Page 1

The long-term success of an insurer, depends on a great many factors. One of the most important ones is ‘selection at the gate’. This e-book deals with the question of how automated risk assessment can play an important role in the commercial risk underwriting process.

01 THE REASON FOR THIS E-BOOK 02 GATHERING INFORMATION AND MAKING AN INFORMED CHOICE A contract is successful if you make an informed choice based on good information 03 KNOW WHO YOUR CLIENT IS (KYC) Using automated data analysis to get to know who your client is 04 STRAIGHT THROUGH PROCESSING (STP) Leveraging client knowledge as basis for reliable Straight Through Processing (STP) 05 WHICH RISKS? Which risks are the most critical to gather?


06 CONTINUOUS COMPLIANCE Meeting all statutory obligations with continuous compliance 07 ULTIMATE BENEFICIAL OWNER SCREENING Who are you truly dealing with? 08 AUTHORITY TO SIGN Is the signature legally valid? 09 BETTER SAFE THAN SORRY Decide quickly which clients are suitable 10 BUILD OR BUY Building your own system or is buying one the better option? 11 IDENTITY Automated risk control in support of your identity 12 CONCLUSION


The long-term success of an insurer depends on a great many factors. One of the most important factors is ‘selection at the gate’.

This applies to the private market, but most certainly to the commercial market as well. The number of contracts on the commercial market may be lower, but the risks are typically much greater. This e-book deals with the question of how automated risk assessment can play an important role in the commercial risk underwriting process.

GATHERING INFORMATION AND MAKING AN INFORMED CHOICE A contract that is successful for both the client and the provider depends on the initial analysis and the choices made based on that analysis. The prospective client will make inquiries, compare providers and choose the provider that best suits the requirements. The same applies to the provider. At least, that is how it should be. The client should align with your strategy and be within your risk threshold. Accepting any client may temporarily boost sales, however, in the long run it will be counter-productive and harm the company interests. It has to be the ‘right’ client. The criteria for the ‘right’ client requires a clear company strategy that is understood by the employees. Employees, usually underwriters or account managers, must also be capable of following this strategy meticulously in their daily work. To do so, they need proper ‘tools’ that enable them to take the right decisions and that keep them from becoming too opportunistic.

million dollars. Sky-High approached several leasing companies for funding. Heavy-lease made a good offer and a contract was concluded. Heavy-lease financed half a million. The first months Sky-High paid the lease amount on time. However, after 3 months it stopped. Still not immediately alarmed, Heavy-lease sent the standard payment reminders. When the reminders did not result in payment either, they tried to contact Sky-High. All in vain. SkyHigh turned out to have been discontinued and the owners had done a runner, taking along Heavy-lease’s half a million. They hadn’t even bothered to buy the crane! It also turned out that a front man had been used for the payment. Heavy-lease might have prevented this debacle if they had carefully investigated Sky-High before entering the contract. Then they would have found out that the company had only recently been started and that the owner had previously been involved in a series of liquidations of companies. They would also have found out that the representative of the company selling the crane in reality did not work for this company and that the bank account into which the half a million had been paid, had only recently been opened and was someone else’s account.

Example: Learning the hard way Construction company ‘Sky-High’, specialized in working at high altitudes and needs a telescopic crane which is expensive equipment This type of crane is worth approximately half a

Heavy-lease was hungry for sales and forgot to gather sufficient information before taking a decision. As a result, e they have bought an automated system for risk assessment which expedites the selection process with reliable information.

KNOW WHO YOUR CLIENT IS (KYC) Why should you know your client well? A good business relationship is based on granting each other the pleasure of making the transaction out of mutual interest. Good personal contact often is decisive. But however good the personal contact may be, there are a number of important points in which you still don’t know your client. In addition to the company interest, there is a societal interest in knowing your client well. After all, you have to comply with a number of statutory obligations and regulations, especially in connection with counteracting money laundering and financing terrorism. We’ll get back to this later. Like in the above example of the lease transaction, serious mistakes often are fairly easy to prevent. In the past, the account manager or the underwriter spent a lot of time trying to retrieve information manually. As a result, gathering information was cursory and sometimes skipped altogether. Today, this can be done accurately and virtually real-time with automated data analysis.

“Gathering information can be done accurately and virtually real-time with automated data analysis.”

