Saturday morning. January 1, 2000.
Imagine you
are the owner of a small- to medium-sized manufacturing firm. You take
a ride over to the plant just to "check things out." At the front entrance
the security keypad doesn't seem to recognize the usual access code so
you walk to the side loading dock and use your key to enter the building.
The furnace,
part of a computerized air handling system, has unexpectedly shut down.
Your building is almost as cold inside as outside. All of the elevator
doors are open in the first floor lobby. None are responsive. Walking
through the plant you go from one computer terminal to the next noticing
that some seem to have locked up.
A few hours
later, after summoning your administrative and manufacturing supervisors,
you're informed that your company's electronically stored account receivables,
payables and contract records are gone. The computer-controlled manufacturing
process is turning out rejects, and processing machines are frozen in
a stop mode.
In short,
the contracts your company depends on cannot possibly be fulfilled, and
there is a good possibility that you will end up being sued for failure
to perform and willful negligence. To make matters worse, you call your
insurance broker to find that policy language from your carrier puts all
Y2K direct losses outside coverage that you thought you had.
Do you hire
a lawyer to fight the insurance companies in court over a very uncertain
outcome and years of delay? You don't have years. And then it hits you
- a desperate thought in the midst of a desperate situation.
Fraud.
Set a fire
in the trash or storage room? You wouldn't have to destroy the place -
just create enough smoke and water damage from sprinklers and the fire
department to ruin the old equipment. Or maybe you can stage a "burglary"
and trash what's already broken? What about manually shutting off the
furnace over the long weekend and letting the sprinkler system freeze
before turning the heat back on? Desperate measures? Maybe. But your business
is at stake.
The Fraud
Factor
While insurers
may be shoring up policy language in anticipation of Y2k-related claims
- founded or unfounded - they may not be prepared for an increase in the
incidence of fraud related to the Year 2000 problems. True, a large scale
failure like the one described may not accurately describe most insureds.
But it's likely that some insureds looking for ways to avoid years of
litigation with uncertain outcomes and costly legal expenses may turn
to fraud. Carriers should be aware of this situation and do the kind of
planning necessary to avoid getting caught short.
Are You
Prepared?
Despite the complexity and technical nature of the problem, there
are a number of ways carriers can prepare themselves for dealing with
possible fraudulent claims.
q Require
each insured to certify that all mission critical systems, including process
control devices containing embedded logic, are Y2K compliant.
q Assemble
specialized Y2K fraud teams staffed by skilled claims handlers, underwriters
and Special Investigative Unit investigators who will screen suspicious
losses where computers or process systems are the apparent target. Focus
on fire, vandalism or water losses occurring in small- to medium sized-
firms that are heavily computerized or automated. These teams should have
skilled software engineers available to diagnose and/or test computer
controlled equipment and process control devices containing embedded logic.
q Obtain
financial reports for companies suspected of making fraudulent claims.
SEC guidelines require most public companies to disclose Y2K readiness
plans in the MD&A sections of their annual and quarterly reports.
Obtaining prior financials in these cases may help establish motive.
q Watch for
claims where a computer or system is the subject of a direct "hit" and
flag those for specialized investigation.
q Gather
detailed make & model numbers for all Y2K susceptible equipment at
a loss. Obtain information through disclosure laws from the equipment
manufacturer or from industry contacts about Year 2000 problems with the
same category of equipment elsewhere.
q Obtain
records detailing the insured's efforts to bring the firm to Y2K compliance
and verify each entry. Firms making a good faith effort to bring EDP and
process control devices to Y2K compliance standards will have already
established an historic audit trail with software engineers, software
and hardware suppliers and process equipment manufacturers.
q Interview
production personnel, shift supervisors and equipment operators as part
of any suspected Y2K fraud investigation. Shift supervisors and equipment
operators will usually be familiar with modifications to, or failures
of, their equipment. Production personnel will also be among the first
to know if a critical supplier has had a production failure affecting
their own productivity.
q Remember
- the potential for fraud starts now, not on Jan. 1, 2000. As insureds
begin testing systems and processes they become aware of Y2K-related problems,
some will consider fraud.
It's All in the Numbers
Fortunately, many businesses are investing a considerable amount of
money and effort to make their operations Y2K compliant. The top 250 corporations
in the United States alone will spend at least $37 billion before the
year 2000 to make sure that their computers will work in the next century.
Even with
this effort, experts agree that is unlikely a company can identify and
remedy every glitch. Embedded chip technology, some of which is date-dependent,
can be difficult to identify in today's automated manufacturing processes.
And even if individual components can be made Y2K compliant, there is
no guarantee that they will all work together if even one glitch is overlooked.
