Central European Commercial Bank - BBB and Computer Crime

Holding significant levels of cash VAR.
Transpired also holding even larger cash sums on numerous branch premises acting as transit depots for the central bank.
Latter undeclared to insurers on basis that relevant sums were the risk of the central bank.
On our deeper enquiry, the Service Level Agreement revealed that the bank was responsible if loss occurred due to their own staff infidelity.

Benefit: allowed underwriters to consider risk profile in light of far higher cash in-situ situation and at-risk fidelity clause.

European Data Transaction Switch - Commercial Crime

Terms of business with a major client required large-scale (7-digit) insurance cover for a specific guarantee against any staff fraud involving the sensitive and high-volume data transactions being handled.

We identified two scenarios where potential for staff fraud might exist and analysed the impact and probability of these occurring when set against the examined controls and limitations in place.

Benefit: allowed insurer to re-assess a major risk concern over the original specific large-scale potential exposure.

European Property Investment and Management Company - Commercial Crime

Located in a major European city and situated close to two prime potential terrorist targets, this company had no Disaster/Business Recovery Plan in being to cover such contingencies as lack of access to its H.O. premises.
We recommended development of a DR/BR Plan including: greater frequency of off-site data and systems back-up; off-site key documents; formation of a Recovery Team with all communications strategies; establishing a designated Recovery Centre from available options.

Benefit: reduction in business/insured risks during any period of emergency as well as certainty of operation and customer relationships.

Mediterranean Data Transaction Switch - Commercial/Computer Crime, D&O's and PI

Essentially the same data switching services and standards were being provided to shareholder entities and non-shareholders alike.
However, due to the original corporate rationale of the company, Service Level Agreements only existed between the company and non-shareholder clients.
We reviewed the contractual terms and situations and, due to the potential impacts under D&O's and PI covers, recommended contract standardisation on a commercial basis across all clients. 

Benefit: insurer risk reduced under D&O's and PI from the standardised approach.

Bullion Smelting and Refining Company - Commercial Crime

As part of general survey, we analysed the VAR and the key areas of risk of physical robbery.
This analysis revealed a weakness in the physical premises security and the procedures in place at the deemed highest risk point.
We defined a revised procedural approach which maximised the strengths of the existing physical security features and significantly reduced the risk of exposure to robbery.

Benefit: a reduction in potential abuse of a weakness in physical security protection over the product.

Financial Institution: Bank / Invoice Discount House – Commercial Crime and Fidelity

Logical access controls to bank delegated CHAPS payment system were compromised by staff using the same access codes and passwords. The risk was increased further since the code/password were not being changed when staff left the employ.
The institution’s third party payments were, therefore, open to fidelity abuse.

Benefit: potential major loss prevented.

European-based Global Telephony Solutions Provider - Commercial Crime

A global spread of business units (some in higher-risk territories), with significant local project management of supply and sourcing requirements.
The whole was controlled through a centralised set of clear delegated financial authorities, linked together with an entreprise relationship management system and backed up by local/H.O. risk management/internal audit processes.
The survey revealed that a strategic review of the business model had determined in favour of a de-centralised structure and the abandonment of the local/H.O. risk management/internal audit function.
The outcome of this strategy created a significant risk to the entity’s ability to maintain previous standards of internal controls over the business' operations and the ability to support "best practice" operating procedures.

Benefit: allowed insurers to gain early appreciation of the revised internal control model for renewal.

Central European Commercial Bank - BBB and Computer Crime

Due to historical reasons and an element of "safe haven", the bank had a disproportionately large number of inactive/dormant accounts and was reviewing these accounts in a non-logical or systemised way.
Meanwhile, debit cards were being issued/renewed on the accounts without consideration for the potential inactive rationale behind them.
Finally, when deemed inactive, the bank was closing off accounts automatically which conflicted with their marketing strategy to build their customer and deposit base.
From our analysis, we recommended standardised criteria and a procedure for identifying inactive accounts, blocking them against issuance/renewal of debit cards and the development of a new deposit product with features more likely to appeal to the market segment with risk considerations and procedures to back them up.

Benefit: reduced risk to insurer from fidelity/third party fraud opportunity on inactive accounts.

UK Paying Agent – Commercial & Fidelity Crime

Compromised premises security within an area of operation where fax payment instructions were executed. Neither recent original fax instructions (bearing authorised signatories) nor security codes were maintained in a secure, dual controlled environment.

Benefit: potential major loss prevented.