METHOD FOR SELECTION OF MOTOR INSURANCE FRAUD MANAGEMENT SYSTEM COMPONENTS BASED ON BUSINESS PERFORMANCE

Fraud in motor insurance is assessed to incur annual losses in the range of 100 billion dollars. While much research exists in the fraud management field, majority only deals with partial problems and presupposes the independence of specific fraud management activities. Researches on components of fraud management system are rarely explicitly related to business performance improvements. These results in a common problem, which can be observed on the practitioners’ side: only small amount of companies can objectively assess which of the many fraud management system components proposed by researchers and vendors will help to solve their problems in fraud management. The method proposed in this paper can be used as a strategic tool for improvement of fraud management process in motor insurance companies. The method is designed to be used for a selection of fraud management system components, and is based on business performance. The input for the method is a set of key performance indicators that an insurance companies wish to improve. The result is a set of activities, which should be improved, and a set of fraud management system components that should be used to improve these activities. The paper presents and explains the method and its components. The method components have been developed based on the data received from Slovenian motor insurance companies and method is evaluated in three case studies.


Introduction
Fraud in motor insurance is a recognized problem and is assessed to incur losses in the range of 100 billion dollars annually 1,2 . At the Insurance Fraud conference 2010 3 in London, several facts were uncovered by practitioners. Zurich Financial Services 4 amongst others reported an increase of fraud in all lines of insurance in 2009 due to bad global economic situation. Association of British Insurers 5 assessed the cost of insurance fraud in Britain in 2009 to 2.63 billion £, which is a 26% increase in two years.
Computer technology was recognized as one of the efficient techniques to tackle insurance fraud, see e.g. (Derrig 2002). We define fraud management system as all software and information system components, used to support all fraud management activities, i.e. fraud detection, prioritization, investigation, mitigation, redress, sanctioning, deterrence, prevention, activities related to continuous system improvement and activities related to monitoring. Fraud management system is composed of many components, out of which fraud performance components are the most widely known and publicized.
The premise upon which we base our research is that introduction of a fraud management system component is an action aimed at improving business performance, i.e. reducing cost of fraud.
It has been shown that in order to be able to improve the performance, one must first know how to measure it. The detection or practice in fraud management field have so far not provided a concise system of metrics or key detection indicators (KPI) to measure fraud management business performance. There is, however, some research, see e.g. (Phua et al. 1998;Bonchi et al. 1999;Viaene et al. 2007), that measures the results of the research against some business relevant KPI. Research results are mainly only compared to research relevant metrics e.g. classification accuracy, AUROC etc. Such approach is problematic from two perspectives. Firstly, in most cases, research results are incomparable even for different proposed solutions for the same issue, e.g. fraud detection component. Secondly, practitioners have no clear idea as to how implementation of a proposed solution would affect their business performance.
Research provides a lot of different solutions for fraud management system components, se e.g. (Artis et al. 1999;Brockett et al. 2002;Dionne et al. 2009). All research, however, provides only partial solutions, addressing individual components, and not fraud management system as a whole. Fraud management activities are not independent. For example, being able to detect all fraudulent cases will not yield any results if the investigation and redress activities are unsuccessful. In practice, if a fraud management component as a partial solution is implemented, it may only affect business performance partially or even decrease overall business performance, if component was not properly selected.
There is a clear need in research and practice to provide a link between fraud management system components and their effect on fraud management business performance. We propose an actionable method that can be used in such a manner. With our method, companies can first measure fraud management business performance. When companies are deciding, which business performance is in need of improvement, our method enables them to learn which activities need improvement and which fraud management system component can support these activities.
The method presented in this paper is limited to motor line of insurance and to reactive part of fraud management, which covers the activities of reacting to insurance claims, i.e. fraud detection, prioritization, investigation, redress, mitigation and sanctioning.
The rest of the paper is structured as follows: in the second section research method is introduced, then related work. Following is the introduction of our method in general, all method components and the method use case. Fifth section presents a case study to support our research. The paper concludes with discussion and acknowledgments.

Research method
The research was conducted in three phases, as depicted in Fig. 1: method construction, method evaluation and results interpretation. Different research methods were utilized, namely literature review, expert interview and case study. The research process and methods used in individual phases are depicted in the bottom figure. Literature review is presented in section 2 of the paper, different types of expert interviews are presented in this section and the method itself is presented in section 3. Case study, method evaluation and interpretation of results are presented in sections 4 and 5.
The research began with extensive literature review. All relevant literature was considered, both in the broad research area and the narrow research area. The first version of the three method components is based literature: KPIs, activities and FMS components. In the first series of expert interviews, the goal was to discuss, evaluate and extend the three method components obtained from the literature review.