Add to this scenario some 23 million small businesses not intending to
do anything to prepare themselves, their systems, and their process for
the Year 20001, and there will almost
certainly be losses.
Just how
many of these losses will become fraudulent claims is impossible to tell.
But insurers who are prepared will be in the best position to minimize
the consequences.
¹ "Small
Business and the Year 2000 Problem," 1998, Wells Fargo Bank
Robert
Corry is a Fire Investigation Specialist in the Claims department at American
Re. He served on the Massachusetts State Police from 1974 until his retirement
in 1997. There he was assigned to the Massachusetts State Fire Marshal's
Office (SFMO) from 1982 until 1997. Bob was a fire and arson investigator
assigned to Hampden County for 10 years, and was Detective Lieutenant
and Commanding Officer of statewide SFMO Fire, Arson and Explosion Investigation
Unit - the largest unit in the state police - from 1992 until 1997.
Have a comment
on this column or a suggestion for a topic? Please send e-mail to rcorry@amre.com.
Y2K
Q&A
Q.What is
the Y2K problem?
Many computer programs with operating systems that use two digits to keep
track of the date will, on January 1, 2000, recognize "00" not as 2000
but as 1900. This seemingly minor programming error could cause affected
computers to stop running, start generating erroneous data or, in the
worst cases, lose all of their data.
With 100
million computers linked together in a global network an inability to
electronically communicate may result in failures within a single network
or failures within major systems threatening some things we take for granted
like delivery of electric power and other utilities, stock markets and
even national defense systems.
Q. According
to experts what are the most likely processes/controls to have Y2K problems?
- Failure
of the US or foreign stock markets or banks to operate
- Equipment
or machinery regulated by date-sensitive chips in computers or process
control devices
- Interruption
of power grids or other utility supplies
- Miscalculation
of rates or benefits
- Dislocations
in traffic control, manufacturing, security systems, HVAC
Any of these
failures could impact professional liability, business interruption, or
could increase the risk of various types of accidents resulting in personal
injury, property damage, business interruption and liability.
Q.Our
policies already exclude Y2K-related perils. Why should I be concerned?
Carriers should be aware that uninsured losses resulting in personal
injury, property damage, business interruption and liability could become
insured losses if damage is created by a named peril such as fire, smoke,
burglary or water. You can expect a percentage of your insureds will try
to use fraud to cover uninsured losses stemming from Y2K failures.
Q.What
can P/C insurers do?
Enforcing strict underwriting & claims handling standards along
with getting anti-fraud teams ready are steps all P/C carriers should
consider.
Insurers
should seriously consider organizing Y2K investigative and adjustment
teams soon to prevent an unscrupulous insured from trying to turn an avoidable
problem into a windfall for themselves and a crisis for your company.
Resources
for the fight against Y2K Fraud
1
- 888 - USA - 4 - Y2K
Federal Year 2000 Information Telephone Hotline.
Small
Business Administration
http://www.sba.gov/y2k
CIO
Council Committee on Year 2000
http://www.itpolicy.gsa.gov/
mks/yr2000/cioy2k.htm
Independant
Insurance Agents of America
http://www.iiaa.org/
Factory
Mutual Insurance Company
http://www.fmglobal.com/
Common Indicators
of Fraud
In addition
to taking precautions specific to Y2K-related losses, insurers should
be alert to the common indicators of potential insurance fraud such as:
- The cause
of the loss is suspicious or a felony crime.
- A previous
history of questionable or fraudulent claims.
- The loss
occurs shortly after the inception or lapse of a policy or immediately
following a notice of cancellation.
- Business
interruption insurance, floaters, riders or lowering of the deductible
were added shortly before the loss.
- The insured's
alibi for his/her whereabouts at the time the loss occurred is very
vague or extremely detailed.
- A recent
request for coverage increase is not justified by betterments.
- Marginal
financial condition, health problems, recent or impending divorce or
other adverse legal situation affecting a principal in the company who
stands to gain from the loss.
- Property
of professional or sentimental value is missing from the insured site
after the loss has occurred. Key examples are professional licenses,
business accounting ledgers, pets, personal trophies, the insurance
policy and family photos.
- Excessively
high value placed on equipment along with vague or no documentation
proving ownership, sale price or origin.
- The insured
wants to handle all business in person avoiding use of the mail.
- The insured
is very aggressive and pushes for a quick settlement or, on the other
hand, takes an extremely passive posture and is willing to accept a
small settlement.
- Failure
in automated sprinklers, intrusion or fire detection systems.
- Building
was entered with a key or there is evidence of a staged burglary.
- The insured
has listed his property for sale without success.
This article appears courtesy of Munich Re America, Inc. formerly American Re-Insurance Company.
|