Fraud is a broad legal concept. Unlike error, fraud is intentional and usually involves deliberate concealment of the facts. It may involve directors, management, employees or third parties and may involve one individual or collusion.
Fraud is a significant business risk that needs to be managed like all other business risks. Fraud can have a devastating effect on organisations as it could result in a significant financial loss and have other long-term business repercussions such as loss of public trust. The risk of fraud can be reduced through a combination of prevention, deterrence, and detection measures.
Since fraud may be difficult to detect because it often involves concealment through falsification of documents and collusion among staff or third parties, it is important to place a strong emphasis on fraud prevention, which reduces opportunities for fraud to take place, and fraud deterrence, which persuades individuals that they should not commit fraud because of the likelihood of detection and punishment
This policy has been formulated in compliance with the regulatory framework set up by Insurance Development and Regulatory Authority of India (“Authority”/ “IRDAI”), vide its Guidelines on IRDA/INT/GDL/ECM/055/03/2017 dated 9th March 2017, wherein, IRDAI has mandated that every ISNP platform user must have a pro-active fraud detection policy related to the insurance e-commerce activities which needs to be approved by the Board of Directors of the Company annually.
Finzoomers Services Private Limited (hereinafter referred to as the “Company”) values integrity, honesty, and fairness in everyone, from the top to the bottom. The Company encourages openness to prevent malpractice or any cover-up of malpractice and create a positive workplace environment where employees have positive feelings about the Company itself and the Group and do not feel abused, threatened, or ignored. The Policy is established to set out a process to prevent, identify, investigate, and mitigate the insurance related fraud in the Company.
All individuals regardless of position, title, or tenure are expected to remain vigilant and are responsible for preventing, detecting fraud and report any suspicious fraudulent activity.
This policy has been framed and adopted to provide a system for prevention and detection of fraud, reporting of any fraud that is detected or suspected and fair dealing of matters pertaining to fraud.
This policy has been framed with an aim to provide a clear guidance to the employees and others dealing with the Company, forbidding them from getting involved in any fraudulent activity and the action to be taken by them when they suspect any fraudulent activity.
This document applies to all the employees and officers of the Company irrelevant of their designation, location; the terms of employment, hours of work or length of service, including contractual staff and directors in the employment of the Company, as well as shareholders, service providers, consultants, vendors, contractors and subcontractors, prospective and existing customers and/or other parties having a business relationship with the Company.
Any required investigation, will be conducted irrespective of the suspected wrongdoer's length of services, position/title/designation, or relationship with the company.
This policy is owned by Compliance team of the Company, and it shall be reviewed at least annually or whenever required by Board of Directors of the Company.
IRDAI has released a circular having reference number IRDAI/SDD/MISC/CIR/009/01/2013 dated 22.01.2013, which describes “fraud” in insurance as an act or omission intended to gain dishonest or unlawful advantage for a party committing the fraud or for other related parties. Few scenarios of such frauds can be:
• Misappropriation of assets.
• deliberately misrepresenting, concealing, suppressing or not disclosing one or more material facts relevant to the financial decision, transaction, or perception of the Company’s status.
• abusing responsibility, a position of trust or a fiduciary relationship
To adequately protect the company from the financial and reputational risks posed by insurance frauds, the policy is designed to prevent, detect, investigate, and mitigate occurrence of frauds in the company. The policy includes measures to protect the Company from the threats posted by the following broad categories of frauds with illustrative list.
a. Internal Fraud: Fraud/misappropriation against the Company by its Director, Manager, employee and/or anyone else.
Iterative List
The list is only illustrative and not exhaustive:
• Embezzlement (i.e., misappropriation of money, securities, supplies, property, or other assets).
• Fraudulent financial reporting (e.g., forging or alteration of accounting documents or records.
• Overriding decline decisions to open accounts for family and friends
• inflating expenses claims/over billing
• paying false (or inflated) invoices, either self-prepared or obtained through collusion with suppliers
• permitting special prices or privileges to customers, or granting business to favoured suppliers, for kickbacks/favours
• Forgery or alteration of documents or accounts belonging to the Company
• Conflicts of Interest resulting in actual or exposure to financial loss.
• Removing money from customers’ accounts
• Payroll fraud.
• Tax evasion.
• Unauthorized or illegal use of confidential information (e.g., profiteering because of insider knowledge of company activities).
• Unauthorized or illegal manipulation of information technology networks or operating systems.
• Intentional failure to record or disclose significant information accurately or completely
b. Policyholder Fraud: Fraud against the Company in the purchase and/or execution of an insurance product, including fraud at any time during the term of the policy.
Iterative List
The list is only illustrative and not exhaustive:
• Exaggerating damages/loss
• Staging the occurrence of incidents
• Reporting and claiming of fictitious damage/loss
• Fraudulent Death Claims
• Unauthorized transactions being initiated on policies such as switches, withdrawals, surrenders etc
• Unauthorized changes in contact details
• Cash, cheques handed over by policyholders to agents however, they have not received any intimation from the company of its receipt
d. Online Fraud
This type of fraud is typically a third-party fraud; however, this could involve any of the following types of frauds
Iterative List
• Fake or forged receipts and/or policy documents issued by third parties
• Spurious calls by third parties to customers promising them inflated returns for purchasing new policies or on surrender of their existing policies
c. Third party Frauds
Iterative List
• Buyer filing fraudulent claims or making premium payments using compromised payment cards
• Merchant side frauds: Frauds committed by any of the merchant partners of the Company which would include non-remittance of premium collected on behalf of the Company and/or incorrect charge backs etc
• Cyber security frauds: Transactions effected through fake or stolen credit card/bank accounts to carry out a transaction in the web portal of the Company.
