Insurance Regulatory and Development Authority of India (Insurance Fraud Monitoring Framework) Guidelines, 2024
The Insurance Regulatory and Development Authority of India (IRDAI) released the Insurance Fraud Monitoring Framework (IRDAI) Guidelines, 2024. IRDAI is a statutory entity under the Indian government’s Ministry of Finance that was created to monitor and control the country’s insurance market.
Section 34 of the Insurance Act, 1938 gives the power to IRDAI to issue directions for the proper conduct of the companies. Section 14(1) of the IRDAI Act, 1999, by granting power to IRDAI to regulate and promote the insurance industry. Provisions under the IRDAI (Corporate Governance for Insurers) Regulations, 2024.
It establishes a system to detect and prevent fraud, protecting the financial well-being of insurers and policyholders. This protects policyholders by addressing fraud risks, ensuring customer trust, and safeguarding their interests. Improving governance will encourage strong internal controls, thus reducing risk. The guidelines may also respond to evolving threats, preparing the insurer for cybercrime and sophisticated fraud techniques. Ultimately, it reduces fraud that helps keep the stability of insurers’ finances sound and boosts confidence in the insurance sector.
Who Do These Rules Apply To?
These guidelines apply to all insurance companies and distribution channels. Unless otherwise any condition expressly specified.
Definitions under the regulation
What is Insurance Fraud?
“Insurance Fraud” is defined as any dishonest or illegal action to gain unfair benefits through insurance which includes Stealing or misusing company property, Hiding or lying about important facts related to insurance decisions, contracts, or transactions and Abusing trust, authority, or a fiduciary role however this list is not exhaustive in nature.
What is a Red Flag Indicator (RFI)?
“Red Flag Indicator” is defined as A warning signal that something might be fraudulent. It points to situations that need more investigation or analysis.
What is Cyber or New Age Fraud?
“Cyber or New Age” Fraud involving modern technologies, where someone uses digital tools or exploits system weaknesses to commit insurance fraud. This type of fraud can threaten data, systems, financial security, and customer trust.
What does Distribution Channels mean here?
It means that the methods used to sell or provide insurance services, as defined in the relevant IRDAI regulations (para 7 (8) of IRDAI (Protection of Policyholders’ Interests and Allied Matters of Insurers) Regulations, 2024.).
“Distribution Channels include insurance agents and intermediaries or insurance intermediaries ascribed to such term under clause (f) of sub-section (1) of Section 2 of IRDA Act, 1999, persons and entities authorised by the Authority to involve in sale and service of insurance products”
What does Unspecified Terms refer to here?
It refers to the words not defined here but mentioned in laws like the Insurance Act, 1938 or IRDA Act, 1999 will have the meanings given in those laws.
Types or classification of Insurance Fraud
Fraud in insurance can be simple (e.g., lying about claims) or complex (e.g., organized schemes involving many people). Regardless of the type, fraud harms the insurance industry’s trust and finances. Understanding these frauds helps fight them better.
- Internal Fraud– this type of fraud is done by an insurer’s own staff (e.g., employees or management) alone or with others against insurer, policyholders, customers or beneficiaries. It includes stealing money or company assets, using unauthorized access to sensitive data or resources, Forging documents or collaborating with fake claimants.
- Distribution Channel Fraud– this type of fraud Done by agents, brokers, or other sales channels, either alone or with others against insurer, policyholders, customers or beneficiaries. Some examples of this are lying about policy details, Stealing or misusing premiums paid by customers, Faking documents or selling fake insurance policies, Insuring non-existent individuals or inflating claims.
- Policyholder or Claims Fraud– this type of fraud done by policyholders or claimants, either alone or with others against insurer, policyholders, customers or beneficiaries. It includes lying to get a policy or claim approved, Faking or altering documents and impersonating others.
- External Fraud– it is done by outsiders like external parties, vendors or service providers against insurers, policyholders, customers or beneficiaries. It includes creating fake reports for fraudulent claims, Charging for services not provided (e.g., inflated repair bills) and Selling fake insurance policies.
Risk Governance Framework Simplified
To avoid monetary losses and safeguard the insurer’s reputation, managing fraud risks calls for a methodical and transparent strategy. Insurers can protect their assets, adhere to legal requirements, and preserve stakeholder and policyholder trust by implementing a robust fraud risk governance framework that guarantees accountability and transparency. In order to combat fraud proactively and promote long-term success, insurers need to have a well-documented strategy.
