As 2021 draws to a close, it is time to reflect on another very different year and look ahead to the promise 2022 brings.
Despite the ongoing challenges of the pandemic, 2021 was a busy year for the Polonious team and I’m delighted with the progress we made during the past 12 months.
Commitment to customers
Our customers always come first and this year we helped them improve their processes and drive innovation.
We saw our portfolio of customers across diverse sectors, including insurance, banking and education use Polonious to meet regulatory requirements and improve their end customer service, which is always welcome.
Another important step forward was that many customers got more use out of the product. Polonious is a feature-rich application and can be configured for any number of business cases or processes – without the need for custom code.
Please ask the team for advice on how to improve your workflow and customer service with Polonious and we’ll be more than happy to assist.
Exciting product development
As always, this year was a busy one for product development.
The Polonious application was enhanced with more features, improved usability and has kept up with the raft of regulatory compliance changes. These will be officially released in our 22.1 release early next year – stay tuned.
Need something added to help your business? Please do let us know what’s on your wish list and we will take a look at making it happen in future product releases.
More resources for investigators
In an exciting development, we’ve invested a lot more over the past 12 months to give investigators more independent resources to help them in their role.
We’ve published guides on the insurance industry code of practice changes, key metrics for special investigation units, and how Polonious compares with other technology options available to investigators.
These assets are designed to help investigators keep abreast of regulatory compliance mandates and improve the efficiency of their processes.
We also launched the new Polonious News e-mail newsletter this year, which is already seeing a great response from our customers and partners.
The monthly newsletter will deliver relevant and informative content straight to your inbox and keep you up to date with industry developments.
See you in 2022
To all our customers and partners, the Polonious team wishes everyone a safe and enjoyable holiday season and we’re looking forward to seeing you (in person!) again in 2022.
From all of us at Polonious.
Yours sincerely,
Alastair Steel and Stuart Guthrie Polonious Founders and CEOs
During the International Association of Special Investigation Units (IASIU) conference held virtually on September 14 and 15, 2020, Polonious ran a panel discussion with some of the world’s leading investigation professionals. Investigation Insights contains new research into the performance, effectiveness and challenges of special investigation units, and communicates how better insights can drive improvements in productivity. You can download the full report here.
In this blog, we will review how referrals are garnered and why it is important to vet them properly.
When respondents were asked how cases were referred to them for investigation their responses were somewhat predictable. Most SIUs (85%) get referrals from claims units. Beyond that, other methods of sourcing referrals were reasonably evenly spread.
Figure 3: How cases are referred for investigation
Automated tools such as analytics engines using predictive analytics, machine learning, artificial intelligence and rules-based algorithms are employed by 50 per cent of organisations, 60 per cent use fraud hotlines, and 65 per cent said they seek out cases proactively. It is important to note though, that we did not ask what proportion of cases are referred from each of these sources.
A big surprise for us was that around half (52.63%) of respondents did not record the number of false positive referrals they receive — those that, on first glance from an experienced investigator, are clearly not going to go anywhere — from either an analytics tool or their claims unit.
Figure 4: Keeping track of false positives
A smaller but still significant percentage (38.89%) told us that when they did receive a false positive they did not feed the information back to the analytics tool in order to improve referrals.
Triaging referrals
There will always be claims that legitimately warrant suspicion but, upon investigation, turn out to be valid. Where you want to draw the line on level of suspicion is a matter for each SIU. You may only want to investigate “slam dunks”, or those with a 100 per cent strike rate, but risk a lot of potential fraud slipping through. Or you may want to investigate every possible case, but end up spending a lot of time on claims that turn out to be valid.
This triage process might not take a long time — but even if it takes about five minutes per case, after 100 false positives, you have lost a whole day of work. In SIUs with high case volumes, this adds up. And in SIUs with low case volumes, there is likely not much budget to waste on spinning wheels. At a minimum, reporting on raw numbers can identify some inefficiencies before putting pressure on investigators.
Compare this to the SIUs that did record false positives. About a sixth of those respondents had between 21 and 40 per cent of referrals as false positives, while a full quarter reported that between 41 and 60 per cent of their referrals turned out to be false positives.
Figure 5: What percentage of referrals are false positives
While this was just a quick questionnaire with a small sample size (only 12 respondents for this question), if the numbers are representative of the wider industry there is a big proportion of SIUs where around half their cases should not even have been referred to them for investigation. What’s more, around half of them would not even know a referral was a false positive.
As mentioned above, of the units that track false positives, almost 40 per cent are not feeding these back into the detection tool, so we would hope that these are not the units receiving 41 to 60 per cent false positives.
Figure 6: Proportion of organisations feeding results back into fraud detection tools
Analytics tools work by learning the flags for fraud — either through AI or through analysts updating the rules as they receive data. If false positives are not being fed back into these tools, they cannot update the rules, and they are going to keep sending you bad cases.
If you are getting 50 per cent false positives, you are paying investigators to read case details and not provide value. And if these results are not being used to enhance your detection systems, you are going to be doing that every quarter.
Many organisations end up relying on SaaS and other project management apps to handle their case and investigation management.
