Workers' compensation premium fraud is the employer-side mirror of claimant fraud, and it is the larger dollar problem. When an employee stages an injury, that is claimant fraud. When an employer under-reports payroll or misclassifies workers to buy coverage below the correct rate, that is premium fraud - and industry estimates put it at roughly $25 billion a year, ahead of the roughly $9 billion attributed to fraudulent employee claims, per a breakdown compiled by Insurance Thought Leadership. The problem is not that carriers ignore it. The problem is that premium fraud sits at the underwriting and audit seam, where verification is retrospective, sampled, and cut off from the payroll and tax records where cash payroll actually hides.
For an SIU director, that structural gap is the story. A premium audit closes months after the policy expires. It samples records rather than reconciling all of them. And by law it usually cannot match an employer's reported payroll against state tax and employment filings, which is exactly where under-reported wages would surface. So a class-code mismatch or a suspicious 1099 spike gets flagged, escalates to the SIU, and then competes for scarce investigator attention against a stack of claimant cases that are easier to close.
This post covers what premium fraud is, the five typologies investigators track, why the reported numbers are a fraction of the real total, how the investigation lags today, the red flags that surface a case, and where autonomous investigation changes the economics. It is the employer-side counterpart to our workers' compensation fraud investigation guide, which covers the claimant side in depth.
What workers' comp premium fraud is
Workers' compensation premium fraud is when an employer misrepresents its business to a carrier to buy coverage below the correct rate. The premium an employer pays is a function of payroll, class codes, and prior claims history. Under-report the payroll, downgrade the class codes, or hide the claims history, and the premium drops. That understatement is the fraud.
It is the larger half of the problem. Industry estimates compiled by Insurance Thought Leadership put total workers' comp fraud at about $34 billion a year - roughly $25 billion of it premium fraud and about $9 billion claimant fraud - with an estimated 10% of claims judged fraudulent. The $25 billion premium-fraud figure traces to a July 2022 Coalition Against Insurance Fraud study, as documented by NJM Insurance Group. The California Department of Insurance defines the employer-side scheme plainly: under-reporting the number of employees and wages paid, misclassifying the type of work employees do, and misrepresenting claims history through experience-modification evasion.
The distinction that matters for the SIU is between detection and resolution. Cross-carrier data or an underwriting model can flag a policy whose payroll or class mix looks anomalous versus peers. That flag is not a case. It becomes a case only when someone reconciles the payroll ledgers, 1099 filings, certificates of insurance, tax records, and prior experience-mod history into a documented conclusion a district attorney or state fraud bureau can act on. From fraud detection to fraud resolution - that reconciliation is the whole job.
Premium fraud vs claimant fraud
Claimant fraud is the employee lying about an injury. Premium fraud is the employer lying about its payroll, its workforce, or its claims history to lower the premium. Both are workers' comp fraud, but they enter the carrier through different doors - claimant fraud at FNOL, premium fraud at underwriting and audit - and premium fraud is the larger dollar total by roughly three to one.
The five premium-fraud typologies investigators look for
Premium fraud recurs in five schemes: payroll under-reporting, worker misclassification, class-code manipulation, experience-modification evasion, and ghost policies or certificate-of-insurance fraud. Each lowers the premium a different way, and each leaves a different documentary trail an investigator has to reconstruct.
1. Payroll under-reporting
The most common scheme and the hardest to catch. The employer simply reports less payroll than it actually pays, usually by paying workers in cash off the books. Because premium is driven by payroll, every dollar hidden is a dollar of premium avoided. The UC Berkeley study for California's Fraud Assessment Commission - Neuhauser and Donovan, "Fraud in Workers' Compensation Payroll Reporting" (2009) - found under-reporting ran 1-4% of private-industry payroll in low-premium years and 10-12% in high-premium years, with under-reported California payroll ranging from $4-15 billion in low years to $55-68 billion at the peak.
2. Worker misclassification (the independent-contractor dodge)
The employer reclassifies employees as independent contractors to avoid workers'-comp obligations entirely. No employee, no payroll to report, no premium owed on those workers. A growing 1099 spend against a stable or growing headcount is the classic signature. Not every misclassification is fraud - some is genuine error - but systematic reclassification that always cuts premium is the pattern investigators treat as intent rather than mistake.