Results interpretation
Domain experts were consulted with the help of expert interviews. Domain experts were people responsible for fraud management in six Slovene motor insurance companies, ranging in premiums from roughly 50 million € to 750 million €, and in special fraud investigation units sized from one-man-band to more than 35 people. The conducted case study observed three implementations of three different FMS components in these insurance companies.
Structured interviews were used to construct a KPI/activity matrix. Each of the domain experts was asked to provide KPIs for their organization and to provide an assessment of the maturity level for each process. For the maturity assessment CMMI 6 was utilized, which presupposes the following maturity scale: initial, managed, defined, qualitatively managed and optimizing process. According to the maturity level of each activity domain, experts assigned a grade from 1 to 5, with 5 being the best -optimizing process. Correlation between activities and KPIs was assessed using standard Pearson's chi-square statistic. The peak correlation was observed between KPI "Average investigated claim value" and activity "Prioritization" (see Figure 4). The later does not indicate statistically significant correlation, as one would expect due to low number of examples. Moreover, considering the chi-square distribution, for the above correlation to be significant one would need data from at least e.g. 40 insurance companies, which is extremely difficult. Insurance companies are very reluctant to share sensitive internal business performance information and it took over one year to convince all insurance companies in Slovene market to cooperate and to collect all the information needed here. The research continued with the correlations as-is (the 10% most correlated pairs were treated as "very correlated" and the following 25% as "mildly correlated"), as it was planned to test the final method on three independent case studies, method sufficient to confirm the hypothesis.
Structured interviews based on a House of Quality were used to construct the activity/ FMS component matrix. House of Quality (Hauser, Clausing 1988) is part of quality function deployment method, which has been used in similar tasks before (Matook, Indulska 2009). House of Quality is a method and artefact used to correlate company needs in certain activities and product characteristics. In our research, we used House of Quality to correlate insurance company needs in activities to FMS components. First the process activities were split down into their individual goals and each of the experts was asked to apply each goal an overall importance score, ranging from 1 to 10, 1 meaning not important in fraud management context and 10 meaning most important. Averaged expert scores are presented in a correlation matrix (Fig. 5) in a column "Importance (average expert score)".
Late the FMS components were introduced to the experts and they were asked to answer the questions "How much can component X help in achieving process goal Y?" for each activity goal and each FMS component. Possible answers were as follows: "does not help", "mild", "moderate", and "very". The answers were applied with scores of 0, 1, 3, and 9, respectively. Using 1, 3, and 9 scores is strongly advised when using House of Quality (Matook, Indulska 2009). At the end the scores were averaged to construct an activity/FMS component matrix.
The method, i.e. all method components: KPIs, KPI/activity matrix, activities, activity/ FMS component matrix and FMS components , was thus constructed from literature review and three series of expert interviews.
The method was evaluated in three case studies. The method was applied in different companies, implementing three different FMS components. For each of the companies, first, potential improvements were identified. Company selected KPI that was lacking the most compared to industry average. Then, the method was used to identify the FMS component that would affect the performance in that particular area. One year after the implementation the old performance was compared against the predicted increase and an actual increase of performance.

Related work
The broad research area is fraud management in general and narrow research area is fraud management in motor insurance. The most active domains in the broader research area are telecommunications fraud, insurance fraud, healthcare fraud, corporate fraud, internet click fraud, money laundering and credit card fraud. In literature, topics related to fraud management can be found under different terms, such as fraud detection, fraud prevention, techniques to tackle fraud, fraud classification, recognizing fraud, fraud investigation, fraud deterrence, abuse detection/prevention or just fraud. Table 1 provides an overview of the most relevant literature that is presented later in this chapter. Literature is classified according to the fraud management process activity and to the level of abstraction.
Methods for automatic fraud detection range from statistical methods (Artís et al. 2002;Bermudez et al. 2007), expert systems (Major, Riedinger 2002;Viaene et al. 2004), data mining (Viaene et al. 2005;, visual and analytical methods (Tie 2010;Chang et al. 2007;Sokol et al. 2001) and others. There are, however, also manual ways to detect fraud, such as report from claims adjustors or appraisers, via hotlines etc. One method does not fit all types of fraud, which is why insurance companies must employ and successfully combine different methods (Silverstone, Davia 2005). As the environment constantly changes and fraudsters change their tactics (Bolton, Hand 2002;Cahill et al. 2002;Fawcett, Provost 1997;Tuyls 2000;Xing, Girolami 2007), fraud detection and prioritization must be adaptive (Sternberg, Reynolds 1997).