• Data leakage: Threat of confidential data of the Company being comprised due to any cyberattack/hacking of the Company systems
• Other Frauds: Phishing emails sent to customers promising them inflated returns. Using social engineering techniques to wrongly influence the customers to share their identity details
The Fraud Investigation Unit shall be head by Ms. Nayanika Barua, who shall, basis the nature of fraud under investigation, include employees from different units on ad-hoc basis for immediate support and assistance.
The Company shall be proactive in reducing fraud opportunities by:
• identifying and measuring fraud risks,
• taking steps to mitigate identified risks (including IT and cyber risks),
• implementing and monitoring appropriate preventive and detective internal controls and other deterrent measures and
• coordinating with law enforcement agencies.
Though the management has the primary responsibility for establishing and monitoring all aspects of the Company’s fraud risk assessment and prevention activities and performing the fraud risk assessment. Individuals from throughout the organization with different knowledge, skills, and perspectives (e.g., accounting/finance, non-financial business units and operations personnel, legal & compliance, risk management, internal audit, etc.) shall be involved in the fraud risk assessment.
Once the fraud risk assessment has taken place, management shall reduce and eliminate identified fraud risks by making changes to the Company’s activities and processes and identify the processes, controls and other procedures that are needed to mitigate the identified fraud risks. Effective and appropriate internal controls, whether automated or manual, which include a well-developed control environment, an effective and secure information system and appropriate control and monitoring activities, are essential to reduce and eliminate identified fraud risks.
Employees and officers at every level, in every department and at every location have a responsibility to speak up when they believe that they have knowledge or suspect that fraud is being committed. As soon as it is learnt that a fraud or suspected fraud has taken or is likely to take place, they should immediately apprise the same to the concerned party as per the current procedures in place.
All the frauds detected by any department/or detected by any person with knowledge of confirmed, attempted, or suspected fraud or any person who is personally being placed in a position by other person to participate in the fraudulent activity shall be reported to and by the functional head within 48 hours from the detection of any confirmed, attempted, or suspected fraud.
Any one (full time and part time employees or persons appointed on adhoc/ temporary/ contract basis, trainees, apprentices, representatives of vendors/ suppliers/ contractors / consultants /service providers or any other third party doing any business with the Company) as soon as he / she comes to know of any fraud or suspects a fraud or notices any other fraudulent activity, he/she must report such incident(s) immediately without delay to the Compliance team in writing in below mentioned ways:
a. by email to Compliance team on email id; compliance@finzoomers.in ; or
b. by letter marked “Private and Confidential” and address to
Compliance team Finzoomers Services Private Limited.
62-625, 6th floor, Suncity Success Towers, Golf course extension road,
Sector 65, Gurgaon-122105
The Head of Fraud Investigation Unit/ Principal Officer or any other authorised person as the case may be, is entrusted with the full authority for the investigation of all suspected/actual fraudulent acts as defined in this policy. He will take the necessary support from all concerned departments, external outsourced investigation agencies, and forensic experts, etc for investigation, if required. Moreover, the PO/ head of Fraud Investigation Unit has the power to form a team from case-tocase basis and such investigation team will be given all the rights, authority to investigate, any company’s books, desk, cabinets, storage, emails, files, or access, to any premises etc., whatsoever to investigate the case.
The investigations shall be completed normally within forty-five (45) days from the disclosure or discovery of the fraud case and be extended to Sixty (60) days in exceptional cases. However, the Investigating unit has the discretion to extend the duration of the investigation, depending upon the complexity of the case.
The conclusion and results of the investigations must be duly documented in writing. The fraud report regarding the results of the investigations and the corrective actions shall capture at least the fraud incident description, the fraud perpetrator details, the estimated fraud loss and recovery amounts, the controls implications, and the resolution. Management is responsible for resolving fraud incidents. The fraud report along with the recommendation is shared with the Legal and Compliance team for final decision.
Once investigations are completed and risk findings are identified, thereafter the Legal team shall initiate and take necessary action by approaching Law Enforcement Agencies, whenever appropriate
The following actions shall be taken in response to an alleged or suspected incident of fraud:
• A thorough investigation of the incident shall be conducted.
• Appropriate and consistent actions shall be taken against violators.
• Relevant controls shall be assessed and improved.
• Communication and training shall occur to reinforce the Company’s values, code of conduct and expectations.
All employees shall cooperate fully with an investigation into any alleged or suspected fraud.
Fraud Investigation Unit will prepare and maintain all the records pertaining to the fraud such as name of the personnel; fraudulent act undertaken by him/her; decision of the company etc. If required, this data base may be circulated among the industry to establish a well-informed and safe environment.
Employees are regularly given trainings covering Anti Money Laundering, Anti-Bribery and Corruption etc. Awareness amongst employees is also created through regular circulars, communication by the leaders via e-mail and at townhalls/meetings etc.