Expert Commentary

Risk Culture and Claim Fraud: a Classic Tale of the Chicken and the Egg

For some time, risk and claim professionals have believed that insurance and claim fraud is simply a cost of doing business—a thorn in the side of practitioners who have taken this reality in stride and applied the standard tools to mitigate the exposures. Those tools included looking for commonly understood "red flags" and using investigative services when necessary. While those and other standard tactics are still frequently used, the best tactic for affecting long-term change in the exposure is root cause analysis.

Claims Management
November 2015

Root cause analysis (RCA) is an increasingly common technique used to understand the "why" of loss events in order to prevent the reoccurrence. While stopping the reoccurrence of all claim and insurance fraud may not be a realistic goal, the RCA technique will often yield clues useful in modifying the exposure or risk and possibly reduce similar loss events in the mid-to-long term.1 That’s a realistic objective and one that has perfect application to fraud.

A review of recent workers compensation (WC) claim fraud statistics2 confirms fraud frequency as a growing problem that traverses workers compensation/casualty claims to proportions that belie common expectations about claim fraud in organizations. Just look at any month’s worth of trade press headlines and you will find no shortage of references to misbehaving employees defrauding a variety of targets in insurance and other industries. Claim fraud, of course, has been an important part of concerns of risk and claim professionals where the focus is typically on hazard or insurable risks. The reality, however, is that fraud of many types is a long-standing and endemic problem for many organizations. From an aggregate point of view, the magnitude of the problem is significant and culturally destructive.3

RCA should reveal, among other factors, attitudes and values that drive behaviors—the "chicken" that precedes the "egg" (fraud). Evidence of these attitudes is well demonstrated in a survey conducted by the Coalition Against Insurance Fraud.4 When adults were asked if it is acceptable to defraud an insurance company under certain specific circumstances, 20 percent agreed it was. When the same group was asked if it was acceptable to submit a claim for damages or personal injuries that never occurred, 10 percent agreed it was. Most significantly, when asked if they were "not very likely" or "not likely at all" to report someone who defrauded an insurer, a startling 40 percent agreed. Frankly, it may not be all that new, as defrauding insurance companies has been the subject of comedy routines for about as long as insurance companies have been around. I can recall seeing films from the 1930s that included jokes of this type. This reflects a cultural issue that I’ll address later in this piece.

Defining Fraud

As in all areas of risk, let us understand the nature of the exposure to clarify the problem. Fraud professionals define insurance fraud as a deliberate deception where false information or entirely manufactured evidence is presented, which impacts the manner in which a claim is handled, investigated, evaluated, or settled. To be prosecutable, there must be materiality, intent, a lie or falsehood, and information knowingly presented as illegitimate. More generically, Webster’s defines fraud as "intentional perversion of truth in order to induce another to part with something of value or to surrender a legal right."5

D.R. Cressey, a famous criminologist, developed the well-known "fraud triangle" that showed three key ingredients required to bring fraud to life. The first is having the motivation to commit fraud where the most common driver is personal financial gain enabled by greed and pressures both in the work and home environments. The second ingredient is having the opportunity to exploit weak controls, engaging in collusion to circumvent controls, or being recklessly dishonest regardless of controls. The third is the ability to rationalize and, therefore, persuade oneself that something that is wrong is really acceptable. At this point, all internal restraints have been removed or suspended. Often driven by an entitlement mentality, purveyors will say things like "everyone is doing it," "the company owes me," "I will return the asset later," or "no one will get hurt." These three characteristics represent bona fide fraud.6

To have any hope of securing the resources and support needed for addressing claim fraud risk more effectively, we must understand the size of the problem. Recent statistics from the National Insurance Crime Bureau are quite revealing.7 While the total number of workers compensation claims is decreasing, the number of questionable claims is increasing. This increase in relative proportion should be of utmost concern to practitioners. Various studies have put the frequency of workers compensation fraud at 1–2 percent of all claims reported and the severity from $5 billion to $7.5 billion annually, depending on the source. All property/casualty fraud is estimated at $32 billion and represents 5–10 percent of all claims, while all insurance-related fraud is estimated at $80 billion.8 Finally, when all types of fraud against organizations are taken into account, the global cost is estimated at $3.5 trillion. Clearly, this is a huge problem for companies of all sizes.