Who is in Charge of Fraud Management?
The chairperson, the insurer’s Risk Management Committee (RMC), the Managing Directors/Chief Executive Officers (CMD/CEOs), and the Audit Committee are in charge of keeping an eye on and controlling fraud risks.
What Are the Roles of Insurers?
A fraud risk governance structure must be established by each insurer in order to stop, identify, and handle insurance fraud.
- Anti-Fraud Policy- Insurers need a Board-approved Anti-Fraud Policy that clearly explains how fraud will be prevented, detected, monitored, and reported. This policy must aim for zero tolerance for fraud and include the following:
- Adjust to the insurer’s business size, complexity, and technology use.
- Strong systems in early detection and handling fraud risks
- Appoint specific officers to report fraud to law enforcement and coordinate them in fraud case resolution
- Disciplinary action on those found involved in fraud, as well as those non-compliant with fraud policies
- Incorporate fraud prevention in online transactions
- Provide appropriate resources and tools for the Fraud Monitoring Unit.
- Remove those involved in fraud from sensitive positions.
- Define roles and levels of authority to effectively identify fraud.
The Anti-Fraud Policy should be reviewed and updated at least once a year, considering new risks, experiences, and trends.
Fraud Monitoring Committee (FMC)
- Purpose of FMC- Each insurer must establish an FMC to oversee all fraud-related activities, including prevention, detection, monitoring, investigation, and reporting.
- Structure- A Key Management Person (KMP) should oversee the FMC, which should also include senior members from important divisions such as legal, claims, and underwriting. To work on certain projects, the FMC may create task groups or subcommittees.
- FMC Responsibilities and function- the function of FMC includes–
- Improve fraud risk management process and update processes based on new experiences.
- Fraud monitoring and control must be effective across the insurer and related parties like service providers and vendors.
- Respond with speed to any suspected or confirmed fraud case.
- Action against internal staff, agents, or outsiders who commit fraud.
- Continuous fraud prevention strategies assessment and improvement.
- Run awareness programs for customers and training programs for employees and agents about fraud risks and prevention.
Reporting Requirements- The Risk Management Committee (RMC) requires FMC to report on discovered fraud, investigations, and financial effects on a quarterly basis. Internal fraud cases should also be reported to the Audit Committee, and FMC is required to provide annual fraud reports to the Board of Directors via the RMC.
Fraud Monitoring Unit (FMU)
The FMU is a separate team (independent of the internal audit) that helps the Fraud Monitoring Committee (FMC). It is responsible for preventing, detecting, investigating, and reporting fraud.
- Functions- the FMU functions in addition to support the FMC:
- Effectively put the FMC’s recommendations into practice.
- Keep an eye out for fraud indications, also known as Red Flag indications or RFIs, in claims, policy applications, and transactions, and look into any questionable activity.
- Collect evidence, carry out investigations, and work with other departments.
- Notify the FMC of fraud cases as soon as possible.
- Maintain thorough records of fraud cases, including the steps taken.
- To combat fraud and exchange intelligence, work together with law enforcement and trade associations.
Risk Identification and Measurement
- Annual Risk Assessment- Insurers must conduct a yearly review to identify areas vulnerable to fraud and submit the findings to the Board. Insurer should use past trends and RFIs for this assessment.
- Red Flag Indicators (RFIs) – RFIs are warning signs of potential fraud. Insurers must regularly update and integrate RFIs into their operations for effective detection. So what can be the Red flag indicators? This can include incomplete or inconsistent information, Unusual coverage requests, Backdated policies etc.
Risk Control and Mitigation
In order to ensure the fraud risks identified as part of the annual comprehensive risk assessment are mitigated, insurers shall have in place take appropriate measures to deter, prevent, monitor, investigate and report fraud in respect to the following:
- Internal Fraud- in terms of this fraud it is necessary to have Background checks and job rotations for employees. Also secure whistle-blower mechanisms to report fraud confidentially. It is also essential to have strict access controls for sensitive systems and transactions.
- Distribution Channel Fraud- in terms of this fraud it is necessary to have Background checks for agents and adherence to fraud controls, Systems to track unusual policy cancellations and reissuances and Customer complaints against agents are closely monitored.
