The SIU Director's Toolkit: 12 Essential Tools for 2026

The SIU director's job in 2026 looks structurally different from 2022 because three pressures have moved at once: claim volume keeps climbing, SIU headcount has barely grown, and state DOI examiners now expect a documented decision chain on every referred case. The result is a workflow stack that has expanded from a detection vendor and a case management system into a twelve-tool toolkit organized across six workflow phases.

Two regulatory hooks are doing most of the work here. NAIC Model Act 680, adopted in 48 states, requires carriers to file a written antifraud plan with their state DOI demonstrating detection, investigation, and referral capacity. California 10 CCR 2698.36 goes further and requires a documented-decision chain for each SIU referral. The toolkit a director assembles has to produce evidence that survives a state examiner pulling a random case file.

Detection is upstream; investigation is downstream. That layered model is the one this post uses to organize the twelve tools. For a deeper read on the prevention-detection-investigation split, see our SIU operations playbook and the companion piece on the claims investigator backlog that the toolkit exists to attack.

Three forces collapsed onto the SIU director's desk at the same time. First, claim volume kept growing through the post-2023 inflationary environment, with fraud rates holding around 10% of P&C claims. The Coalition Against Insurance Fraud puts the annual US fraud loss at roughly $308 billion across all lines. The flagged-claim pile grew at carrier scale while the SIU bench did not.

Second, SIU staffing has grown roughly 1% per year per industry trackers, against double-digit claim-volume growth. That is the structural mismatch underneath every coverage-gap conversation: a manual investigator runs about 10 cases per month and carries 200+ cases per investigator on the active list, so coverage at most US carriers sits near 25% of flagged claims. The remaining 75% are paid without full investigation, denied without a documented decision, or queued indefinitely.

Third, the regulatory bar moved. Verisk reported $2,882M in FY2024 revenue with the claims sub-segment up 13% in Q4 2024 per its Q4 2024 earnings release, which signals continued investment in the cross-carrier data layer that state DOIs already lean on for audits. Rules-based detection still runs at a 60-85% false positive rate, which means more flagged claims hit the SIU queue and each one carries more documentation expectation than it did three years ago.

The practical effect on a director like Marcus running a 25-FTE SIU at a mid-market multi-state carrier: the old "detection vendor plus case management plus spreadsheets" stack is no longer enough. The 2026 toolkit covers six workflow phases, and each phase has its own incumbent. For a parallel view of the metrics that map onto this stack, see SIU KPIs to track in 2026.

The matrix below maps each tool to its workflow phase, the top named vendor or vendors, the carrier tier the tool earns its cost at, and the conditions under which the tool can be skipped. Read the matrix first, then the per-tool sections that follow.

Detection is the first filter. Every carrier needs at least one detection vendor; Top-25 carriers often run two for coverage breadth and second-opinion scoring. The honest framing here is that detection vendors are good at flagging suspicious claims and weak at investigating them, so the choice is about scoring coverage, not investigation depth.

Tool 1: Verisk ClaimDirector

Verisk ClaimDirector applies a 0-999 fraud score on top of the ISO ClaimSearch contributory database. The score uses cross-carrier signal that no single-carrier model can replicate, which is why almost every Top-25 US carrier already runs it. Per the Verisk ClaimDirector product page, scoring sits directly on top of ClaimSearch ingest. Workflow phase: Phase 1 - Detection. Skip when: never; the cross-carrier scoring signal does not exist in any standalone vendor.

Tool 2: FRISS

FRISS is the mid-market workflow-native detection vendor of record, with a strong European install base and a UI built for SIU directors rather than for data scientists. Per the FRISS product page, the platform runs at FNOL and through the claim lifecycle. Problem solved: detection scoring and FNOL triage that an SIU director can configure without engineering support. Skip when: a small regional carrier already running ClaimDirector for cross-carrier scoring; a second detection vendor earns its cost above ~50k annual claims.

Tool 3: Shift Technology

Shift Technology covers detection plus a handler-assist agentic AI for adjusters (Shift Claims, launched 2025). The cross-carrier Shift IDN catches network connections, and Shift Claims compresses adjuster cycle time on legitimate claims. Per the Shift Technology product site, the handler-assist layer is positioned upstream of investigation, not in place of it. Problem solved: network-detection plus adjuster automation on the routine claims that should not consume SIU attention. Skip when: small regional with no network-fraud exposure.

A claim filed at Carrier A may have a sibling claim at Carrier B six months earlier. The contributory databases are how an SIU sees that. Phase 2 is non-negotiable for any carrier above 10k annual claims.

Tool 4: ISO ClaimSearch

ISO ClaimSearch, operated by Verisk, holds 1.8B records and covers approximately 95% of the US P&C market with around 175,000 daily ingests and 200,000 daily users per the ISO ClaimSearch product page. It is the only place an SIU director can search the industry view of a claimant across carriers. Workflow phase: Phase 2. Skip when: never. Replacing ClaimSearch would mean rebuilding the contributory database itself, which has no substitute.

Tool 5: NICB cross-carrier database

The National Insurance Crime Bureau is a non-profit member organization that has operated through ISO databases since 1998. NICB cross-carrier records sit alongside the contributory database and add organized-ring intelligence, vehicle history, and recovery support. Per the NAIC insurance fraud CIPR topic, 42 states plus DC have insurance fraud bureaus that coordinate with NICB on referrals. Problem solved: cross-carrier intelligence layered on top of the contributory data. Skip when: never; NICB membership is effectively standard at any US carrier with an SIU.