Statistics has been applied to fraud management in broad research area (Bolton, Hand 2002;Aggarwald, Yu 2005;Barbará et al. 2006). Statistical methods are used to detect deviant behaviour, and are especially useful in domains with no labelled data. The most common statistical approaches applied to fraud detection are outlier detection (Aggarwald, Yu 2005) and statistical profiling. Profiling is a common technique to detect fraud, used mainly in telecommunications (Fawcett, Provost 1999;Cahill et al. 2002;Boukerche et al. 2004;Abidogun 2005;Xing, Girolami 2007), but also in banking (Chang et al. 2007) and health insurance (He et al. 1997;Major, Riedinger 2002). In telecommunications profiling is used to detect suspicious calling patterns, sudden fraudulent changes in calling patterns and to differentiate legitimate changes in behaviour (Xing, Girolami 2007) from the fraudulent ones. Profiling produces good results in domains with a lot of business events, e.g. telephone calls, bank transactions and medical services. Relative to the broad research area, there is not much use of statistics in fraud management for motor insurance. Profiling for example has not yet been applied to motor insurance, where we see a great potential, especially related to insurance agents, claims adjusters, appraisers and other insurance employees to detect internal fraud, and also in relation to external entities with large quantities of business events, such as auto repair shops, lawyers and medical practitioners.
Expert systems enable encoding human expert knowledge into a computer system (Gudas 2009) and utilizing that knowledge (Kalibatiene, Vasilecas 2010;Lavbič et al. 2010) to solve expert level problems. The knowledge is encoded in a so called knowledge base in form of easy-to-understand rules. In fraud detection literature, these rules are also referred to as redflags, indicators, fraud controls and expert rules (Furlan, Bajec 2009;Major, Riedinger 2002;Viaene et al. 2004;Garner, Chen 1994;Sternberg, Reynolds 1997;Bordoni, Facchinetti 2001;Curet et al. 1996;Sun, Finnie 2004). Expert systems are seldom used in fraud detection for their good explain capability, which is very valuable in the investigation phase, when fraud investigators need to understand the situation and communicate with fraudsters (Viaene et al. 2002).
There are two specifics of data mining that must be taken into account when building fraud detection models. (1) The general binary models need to be adaptive, as nature of fraud is very dynamic, since investigators' actions instantly trigger reaction from fraudsters, who are constantly adapting their practices to stay below the fraud detection radars. (2) Most methods need a good labelled learning set, which is not a realistic demand. A bad learning set, on the other hand, yields a high probability of omission error (Artis et al. 1999(Artis et al. , 2002Caron, Dionne 1999). But here we will focus on supervised methods. Classification is a data mining approach, which assigns objects (persons, claims, events etc.) based on their features with one of predefined classes. Fraud detection is the most common fraud management activity to utilize classification techniques. Binary fraud/non-fraud classifiers are the most common, although classification can also be applied to detect more specific types of fraud, e.g. fraudulent whiplash (Gudmundsson et al. 2010). In the fraud management research related literature one can find different classification algorithms, ranging from simple ones, such as Naïve Bayes, k-Nearest Neighbors and Decision Trees, to the more complex ones, such as Neural Networks and Support Vector Machines (Gudmundsson et al. 2010;Viaene et al. 2002Viaene et al. , 2005Brockett et al. 2002). A comprehensive analysis and comparison of classification algorithms for fraud detection has been conducted by Viaene (2002). He showed that no algorithm significantly over performed in all scenarios, and that even very simple algorithms yield good overall results. The lack of labelled data is a barrier to test more data mining methods (Bolton, Hand 2002;Phua et al. 2005). In the telecommunications fraud detection, there had been several attempts to automatically generate data (Lundin et al. 2002;Barse et al. 2003), but the results lacked the authenticity needed for quality machine learning. It is also well-known that omission error is very common in motor insurance fraud detection datasets (Artis et al. 1999(Artis et al. , 2002Caron, Dionne 1999). Many authors pointed out (Tuyls 2000;Phua et al. 2005;Cahill et al. 2002, Viaene et al. 2002) that simple classification accuracy or AUC (Viaene et al. 2002) is not an appropriate evaluation method because of skewed data and because of the different values of claims. Cost-based methods are noted as the most suitable for this domain (Viaene et al. 2007;Stolfo et al. 2000). An overview of on-line-accessible English publications on using data mining methods for financial fraud detection, including motor insurance fraud, can be found in (Ngai et al. 2010). We believe that there is a great potential in constructing specialized classifiers to detect specific types of fraud, such as whiplash (Gudmundsson et al. 2010) and other frauds related to currently challenging types of fraud, such as fake or exaggerated personal injuries and claims farming.
