Those who point out that the Millennium Bug is not a "bug," the high-tech argot for unresponsive lines of source code caused by programming error, may have missed a B.M. (Before Microsoft) meaning for the word, a communicable disease. A commercial form of the plague hysteria has certainly set in. Businesses and industries conduct massive self-audits, and examine the integrity of their internal systems and external commercial ties. Many will emerge leaner and fitter as a result. Much of the hype, however, has been an exercise in fearmongering. If you are tired of mutual fund ads telling you how rosy the future is, just go to a Y2K seminar and see how cheerful you feel returning to the office.

There now exists so much information from the Information Technology (I.T.) industry about the impact of the Millennium Bug that the obsession with the problem will prove to be a formidable diversion. Human nature being what it is, there is nothing like the allure of a mass diversion to entice the criminal and quasi-criminal element. The insurance industry, already a prime target for commercial fraud, will be called upon to develop and implement strategies for dealing with Y2K insurance fraud. It may be discouraging to think of how many of the perpetrators will get away with it, no matter how much vigilance can be exercised.

No one can offer a magic bullet to defend the industry. Traditional categories are helpful in predicting the likely psychological profile of fraudulent claimants. However, in terms of methodology the only common element is that insurance fraud involves the staging of an event which triggers the insurer's legal obligation to pay. In arson cases, basic principles of fire investigation such as "multiple points of origin" provide minimum grounds for suspecting fraud. In suicides, life insurers might look to the timing of the purchase of insurance, or (a grim matter of economy) the timing of the death prior to the need to pay a renewal.

It is, by contrast, hard to predict what methods will be used to seize the Millennium Bug opportunity to defraud insurers. Given the one-off nature of the problem, it is doubtful that many, apart from research psychologists, will study it for the purpose of being better prepared for another similar event. In these circumstances, perhaps the best preparation, is to see the nature of the "opportunity" from the perpetrator's point of view. One might be surprised to find that very little mischief can be wrought with a "Millennium Insurance Policy." However, if the global crisis is seen as a diversion, it may be most important to keep one's sights trained on an increase in conventional fraud and claims exaggeration.

Before we can talk about fraud, we should backtrack and try to get a sense of how claims and litigation arising from the Millennium Bug phenomenon will arise. It may seem unnecessary to point out that it is the Insuring Agreement clause of an insurance policy (subject to clearly worded exclusions) which defines the legal obligation of the insurer to the insured. This should provide some comfort. Whether the policy in question is traditional or Y2K-specific, the newfangledness of this problem should not cause one to lose sight of the onus on the claimant to establish that the claim is of a type included in the insuring agreement. (As opposed to an exclusion, whereby the onus is usually on the insurer.) Consequently, the unresolved preliminary legal issue likely to occupy the courts is whether the Y2K problem is an insured risk. It appears that considerable hope has been rested on the exclusion of the Millennium Bug from commercial broadform and other policies. According to this view, damages arising from the 2000 non-compliance, or costs associated with avoidance of damages arising from that event, cannot be considered accidental. The critical flaw in this argument, one to which plaintiffs will quickly catch on, is that the only certainties about the event are the arrival of the date and (God willing) the day after. The contributory negligence of the insured in failing to take adequate measures to prevent the loss will be no more of a defence than in any traditional property claim. Whether any loss will occur because of the date-recognition problem will not always be certain. Although specific policy wording may affect each case differently from the next, an all-risks policy may still respond to a claim even if the loss may have been foreseeable with more diligence on the part of the insured. This is a major source of potential exposure to insurers of health care facilities and professionals, who may face malpractice suits in the event of clinical equipment failure. The existence of a due diligence Y2K audit by such an entity of its equipment could further deprive an insurer of the "expected occurrence" grounds for denial of coverage. This defence may therefore prove ineffectual to withstand the first salvo of Y2K insurance litigation, although this may be the subject of pitched battles in the courts.