- Policyholder/Claims Fraud- it is necessary to educate customers about the consequences of fraud, ensure robust underwriting and claims verification and use advanced technology to detect fraudulent patterns.
- External Fraud- it is important to have Regular due diligence and audits of vendors and service providers and Monitor compliance with contracts and agreements.
Risk Monitoring and Review
- Every insurer maintains an incident database of individuals or entities convicted of fraud.
- Monitoring Activities- an insurer shall-
- Monitor distribution channel fraud trends and company performance.
- Perform audits that are sensitive to fraud.
- Keep an eye out for any fraud situations by tracking consumer complaints.
Cyber or New Age Fraud
The main concern related to this fraud is that the Cybercriminals exploit weaknesses to access sensitive data (e.g., KYC, financial details). To prevent this there are many Preventive Measure can be adapted these are-
- Build strong cybersecurity defences.
- Continuously monitor systems for fraud detection and prevention.
- Employ a skilled team with expertise in technology and risk management.
Insurance Information Bureau (IIB)
Data analytics plays a crucial role to detect and prevent fraud. They also maintain an industry-wide database of suspected fraud activities.
Collaboration with Insurers-To ensure that the data analysts effectively utilized it is important to the-
- Insurers must participate in IIB’s fraud monitoring system.
- Use unique identifiers for policyholders to ensure data accuracy.
- IIB will maintain a caution list of blacklisted entities like agents or hospitals.
Reinsurance Fraud Framework
There are some Guidelines for Insurers-
- Make that reinsurance transactions are legitimate, particularly when there are unknown middlemen involved.
- Obtain direct reinsurer confirmation for premium receipts and transactions.
- Perform audits on a regular basis to lower the risk of reinsurance fraud.
With the help of this streamlined structure, insurers can effectively manage different forms of fraud while upholding transparency and confidence in their functions.
Role of Distribution Channels
Distribution channels are crucial in the insurance business. They manage key responsibilities, including policy distribution, servicing, and client relations. Their involvement in fraud risk management is essential to prevent and address fraud effectively.
For Intermediaries and Insurance Intermediaries (Non-individuals exclude the individuals)
- Understanding Fraud Risks- Intermediaries must identify the types of fraud they are vulnerable to and implement measures to minimize risks.
- Internal Policies and Procedures-Establish clear rules to prevent, detect, and handle fraud. Policies should include:
- Employee education and awareness programs.
- Internal reporting structures for suspected fraud.
- Guidelines for working with law enforcement to resolve fraud cases.
- Due diligence during hiring and appointing salespeople.
- A whistleblower mechanism for confidential reporting.
- Detailed fraud prevention and investigation procedures.
- Coordination with Insurers-If fraud is suspected that might affect the insurer, intermediaries must notify the insurer promptly.
- Responsibility-The Board and senior management of intermediaries are accountable for ensuring adequate fraud risk management.
For Other Distribution Channels- Non-intermediary distribution channels must follow the insurer’s anti-fraud policies and procedures. It also includes fraud reporting if Any suspected fraud affecting the insurer must be reported immediately.
Training, Education, and Awareness
- Policyholders and the Public- Insurers must run regular fraud awareness programs to educate people about fraud risks and how to protect themselves.
- For Employees and Agents- Insurers must arrange regular training for staff, agents, intermediaries, board members, and senior management. Training should correspond to the specific business activities of the participants.
Reporting Requirements
Fraud cases must be reported to law enforcement or other relevant authorities following applicable laws. Insurers must file annual fraud returns (Form FMR-1) with the regulatory authority within 30 days of the financial year-end. If there is any fraud by registered distribution channels then it must be immediately reported to IRDAI (Insurance Regulatory and Development Authority of India).
This framework ensures that all parties involved in the insurance process are vigilant and work collaboratively to detect, report, and address fraud effectively.
The format for the Form FMR-1 is as given below:
The report must be attached with the certification and the format for the same is as given below:
CERTIFICATION
Certified that the details given above are correct and complete to the best of my knowledge and belief and nothing has been concealed or suppressed.
Date: Signed/- Place:
Name of the Chief Executive Officer of the Insurer
________
Written by Team Member(s) and Ms. Tanishka Jain.
Incase, You wish to discuss, and talk on any such matter that, ‘You may need help with’. Feel free to contact us. Our team at www.legalwellbeing.in shall be happy to assist.