3. Class-code manipulation
Every job maps to a class code with a rate tied to its injury risk. A roofer costs far more to cover than a clerical worker. When an employer reports high-risk workers under low-risk codes, the premium falls without the payroll changing. The UC Berkeley study found that in very high-risk class codes, 40-60% of payroll was under-reported or misreported. Verifying a class code means comparing the reported code against the work actually performed, which requires field observation or records the audit rarely reaches.
4. Experience-modification evasion
An employer's experience modifier reflects its claims history; a bad year raises it and every future premium with it. The evasion is to dissolve the entity and form a new one to reset the mod to a neutral 1.0, shedding the loss history. The California Department of Insurance names this directly in its description of employer premium fraud. Professional employer organizations are also cited in the UC Berkeley study as a vehicle to disguise a firm's experience-mod history.
5. Ghost policies and certificate-of-insurance fraud
Some employers buy a minimal policy solely to produce a certificate of insurance for a general contractor or a job site, then cancel it once the certificate is issued - a ghost policy. Others simply forge or alter a certificate of insurance to fake coverage that does not exist. Both defeat the coverage requirement without paying real premium, and both surface only when someone verifies the certificate against the policy of record. Certificate forensics overlaps directly with the payroll-document forensics covered in our guide on detecting forged pay stubs and payslips with AI.
The bigger half of workers' comp fraud is the employer faking the payroll, not the worker faking an injury. This is where the scheme moves from under-reported payroll and misclassified workers, through a retrospective and sampled audit, to an SIU flag - and where the multi-source reconciliation of payroll, 1099s, tax filings, and certificates actually resolves it.
The scale and why it is under-counted
The reported numbers for premium fraud are a fraction of the actual total, because the underground cash economy is structurally invisible to a premium audit. What states charge and convict is what surfaced; what surfaced is what the audit and SIU pipeline had capacity to reach. The gap between chargeable fraud and actual fraud is the coverage problem in dollar form.
California's numbers make the shape of it concrete. In FY 2023-24, the California Department of Insurance Fraud Division recorded 2,932 suspected fraud cases, 128 arrests, and 156 referrals to prosecutors, with potential loss across those cases of $157,201,942. The district attorney program logged 260 convictions and $31,543,396 in restitution ordered - but only $11,682,851 actually collected - against total chargeable fraud of $1,202,966,076. That restitution collection gap, roughly a third of what was ordered, is one reason prevention and early investigation matter more than recovery after the fact.
And chargeable fraud is not total fraud. The California DOI describes the underground economy as a "multi-billion dollar" drain and reports 349 arrests and more than $37 million in restitution and fines over a three-year enforcement push. The UC Berkeley payroll estimates - $4-68 billion in under-reported California payroll depending on the year - suggest the premium never collected dwarfs the fraud ever charged. For a Claims VP, that is unearned premium: top-line leakage the carrier had a legal right to and never billed, feeding straight into the workers' comp loss ratio.
Workers' comp fraud by type (industry estimates, annual US)
How premium fraud is investigated today - and why it lags
Premium fraud is investigated first by the premium audit and then, if the audit surfaces anomalies, by the SIU. The audit is a post-policy review of payroll records, tax filings, check registers, subcontractor costs, and certificates of insurance. It is the right tool, but three structural limits keep it from catching most premium fraud: it is retrospective, it is sampled, and it is cut off from the tax and employment data where cash payroll surfaces.
It is retrospective because a field audit typically closes 60-90 days after the policy expires. By then the policy period is over, the money is gone, and any cash-payroll trail has had months to cool. It is sampled because auditors cannot reconcile every record for every policyholder, so they test a subset and extrapolate - which means systematic under-reporting inside the untested portion goes unseen. And it is cut off from the most useful data: insurers face legal restrictions on matching employer reports against state tax and employment (EDD) filings, a limitation the UC Berkeley report flags directly in its recommendations. That is precisely where under-reported wages would appear.
When the audit does escalate a case to the SIU, the manual investigation is slow and few clear. Manual SIU investigation averages 14+ days per case, one investigator carries 200+ cases, and teams investigate only about 25% of flagged matters. Premium-fraud cases - which demand reconciling payroll ledgers, 1099s, certificates, and experience-mod history across multiple sources - are among the most labor-intensive, so they compete for scarce attention against claimant cases that close faster. The mechanics of that escalation path are covered in our explainer on how insurance companies investigate fraud.
Red flags and detection signals
The signals that surface premium fraud cluster around three mismatches: payroll that is too low for the observed business, class codes that do not match the actual work, and entity or coverage structures built to shed history or fake compliance. None of these is proof on its own; each is a flag that has to be investigated. Because the audit is retrospective, many are caught long after the policy period, if at all.