STRAIGHT THROUGH PROCESSING (STP) With STP, you can get to know your client in a matter seconds. The system checks the sources that are pertinent, combines information and ‘validates’ the outcome in terms of risk level. When very few or no risks are identified, there is an immediate green light to complete the transaction. Risk assessment within an STP process can be geared to the company strategy. If the company, for instance in a stage of growth, would like to expand the customer base faster, the system can be configured such that the risk threshold is slightly lowered. In the above scenario, more clients would be accepted via the STP process and for those clients that are not accepted, the light jumps to yellow or red. In such cases, the system will recommend that the account manager or the underwriter carry out specific additional checks, include extra conditions in the contract, calculate a higher risk premium or reject the contract. In the process of automatic checks, the construction company used in the previous example would immediately have been given a yellow or maybe even a red light. The system would have retrieved

noteworthy elements from the various databases and flagged them as risky. As a result, the leasing company would have steered clear of an undesirable client, and not have had to incur high expenses and a lot of time on investigation, the recovery of the money - if at all possible - and the settlement of the legal aspects.

“With STP, you can get to know your client in a matter of seconds.”

WHICH RISKS? Which information you would like to include in the assessment? This information should align with your strategy and risk appetite as well as comply with industry regulations. A large number of public sources are available that can be consumed in an automated manner. Often, the combinations of sources result in a signal. Take for instance a company owner mentioned in the register of the Chamber of Commerce who also appears in the insolvency register and in the fraud register. Being mentioned in a register does not always mean a ‘red light’. However, it may be a reason to look a little bit further or to contact the person involved. There are so many possibilities when it comes to gathering information and limiting risks, even within the regulatory boundaries of the insurance industry. For example, a finance company would like information about the debt position,

integrity and payment morality of a prospective client. A fire insurer is another example. This type of insurer would like information about the fire hazard of the company to be insured, about the integrity of the owner and for instance about the location where the company is situated. Is it a location prone to fires or where the risk of the fire spreading to an adjacent building is greater than would commonly be the case? One other example is a commercial property company. This type of company may benefit from information about the number of disputes the owner had with tenants and the reasons for the disputes. Screenings can be customized and tailored to a specific purpose. Once a screening has been set up, it automatically becomes part of the process. When something changes in the product or the strategy, the screening can be geared to it without complicated, time-consuming processes being required.

“A large number of public sources are available that can be consumed in an automated manner.”

CONTINUOUS COMPLIANCE Gathering information about your client is important for reasons of continuity and growth of the company, but also for reasons of compliance. Nobody wants their company to be involved in money laundering or the financing of terrorism. But if you don’t pay enough attention, it might just happen. In many countries, banks, insurers, investment institutions and more recently leasing companies, have the obligation pursuant to antimoney laundering legislation and legislation combating the financing of terrorism, to carry out a mandatory client investigation and report any irregularities to the authorities. All applications and claims by companies have to be checked to confirm that the company or the owners/authorized representatives, do not have ties with a country for which restrictive measures and sanctions apply, such as Iran, Syria and Russia. For that purpose, there are so-called sanctions lists. Restrictive measures may also apply against certain individuals or

“Nobody wants their company to be involved in money laundering or the financing of terrorism.”

companies. To that end the so-called PEP list (Politically Exposed Persons) is kept. Every terrorist attack or any criminal network that is broken up, results in new additions to the list. This also happens in the case of political appointments or discharges. Individuals who might have passed the screening without problems yesterday, may very well set off the alarm bells today. Many companies check the files every three months. The frustrating thing in this is that it produces a large number of ‘hits’ in one go that need to be checked immediately. Even more frustrating is the idea that just one day later you are already lagging behind. You can do better than that. Automated checks can turn compliance into a continuous process. The current sanctions and PEP lists are matched against the files of your company on a daily basis. That way you can always be sure that the companies you’re doing business with still meet all compliance requirements set by the law and by yourself.

ULTIMATE BENEFICIAL OWNER SCREENING Who exactly is the owner of the company you’re doing business with? Your client’s business card may say ‘CEO’, but is it true and which other directors and stakeholders are also involved in the company? Is there a parent company, maybe abroad, and what about sister companies or investors? Screening the directors of a company that you want to do business with will provide you with such information. You want to know exactly who has an interest in the contract: the Ultimate Beneficial Owner(s) (UBO). In a number of countries this is now mandatory or will become mandatory very soon. It is something you could investigate yourself, for instance through the Chamber

of Commerce, however, sometimes the structures are very opaque. The ownership structures can be multi-layered in a tangle of privately held corporations, holdings or foreign investors. The risk of a manual investigation is high if the information is not accurate. This not only results in a risk for the company itself, but it also means you’re not compliant. Automated investigation reduces the risk of errors and can be done in real-time. If the company mentioned in the first example, Heavy-lease had conducted such an investigation, it would have discovered that the owners had been embroiled in fraud and company liquidations before.

Automated investigation reduces the risk of errors and can be done in real-time.

