ACE elite fraudprotector Commercial Crime Insurance Policy ACE elite fraudprotector Insurance Policy (ed. AU 09/10)
It wouldn t happen to us
ACE elite fraudprotector Insurance Policy Fraud is a major threat to business despite regulation and increased internal controls. At ACE Australia, we have been insuring all types of entities, both for-profit and non-profit, against crime, and have been an insurer of choice for commercial crime policies based largely on our ability to manage claims efficiently and expeditiously. In order to assist our clients in understanding the types of fraud exposures that they may face in their daily operations, we have compiled a sample of loss scenarios, which highlight some of the following key risk drivers and the lessons to be learnt: Stock misappropriation Supplier collusion IT Manager excessive access risk Fund Transfer authorisation losses Contract allocation kickbacks Personal expense abuse Loss Scenarios Manufacturing Co The company was notified by its bank that there was a shortage of A$35,000 in their daily cash balance from the previous day. It was discovered that an employee had been embezzling customer s accounts over a three year period. The employee in question worked in the finance department and had the ability to deposit and withdraw funds from the company s bank accounts. Lessons Learnt complacency borne out of perception of long serving trusted employee; adequacy of controls and protocols around bank transfers; lack of segregation of duties. Mining Co This fraud involved alleged suspicious payments initiated by an employee in the finance department of the company s European headquarters, who was responsible for several of the company s small legal entities. Suspicions were aroused in the course of completing the financial year-end accounts, when the chief financial officer was unable to substantiate payments made from two of the legal entities to third party companies. Upon further investigation by the finance team, it was discovered that nineteen fraudulent payments were made to the external entities using forged documents consisting of modified payment requests with copied signatures with a loss approximating 1.2 million. Lessons Learnt better controls required around payments to third parties including by electronic signatures e.g. key codes and transaction verification processes; Segregation of duties in respect to reconciling bank accounts with two different accountants performing reconciliation. ABC University Discovery of a number of instances of thefts by three employees who orchestrated a series of false and fraudulent invoices for research work over a period of two years and intercepted payments in the region of A$1.2m. Lessons Learnt importance of verifying invoices by use of eg. dual signatories comprising managers from unrelated business units; Ensure that all new bank accounts are verified by senior managers with dual signatories. Club Employee misappropriated funds totalling at least A$1m over an 18-month period resulting in a loss to the club. The perpetrator utilised the club s online banking facility to transfer funds via EFT from the club s account to three personal accounts and concealed these transactions within the club s accounting system. The club s bank required online EFT transaction to be completed with the authorisation from two separate employees. Each selected employee was given a token device which requires an individual PIN number that generates a random number which has to be entered into the online banking system in order for the transactions to be approved and completed. The perpetrator obtained access to the token devices of other staff members along with their PIN numbers. In addition to having access to more than one token device, the perpetrator was also given administrator access level when originally employed, which allowed her to delete/ change entries, alter user identification and passwords. The perpetrator s role also included managing the banking reconciliations as well as the accounting reconciliations which were supposed to be reviewed and agreed to by the CFO this review process had not occurred. Lessons Learnt the fraud highlighted a number of poor internal fraud control systems including: 1. Control authorisation and access levels to the online banking system; 2. Security surrounding passwords issued to and/or utilised by staff members;
3. Segregation of duties relating to the data entry of EFT s and transfer authorisations; 4. Necessity to adhere to control systems including, in this instance, the requirement of the CFO to be the second authoriser in relation to EFT s and not some other more junior staff member; and 5. Segregation of duties by accounting staff when performing transfers of funds and banking reconciliations. Energy Co An employee was responsible for maintenance of the company s offices. The employee created false invoices, involving collusion with up to five separate suppliers, for basic over charging of air conditioning systems, electrical contractors and electrical equipment purchases. The fraud was perpetrated over a 10 year period at a cost of GBP 2m and was discovered by a new employee in the finance division who was charged with reconciling invoices. The employee had been at the company for many years and was entrusted with supplier selection, invoice authorisation and bank account management. Lessons Learnt breakdown of use of independent checks and controls; complacency borne out of perception of long serving trusted employee; lack of segregation of duties, supplier collusion. Engineering Co This company had a number of office locations where sub contractors left valuable specialist equipment when performing work under contract. The specialist equipment was stolen overnight resulting in a loss in excess of GBP 350,000. Lessons Learnt be aware of the type and value of property being held or left on site in the company s care and control; necessity to control environment for safekeeping. Car Fleet Co An employee misused his position for a period of six years by purchasing a wide range of goods for personal use, such as mobile phones, scooters, tyres and boat items. The employee sold these items to relatives and friends. The loss was discovered by an external audit. The claim amounted to USD1.25 million. Lessons Learnt breakdown of use of independent checks and controls; complacency borne out of perception of long serving trusted employee; lack of segregation of duties.
