On 9 October 2025, the IRDAI released the Insurance Fraud Monitoring Framework Guidelines, 2025 (“Guidelines”) to provide a regulatory framework on measures to be taken by insurers and distribution channels to address and manage fraud risks effectively. These Guidelines will be effective from 1 April 2026 and repeal the IRDAI circular on Fraud Monitoring Framework dated 21 January 2013 (“2013 Circular”) upon coming into force.
Key Takeaways
We have provided a detailed comparative analysis of the 2013 Circular and the Guidelines below:
|
Sl. No. |
Topic | 2013 Circular |
Guidelines |
|
1. |
Applicability | Applied to insurers and reinsurers |
Applicable to insurers, reinsurers and distribution channels (including insurance intermediaries).Extends to foreign reinsurance branches as well and requires them to adopt either the host jurisdiction’s framework or the Guidelines depending on whichever framework is more comprehensive. |
|
2. |
Classification of Fraud |
Fraud was broadly classified in the following categories based on the perpetrator involved: (i) policyholder fraud and/or claims fraud; (ii) intermediary fraud, i.e., perpetuated by insurance agent/corporate agent, intermediary, third party administrators; and (iii) internal fraud, i.e., by a director, manager or staff of the insurer.
|
The Guidelines recognize two additional categories of fraud i.e.: (i) external fraud, involving external parties, service providers, vendors; and (ii) affinity fraud or complex fraud, involving collusion among one or more fraud perpetrators. Recognizing the growing threat of insurance fraud carried out using digital or new age technologies, the Guidelines require insurers to establish and implement robust cybersecurity frameworks and utilize a team with relevant risk and technological expertise to manage cyber fraud risks across various insurance business lines. |
|
3. |
Fraud Monitoring Framework | The 2013 Circular required every insurer and reinsurer to have an appropriate framework in place to detect, monitor and mitigate occurrence of insurance frauds of the above categories, at minimum, within its company. | The Guidelines aim to build stronger fraud controls and require insurers to target zero tolerance for fraud while establishing a fraud risk management framework sensitive to its business profile, i.e., taking into consideration the nature of business, its size, risk profile, overall business strategy, products, distribution channels and technology infrastructure. |
|
4. |
Anti-Fraud Policy |
Insurers to have a board approved anti-fraud policy in place, to be reviewed annually. The circular set out the aspects that must be broadly covered as part of the anti-fraud policy, including among others: (i) procedures for fraud monitoring; (ii) identification of potential areas of fraud; (iii) coordination with law enforcement agencies; and (iv) due diligence of personnel, intermediaries, vendors etc.
|
The requirement for a board approved policy continues and under the Guidelines, the policy must now also include: (i) red flag indicators, based on their experience/line of business, to assist them with detection of frauds; and (ii) mechanism for appropriate action in case of non-compliance to the fraud risk management framework and against the fraud perpetrators. In general, the Guidelines require the policy to be detailed and set out internal turnaround times from identification to remedy and clearly identify responsibilities of different officers. Insurers must also conduct post-incident reviews to identify missed detection opportunities and implement system improvements after a fraud event. |
|
5. |
Responsible Unit | Fraud monitoring and implementation of the anti-fraud policy could either be carried out as an independent function or be merged with existing functions like risk, audit etc. The ‘fraud monitoring function’ (“FMF”) had to be headed by sufficiently senior management and be able to operate independently. |
The risk management committee (“RMC”) of the insurer is responsible for effective implementation and oversight of anti-fraud framework formulated under the Guidelines. The Guidelines formalize the governance framework for fraud monitoring and require every insurer to establish a: (i) Fraud monitoring committee: The FMC will be responsible for operationalizing the Framework and must be headed by a senior key managerial person and include senior representatives of relevant departments such as underwriting, claims and legal. (ii) Fraud monitoring unit: This unit will function independently from internal audit and support the FMC in discharging its functions.
|
|
6. |
Internal Reporting Obligations |
The FMF was responsible to: (i) lay down procedures for internal reporting from/and to various departments; and (ii) furnish periodic reports to the board of directors. |
The Guidelines provide a multilayered oversight structure and provide that the FMC must: (i) submit quarterly reports to the RMC on its activities, findings and recommendations and the financial impact of any fraud on the insurer; (ii) submit a report of the annual fraud risk assessment undertaken by them to the board of directors through the RMC; and (iii) report all internal frauds to the audit committee in addition to the RMC. As part of the measures to detect and prevent fraud, insurers are also required to maintain an incident database of persons convicted of or attempting fraud and conduct fraud-sensitive audits for compliance with the framework. |
|
7. |
External Reporting Obligations |
Insurers were annually required to provide details to the IRDAI of: (i) outstanding fraud cases; and (ii) closed fraud cases. |
Insurers are required to report fraud incidents to law enforcement agencies as per applicable laws. The Guidelines also mandate insurers to file annual returns with the IRDAI to report, among others: (i) cases detected, closed and unresolved in that year for different categories of fraud; (ii) details of any cyber fraud faced and its financial impact – this has to be reported separately from the general fraud cases; and (iii) age-wise analysis of unresolved cases. Any fraud involving distribution channels registered with the IRDAI must be reported to the IRDAI without delay. This is more expansive than the reporting obligations under the 2013 Circular. |
|
8. |
Information Sharing | Insurers were encouraged to establish coordination platforms through their respective councils and/or forum to establish information sharing mechanisms. Further, as part of the anti-fraud board policy, insurers were required to lay down procedures for exchange of necessary information on frauds amongst all insurers. |
To effectively prevent fraud in the insurance sector and utilize the data available with insurers, the Guidelines mandate insurers to participate in the fraud monitoring technology framework developed by the Insurance Information Bureau (“IIB”). IIB will facilitate timely threat intelligence sharing within the insurance industry through the industry-wide database and maintain a caution repository containing information on blacklisted distribution channels, vendors, hospitals, and known fraud perpetrators. |
Authors – Deepa Christopher & Rebha Dakshini – Partners and Samiksha Kothari – Senior Associate
Disclaimer: This alert only highlights key issues and is not intended to be comprehensive. The contents of this alert do not constitute any opinion or determination on, or certification in respect of, the application of Indian law by Talwar Thakore & Associates (“TT&A”). No part of this alert should be considered an advertisement or solicitation of TT&A’s professional services.
By browsing this website you agree that you are, of your own accord, seeking further information regarding TT&A. No part of this website should be construed as an advertisement of or solicitation for our professional services. No information provided on this shall be construed as legal advice.