A flagged claim is half-investigated until the SIU knows what the claimant's social, court, and public-record footprint looks like. OSINT is the layer most under-tooled at small carriers, and the one where Top-25 carriers separate from the pack.

Tool 6: Skopenow, Babel Street, or ShadowDragon

Social-media aggregation and dark-web OSINT platforms collapse what used to be hours of manual searching into a structured report on a claimant's online footprint. Skopenow, Babel Street, and ShadowDragon each cover slightly different surface areas; a director picks one based on dark-web reach versus social depth. Problem solved: turning OSINT into evidence that survives an EUO. Skip when: sub-5-FTE SIUs can run free-tier OSINT (county recorder, Google, LinkedIn) and defer the paid tier until claim volume justifies it.

Tool 7: Lexis Accurint or TLOxp

Accurint and TLOxp are the people-search and public-records workhorses every SIU has used for two decades: address history, asset records, court filings, criminal records. They are the lowest-cost OSINT line on the budget and the one investigators reach for first. Problem solved: structured public-records pulls without leaving the desk. Skip when: a carrier with in-house investigators who already have county-system access can defer Accurint, though the time-cost tradeoff usually does not pencil out.

Photos, PDFs, EOBs, and EUO transcripts are where modern fraud hides. Two distinct sub-layers belong here: document forensics (parsing plus tamper detection) and media authentication (provenance plus deepfake detection).

Tool 8: Truepic

Truepic provides camera-to-cloud verified-capture for property photos, so the image arriving at the carrier carries cryptographic provenance back to the device, time, and location of capture. Problem solved: rejecting photo-tamper fraud on property claims where the carrier cannot send an adjuster on site. Skip when: workers-comp-only books with no photo intake; high-property-claim carriers should not skip this.

Tool 9: Sensity AI or Reality Defender

Deepfake and synthetic-media detection identifies AI-generated images, video, and audio in claims evidence. Sensity AI and Reality Defender are the two named vendors with insurance-applicable deployments. Problem solved: rejecting AI-fabricated evidence (synthetic damage photos, voice-cloned recorded statements). Skip when: low-image-volume lines such as small commercial workers-comp; Top-25 property carriers cannot skip.

Phase 5 is the newest layer in the toolkit and the one with no incumbent vendor other than manual SIU teams. Detection vendors flag; case management vendors track; autonomous investigation actually runs the SIU playbook end-to-end on every flagged claim. Honest framing: this is a newer category. Manual SIU is the incumbent, and carriers adopting this layer in 2025-2026 are typically mid-market and Top-50 with a documented coverage gap surfaced in a board or state DOI review.

Tool 10: Hesper AI

Hesper AI is the autonomous investigation agent for insurance SIUs. It takes a flagged claim and runs 15+ investigation phases in parallel: document forensics, OSINT, statement cross-reference, timeline reconstruction, financial pattern analysis, and the rest of the standard SIU playbook, all simultaneously rather than sequentially. The output is an audit-ready report a human SIU lead reviews and signs off.

The numbers a director actually budgets against: manual SIU runs 14+ days per case at roughly $2,500 per case fully loaded, with each investigator carrying 200+ cases and resolving about 10 per month. Hesper compresses cycle time to 2-4 hours per case at roughly $150 per case, lifts throughput to 800+ cases per investigator per month, and moves flagged-claim coverage from ~25% to 100%. The audit trail is native to the agent: every decision is logged with sources, reasoning, and timestamps, which is what California 10 CCR 2698.36 and the antifraud plan under NAIC Model Act 680 require. For the deeper architectural read, see parallel-processing SIU investigation phases.

The case file lives somewhere. For most US P&C carriers it lives inside the claims management system's SIU module. Phase 6 is the audit-trail spine the state DOI examiner will pull from.

Tool 11: Guidewire ClaimCenter SIU

Guidewire ClaimCenter is the industry incumbent for claims management, with 270+ carrier deployments globally per Guidewire. Its SIU module holds case files, referrals, and audit logs inside the same system the adjuster already works in. Problem solved: keeping the case-file system of record inside the existing CMS rather than spinning up a separate SIU application. Skip when: sub-5-FTE SIUs may run case files in SharePoint or an in-house system until headcount and volume justify activating the module.

Tool 12: Duck Creek Claims SIU

Duck Creek Claims is the cloud-native alternative, with 30M+ claims processed via OnDemand per the Duck Creek Claims product page. The SIU module mirrors ClaimCenter SIU in function and sits inside the Duck Creek workflow. Problem solved: same audit-trail spine for carriers running Duck Creek rather than Guidewire. Skip when: the carrier is not on Duck Creek; the module is not a standalone purchase.

Not every carrier needs all twelve tools. Build the stack against SIU FTE count and annual claim volume. The shape of the stack changes with scale, but every credible stack covers all six phases at minimum.

Small regional carriers can ship a credible stack on five tools: one detection scorer (Verisk ClaimDirector), the two cross-carrier data sources every carrier already touches (ISO ClaimSearch and NICB), autonomous investigation (Hesper AI) to close the ~25% coverage gap, and a CMS SIU module (Guidewire or Duck Creek). The other seven tools earn their cost once claim volume and image-fraud exposure scale.

Mid-market multi-state carriers add a second detection vendor (FRISS or Shift), the paid OSINT layer (Skopenow plus Accurint), and one of the Phase 4 tools depending on line-of-business mix. Top-25 carriers run all twelve and differentiate on OSINT depth and autonomous-investigation coverage. For benchmarking the stack against peer carriers, see SIU performance benchmarking 2026. For Sandra-the-Claims-VP's deployment perspective, see the Claims VP playbook for deploying AI investigation.