Caution! Crime Loss Exposures

Crimes that can strike organizations, imposing property, liability, personnel and net income losses might stem from robbery, embezzlement, arson, cheque fraud, vandalism and homicide.

Notwithstanding the impact of the actual property loss (monies misappropriated, etc.), there are potential liability losses resulting from criminal acts by employees or others directed or allowed to commit crimes on the organization’s behalf. Net income losses could result from having to divert time management and resources that could otherwise be used to increase market share and generate profits. Personnel losses could result from loss of key employees and their contribution to the company’s income. The starting point for analyzing and controlling the loss is determining the function of the key employee (or employees) and the resulting loss severity. Typical loss control measures for personnel, involves contingency plans for replacing employees.

PAIRING DOWN THE PERILS

Crime perils have distinctive characteristics requiring special risk control measures. These intricacies include: control by hostile intelligence; and, constant and universal loss control efforts arising from a single hazard – the person who commits the crime (rather than an Act of God). Indeed, crime is the only peril that is directed by human intelligence and is intentional.

Risk management of crime exposures requires a focus on hostile human conduct. Key risk control measures include an active anticipation of new opportunities for criminals to attack the organization and creation of countermeasures before the attack. In addition to constant vigilance, crime loss control measures include:

* reducing the hostility of persons who may commit crimes against the organization

* shielding the organization’s assets and activities against hostile persons by maintaining physical, procedural and managerial barriers that reduce criminals’ opportunities

* reducing potential criminals’ perception that they can commit crimes against the organization with legal impunity.

CONTROLLING FIDELITY LOSS

Fidelity losses result from: employee dishonesty; robbery and burglary committed on insured premises; mysterious disappearance or destruction of money and securities; off-premises hold-up and robbery; acceptance of counterfeit money and money orders; and, cheque forgery.

Fidelity loss control methods should attempt to benefit from the use of physical, procedural and managerial controls.

Physical controls include alarms, security patrols, cameras, fences and safes or vaults. Procedural controls, however, define how to securely perform particular tasks making it difficult for persons to commit crimes or make crime detection more prompt or certain. An example of a common risk management procedure is requiring that every individual enter through a security sign-in area or provide individuals with passwords. The key is for procedural controls to make it difficult for potential criminals to act alone or remain unobserved. Procedural controls can also help detect crimes that have already been committed and identify the perpetrator(s).

Finally, managerial controls must be in place to support the overall risk management process. These can include hiring and initial training practices that emphasize intolerance and vigorous prosecution of dishonesty and crimes. Another key control is educating employees about the organization’s crime loss exposures and the measures implemented. Employees can also be encouraged to report criminal activities or to make suggestions for deterring crime. Indeed, the importance of an organization’s employee participation in risk management of crime losses is integral. Results of the US “2004 Report to the Nation on Occupational Fraud and Abuse” – released by the Association of Certified Fraud Examiners (ACFE) – indicate a direct correlation to the Canadian situation:

* 40% of occupational fraud detections initially occurred via tip lines with 24% by internal audit, 21% by accident and 18% via internal controls.

* The majority (60%) of tips come from employees. However, an organization’s crime controls (i.e. tip line numbers and instructions) should be communicated and available to external parties. The benefit of this is apparent as of all the tips regarding suspected dishonesty investigations, 20% came from customers while 16% came from vendors.

* The benefit of hotlines also appears to be quantifiable as seen in the statistics: US$56,500 was the median loss for organizations with tip lines while organizations without tip lines suffered median losses of US$135,500.

THE STATS ON CRIME

The results of the ACFE survey underscore the importance of fidelity insurance in a risk management program by demonstrating that risk control measures alone will not be sufficient.

Perhaps most relevant for individual risk managers is the data on perpetrator characteristics. Dealing with employee characteristics such as gender, age, race and religion (or any type of demographic profiling) requires the employer’s risk manager to exercise extreme diligence in complying with human rights laws. Nevertheless, this information indicates important characteristics of perpetrators. The risk manager can take these into consideration when developing staffing requirements and risk control measures.

* As the perpetrator’s level of authority in the organization rises, so to does the size of fraud losses

* Tenure – indicative of the role trust plays – a direct correlation seems to exist between length of tenure and the size of loss in a fraud scheme

* Effect of education (frequency) as much as half of the perpetrators had no more than a high school education. 42% had a bachelor degree and 9% had a postgraduate degree.

* Effect of education (severity) as the education of perpetrators rises, so to does the median loss.

* Effect of collusion (frequency) approximately 67% of the frauds in the 2004 study were committed by a single perpetrator

* Effect of collusion (severity) when more than one perpetrator was involved, the median loss more than tripled!

* Effect of gender (frequency) virtually no gender difference – 53% were men.

* Effect of gender (severity) the median loss was much higher for men perpetrators – $160,000 for men vs. $60,000 for women in 2004. The difference largely thought to be due to glass ceiling effect – the effect of tenure and position comes into play – men tend to hold higher positions.

RISK MANAGEMENT PROGRAMS

There are two essential components to creating an efficient risk management plan for instance of crime. Risk controls can be used to prevent losses from occurring and/or to minimize their size. Secondly, financing techniques can be used to pay for the losses that may occur despite the best efforts of risk control.

Upon initiation, this plan should further implement a combined approach. Effective risk management calls for combining risk control techniques with risk financing techniques for each significant loss exposure an organization may face. Without risk financing, risk control techniques are not sufficient because some losses are inevitable and recovery from these losses must be financed. Without effective risk control, risk-financing techniques typically do not constitute effective risk management.

FIDELITY RISKS

Completely inoculating an organization from loss exposures (crime or otherwise) is not possible without simultaneously paralyzing the organization. As Indian politician Jawaharlal Nehru said, “The policy of being too cautious is the greatest risk of all.” – taking too many risk control measures can be a bad thing. Risk managers should conside r combining risk controls with risk financing techniques. Typical risk control techniques include exposure avoidance, loss prevention, loss reduction, segregation by separa- tion, segregation by duplication and contractual transfer – risk control. Typical risk financing techniques include: retention – current expensing; retention – unfunded reserving; retention – funded reserving; retention – borrowing;, retention – captive; and, contractual transfer – risk financing and commercial insurance.

Fidelity insurance is a special subset of commercial insurance that is the most obvious tool for financing crime loss risk exposure. Caution should be exercised in selecting the limits of insurance and the type of coverage. There is a common perception that fidelity insurance (employee dishonesty) is not required as stand- alone coverage due to the existence of crime coverage in the organization’s Commercial Mercantile Policy (CMP). However, this is often a misnomer. The CMP will usually offer only a minimal limit of crime coverage (typically $5,000 to $50,000), which is far below the median loss amounts previously cited. In establishing fidelity insurance limits of coverage, the risk manager must consider how much could be misappropriated over an extended period of time (possibly years) – small amounts can add up. There is no scientific formula for determining appropriate limits, but a good starting point is determining how much an employee can successfully defraud a company over a three to five year period. The greater the trust, the greater the opportunity to commit wrongdoing. Long term and highly trusted staff are too often overlooked as posing an innocuous exposure to fidelity loss.

CONQUERING CRIME

A risk management program to address fidelity loss exposures must incorporate both risk control and risk-financing techniques. It is clearly impossible to fully insulate an organization against fidelity losses without robbing it of the freedom needed to function profitability in the larger society.

Fidelity insurance may be a key method for addressing the financing of fidelity risk exposures. At the end of the day, the insurer and the insured have the same priority considerations:

* stop further thefts;

* determine amount stolen;

* determine who is responsible; and,

* recover the misappropriated assets