The real obstacle to expected claims and litigation will be in the definition of physical loss or damage. If plant machinery or information processing equipment ceases to function as a result of an undetected Millennium Bug problem, this will not trigger an insured loss any more than any other equipment malfunction.

This does not mean that the claims will be not be made, or that litigation will not ensue. In fact, although the insurance industry will likely be spared the largest areas of litigation-commercial litigation arising from disruptions to the supply chain and actions against computer software and hardware manufacturers - it might have to brace itself for a large volume of spurious business interruption and equipment loss claims brought in the guise of property damage. However, if the loss is seen for what it is, a mechanical breakdown depriving the insured of the use of the equipment, the claims professional will be on familiar territory when deciding whether to admit or deny coverage. For the occurrence to trigger an insured loss, standard agreements will require physical loss to equipment or premises other than the malfunctioning item before the policy responds to a claim for equipment repair or replacement, or for business interruption.

Planned Fraud on Specific Y2K Policies

Unlike the arson analogy, the chances of a claims professional encountering planned insurance fraud on specific millennium insurance policies will probably range from minimal to rare because of the complexity of the undertaking.

There are three major obstacles to the commission of this crime:

          1) The cost of the premium.

2) The need to establish an immediate past history of profitability as a sine qua non of the claim will require a high degree of sophistication to fabricate.

3) It will be difficult to obtain specific coverage without embarking on a Y2K audit and repair program.

4) It will be difficult to establish circumstances which would trigger a claim under commonly worded all-risks property insurance policies. The malfunction must be of a sort which causes physical loss or damage, and which would not involve a traditional exclusion (eg., faulty workmanship or design of materials, inherent flaw, or an express Y2K exclusion).

5) The actual staging of the event invoking the insuring agreement clause will be difficult. Unlike arson or suicide, the event itself does not readily obscure or obliterate evidence of how it happened.

This does not mean that we will not encounter planned fraud. Many commercial frauds are exceedingly complicated. Specific Y2K insurance, designed to cover pure business interruption, related repair and capital equipment expenditures, may not only be too conspicuous but will probably involve too insubstantial a reward for anyone to plan an insurance claim of this nature. Furthermore, staging an "occurrence" or "loss" will be challenging enough and involve some up-front investment, so that a clever perpetrator would not embark on the enterprise if there were any grey areas in coverage. Thus, the weighty question of whether a commercial property broad-form (with or without the issuance of an appropriately worded exclusionary endorsement in 1999) responds to a claim is sufficiently unclear that it will of itself deter planned fraud in the staging of the event. Rather, it appears more likely that the insurance claims professional in the coming year might more often encounter a less overt type of fraudulent claim, the "opportunist." This is a species of criminal not unknown to the insurance industry in more conventional settings.

Opportunistic insurance fraud can take on two different forms. One type is a claim made after a genuine "occurrence" or "loss" which, assuming the peril is otherwise covered, triggers coverage. The opportunist will give exaggerated values in the preparation of proofs of loss of property loss and business interruption, or might be guilty of malingering in disability or automobile insurance claims. In the other type of case, the insured is aware of a likely or inevitable loss which he chooses not to prevent because he will be better off by claiming compensation. Replacement value clauses might cause an insured to be hopeful that an item of property or equipment might be stolen or damaged. Both are forms of "moral hazard", viz. how insurance encourages people to incur losses, and one might encounter them either together or separately.

