To most insurance companies, knowing the identities of their customers has always been motivated by commission-that is, the more insurers know about them increases the rate at which they can market additional services.Following the passage of the USA PATRIOT Act in late 2001, carriers are gleaning details about their customer base motivated by omission-that is, how to eliminate unsavory customers whose sole objective is setting up insurance accounts to break the law.
That's exactly the spirit that the USA PATRIOT Act conveys. Adopted in October 2001, the law carves out a plan to disrupt the financial networks that support terrorist groups.
Many of the law's core requirements-such as setting up money laundering detection programs-had already been promulgated by the U.S. Treasury Dept. geared toward banks and brokerage firms. The law's requirements for insurers extend the reach of those regulations governing banks and brokerages.
Compliance issues
Specifically, the new law will be applied solely to life insurance companies as property casualty and health insurance companies and their agents are excluded from the Act's provisions. For years, the Treasury Dept. has maintained that terrorists have acquired and then cashed in life insurance policies as an effective method for laundering money.
Now, life insurers must comply by developing and implementing anti-money laundering (AML) compliance programs built around several requirements, including verification of customer information, establishment of suspicious activity reports (SARs), enhanced due diligence, and prohibition on correspondent accounts with foreign shell banks.
"Financial service providers should make every effort to know their customers, partners and vendors to the fullest extent possible," states Richard DeLotto, senior research analyst for Stamford, Conn.-based Gartner Inc. "Forward-looking FSPs will begin carefully screening their commercial accounts to ensure their own compliance with Office of Foreign Controls (OFAC) and OFAC-like regulations within a year."
DeLotto stresses that "most enterprises are unaware of their responsibilities in this area, and will find it necessary to change their business practices to secure or retain outside funding in the face of monumental fines and, potentially, prison sentences for non-compliant managers."
Challenges loom
When Congress passed the PATRIOT Act, it essentially used the Gramm-Leach-Bliley definition of financial institutions, which includes insurance companies.
The regulatory blueprint hands over to the U.S. Treasury sole rule-making and enforcement authority.
The Treasury Dept. was to have issued insurance-specific rules and regulations by last April 24. However, the Act allowed an additional six months to study particular industries and delay issuing proposed rules for up to six months if needed. On September 18, the Treasury Dept. announced the final and proposed rules.
Now it's up to carriers to initiate programs that can detect and eliminate illicit activity that enables terrorist groups to use insurance accounts to finance their activities.
Implementing these programs won't be easy, industry experts point out. Because compliance to the Act is tied to technology, some life insurers might be confronted with implementation challenges-like so many of the other IT-related programs they've confronted.
Scott Harrison, partner, KPMG and a former deputy superintendent of the New York Insurance Dept., told a group at LOMA's recent Emerging Technologies Conference "that looking for suspicious activity will be done through a combination of information technology system and the people who actually are reviewing transactions and watching for red flags."
Harrison stressed that "the only way (an insurer) can efficiently monitor whether or not you are doing business with (a terrorist group or drug cartel) is to have interdiction software in place. Not only do you (insurers) have an obligation to check the policyholder, you also have to check the beneficiary of the policy against the OFAC list. And it's not a matter of just checking it once, when they first become a policyholder and then forgetting about it."
Under the Act, an AML program must include sound policies, procedures and controls. This means that carriers must assess their risk as a money-laundering target, which isn't easy since risk varies for different companies, predicated on the scope and scale of their business.
The key going forward, says Gartner's DeLotto, will be to assess money laundering risks presented by product lines, regardless of distribution channel, and integrate these products and channels into AML programs approved by their board of directors.
Insurers are also advised to extend ongoing AML training beyond the minimum requirements to ensure that all personnel in contact with customers use the same standard of reasonableness and maintain the same level of client care, DeLotto says.
While insurance agents won't directly face having to comply with the Act, their role in ferreting out money laundering schemes will be critical. Agents are often able to spot suspicious activity, such as premiums being paid by someone unrelated to the insured, or people acquiring sizable policies without showing much interest in the details, says KPMG's Harrison.
Obligations exist
But Harrison says agents will have an obligation to extract details on a customer's income and place of employment. They'll need to know the customer's salary so that they can verify the customer's income.
Insurers will also have to designate a compliance officer, states Harrison. The statute requires that the compliance officer be someone who is knowledgeable in anti-money laundering. Training will be a big part of the process.
And above all, carriers will have an obligation to test their systems to make sure they are actually working.
The upside to compliance? "These practices will remain in place as a customer relationship management enabler long after they are no longer required for enforcement purposes," Gartners' DeLotto says.