e-book

Shielding the future of the insurance industry

How to implement proactive strategies to mitigate risks and prevent fraud

Why the industry needs protection now more than ever

Dealing with fraud is nothing new for insurers. Traditional tactics such as making false claims or providing incorrect information have long been major challenges in a sector where the potential rewards for criminals are high. Today, however, the stakes are even higher, with ever-more sophisticated, novel frauds perpetuated by digital means, amplifying the risk and making detection even more challenging. Data from the Coalition Against Insurance Fraud reveals that fraud costs businesses and consumers $308.6 billion a year. With ID theft, account takeover fraud (ATO), synthetic identities, and tailored phishing schemes adding to the list of scams insurers must watch out for, it’s critical that insurance companies stay ahead of the game.

At the same time, regulatory requirements on insurers are intensifying and evolving, and insurers must comply with an array of different rules in different jurisdictions where they operate. While such obligations should serve to help insurers fight fraud by setting higher standards, compliance can be extremely complex. Creating robust, efficient fraud detection systems is more critical than ever before — and more than ever, these rely on accurate data and smart tech tools to spot red flags and support thorough investigations.

We’ve designed this e-book to help guide insurers through this landscape, looking at the key issues they face and discussing potential solutions. It provides an overview of the current regulatory framework and some of its principal requirements, critical market challenges, emerging types of fraud, and the role of data analytics in combatting them.

Navigating a complex regulatory framework

U.S. insurers are subject to an intricate nexus of regulation, with rules imposed at both federal and state levels and dependent on the type of products offered. Knowing which rules they are subject to — and where — is vital to implementing a fit-for-purpose compliance program that protects insurers’ businesses and their customers from scams, as well as from reputational damage and fines for non-compliance. That can be quite a tall order.

Under the McCarran-Ferguson Act, each of the 50 states has the power to implement its own rules on insurers. For instance, some — but not all — states require insurance companies to implement a Special Investigations Unit (SIU) to investigate suspected fraud, whether staffed internally or outsourced.

To ensure a consistent approach based on best practices, state regulators come under the banner of the National Association of Insurance Commissioners (NAIC), which sets standards and provides guidance. These standards include creating model laws on risks such as data security and privacy, risk-based capital, and fraud prevention, with the latter focusing on issues like fraud warnings, reporting, and confidentiality.

However, implementation across jurisdictions can be patchy. For example, since the NAIC published its Insurance Data Security Model Law in 2017, fewer than half of U.S. states had adopted it by January 2024.

At a federal level, all insurance companies, no matter what states they operate in, must comply with the U.S. Treasury Department’s Office of Foreign Assets Control’s (OFAC) sanctions rules — notably the requirement to screen potential customers to ensure they are not specially designated nationals (SDNs) before writing a policy or issuing a claim. These are individuals and companies owned, controlled by, or acting for targeted countries or entities, such as terrorists and drug traffickers designated under programs that are not country specific. U.S. companies are prohibited from doing business with SDNs.

Although OFAC publishes searchable lists of SDNs, results are not necessarily conclusive, and insurers often need to do further digging to get a hit. This process can be challenging, particularly for smaller regional insurers with fewer investigative resources.

At a product level, requirements under the Bank Secrecy Act and Anti-Money Laundering (AML) rules may also come into play, with providers of higher-risk products like life insurance policies obliged to play their part in preventing and detecting money laundering.

Across the board, all insurers must ensure the brokers and dealers they work with can legally sell their insurance products. Insurers need to conduct due diligence on their brokers to understand who they are dealing with and make sure they are a legitimate, reputable business. This due diligence requires thorough security checks and ongoing risk monitoring.

Key challenges facing insurance companies

Complying with a complex regulatory framework is a significant challenge facing insurers — but it’s just one part of the picture as companies fight fraud.

In recent years, the insurance market has become more competitive as new, disruptive players have entered the market. At the same time, companies have become increasingly focused on cost control, often fighting fraud and managing compliance on reduced budgets.

Since the COVID-19 pandemic, there has also been a reduction in the number of investigators working in the field, resulting in much more desk-based work, with investigators increasingly using technology to track down fraud. Tech tools can also help make investigations more cost effective by putting deeper insights at investigators’ fingertips.

While some of the risks insurers are grappling with are universal, each line of business faces its own distinct threats, too.

Life insurers are typically worst affected in terms of the sheer scale of the value of fraud, with the CAIF putting the annual cost at $74.7 billion annually. It’s clear that money laundering poses a vital risk to life insurers and their customers, thanks to the often high cash value of policies, and robust AML programs are required to tackle it.

Common frauds, including lying on applications, forging policy changes, or fake deaths, are today joined by new tactics like identity theft and the use of fake medical evidence, ramping up the sophistication of crimes.

Property and casualty fraud is another prime candidate for criminal activity, with the cost estimated by CAIF at $45 billion. Here, single fraudulent claims may get through without question, but multiple losses, such as serial claims for lost property, may need to go through an SIU department for a more thorough investigation.