In the race to collaborate quickly, project managers offer an easy way to start a case management journey, but fall short when it comes to the complexity of properly dealing with investigations.
Let’s take a look at how project management apps fail to offer the features and compliance of an investigation management system.
Starting from scratch
If your team is tasked with managing projects that relate to customer case and investigations then SaaS project management apps like Trello and Basecamp look like great starting points.
Teams realise they need something that is online and collaborative, and all members need to work together. They also realise that it is a case management and workflow challenge they are facing, which are often not met by office documents.
Project management apps often have complete to-do lists, the ability to record statuses, and can add participants in an ad-hoc manner: All of which are key attributes you need in an investigation system.
Many also allow you to collect artifacts like images, videos and documents.
SaaS project managers are generally available and people will use them because they require little, if any, procurement process. They are used throughout the business for general things like customer support, which can morph into “case management”.
This is how organisations typically end up using SaaS project managers for case and investigation management.
Discovering the drawbacks
While easy to procure, and offer some positives, there are numerous disadvantages with project management apps for investigation management.
What they generally lack is rigour. One of the key things in investigations is understanding how you arrived at the conclusions you make.
At numerous steps along the way key decisions have to be recorded as to whether you proceed or don’t proceed and how you proceed in an investigation. And the people making those decisions and their reasoning have to be auditable.
Project managers generally follow a predefined process, but those processes are not designed to ensure procedural fairness, regulatory compliance or track provenance of evidence collected.
They also lack the detailed compliance requirements and controls which would have to be added into the system and maintained separately.
For example, project managers often enable users to delete comments and documents without having a full audit trail, or the ability to recover those documents.
But I’m already using a project manager for investigations…
If you are already using project management apps for investigations then you need to be wary of the pitfalls.
At their core project managers address some of the requirements for investigation management, but they lack the focus of an investigation management tool miss many of the features you would find in a dedicated application.
The reality is there are not many benefits to using a project tool for investigation management as they quickly struggle with the intended purpose and often lack the ability to cross reference entities that are involved in multiple cases.
For example, simple things like sharing documents and applying security often results in you having to apply this to every case which requires a lot more manual work.
Moving up to dedicated investigation management
If you find yourself using a project manager for investigations look at moving to a purpose built system to avoid a lot of headache and compliance problems in the future.
A big problem is getting the case data out of the SaaS project management app and then being able to use it for better investigation management, so be wary of that if your team is starting to rely more on project managers.
Another thing to note is separating the cases that have more compliance requirements, these are likely to demand proper investigation management as you grow.
Additional steps to take include:
Identify the key risks that need to be managed within the process such as the ID of vulnerable people, protection of whistleblowers, regulatory reporting requirements.
If you need to conduct cases within a legislative framework.
Getting the right stakeholders. Are the right people in your organisation seeing the case data and what should be deemed an investigation?
It is rare that a project management tool has the ability to share data well outside the project team.
Polonious can share data with all of the participants involved appropriately whether they are working as part of the team; line managers or senior management; or external suppliers and vendors; and even participants in the process such as claimants and customers.
With proper investigation management you can be transparent without exposing restricted data outside those who should have access.
Book a Demo Now
Learn more about how Polonious can help you increase compliance in your business.
Australia’s insurance industry is undergoing the biggest regulatory and compliance changes in its history, and these changes will significantly impact investigation teams.
The Insurance Council of Australia (ICA) has released a new General Insurance Code of Practice, and all insurers were required to implement the changes by July 1, 2021. The changes are legally binding and, as of July 1, 2021, organisations can be fined for non-compliance. These fines can amount to hundreds of thousands of dollars.
To avoid penalties and compliance headaches, insurers will need to change their business to comply with the new regulations, which must be met in their entirety, as opposed to a piecemeal approach. The new Code is a result of a two-year review by the ICA, which invited input and recommendations from various organisations.
Australia’s insurance industry leaders must act now to bring their investigation teams, and the wider organisation, in line with the changes. Investigation teams will be pressured by the more detailed compliance requirements, but this does not mean there are no business imperatives.
I this blog, we will look at what changes for investigation teams.
Teams must adapt immediately
The Insurance Council’s Code of Practice changes will have an immediate impact on investigation teams and how they conduct their work, including much more detailed measurements of the actions being taken.
An extensive summary of the Code of Practice can be downloaded from the Web site. The many changes to the Code of Practice will apply significant pressure on insurers’ investigation units, including:
Stricter requirements in relation to actions being taken by the investigators (e.g. 90-minute time limits For investigation interviews)
More mandated regulation which will override any self-regulation, with penalties for non-compliance
A push for more transparency for claimants
To cite a simple, but profound, example, there will now be a cap of 90 minutes on the length of an interview that an investigator can undertake. Previously, there was no time limit. Moreover there is a total limit of four (4) hours during the complete course of the investigation.
Changes such as these will apply a degree of pressure on insurers to get the information they need within that timeframe so they don’t fall foul of the requirements.
Having an unlimited amount of time previously meant that investigators did not need to worry about the pace of the interview. Now, if they go over that allotted time, they will need to explain why, and justify it.
