen, because she was known to compete in these horse competitions, jumping, showing horses and things like that.
Joey Giangola: All right, is that on Netflix?
Mike Henning: It is on Netflix, yeah.
Joey Giangola: It feels like a Netflix doc. I was going to go with again on the more lesser known side of things, I just watched it recently, it's an HBO original, Bad Education starring Hugh Jackman. I think they did 10 million in public school embezzlement.
Mike Henning: That is a perfect example of crime, and that's where a lot of crime happens in the public sector because they're struggling with funds. A lot of the employees within the public and governmental sector, they're doing a lot of work for sometimes not as competitive as pay as they could get in the private sector.
Joey Giangola: Yeah. I thought it was a pretty fascinating watch for sure. I guess I wasn't really aware of how many white collar crime movies there were. A lot of them started Leonardo DiCaprio for some reason, and so you actually start to think about it. I think they do serve as, like you said, a good example as to the conditions that create the environment that would compel somebody to take these sort of actions, because it's something that you think, "Oh, it's never going to happen. It's not going to be the thing that's going to happen here." What do you think is maybe the thing that business owners overlook or try to just pretend they're not seeing the most when it comes to potential fraud cases in their company?
Mike Henning: I think business owners look at two things. One, a business owner, and for that fact the people that you work with, whether you're the owner or the manager or just an employee, you don't like to think of the people that you hired, the people that you work with as being dishonest. The other factor that business owners face constantly, but especially at a time like now, is trying to figure out how to getting the best bang for the buck, being very efficient with their costs and expenses. For example, right now there's a lot of companies that are furloughing and laying off employees, and what that's doing is putting a lot more responsibility and a lot more duties from the furloughed or laid off employees under the employees that are still there.
I've spoken to agents about this, and a lot of agents will say those employees are just happy that they have a job. I think that assumption has some truth to it, but there's also some inaccuracy to that too whereas a lot of those employees now look at, "Now I'm doing more work for the same amount of money." Now they have a little bit of contention, they have appreciation for having a job, but they also have contention for now doing more for less and they think they should be paid maybe a little bit more or have gotten a raise or something like that, or a bigger bonus. Now they have the ability because they are able to control more of the process to find out how to embezzle funds and how to cover it up. They sometimes can justify maybe taking a small amount of money at first and think of it as just a part of their pay now, and think that they're in the right of doing that.
Joey Giangola: Yeah. That's an interesting point because not only are they, like you mentioned in the Bad Education scenario, not only are they doing more work, but sometimes they might've felt... Everybody feels underpaid in some way, right? You add more work, you talk about the whole, "Maybe I'm not getting what I'm worth." Do you have any sort of idea of what the likelihood or the percentages that a business is looking to face a potential fraud or embezzlement situation? How many businesses does this happen to across the board?
Mike Henning: Every business out there, every organization whether it's public, private, non-profit, governmental, financial institution, everyone's susceptible to fraud. The thing about fraud is, and especially with crime insurance, your covering against human behavior, and even with experts that's a very hard thing to calculate and figure out. You just don't know what people are truly, honestly feeling and thinking all the time, and what different motivations, pains, and struggles they're having in their personal life that may cause them to start to embezzle funds from their company or their organization.
Joey Giangola: Yeah. And correct me if I'm wrong, but I believe you spent some time in the world of underwriting crime, and what were some of the things that you saw that you looked at and said, "Oh, this might be a situation that feels a little more fertile for potential crime." Is there something that businesses can do to spot the environments that they create? I would imagine that this is something that is not even like 10th or 11th on the list when they think of changes that they're making to the company. "If I do this, I'm setting myself up for a potential fraud or crime case with my business."
Mike Henning: Yeah. I did spend just under 10 years underwriting crime insurance, so I did have a fair amount of experience with underwriting it and seeing a variety of different types of losses. It always feels like there's a variety of different reasons why people start to commit these acts and some of it has to do with what the employee thinks is fair, and so they just want to be paid what they feel like they're worth. They will supplement what they're not being paid through what they're going to take, and I think I kind of touched on that already.
Sometimes there's family businesses where it could be a disagreement between brothers that was personal within the family, and the brother that maybe is on the lower end of the totem pole within the organization is like, "You know what? Now it's time for me to get back at my brother, and this is what will hurt him." And then there's others who go into an interview and go into an organization with the sole reason of embezzling funds because they see that there's a greater opportunity within this organization to do that.
Joey Giangola: Yeah. The family business is probably, I would imagine, one of the most likely scenarios because there's a birth of level of trust across the people that have control depending on how the relationship is.