The Coalition Against Insurance Fraud estimates that the costs of other types of insurance fraud include:

Final estimate of the cost of insurance fraud in the United States

(All numbers are in billions and figures are as of 2022)

Property & Casualty $45B
Worker's Compensation $34B
Premium Avoidance $35.1B
Healthcare $36.3B
Medicare and Medicaid Fraud $68.7B
Life $74.7B
Disability $7.4B
Auto Theft* $7.4B
Annually $308.6B

Evolving types of fraud

In the digital era, scams are more convincing and easier than ever to perpetrate at scale, with fraudsters constantly finding innovative new ways to commit fraud — and insurers often having to play catch-up. It’s relatively easy to use technology to fake documents, voices, and images, making it much harder to tell if someone is really who they say they are and whether their documents are genuine. People already use artificial intelligence (AI) to create realistic deepfakes. Plus, fraudsters can perpetuate digital fraud from a distance, so there is less chance of being caught or brought to justice — especially when they can make fraudulent transactions in seconds.

Theft of sensitive personal data is a major problem as well. According to the Identity Theft Resource Center, there were 642 publicly reported data breaches in the U.S. in the third quarter of 2024 alone, affecting more than 240 million people, with financial services companies hit the most. Stolen data is often sold to other bad actors, who can then use it to commit ID theft or create synthetic identities, where criminals use real and fictitious data to create a new identity with which to commit fraud. The problem is getting worse — according to data from cybersecurity company Crowdstrike, last year saw a 76% spike in data theft victims named on the dark web.

The dark web is not only a hotbed of stolen data — like passwords, email addresses, and bank details — it’s a place where criminals can even purchase off-the-shelf phishing scams, with everything required to defraud a particular company or entity available for sale. For example, criminals can buy legitimate-looking mock-ups of company web pages designed to harvest sensitive information. Criminals offering these kinds of services are usually very professional outfits, offering a range of services to maximize financial gain while taking cybercrime to the next level.

The role of data in combatting fraud

Conducting thorough risk assessments, undertaking ID verification, monitoring claims for potential fraud, and carrying out investigations into suspect activity requires insurance companies to have access to comprehensive, accurate, up-to-date information. However, scouring the internet and manually conducting searches of public records is time consuming and prone to critical information getting missed. Conversely, there’s the risk of getting misleading “false positives” in search results, which wastes time and could cause reputational damage if one takes the wrong action.

Digital tools can automate many of these processes and dive deeper and more expansively into central information sources in real time, providing alerts where necessary that give investigators a significant advantage. They can get better results in less time, enabling them to take swifter action as needed and freeing up their time for other essential tasks. Making processes efficient and frictionless also helps address cost control considerations and assists with ensuring data is clean, consistent, and robust.

By using software that can collate, verify, and analyze different types of data, insurance companies can obtain a holistic, reliable picture of a subject, empowering them to make confident decisions about whether or not they should do business with them or pay out a claim.

For example, tools that scan adverse media sources and sanctions, politically exposed persons (PEP), and state-owned entity (SOE) lists across global news publications and international databases allow insurers to conduct much more thorough reviews.

Likewise, tools that enable life insurance companies to check millions of publicly available death records can also be extremely valuable. They can verify payout claims and create much-needed visibility into their scope of liabilities. This ability allows them to adjust their capital reserves accordingly to cover claims and place themselves on a firmer financial footing.

In cases of synthetic IDs or ID theft, it's crucial to use software capable of verifying the authenticity of documents, including those issued by foreign countries in various languages. Such software should also deploy biometrics or behavioral analytics to identify suspicious images or activities and perform reverse checks on phone numbers and emails to confirm the details provided by “customers.”

Suites of tools that can holistically join all these dots make the job even easier and more accurate.

The outlook ahead

Taken together, all these data points add up to reliable insights that should inform the approach to individual investigations and help shape wider fraud prevention strategies. Knowing which threats are most frequent, which types of fraud they are best — or worst — at preventing, or where emerging areas of risk lie will help insurance companies understand their strengths and weaknesses. Then, they can build on what they’re doing well and bolster their efforts where needed.

As we look ahead, we cannot underestimate the role of AI. Used appropriately, AI models can turbocharge data analytics, crunching vast volumes of data from various proprietary and third-party sources to identify patterns and anomalies, highlight red flags, uncover trends, and perform predictive modeling.

To maximize the value they deliver, AI tools will need robust, relevant, recent, comprehensive data, so insurance companies may need to consider whether they need to undertake a data remediation project to get their data house in order sooner rather than later. That way, they will have better insights now and will be ready to leverage AI as it comes to the fore in risk and fraud prevention.

Moreover, given that fraudsters are increasingly using AI to make scams even more sophisticated and convincing, insurers will inevitably have to deploy AI themselves to stay ahead of evolving and emerging threats. For example, natural-language processing models can help spot unusual terminology or discrepancies in claims documents or communications that could indicate fraud.

AI could also play an increasingly important role in compliance, helping organizations keep track of fragmented and ever-changing regulations and update their policies and procedures accordingly.

The right tools for the future

From the continuous onslaught of new and increasingly sophisticated scams to the impact of a complex and demanding regulatory regime, vigilance is always the watchword. The insurance industry is nothing if not resilient and adaptable, and although fraud is a perpetual threat, companies have a range of tools available to help them tackle it effectively and efficiently. By creating robust fraud detection systems that deliver fast, accurate insights based on comprehensive, relevant, and up-to-date data, insurance companies can protect their assets and maintain trust with their clients at every stage, enhancing overall customer service.

Discover more about how Thomson Reuters Risk & Fraud solutions can help you stay ahead of the game.

Thomson Reuters is not a consumer reporting agency and none of its services or the data contained therein constitute a “consumer report” as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning; establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing; or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.

Investigate, detect, and prevent risk and fraud

Discover why Thomson Reuters has been a trusted source for societal institutions and businesses for over 150 years