Collecting all the necessary details to make a determination of a claim in 240 minutes of allowed interview time will be challenging in complex cases, so investigators will need to be better prepared in order to meet those strict requirements.
Should they need more time, the investigator will need to ask permission from insurers to extend the interview time and will need to record the agreement and the reasons behind it.
In another example, Part 15 of the new Code speaks to the claims investigation standards. In paragraph 73 it states, “If we appoint someone to investigate your claim, then within 5 business days, we will inform you of their appointment and what their role is”.
These are just a few of many requirements specified for investigation teams in the new Code.
What triggered the changes?
The changes come after the Insurance Council of Australia identified a number of failings in the investigation industry which have resulted in claimants being treated in an unfair manner. And little has been done to address this, despite many opportunities to do so in recent years.
Previously, the industry was self-regulated, which didn’t lead to the changes the industry needed. Neither did it bring any well-defined rules. It remains to be seen if existing investigation units will be capable of meeting the new requirements as insurers typically have thousands of investigations running at any given time.
The reforms are also designed to create more openness and transparency for the claimant, with clearly defined processes requiring strict compliance. Investigators not informing the claimant of the progress of their claim, or their obligations around the investigation, can lead to many people dropping out of a claim. If the process drags on indefinitely, many people just want it to end and will withdraw the claim.
When enterprise and government organisations develop their own applications it is usually in response to a lack of an off-the-shelf product to meet a business need. Investigation management is a specialised requirement which can lead to many types of custom processes and software – from spreadsheets to Web applications.
In this blog we will take a look at the challenges and risks of going it alone for your investigation management needs.
Starting small looks promising
A typical approach organisations take when it comes to developing in-house investigation applications involves finding someone known, the “spotty nephew”, and asking them how much it would cost to build a simple system to manage investigations.
The developer then finds a database, or existing app, which looks simple to manipulate and starts adding fields and linking them to other pages with more fields. And in the end you’ve got a case management system.
But cobbling together different systems (client system, CRM, projects, etc) and calling it an investigation management system involves a lot of custom code or custom integrations, which is problematic, even in the immediate term.
This is typical of the mid-market where there is often a mature IT team. Their challenge will not be what is required to build an investigations management system, but to prioritise that above the core requirements of the business they service.
The developers could write a great case management system, but if they are supporting the day to day business of an enterprise they will have constant conflict between the project and their core business. When they need to ask “what do we do?” the focus will always be drawn to the main business.
DIY carries challenges and risks
Many organisations have had no end of trouble with custom-developed software and a DIY investigation management system is even more of a challenge.
Some of the challenges and risks of a DIY approach organisations might not consider include:
Total cost. It is easy to underestimate the TCO of a custom app, including the initial development cost and support. Including time spent finding the right technology platform that will actually work.
Maintenance. The maintainability of the code or system must be considered. For example, what happens when something needs to be upgraded or reaches end of life?
Skills. You need to hire the best people to continue to develop and maintain it and good people are hard to find and keep.
Security. There is also ongoing effort for security maintenance, including the security implications of poor practice, vulnerabilities, and compromises. You also need to ensure regular penetration tests and certifications are maintained.
Compliance. Underestimating the depth and breadth of what is required for compliance with regulations like the General Insurance Code of Practice. Can DIY keep up with a constantly changing regulatory environment? Yes, but it’s very hard and it is continuous.
Emerging tech. DIY requires you to update the platform over the years as technology is always changing. The system will need to keep up with emerging technologies, including mobile, IoT and cloud.
Knowledge management. Investigators have a wealth of knowledge, but is this being translated into the DIY product? You need to have everyone involved in the process on board with the product at all times.
Data integration. A good investigations management system will collate data from multiple sources and this needs to be factored into a DIY app. See this blog for more on Polonious’ integrations journey.
Usability and acceptance. You also need to ensure staff are able to use the product and get business value out of it.
Replace customisation with configuration
Polonious helps organisations that might need a customised app or process for a unique requirement by enabling configuration throughout our application.
We avoid code level “customisation” and focus on configuration, which is the ideal middle ground. If you have custom requirements then you can configure Polonious to meet the need without time consuming and expensive code changes.
Polonious has a common code base that services all customers, from which many customers have configured Polonious to meet their specific business requirements. However, Polonious is constantly adding new features, with further configurability, in response to customer demand and can also deploy new code as required.
For example, Polonious uses the SAME methodology to build out the business requirements of each customer, whether it is for insurance, banking, fraud or complaints. All of the processes are broken down into their basic elements and built up to be compliant with the appropriate regulation.
We enable customers to immediately focus on the desired product, whether it’s case reports, briefs of evidence, end of month or year reporting, and ensure that the data required is collected as part of the business process.
In summary, it is not a question of if an organisation can or cannot develop their own investigations system, but the time and materials required and ongoing investment often far outweighs any benefit. Failing to keep up with regulatory requirements is also a continual risk.
This blog has some more information on what you will need to build an investigations management application:
SIU Insights report 2021How do you compare to other SIUs?
Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.
GICOP changes 2021Download the GICOP whitepaper and stay compliant.
Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.
Recent Comments