Example: In the US, an estimated 100 billion dollars is lost annually due to VAT fraud. Part of it is may end up with terrorist organizations to finance their activities. Legitimate companies sell goods to Company A abroad. No VAT has to be paid on this transaction. Company A immediately resells the goods to a next company, Company B in the same country. On this transaction VAT is levied. Company A is then discontinued, and the VAT received disappears. Company A turns out to be run by known Jihadists. In this case, checking the sanctions list and PEP list and a thorough investigation into the Ultimate Beneficial Owner might have prevented a lot of misery.

AUTHORITY TO SIGN Apart from establishing the actual interested parties, it is also important to know who is authorized to sign a contract on behalf of a company. Investigation at the Chamber of Commerce will provide this type of information, but it takes a significant amount of time. With automated risk control, it is possible to generate this information in real-time. All individuals

within a company who are authorized to sign a contract, will be revealed. It will also become clear if and when more than one signature is required. These individuals can, if so desired, also be vetted in the manner described above. Naturally, it is up to the parties around the table to decide which of the known authorized individuals will sign in the end.

BETTER SAFE THAN SORRY Knowing who you’re doing business with is essential to any company. Manually gathering and assessing the information required is a time-consuming and a costly process. If the client information is incomplete, your client is typically put ‘on hold’ and this hold can last for weeks. Clients today demand a quick turnaround and a lengthy hold process puts your company at risk that a perfectly good client will move onto a competitor. Automated risk control takes place virtually real-time so your client knows where they are in the process and receives the appropriate coverage. The automated process also ensures that all important aspects are included during the assessment and that it is compliant with the statutory requirements. The risks of securing undesirable clients as well as non-compliance are strongly reduced.

“Knowing who you’re doing business with is essential to any company.” Clients that fall within the ‘green’ standards, are automatically accepted which creates bandwidth to focus on the clients that were not accepted straight away (yellow). It is possible they may be excellent clients after doing further investigation. Clients accepted on this basis, form a ‘clean portfolio’ and therefore contribute to a better operating result. This operating result isn’t only of a material nature. Clients will notice it. They receive a good offer, fast. This contributes to a good image. Criminals who think they can take advantage of the company will be disappointed. Criminal networks are often familiar with the insurance companies that leverage automated risk control and the company’s integrity will show. This also applies to compliance with statutory obligations. Continuous and transparent performance is important to your clients as well as to the company.

BUILD OR BUY If you opt for buying, you then have the choice between a software as a service (SaaS) and an on-premises solution. Many choose SaaS. In the case of SaaS, you do not buy any IT but rather a specialist function, which runs entirely outside of your company and is constantly maintained and expanded by specialists. Every new feature of automated risk management or fraud detection is implemented and made available promptly, and maintenance occurs throughout the year. The system always complies with the relevant compliance and security requirements. If you opt for an on-premises solution – where a technology provider builds it within their client’s system – an equally good outcome can be achieved. However, the implementation period is usually longer and more complicated. In addition, maintenance depends on one’s own IT organization and every improvement must always be installed separately. The costs involved are usually higher and less predictable. When you consider setting up a system for automated risk control within your company and you’re not yet sure whether or not you would like to build it yourself or buy it, read the white paper on this subject (link).

“Software as a Service is automated risk control process which can be set up quickly, and it’s continuously updated by the supplier.”


With only a limited number of specialists in the field of automated risk control, the question may arise whether your own identity will be sufficiently reflected in the outcome of the analysis. Isn’t everyone doing the same thing? Systems for automated risk control are set up on the basis of your own company strategy, your own business rules, your own compliance policy and your own ‘risk appetite’. Any change in those factors can be updated by the system ‘settings’. That way, the system is set up suited to the products, the ideal client profiles, the strategy and the desired image of the company. No bland uniformity, but a clear own identity.


The most important message this e-book wishes to convey is that knowing your prospective client is of great importance in the corporate segment as well. That way, you avoid unpleasant surprises and strongly contribute to the company’s continuity and positive result. Moreover, you’re contributing to an improved discovery and prevention of certain societal risks such as tax evasion and terrorism. Implementing an automated risk control system is the most effective, durable and cost-effective solution. All around the world, insurers are switching to such systems and realizing strong results.

Make sure you also check out:

Follow us and stay up-to-date:


marketing@friss.com © 2019


Profile for Maarten Uri

E-book: Commercial underwriting, over informatie verzamelen en keuzes maken  

Ebookgeschreven door Maarten Uri in opdracht van FRISS Fraud, Risk & Compliance www.uricom.nl

E-book: Commercial underwriting, over informatie verzamelen en keuzes maken  

Ebookgeschreven door Maarten Uri in opdracht van FRISS Fraud, Risk & Compliance www.uricom.nl