The investigation resources are always scarce. From all detected suspicious claims, insurance company needs to select the most perspective ones for the investigation (Bond, Crocker 1997;Tennyson, Salsas-Forn 2002). The task of assigning a relative importance value to the claim is referred to as ranking or prioritization. A task can be a part of data mining model, when using regression or statistical models (Brockett et al. 2002;Viaene et al. 2002); or a score can be assigned later (Dionne et al. 2009). In theory, there are three types of values that can be used for ranking. First is probability of fraud (Brockett et al. 2002;Bolton, Hand 2002;Phua et al. 2005;Viaene et al. 2002). The majority of authors (Viaene et al. 2007;Dionne et al. 2009) advocate probabilistic approach to determine suspiciousness, although some more complex approaches can also be found in literature (Brockett et al. 2002). The second value is price (Dionne et al. 2009), which must include both claim value (Viaene et al. 2007;Bond, Crocker 1997) and predicted investigation costs (Viaene et al. 2007). The higher the difference between case value and assumed investigation costs, the more perspective is the case. It is not possible to know the exact cost of investigation and the final claimed amount beforehand. The research showed, however, that assuming average investigation costs and assessed claim value yields good results (Viaene et al. 2007). The third value is the ability to redress (Furlan, Bajec 2009). There is a research combining cost and probability of fraud (Vieane et al. 2007), but we argue that the ultimate score should comprise of all three factors. One major issue related to prioritization remains unaddressed so far. Many insurance companies use different methods to detect different types of fraud, but the research has not yet proposed the joint ranking algorithm to consolidate results from different methods.
There are many common investigation techniques that are usually employed, such as enquiries to industry bureaus, rating agencies or other available information providers, site investigations, surveillances, independent medical examinations, medical audits, sworn statements, recorded statements, special investigations, wage verifications etc. (Derrig et al. 1994;Radcliffe 1995;Weisberg, Derrig 1998;Tennyson, Salsas-Forn 2002) Insurance companies often make use of different software components such as visual and analytical tools to visualize and visually investigate data (Sokol et al. 2001;Chang et al. 2007), and other computer techniques such as automatic text analysis (Popowich 2005), and lie detection in recorded statements with the use of voice stress analysis (Hollien et al. 1987). If using automated fraud detection, it has been shown (Viaene et al. 2004) that methods, that yield better explanation capability produce better results in investigation as they provide explanation of suspicious circumstances, rather than providing merely a vague suspicion score. An expert system is an example of such a technique (Garner, Chen 1994;Bordoni, Facchinetti 2001;Major, Riedinger 2002;Viaene et al. 2004). Neural networks-based methods on the other hand, however, have been often criticized to lack such explanation capability (Viaene et al. 2002). Dynamic nature of fraud makes it harder to detect it with static fraud detection algorithms (Cox et al. 1997;Žagar 2008). On the other hand, the same issue can be solved very efficiently by providing the investigator with a visual overview of data, helping the investigator to interact with data, easily comprehend the situation, and consequently draw conclusions (Chang et al. 2007;Sokol et al. 2001;Žagar 2008). Visualization as a method for fraud investigation can be divided into two categories: general data visualization and fraud reports. The general visualization methods applied to fraud detection and investigation are different types of charts, such as bar charts (Chang et al. 2007;Sokol et al. 2001), pie charts (Sokol et al. 2001), and line charts (Chang et al. 2007;Sokol et al. 2001). In literature, one can also find more sophisticated techniques, such as heat maps (Chang et al. 2007), networks (Cox et al. 1997;Žagar 2008;Chang et al. 2007;Tie 2010), parallel coordinates (Žagar 2008), sieve diagrams (Žagar 2008) etc. Additional visual enrichment can be achieved by introducing the temporal and/or geographical component (Žagar 2008;Chang et al. 2007). A comprehensive overview of visualization methods for fraud investigation in telecommunication are presented in (Žagar 2008). The difference between general visualization methods and fraud reports is in the generality. Whilst the earlier described visualization methods, can be used to observe any data in any particular domain, fraud reports (visual or textual) are used in a specific domain, with specific data to clearly illustrate a specific type of fraudulent activity. Hyperbolic and circular graphs are used in telecommunications to visualize network of fraudsters (Žagar 2008), in banking to discover fraudulent transactions (Chang et al. 2007) and for connecting fraudsters and other entities, such as people, cities and organizations, in money laundering (Tie 2010). Cox et al. (1997) presents a networks visualization to display international fraudulent activities related to telecommunication. Chang et al. (2007) introduced a complex visualization, comprised of a heat map, a line chart, a bar chart and a hyperbolic graph, to point out suspicious banking transactions. We see potential in applying visualization methods from broader domain to motor insurance fraud investigation. We also see great potential in introducing more fraud reports to motor fraud detection and investigation, especially in relation to visual detection and investigation of novel fraud types such as claims farming.