While employee-perpetrated workers compensation fraud gets much of our attention, it is important to understand that employer-generated workers compensation fraud is often more substantial in magnitude. This type of fraud stems from a number of common sources, including intentionally misclassifying employees (from higher-risk to lower-risk classes), hiding or misrepresenting the size of payrolls, and manipulating experience modifiers to lower premiums.

Detecting Fraud

Detection of fraud is a central concept to understand to effectively respond to the potential fraud. The consensus among the fraud professionals is that employee tips are the most effective method of detection.9

Most third-party administrators and larger self-insured/administered programs devote significant resources to detect and address insurance fraud. Importantly, this means that the insureds/employers are the ultimate payees for the increases in the cost of this risk represented by this activity. These activities, administered frequently by special investigative units (SIUs), are increasingly successful in mitigating this exposure. One study showed every dollar invested in anti-fraud efforts returned $6.17.10

Some of the many tools used by SIUs include the following.

  • Surveillance
  • Scene reconstruction
  • Witness interviews
  • Background checks
  • Social network probes
  • Public record searches and comparisons

Red Flags

The starting point for getting ahead of fraud includes looking for warning signs that, when acted upon, can yield impressive results. Some of the most important include the following.

  • Lack of witnesses. The last thing a fraudster wants is someone who can contradict his "story" after a reported event.
  • Timing. For workers compensation claims, Monday accidents or reports where injuries may have occurred over a weekend or off the job can be suspicious.
  • Motive. Does the claimant have a history of problems/issues with his employer? Is he disgruntled? Has he recently received a bad performance review?
  • Repeated claim reporting. Does the claimant have a history of reporting accidents? Statistics reflect that a relatively small percentage of employees make claims for workplace injuries.
  • History of fraud. Employees with a history of job-related fraud or other criminal or questionable conduct are more likely to commit fraud.
  • Comments and body language. During interviews and inquiries, a claimant’s comments or body language may appear odd or out of place.
  • Alerts. Follow up on tips from credible sources.

Taking action on any of these "red flags" will often prove helpful in getting a more accurate view into what really happened and either validating or building a stronger case for challenging the claim. Of course, there are many more warning signs that fraud professionals look for, which is an important reason to leverage their expertise to mitigate this exposure.

As you delve into this opportunity, you should recognize that most states have mandatory reporting rules for suspected employee injury fraud. These requirements are typically tied to "reasonable suspicion" standards that, in general, mean if you have a reasonable belief that fraud has occurred, is occurring, or is about to occur, then it must be reported. Failure to do so can result in fines or other penalties, which differ by state. Similarly, other regulatory sources expect organizations subject to their oversight to employ tactics to control fraud, especially where it may impact consumers.

Culture Matters

Beyond the above-listed tactics, to more fully understand fraud, it should be recognized that organizational and risk cultures drive the extent to which fraud is experienced in an enterprise. Culture is, by definition, the sum of attitudes, customs, and beliefs that distinguishes one organization from another.11 It is transmitted through language, rituals, practices, and policies around how organizations get work done and deliver their mission. As such, the heart of culture is people, what they bring to an organization, and how they are changed by others with whom they interact.

Similarly, risk culture is an interactive system of values and normative behaviors shaped by leadership to influence desired risk-taking behaviors in people. It influences risk taking by reflecting the preferences of management and governance. Ultimately, it helps the enterprise achieve its goals and embed its values, and it is typically aligned with corporate culture.

The following are some of the many things that influence culture and affect fraud exposure.

  • Hiring practices and policies
  • Whether or not risk stakeholders are aligned on how fraud is viewed and addressed
  • Types of people hired
  • Biases of hiring managers
  • Formal and informal messaging from management about fraud and how it is viewed and addressed
  • Behaviors of management that either support or detract from the desired values of the culture
  • The extent to which resources are allocated to train, educate, and mitigate the fraud risk

In aggregate, these and other issues have great influence on the extent to which fraud is experienced. They reflect the actual corporate and risk cultures that have either been specifically designed and reinforced or exist by default.

While corporate culture is ostensibly the responsibility of senior management and the board, risk professionals have a role to play in affecting its design, which will ultimately impact risk culture, which is one of their direct responsibilities. They can accomplish this by doing the following.