Managing fraud risk Companies need to be rigorous about enforcing their anti-fraud measures. The following checklists offer general guidance and will assist in developing a fraud prevention and mitigation plan. Understand and review high risk and key operations such as: Management; employees; third parties; and Procurement; finance; sales. Implement key lines of defence Segregation of duties Recruitment Pre-employment screening Due diligence Post-employment monitoring Ethics policy Ensure staff know what constitutes fraud Whistleblower programme Fraud response plan Instigate and communicate procedures and guidelines SOME Do s and Don ts when you discover a fraud Do s Get on with running the business Activate your fraud response plan Investigate think forward Consider third party specialists Take whistleblowers seriously Be objective in your assessment Don ts Ignore the fraud Respond emotionally or with too much haste Immediately confront the fraudster/s Damage or mark evidence Limit scope of concerns to specific issues Ignore industry regulators Implement systems and controls to mitigate risk, particularly in the following areas: IT Security People management Workflow systems and processes Authorisation Audit trails Limit the number of people involved Put a time limit on investigations
Key features ACE elite fraudprotector provides cover for direct financial loss suffered due to crime. It is a losses discovered and notified policy. This means that for a claim to be valid the insured has to become aware of a possible loss during the policy period and provide notice of such matters to the insurer during the policy period or, if applicable, any subsequent discovery period. Main cover Internal crime Direct financial loss as a result of fraud or dishonesty by employees stealing money, securities or property from you External crime Third party computer crime Third party forgery Third party counterfeit Theft, Physical Loss or Damage Third party permanently depriving you of money, securities or property Destruction or disappearance of money or securities Client loss Where the insured is responsible for the care, custody and control of clients money, securities or property and such has been lost under the main cover Fees, costs and expenses Auditor fees or investigation costs to identify covered losses Legal fees in defence of demands or claims resulting from a covered loss Fair and reasonable costs to restore the insured s computers following a covered loss Optional additional cover I n teres t That the insured would have received or been legally liable to pay to a client following a covered loss Outsourcing Includes cover for losses suffered by our insured as result of the fraudulent acts of employees of outsource companies to which our insured has contracted for services Contractual Penalties enforced against the insured as a result of a covered loss Public Relations Expenses Fees and expenses to hire a PR firm to manage adverse publicity in relation to a covered loss. E x to r t i o n Non expense items following communicated threats to staff or their immediate family Automatic acquisitions of acquired or created entities Automatic cover for 30 days provided the gross annual revenue is less than 25% declared to us in the proposal form or as stated in the latest annual report Discovery period If an insured decides to discontinue a commercial crime policy a discovery option can be taken to cover unknown loss Pa r t n ers Fraud of partners is covered after the deduction of any excess and the equity interest of such partner(s) Erroneous Funds Transfer Loss resulting from unlawful retention by third party of money or securities which were misdirected or erroneously transferred by insured Important Note This brochure is intended to provide only a general description of the insurance policy (ACE elite fraudprotector Insurance Policy (ed. AU09/10) and is not intended to modify the actual provisions of the wording. It is recommended that a potential purchaser thoroughly examine the policy offered and consult with an appropriate expert to be certain of the precise nature of its details. Potential purchasers should contact ACE or their broker and / or insurance agent for further advice.
Why ACE elite fraudprotector? ACE elite fraudprotector is a leading crime product designed to provide broad cover to any type of commercial enterprise at a time when business needs protection the most. ACE is committed to meeting customers needs through: A strong capital base that can deal with major exposures A wide variety of innovative products and services An international network of claims centres and risk control professionals who know how to help clients reduce risk and loss costs. Operating in Australia for over 50 years, ACE Insurance in Australia is a member of the ACE Group of Companies, a global leader in insurance and reinsurance serving a diverse group of clients. Headed by ACE Limited (NYSE:ACE), a component of the S&P 500 stock index, the ACE Group conducts its business on a worldwide basis with operating subsidiaries in more than 50 countries. ACE in Australia provides specialised and customized coverages including Marine, Property, Liability, Energy, Professional Indemnity, Directors and Officers, Financial Institutions, Utilities and Accident & Health. ACE delivers this wide range of quality risk management solutions backed by exceptional service to its broad client base, including many of the country s largest companies. The A+ financial strength rating by Standard & Poor s is indicative of ACE Australia s strong capitalization and reflective of its parent s rating outlook. (ACE s core operating insurance companies are rated AA- for financial strength by Standard & Poor s)* Additional information can be found at: www.aceinsurance.com.au * Note: details of this S&P rating are provided to you solely for wholesale client use only and must not be used such that it is disclosed to, or accessed by, any retail client.
ACE Insurance Limited Head Office ACE Building 28 34 O Connell Street Sydney NSW 2000 Tel : +61 (0) 2 9335 3200 Fax : +61 (0) 2 9335 3411 Victoria Level 16, 600 Bourke Street Melbourne VIC 3000 Tel : (03) 9623 7222 Fax : (03) 9629 5058 Queensland Level 28, 10 Eagle Street Brisbane QLD 4001 Tel : (07) 3221 1699 Fax : (07) 3221 4124 South Australia Level 7, 147 Pirie Street Adelaide SA 5000 Tel : (08) 8418 3000 Fax : (08) 8418 3010 Western Australia Level 26, 44 St George s Terrace Perth WA 6000 Tel : (08) 9325 2399 Fax : (08) 9221 1559 Website : www.aceinsurance.com.au