The goal of fraud redress and mitigation is to redress the money lost or withhold the payment for fraudulent claims. The goal of sanctioning is in both seeking redress and sanctions, but also deterring further fraudulent activities (Jou, Hebenton 2007;NHS 2001). The actions that insurance companies usually exercise range from: do nothing, send warning, suspension, dismissal, civil proceedings to recover the money, criminal proceedings resulting in a fine, criminal proceedings resulting in a prison sentence (NHS 2006a(NHS , 2007. Although fraud is one of basic criminal offences, fraudulent cases are usually not passed to the prosecution. In fact, our industry research has shown that only 3% of investigated cases are passed on to the prosecution, the majority of which as a counter action to fraudsters pressing civil charges against insurance companies for declining their indemnities. The procedures vary from country to country (NHS 2006b), but the main reason for the lack of sanctioning actions from the insurance side lies in ineffective and slow actions from police and prosecution side (Selinšek 2004). There is no research focused on software components that can be used to support redress, mitigation and sanctioning activities, although there are some widely used concepts that could have been applied to these activities. To name just one example, business process management systems (BPMS) could be utilized to streamline the investigation process, and criminal and civil proceedings. BPMS are generally used to streamline and provide information technology support to business processes. The added values of BPMS are reported to be: increased visibility and control of company's activities and bottlenecks, more efficient process execution and better division of duties and responsibilities (Ko 2009).
Data is the basis for all fraud management system components, therefore research puts a lot of attention to different data sources, different methods of data storing and different methods of data (pre)processing. It has been shown that shared industry databases (Radcliffe 1995), databases and data warehouses (Nguyen et al. 2005;Sokol et al. 2001), and extracting information from unstructured data sources by employing natural language processing (Popowich 2005), can be beneficial to fraud detection performance. Radcliffe encouraged using common, industry-shared claims databases and checking every new claim against the complete history. To our knowledge there has been no research related to importance of other databases, such as policy databases, vehicle databases etc., related to motor insurance fraud detection. The novel technology of data warehouses can be used to store a multidimensional database that is especially fitted to support analytical activities. Data warehouses are often utilized to detect fraud in telecommunication (Mattison 2005;TMF 2006;Nguyen et al. 2005), usually to provide underlying data for profiling, data mining, visualization and fraud reports. The demand (Nguyen et al. 2005) to achieve near real time data warehousing in telecommunication is not applicable to motor insurance fraud management. Regarding the data pre-processing, a procedure of Extract-Transform-Load (ETL) is commonly used for data preparation and cleaning for storing in data warehouse, data mining or other automated intelligent computer task. ETL is a well-known process in data mining, as data preparation consumes 80% of all data mining time on average (Sokol et al. 2001). Fraud management in gambling (Jonas 2006) and health insurance (Sokol et al. 2001) is faced with the following ETL issues: incomplete data, anomalies in data, unexpected characters and identity matching. The last issue is referred to as entity resolution. Jonas (2006) describes identity matching and identity resolution approaches in tackling fraud in gambling. Natural language processing (NLP) is used to process information from unstructured data. A lot of information in motor insurance is not structured, and NLP techniques are employed to either (1) extract important information from unstructured data sources, or (2) to categorize text, e.g. lie/honest. Information extraction is a common NLP problem (Peng, McCallum 2006), the most important subproblem being entity recognition, i.e. recognizing the elementary parts of text, such as geographic names, personal names, companies, dates, numbers etc. (Poibeau, Kosseim 2001). In text categorization on the other hand, specific solutions were constructed, especially for fraud management. In detecting fraudulent transactions in banks, Chang (2007) employed detection of coexistence of words that should not be related. In health insurance text mining was used to classify health insurance claims (Popowich 2005) into different classes depending on the nature of treatment. The useful contribution to practitioners would be to address and provide best practices to the most common ETL problems. We also believe that data warehouses could be successfully utilized in tasks of visualization, profiling and data mining in motor insurance.
As seen from the research, presented here, some areas, e.g. fraud management system components for fraud detection, receive a lot of attention, others, e.g. fraud management system components for redress, mitigation and sanctioning, on the other hand have so far received no attention. However, the biggest issue in motor insurance fraud management is that fraud management process activities are treated as independent. There are very few papers, see e.g. (Derrig 2002), addressing more than one activity, and even this research is not addressing the complete fraud management process. On the other hand, there is also very few papers, see e.g. (Becker et al. 2005), addressing the same activity in the different level of abstraction. Fraud management system components are discussed independently of the activities they are aimed at to support, and only a few papers are discussing single fraud management system components, see e.g. (Viaene et al. 2007), with respect to the concrete goals of fraud management on the level of business performance (see Table 1).  (Selinšek 2004;NHS 2006a) Case studies (Stempel 2002) FMS components (components, techniques, algorithms, methods) Data mining techniques (He et al. 1997;Artis et al. 2002;Brockett et al. 2002;Viaene et al. 2004;Xing, Girolami 2007) Statistical models (Garner, Chen 1994;Bermudez et al. 2007) Expert systems (Sternberg, Reynolds 1997;Bordoni, Facchinetti 2001;Major, Riedinger 2002) Method classification (Ngai et al. 2010) Method comparison (Viaene et al. 2002;Ngai et al. 2010) Cost sensitive prioritization methods (Viaene et al. 2007) RIDIT scoring (Brockett et al. 2002) Costly state verification (Bond, Crocker 1997) Fraud reports (Major, Riedinger 2002;Chang et al. 2007;Tie 2010) Visualization techniques (Cox et al. 2007) The goal of the paper is to introduce an actionable method that connects the complete fraud management process from the business performance level through process activities to fraud management system components. The method can be used in two ways, (1) to assess, which fraud management system components should be implemented to increase performance of a specific KPI, and (2) to predict what kind of effect an implementation of a specific fraud management system component on business performance will have.