Mike Henning: [crosstalk] and then that explodes, and then bam, there's crime. You see a lot of family businesses with auto dealerships and that's where we were, when I was underwriting, a little more conservative with those types of risks.
Joey Giangola: There's another industry that has a lot of family businesses, I don't know if anybody told you Mike, but insurance has quite a few. I'm not sure what the penetration rate is on commercial crime policies for independent agencies, but maybe it's something to look into. The other thing is that this is something that can happen for a long before it is discovered. What is the likely timeframes that these occurrences kind of go on, and maybe what are some of the things that business owners should be paying attention to? What are things that agents should be telling their clients to be looking out for when it comes to trying to prevent the longevity of these things happening?
Mike Henning: First part of the question is, crime loss is kind of death by a thousand cuts. It usually starts off at a small amount at one occurrence, but then the amounts escalate over time. A crime loss, they typically last between three, five, seven years, and that's why the losses typically are at six figures and can easily get into seven figures without even knowing it. In terms of what owners, and managers, and executives need to look out for in how to help prevent losses in that side, a lot of it is making sure, one, there's checks and balances in place, dual approvals. Two, separating the critical duties in your organization amongst people.
Don't overload someone with too much responsibility to give them the ability to commit the loss and cover it up. Especially in accounting, vendor approvals, and vendor management, that's where a lot of the losses come from within payments, and vendors, and accounting, and also payroll with ghost employees and things like that. It's really important to make sure that duties are appropriately separated between the employees so one employee doesn't have too much responsibility. I can't tell you how many times, especially within a religious entity, where that's a higher risk for crime. It's almost sorry to say that because you'll have an employee who controls all the accounting, and he or she is the first one in and the last one to leave, and then when they retire we find out there was a seven figure loss that they'd been stealing. There's so much cash that's being funneled in through donations, it's very easy to embezzle money from an organization like that.
Joey Giangola: Let's maybe dive into the actual coverage itself. I guess maybe first, where would you gauge just the overall awareness for crime coverage for a business? Is this something that they're actively thinking about? Is this something that you're seeing agents push heavily? Where is just the overall general acceptance level at right now?
Mike Henning: Crime coverage has been around for a very long time. It's an old coverage, but back to the point of a business owner never really likes to think that their employees that they hire are doing anything wrong, sometimes an owner will not purchase crime coverage because they don't think they need it, because they trust their employees, and everything's fine. I would still say for the most part crime is still purchased by many businesses, I would say well over 75% of businesses, it just depends upon what kind of crime product you're purchasing. Like any other product in the management liability space, [inaudible 00:12:45], EPL, Cyber Fiduciary, if you're buying it within a bop or a package policy, you're really only checking a box and you're not really buying a coverage that's going to appropriately cover you.
If you really want to buy a crime product that will appropriately cover you in the exposures that you have, a standalone product is the way to go. That is something that it's important to have, but I also know that crime and the terms of freemium within the management liability space, it's a smaller ticket item so sometimes that's the reason why there isn't as much attention devoted to it, and it can be sometimes overlooked. I can't tell you how many times I've seen full minute losses because the risk wasn't appropriately evaluated for, the exposures weren't really analyzed and reviewed, and it wasn't the right product or the right limit wasn't purchased. Even though the premium is a smaller amount versus some of the other products within the management liability space, it's still just as essentially important as any of those other products because the losses can just... Six figures, seven figures. That speaks on its own.
Joey Giangola: Yeah. What about those coverages that you think are important that again, maybe get overlooked that people don't take into consideration when they're saying, "Hey, just check this box just to make sure we've got it." To have a little more fully robust conversation about crime, what should agents be talking about to make that case a little bit stronger?
Mike Henning: It really can relieve a lot of pressure and a lot of uncomfortable situations if you have an appropriate product with your organization, and you do find that someone you did trust was actually embezzling funds, to know that you're actually you're protected and you're covered. That solves a lot of problems, and that can also be one of the factors that helps a company go from just trying to get by, to being able to grow. The funds that were lost by an employee who was embezzling funds, the items that they really want to pay attention to is employee dishonesty. That's why the majority of the conversation so far has been around the internal theft of crime coverage because the majority of losses, probably 80% at least, have been with employee dishonesty.
I'd say five years ago, 90% of those losses were internal with employee dishonesty. They scaled back a little bit because another part of crime coverage, computer fraud, and a newer part, social engineering also known as fraud impersonation, there's a variety of different names depending upon the carrier, has started to escalate, and there's been more loss activity within those agreements. That is something that's really important to make sure that risk has addressed because when it relates to computer fraud and specifically social engineering, you have agents and people within organizations within other countries whose sole responsibility, they're almost like companies, and their people go to work 9:00 to 5:00 and they probably have insurance plans and 401k just like we do, and their only goal is to try to create social engineering losses.
