In the past 18 months, the Indian financial space, particularly the banking sector, witnessed a slew of fraudulent incidents. In most of the cases, the resulting losses are significant enough to make a big dent on the balance sheet of these financial behemoths.
In the five-year period from April 2013 to March 2018, over 23,000 fraud cases were reported by various Indian banks involving a whopping ₹1 lakh crore, a recent media report based on the Reserve Bank of India (RBI) data said. In the last financial year (2017-18) alone, 5,152 incidents of fraud amounting ₹28,459 crore were reported. It is fair to assume that a huge number of these incidents involved employees of the banks.
We all know that the real value of insurance is to transfer low frequency and high severity risks i.e., big risks which could impact the net profit or balance sheet of an organisation. Typically big risks for banks and financial institutions can be categorised as: credit risks, market risk, and operational risk. Operational risk is most suited for using insurance to transfer the risk. Fraud/crime accounts for almost 85-90% of the big losses in the operational risk for the Indian banking sector and globally also it remains the biggest threat. Professional indemnity and management liability ranks as another major risk for banks globally. Cyber risk is the biggest emerging risk for the sector.
Indian scenario: Almost all banks in India buy a Bankers Indemnity Insurance policy issued by locally licenced general insurance companies. The policies cover losses incurred for theft occurring within the insured’s premises, in transit, if there is forgery or alteration, criminal dishonesty, if goods are hypothecated, infidelity or criminal acts by appraisers, among other things.
When we look at the policies taken by banks to cover frauds or crimes, it is often seen that limits purchased by the lenders to are abysmally low ranging from around ₹2 crore to ₹5 crore and in some cases going up to ₹25 crore. Globally for similar size banks, it is common to see the crime insurance cover of $100 million to $500 million limits and more. Interestingly, the deductibles in such global insurance programme are around ₹5 crore, which is the size of insurance purchased here locally in most cases.
Many claims we have seen in the past 18 months exceed these thresholds easily. The claims values are substantially larger, where there is forgery and/or alteration and fraud is committed with internal and external connivance, as in the case of some recent cases.
There is an inherent legacy when it comes to insuring crime or fraudulent activities. First, it is often seen that most banks are not comfortable in sharing data about employee frauds. Second, the claim settlement process often gets affected due to the delay in getting a final police report on the fraud act. Given the severity of this risk, banks need to become comfortable in opening up with the insurers so that they can provide a meaningful solution to this risk.
The RBI came up with risk mitigation guidelines in 2014 itself under the Basel-II framework, where it allowed capital relief of up to 20% of the total operational risk capital of a bank, provided the bank carries out a true assessment of their entire operational risk (advance management approach) and buy the prescribed quality insurance programme. The banking sector can have a lower capital requirement of several thousand crores with capital relief under these guidelines.
However, the banks are buying limits that are very low compared to their risk exposure. In our professional opinion, banks should retain such limits/have a deductible (which is what they are buying today). Banks should buy insurance to cover catastrophic/big losses.
Recent trends: Marsh India works with 35 of the top 50 banks in India, and after the recent incidents of fraud in the financial sector, we have seen an increase in enquiries to hike limits, sometimes double also. Overall enquiries are up by 25-30% with banks increasingly exploring options of purchasing a combination of crime, cyber insurance, and professional indemnity insurance. Many claims today are a combination of internal and external issues, including frauds committed through digital means.
We are witnessing the following trends in the banking sector:
• Banks opting for higher limits for covers related to employee frauds.
• Banks exploring if insurance can cover lending frauds.
• Cyber insurance policies being purchased finally after almost two years of discussions. Almost six-seven public sector banks (PSBs) to have a cover in place in the next one month.
• Card frauds continue to grow. With new RBI guidelines on compensation to cardholders, banks are finding it tough to implement it on the ground.
Outlook: Recent incidents of frauds have not only triggered a need to revisit the insurance limits purchased, but also deductibles or self-insured retention levels (the first part of the claim that the insured retains). Taking a higher deductible signifies the banks’ confidence in their own controls and risk appetite commensurate to their balance sheet, and thus allows them to garner higher limits from insurance markets, making the risk transfer through insurance more efficient. Higher limits help protect against catastrophic risk events like recent high-value frauds, and a comprehensive risk cover ensures that operational risks like crime/cyber frauds as well as customers’ claims get covered, weather due to banks negligence or external fraud.
Clients are also increasingly looking at expert international reinsurers to participate, especially if there is a certainty of timely claims settlements and easier documentation requirements during claims process.
Banks should buy these policies for bigger catastrophic losses and not for smaller attritional losses like theft of ₹2 lakh or a cheque forgery of ₹5 lakh. A banks balance sheet is strong enough to absorb such small losses but can’t withstand bigger losses the much-publicised case of the National Capital Region wherein a MNC bank employee siphoned away customers’ funds for his personal use instead of the original purpose for which it was invested with the bank.
Challenges: Valuing how much insurance to purchase for operational risk is a tricky area, which most of the banks do not know how to tackle. The other challenging area is proving that the fraud has actually happened, which as per local laws is established only after the final police investigation report or a charge sheet. Most of the times, PSU insurance companies do not settle claims unless a charge sheet is produced, which is a delayed process.
The policies that are available in India operate on a “discovery basis”, i.e., a fraud taking place within an organisation may come to light only after a few months or years. The insurer will respond to a loss scenario if the same is discovered within the policy period as long as the original fraud is committed or commenced after the retroactive date on the policy.
Views are personal.
Ashish Parakh is president-strategy, risk management practice, marketing and communications, Marsh India Insurance Brokers .
Jay Shah is executive vice president – financial and professional liability, Marsh India Insurance Brokers.