Method introduction
The method is based on the business process meta-model (Eriksson, Penker 2000). Business process meta-model defines the relations between the business concepts in an organizational environment.
As depicted in Fig. 2, business process meta-model introduces an organizational goal, which can be measured with one or more key performance indicators (KPI). Goals are Fig. 2. Business process meta-model achieved by executing processes and KPIs also measure the execution of processes. The process consists of one or more activities. To execute an activity an organization uses, creates or changes different resources. Examples of resources are people, computer components and information. KPIs are used to measure performance of activities and utilization of resources. In Fig. 2 the three concepts used in the method are highlighted in grey. When applied to the research presented in this paper, these concepts are fraud management key performance indicator (herein referred to as just KPI), fraud management activity (herein referred to as just activity) and fraud management system component (herein referred to as just FMS component or component). Just as presented in the meta-model, a KPI measures performance Fig. 3. Method model of one or many activities. An activity is supported with one or more FMS components. These concepts are presented in Fig. 3.
The method comprises of components that are depicted in Fig. 3. From top side, a company uses KPIs to measure performance of a certain activity (or activities), which is supported by a certain FMS component (or components). From bottom side, a FMS component is used to support a certain activity (or activities) which boosts the performance, which can be measured by a specific KPI (or KPIs). To be able to connect KPIs with activities and FMS components, we need to introduce two matrices, namely a KPI/activity matrix and an activity/FMS component matrix. In this chapter we present all five concepts that constitute our method: KPIs, KPI/activity matrix, activities, activity/FMS component matrix and FMS components.

Method components
From expert interviews, literature review and our own experience, first 48 key performance indicators were selected, that can be used to measure fraud management performance. Later a simplified version of 11 KPIs was introduced. These reduced set (see Table 2) can be easily calculated by any insurance company.
In Table 2 KPIs that are based on monetary values, such as "Average cost of investigation", are presented in a general form. In order to make these KPIs comparable across different time and different countries one needs to account for different currency value fluctuations. In order for the method to be useful in such setting one needs to record exact time when the KPI was collected so the currency value fluctuations can be taken into account when comparing KPIs from different points in time. In the research presented in this paper all KPIs were collected for the same year, so the correction is not needed.  As mentioned before, the main activities are fraud detection, prioritization, investigation, redress, mitigation and sanctioning. Each of the activities has one or more goals, which can be measured with KPIs. List of activities and their goals are provided in Table 3.
A number of different software and information system components obtained from the literature, are used to support fraud management activities. All FMS components are listed in Table 4. 3. Average investigated claim value/Prioritization. The correlation is intuitive, as selecting the most expensive claims to investigate is one of the goals of prioritization.
The KPI/activity matrix was obtained from a correlation assessment based on expert interviews. Some KPI/activity pairs were found to be mildly correlated and some were found to be strongly correlated.
As depicted in the matrix (see Fig. 4), there are five KPI/activity pairs with a strong correlation.
1. Detected potential/Detection. The correlation is intuitive, better fraud detection activity yields more detected potential fraud. 2. Average cost of investigation/Detection. Good detection produces good detected results and the suspicion is easy to understand. Investigators spend less time trying to understand suspicions and receive less false positives; the effect is reduced average cost of investigation. 4. Percentage of investigated claims/Redress. Companies that are able to redress the claims regularly, invest more in fraud management, and therefore investigate more claims than those who don't. On the other side, redress is one of the most time-consuming activities and when executed efficiently and effectively leaves more time to investigators to investigate more. 5. Average cost of investigation/Redress. The reason is the same as above. Redress is one of the most time-consuming activities and when executed efficiently and effectively leaves more time to investigators to investigate more claims, therefore decreasing the average cost of investigation. Activity/FMS component matrix presents the correlation between activities and FMS components. House of Quality was used to construct and represent the correlations. In the Fig. 5, the left side of the matrix presents the activities and the particular activity goals. The next column (Importance) presents relative goal importance as marked by the experts. The top side of the matrix presents FMS components. There are circles in the matrix, which denote impact of FMS components on the activity or activity goals. For each of the FMS components, there is a relative importance at the bottom of the matrix.
As depicted in Fig. 5, the highest relative importance is attributed to the following three FMS components: (1) fraud reports, (2) expert systems and (3) claims database, and the lowest relative importance to: (1) automatic learning, (2) statistics and (3) profiling.