Exaggeration of business interruption is largely a conventional problem for the claims adjuster. Typical claims of this nature increase when the fortuitous damages are suffered during a downturn in the business cycle. A claim arising out of physical loss attributable to a Millennium Bug equipment failure could come under special scrutiny if, in the circumstances, there is a conspicuous absence or inadequacy of specific contingency planning for this event, as distinct from the traditional systems in place for contingency planning. (For illustrations, see Contingency Planning for the Year 2000, co-published by The Canadian Institute of Chartered Accountants and the Information Systems Audit and Control Foundation, 1999). A prudent company will invest, not only in measures of testing for millennium-related problems, but also in a "Plan B" for continuing to supply goods and services in the event of equipment failure. A company which expected a business slowdown in early 2000 may not have made any special plans. It may have elected to adopt a "wait and see" approach to the Millennium Bug problem, as opposed to taking proactive steps to ensure a chain of supply and distribution. Business interruption coverage usually covers actual losses. Therefore, the absence of a Y2K contingency plan should prompt claims adjusters and accounting professionals to examine more closely the "gross profit" calculation over an extended period, as opposed to the period immediately prior to the loss.¹

The fact that a business might be facing market obsolescence due to reliance on older technologies might converge with the opportunity either to update the equipment through an insurance claim or to claim compensation for the loss of business. For example, a hothouse farmer relying on antiquated equipment to maintain the daily function of hydroponic pumps may test it in advance, without telling anyone, to determine whether it is likely to stop feeding his tomato plants come January 1, 2000. Instead of purchasing a new system, he may choose to defer the expense, if he believes that his insurer will compensate him for the ruined crop. This second type of opportunism is closer to being a planned insurance fraud. Thus, a volunteered characterization of the occurrence by the claimant as a Millennium Bug problem may suggest that he knew about the likelihood of damage occurring.

The paradoxes of the Millennium Bug crisis, theoretical in nature, will affect us in innumerable tangible ways. On the one hand, it exposes the dependence of our society on fragile technologies. It is an edifice built on a less glittering past, when computers were slow and cumbersome. On the other hand, the crisis has caused us to run into the arms of the very technology which threatens us.

Let's face it. Because of the problem, the I.T. sector is booming. Arguably, were it not for Y2K, sales in the sluggish personal computer industry would be suffering even more overcapacity than the automobile industry. Claims adjusters, examiners, and counsel who may be called upon to give an opinion on a claim involving a Y2K-related loss or occurrence will have to be prepared to determine whether it is genuine. If the market for computer consultants running up to the big day is any indication, there is likely to be a shortage of qualified experts capable of assisting insurers for quick turnover and reasonable cost. Anyone already in the adjusting business possessing or planning to possess such expertise would be well-positioned.

Among lawyers, the pack has been led by the I.T. bar. They are retained to shield corporations from the commercial consequences of Millennium Bug problems. Although there may be exceptions, computer science is not a traditional background for lawyers, even those in the I.T. field. As with similar boutique specialties, these are mainly traditional corporate-commercial lawyers who ply a traditional trade in a narrow range of cases. This work has, to date, focused almost exclusively on the oversight of corporate self-auditing, in terms of both equipment and commercial agreements with suppliers and customers. "Due diligence," in this context, not only means the necessity of preventing repercussions but also of being seen to be preventing them. For many institutions, hiring an I.T. lawyer is the first step. Leading up to the event and in the aftermath, however, it will be the litigation bar which will be called upon to assert the legal rights of parties or to defend them against claims made by others. Among those who practice insurance litigation, only a handful are versed in the elements of insurance fraud.

In the midst of the confusion and volume of activity in the new century, enterprising claimants will find perfect cover for traditional forms of insurance fraud. The small corporate revolutions taking place already in the insurance industry, both in Canada and abroad, have already challenged the ability of claims departments and adjusters to keep up with the volume and flux of new claims, including perhaps some real civil disasters. We expect a rise in general criminal behaviour to commensurate with the stretching of law enforcement resources. By the same token, we should expect perpetrators of insurance fraud to present ever more technologically sophisticated claims. This type of opportunistic insurance fraud will be the white-collar equivalent of looting in the midst of civil disaster. While there can be no easy solution for dealing with it, looters do seek comfort in numbers. They count on not being caught because many others are doing it. With this in mind, perhaps we can also count on the opportunists to expose themselves to detection by being less careful, or too eager.