  • Align with human resources to influence the design of new-hire screening methods and the target employee characteristics that fit the culture.
  • Influence the C-suite and the board through corporate channels, as they are the source of what values are sought and are at the heart of cultural characteristics.
  • Educate senior leaders and board directors on the importance of aligning corporate culture with the desired risk culture (aligned specifically with the corporate attitude, position, and tolerance on fraud).
  • Drive consensus among key fraud risk stakeholders about all of the above.

While these are all large and longer-term initiatives, the fruit of successful efforts in these areas will, at a minimum, ensure that all key stakeholders, including the C-suite and board, agree on the importance of employee honesty and integrity.

Actions To Take

Cultural imperatives being longer-term in nature, what can risk leaders do to get ahead of this growing exposure that will have a more immediate impact on results? In the specific area of workers compensation fraud, considerations should include the following.

  • Insist on experienced, knowledgeable adjusters who know what questions to ask and what evidence to secure.
  • Know the law firms that frequently participate in your claims.
  • Develop game plans that are agreed to by all parties in the claim.
  • Get involved early in the claim and proactively look for the red flags.
  • Require employees to be engaged in their injury recovery and claim resolution.
  • Communicate frequently with injured employees.

Regarding other types of fraud, some more general tactics to consider include the following.

  • Institute an anonymous fraud reporting hotline.
  • Deploy well-designed anti-fraud training.
  • Provide a consistent tone from the top, reinforcing the company’s expectations of honesty and integrity among all employees.
  • Use fraud risk assessment proactively to identify and mitigate vulnerabilities.
  • Ensure strong, tested, and validated fraud controls.
  • Publicize and make clear to stakeholders (e.g., employees, customers, etc.) that you have a zero tolerance for fraud.
  • Make sure employees know that all claims will be investigated.
  • Initiate investigations quickly and aggressively.
  • Document job responsibilities with comprehensive job descriptions.
  • Have a rapid response plan for dealing with suspected fraud.
  • Train employees to understand fraud policy through recurring and reinforced communications.
  • Have an internal audit function properly resourced and operate effectively as a detection mechanism.


In summary, fraud is a growing exposure for many organizations and comes from an increasing array of sources. The fraud exposure reflects a growing complexity in the ways it is perpetrated. Almost as quickly as new vulnerabilities are discovered and addressed, others emerge. This is particularly true of systems-based and Internet-based fraud.

While influencing cultural change is often viewed as daunting and outside the risk leader’s pay grade, it is essential for making real improvements in the underlying risk. In addition, the variety of ways in which fraud is tracked, measured, communicated, and addressed reflects growing sources of expertise and assistance available to bring it under control, both in short and long term. All of this suggests that fraud must be included in any meaningful risk management strategy, as it does and will continue to materially affect the risk profile of every firm to some extent. It is an exposure risk leaders cannot afford to defer, let alone ignore.


1. Root Cause Analysis: More than Just Cleaning Up the Mess (New York: Risk Management Society, Inc., 2014).

2. Coalition Against Insurance Fraud (Washington, D.C.: 2014).

3. Dick Carozza, CFE, "Fighting a Culture of Fraud," Fraud Magazine (Austin, TX: Association of Certified Fraud Examiners, Inc., July/August 2014).

4. See note 2 above.

5. Merriam-Webster Online, s.v. "fraud," accessed Nov. 17, 2015,

6. "The Fraud Triangle," (Austin, TX: Association of Certified Fraud Examiners, 2015).

7. National Insurance Crime Bureau (Des Plaines, IL: 2013).

8. See note 2 above.

9. See note 7 above.

10. See note 2 above.

11. Merriam-Webster Online, s.v. "culture," accessed Nov. 17, 2015,

Opinions expressed in Expert Commentary articles are those of the author and are not necessarily held by the author's employer or IRMI. Expert Commentary articles and other IRMI Online content do not purport to provide legal, accounting, or other professional advice or opinion. If such advice is needed, consult with your attorney, accountant, or other qualified adviser.

Like This Article?

IRMI Update

Dive into thought-provoking industry commentary every other week, including links to free articles from industry experts. Discover practical risk management tips, insight on important case law and be the first to receive important news regarding IRMI products and events.

Learn More