Method use case
The method should be used by practitioners to construct fraud management improvement strategies, based on the current company business performance. Company measures KPIs, compares the values to the industry average to see which KPIs could or should be improved. Then by using the proposed method, a company can evaluate which of the activities should be improved and which FMS components could aid the improvement. Fig. 6. Extended fraud management reference model can be used as a strategic tool for investment in both processes and fraud management system improvement Fig. 6 depicts a typical use case. An insurance company notices that it underperforms on the KPI A. By using the KPI/activity matrix, the company assessed that KPI A correlates with activities 4 and 5, and by employing the activity/FMS component matrix, it can conclude that the FMS components X and Y provide the best support for activities 4 and 5. Final conclusion can be: in order to improve KPI A, the company should improve activities 4 and 5, and in order to support the activities with FMS components, components X and Y should be used.

Case study
The aim of the presented case study was to test the proposed method in a real life scenario and evaluate the KPI/activity matrix and the activity/component matrix.
The case study was conducted in three individual companies in the Slovene insurance market. As mentioned before, three additional insurance companies provided their performance KPIs and participated in assessments needed to construct the KPI/activity matrix and activity/component matrix. The case study was conducted with the following steps. a) Identification of improvement potential. Three companies decided to cooperate in the case study. First, their KPIs were compared to the average Slovene industry KPIs, thus the KPIs that could be improved were identified. b) Components identification and improvement assessment. Each company identified the components that would increase the performance by using the method proposed in this paper. The impact that the implementation of the proposed component should have on all KPIs, was also assessed. c) Results evaluation. One year after implementation, new KPIs were collected from these three companies and compared the results to both previous performance and assessed improvement. The companies that participated don't want their identity disclosed. Figures that would enable one to identify a concrete company are not presented in the following case study description.

Identification of potential improvements
The performance of three companies (later referred to as C1, C2 and C3) that participated in the case study were compared to performance from all six companied on the Slovene motor insurance market. For each of the three companies the KPIs in which the company was underperforming and could be improved substantially in relation to the industry average we identified. From the KPIs, that can be improved, the three companies selected the KPIs that they wanted to improve and assigned each KPI with improvement priority (see Table 5).

Components identification and improvement assessment
Based on the KPI improvement priorities, the proposed method was used to calculate a component match. For each of the correlation points on the matching matrices (see Figs 4 and 5) we applied the recommended (Matook and Indulska 2009) numbers 9, 3 and 1 for strong, moderate and week correlation, respectively. Our method predicted the most suitable components for each of the three companies (presented in Table  6). For C1 the most suitable component is an expert system (ES), followed by a ranking component and claims database. For C2, our method suggested a business process management component (PBM) as the most suitable component, followed by fraud reports and expert systems. For C3, the most suitable components in priority order were fraud reports (FR), visual (data mining) tools and data warehouse.
The implementation of a component does not only affect the KPIs selected for improvement, but has a larger footprint. With reverse use of our method, we assessed what KPIs would be affected with an implementation of a particular component. The results are presented in Table 7.
As presented in Table 7, the introduction of an expert system component should have the biggest impact on the average cost of investigation, percent of investigated claims and detected potential. Main goal for C1 was to raise detected potential and to lower the average cost of investigation, which corresponds with the predictions. The lower priority goal of C1 Continued Table 5 was also to increase total savings, the number of cases in sanctioning and profitability. As predicted with our method, the introduction of ES should also increase total savings and success rate, but our method does not predict an effect of introduction of ES to profitability. Main goal for C2 was to increase the percentage of investigated claims, and secondly to lower the average cost of investigation. This exactly concedes with the predicted effects of BPM component implementation. Main goal of C3 was to increase the average investigated claim value. As assessed with our method, the implementation of FR should have an impact on average investigated claim KPI, but not a very big one. As none of the other components had bigger impact on this particular KPI, C3 still decided to implement the FR component.  Table 8) are presented as a ratio of KPI value, measured after the component implementation relative to the KPI value measured before the implementation.
As depicted in the Table 8, the results for C1 were as follows. There was an improvement in all KPIs, although in some of them minimal. There was an observed improvement of more than 11.57% in all KPIs, where improvement was set as a goal. The highest relative change was in the profitability, followed by the detected potential and investigated claim value. This coincides with the goal to increase the detected potential. Companies also observed a decrease in the average cost of investigation, and an increase in success rate, total savings and profitability, set as a low-priority improvement goal. The biggest discrepancy was in the percentage of investigated claims. The method predicted that an introduction of an ES should have a relatively high impact on that KPI, but the observed relative change was amongst the lowest. In the case of company C2, a decrease in three KPIs, namely average investigated claim value, success rate and sanctioning success rate, was observed. However, there was at least 19.35% improvement in both goal KPIs. The highest relative change was in profitability, followed by the number of investigated claims per investigator and the percentage of investigated claims. The biggest surprise was to observe the difference between predicted relatively high correlation between the BPM component implementation and sanctioning success rate, however, after the experiment an actual decrease of this KPI was observed. The BPM component enabled the investigator to be more efficient and do more, without improving the detection, the pool of suspicious claims remained the same (no change in the detected potential). Because the prioritization technique of the C2 is strongly cost based, the average investigated claim value of course decreased, as well as the success rate. The observed sanctioning success rate decrease in our opinion is purely random and is not related to introduction of BPM component.