It's like casting out net, and they just try to tap as many companies. They don't dive into seeing the specifics of a company, it's just dial, dial. Dial for dollars, and in this case it's dialing or emailing to create social engineering losses. Eventually one person will fall into the trap because a social engineering loss is really caused more or less by human error rather than a technical breach, and that's an important item that companies really need to make sure their employees are trained on, are aware of, and are looking out for.
Joey Giangola: I don't know about you Mike, and we probably don't have the authority to do this, but I think you and me should at least create some sort of task force that creates better and more consistent naming across the insurance terminology, because like you said, there's probably eight different terms for social engineering or whatever, and can we be just a little more descriptive please on what it actually does? But I think you're right. You touched upon that third party, if we're going to use a fancy term, breach, even though it is a smaller percentage it is one that is constantly gaining traction and companies are being bombarded with it. That might seem like a more likely maybe occurrence to people just based on perception because maybe they hear about it, again they might feel like that's more of a 60 or 70% chance of happening versus, like you said, the internal. How do you appropriately plan for that from those conversations and getting a business in line with the realities, and covering each risk properly?
Mike Henning: You first have to assess exposures within each risk and bring to light where they're vulnerable, and that's a big thing because a lot of companies don't understand where they're vulnerable. Examples are always the best way to help show that, and a lot of times I remember when being a crime underwriter and even now as an agent selling it, and RPS now having a product... By the way, RPS's product has full limit liability, full limit actually for social engineering, which is a real big, positive thing for the RPS product because the biggest problem with social engineering on the agent side was finding capacity and limit for social engineering.
Everyone is so scared of offering enough limit on social engineering because it happens so fast and it's such a large amount. That being said, that's a really positive note to make sure I highlight. I think back to your question on how to understand what a risk needs to address in terms of crime and things like that, half of what health market crime is, is the news. You turn on the news, and once you're aware of what white collar crime is and what kind of loss falls into crime insurance, it almost feels like every other day there's a story on the news that is related to, or something that would be covered by, crime insurance.
Joey Giangola: Basically what I'm hearing, Mike, is one, you could get everybody together, watch the news. That sounds less fun. Maybe let's just go with an embezzlement movie night possibly, pop some popcorn, we can just go through some of the top ones and get some good examples. I got two more questions for you. I'm curious as to what your personal perspective is on the crime landscape, because it is changing so rapidly, it isn't old coverage, but yet there are new threats coming into it every day. Where do you think you're excited about where it's heading, what we need to be paying attention to, to stay up with all of the different things that are [inaudible] businesses?
Mike Henning: Really good question. There's a lot of unknown to that question, especially in how technology's so much more involved in how it can be used to facilitate losses. I remember when I was being interviewed for my job being crime underwriter, the person interviewed me said something that's always stuck with me, had said, "In the crime insurance world it's like cops and robbers. You're always one step behind the actual people, the robbers." It'll be very interesting to see how losses develop, and what new trends develop, and things like that.
The only certainty that maybe I can say is that it is probably going to be more technology based because there's so many more systems used, there's so many software, things like that, currency. I'm wondering if Bitcoin and cryptocurrency will start to play part of being a part of some companies' assets structure portfolios. There's a lot of unknown, you just know that there's vulnerabilities. Let's face it, there's just not much cash out there. You can probably look at your wallet, I know in my wallet I probably have cash in it maybe 10% of the time, and it's all reliant on electronic currency and transfer of funds. That's probably where you're going to see the robbers look to manipulate and form their theft, or embezzle their crime.
Joey Giangola: All right Mike, last question. We can throw commercial crime out the window if you want, but looking across the entire industry, I'm going to hand you a magic wand of sorts to really change or do anything you want maybe a little bit differently, a little bit faster. What's that thing that you want to do, and where's it going?
Mike Henning: I think there's a lot of companies that are doing it right now, and RPS is one of them that has that online quoting and binding platform. It makes insurance so much efficient, makes it so much faster, and allows agents to find a solution very quickly, satisfy their client's needs very quickly, and that's only going continue to evolve, and there's going to be more products that are going to be available. The internet is providing a lot more information to make it easier for us as RPS with our platform or portal to provide an option with less questions and more "efficient" application. It's already starting to happen, and I look forward to seeing it grow and seeing it evolve, and how that's going to end up.
Joey Giangola: Mike, this has been fantastic. I'm going to leave it right there, sir.
Mike Henning: Thank you, Joey. Thanks for having me.