Detection platforms help surface some of these. Cross-carrier data from Verisk's ClaimSearch or ISO ClaimDirector can flag an employer whose reported class mix or payroll looks anomalous against peers; FRISS scores claim-level and underwriting anomalies. Those are flags. Hesper's built-in detection can surface them too, but detection is not the bottleneck here - the reconciliation that follows a flag is. A class-code mismatch is worthless until someone matches payroll records, tax filings, 1099s, certificates, and prior experience-mod history against it, and that multi-source workflow is what runs 15+ investigation phases.
Where automated investigation changes the math
Automated investigation changes the economics of premium fraud by removing the bottleneck that keeps most flagged policies uninvestigated: human attention on multi-source reconciliation. Detection can flag an anomalous policy in seconds. The reconciliation that turns that flag into a defensible case is what takes 14+ days manually - and it is the step Hesper runs end-to-end in 2-4 hours.
The lever is coverage. Manual SIU teams investigate roughly 25% of flagged matters; the rest are audited superficially, closed, or queued indefinitely. Because per-case attention is not a constraint for an investigation agent, coverage lifts toward 100% of flagged policies. On a flagged policy, Hesper runs 15+ investigation phases in parallel - reconciling reported payroll against tax filings, testing 1099 spend against worker status, matching class codes to observed work, tracing experience-mod history across entity changes, and running document forensics on certificates - and produces an audit-ready report. Manual throughput of roughly 10 investigations per investigator per month rises toward 800+, at roughly $150 per case versus roughly $2,500 manual.
This is not a swap for detection or for the premium auditor. It is complementary to FRISS, Shift Technology, and Verisk - they flag; Hesper investigates - and it works standalone where the only current alternative is manual premium audit plus SIU. The auditor's judgment does not go away; every flagged policy simply becomes fully investigable instead of partly sampled. And the output is built for the seat that has to defend it: every decision logged with its source, reasoning, and timestamp, producing the documented trail a district attorney referral or a state DOI antifraud-plan filing requires. From fraud detection to fraud resolution.
Detection flags a policy; investigation resolves it
A cross-carrier data utility or an underwriting model can tell you a policy's payroll or class mix looks wrong. It cannot reconcile that policy's payroll ledgers, 1099s, tax filings, certificates, and experience-mod history into a documented conclusion. Detection is upstream; investigation is downstream. Hesper sits at the investigation layer, which no detection vendor occupies.
Manual premium audit vs automated investigation
The difference is not accuracy on a single well-audited policy - a skilled premium auditor is thorough. The difference is coverage, cycle time, data breadth, and the defensibility of the output at scale. A manual process reaches a sampled fraction of flagged policies weeks after the fact; an automated investigation layer reaches every flagged policy in hours with a logged trail.
Read the table as a coverage story, not a headcount story. The auditor and the SIU investigator do not disappear; their attention gets re-aimed from executing reconciliation on a sampled few to reviewing documented findings on all of them. That is the same coverage shift - roughly 25% to 100% - that we walk through for claimant-side cases in the workers' compensation fraud investigation guide, applied to the employer side of the ledger.
Key takeaways
- Workers' comp premium fraud is the employer-side scheme of under-reporting payroll and misclassifying workers to buy coverage below the true rate, and at roughly $25 billion a year it is the larger share of the estimated $34 billion in total workers' comp fraud, ahead of the roughly $9 billion in claimant fraud.
- Premium fraud recurs in five typologies - payroll under-reporting, worker misclassification, class-code manipulation, experience-modification evasion, and ghost policies or certificate fraud - and in very high-risk class codes the UC Berkeley study found 40-60% of payroll under-reported or misreported.
- The reported numbers are a fraction of the real total because the underground cash economy is invisible to a premium audit, which is why California recorded $1.2 billion in chargeable fraud but only $11.7 million of $31.5 million ordered restitution actually collected in FY 2023-24.
- Premium audits lag because they are retrospective, closing 60-90 days after the policy expires, sampled rather than fully reconciled, and legally cut off from the tax and employment data where under-reported cash payroll would surface.
- Autonomous investigation runs the multi-source reconciliation a flagged policy needs in 2-4 hours instead of 14+ days, lifting coverage of flagged policies from roughly 25% toward 100% and producing an audit-ready trail for a DA referral or state DOI filing - from fraud detection to fraud resolution.