In the case of company C3, there was, a decrease in percentage of claims investigated and the number of investigated claims per investigator, and an increase of the average cost of investigation. The two mentioned KPIs are related. The highest relative change was observed ar the average investigated claim value a goal KPI, followed by profitability and total savings. As predicted with the method, the introduction of a FR resulted in a relative change in average investigation cost and sanctioning success rate, but even though the method predicted relatively high impact on percentage of investigated claims, the impact was low compared to others. With the introduction of a fraud report component, the focus of C3 switched from small frauds to large organized fraud. Such cases are more expensive and more complex. Consequently, less claims were investigated, thus a decrease in number of investigated claims, percentage of claims investigated and an increase of the average cost of investigation.

Discussion
In the case study the method was applied to three different real life scenarios. In all of the case studies, the method was used to select the appropriate component to improve the selected KPIs. All three companies implemented the proposed component and after one year of use, KPIs values were collected to compare performance before and after.
All three case studies provide positive results and prove that the proposed method works for the Slovene market. We would like to further stress that in all the case studies the implementation of proposed components produced positive improvement at the same KPIs that were set as improvement goals.
Additionally, positive and negative changes in performance were observed, which were not predicted by the method in all three cases. And more interesting, a better match with goal improvement was observed, and actual improvement, than with predicted improvement and actual improvement. Both facts arise from the same reason. It is not solely influenced by the components that are responsible for performance increase; it is also influenced by the end users, who do it by using these components. We believe that with a clear goal in mind, the users adapted the use of components to fit their concrete demands. The BPM component, for example, can generally improve efficiency of sanctioning. But if it is only used to support investigation processes and not sanctioning processes, it will not affect sanctioning at all. Therefore, the way of using of the implemented components (activities) affects the performance gained by using of the components.
As far as general performance is concerned improvement was seen in general performance, i.e. total savings (observed increase between 18.74% and 42.67%) and profitability (observed increase between 34.81% and 83.94%) in all three cases. All three implementations were seen as successful by insurance companies.

Conclusion and further work
Insurance companies have great interest in tackling insurance fraud. The research community so far offered only partial solutions, addressing particular activities of fraud management. What's more, research results in the field of insurance fraud management systems seldom are clearly linked to business level relevant performance indicator. There is a need to address the fraud management in more holistic manner and provide a clear link between fraud management system components and their effect on fraud management business performance. The paper describes a method that links fraud management system components to fraud management business performance. When companies are deciding, which business performance KPI is in need of improvement, our method enables them to learn which activities need improvement and which fraud management system component can support these activities.
The paper presents the components of the method and a use case, describing use in practice. The method was constructed based on the data gained from Slovene motor insurance companies. Three companies also tested the method by implementing the fraud management system components proposed by our method. The results are provided in the paper as a case study and based on the results the following two conclusions can be made.
Firstly, in all three case studies an increase in profitability was observed, a KPI measuring overall fraud management performance. The increase in companies C1, C2 and C3 was 83.94%, 34.81% and 49.27% respectively. It can be concluded that by improving the "right areas" with help of the method, a company can increase general performance. The "right areas" in this context means the KPIs in which the company is greatly underperforming the market.
Secondly, the improvements in all three cases appeared in the areas as desired and predicted. Exception was in sanctioning success rate at company C2. The method predicted performance increase, but in a case study an actual 1.52% decrease in performance was observed. This can be interpreted as a mild deviation, as the company C2 goal was not to increase sanctioning success rate, and it was predicted by our method as a side effect. Therefore the desired improvement of the company C2 was met. It can be concluded that by using our method a company can select fraud management system component(s), which will help them to improve the desired business performance KPIs.
Our future plan is to further improve and extend proposed method. On one side, we would like to gather KPI and performance measurements outside Slovenia to get a statistically more significant data set. We are however somewhat sceptical that international comparison will yield good results, as it disregards specifics of local environment and local insurance business environment. On the other side, our plan is to test our method in more insurance companies with purpose to improve the method. We found it relatively easy to demonstrate and show the method to insurance companies, but it is extremely hard to convince insurance companies to make real implementation of the proposed fraud management system component(s). As the side products of our method we would like to construct a fraud management performance benchmark, a set of KPIs, based on a statistically large enough measurements set, with which an individual insurance company could compare their own performance.