Insurance companies in India are regulated by the Insurance Regulatory & Development Authority of India (IRDAI). One of the main objectives of IRDAI is to protect the interest of the policyholders, i.e. the customers of insurance companies who end up buying insurance policies for consideration of money termed as premium.
IRDAI strives to ensure that insurers, distribution channels and other regulated entities fulfil their obligations towards policyholders and have in place standard procedures and best practices in sale and service of insurance policies.
To regulate the functioning of Insurers, both Life & General, the IRDAI issues various rules, regulations, notifications, circulars etc. from time to time which need to be implemented by the Insurers, often within very strict deadlines. The main legislations governing the insurance companies would be the Insurance Act, 1938, Outsourcing Regulations, Guidelines on Corporate Governance, Protection of Policyholders’ interests etc.
The Guidelines on Corporate Governance talks about certain Key Management Person (KMP) of the Company such as CEO, CFO etc. One of these KMPs is the Chief Compliance Officer (CCO) who is responsible for ensuring smooth and timely compliance of the regulations. The CCO of a Company is mostly a qualified lawyer or a qualified Company Secretary depending on the specific functions being carried out by him in that particular Organisation.
The Legal and Compliance function plays a crucial role in the implementation and compliance of the various regulations. The Legal team handles the corporate legal assignments that mainly include the legal advisory role and drafting and vetting of contracts, negotiation with vendors on different terms of the contracts etc. The compliance function specifically looks into the tracking, extracting and implementation of the compliance points laid down in the various issuances of the Regulator.
The Legal & Compliance functions are often merged into one department as they are inter-related. The Agreements need to be drafted and vetted in the light of the various regulations as they often stipulate certain mandatory clauses which the Agreements need to contain. For example, the Outsourcing Regulations stipulates certain mandatory clauses on data protection, prohibition on sub-contracting etc. which the Agreements shall include.
This is essential since during off-site/on-site audits, if the Regulator calls for the copies of such agreements and these mandatory points are found to be missing then the Insurer is tagged as non-compliant and often receives warnings from IRDAI.
At times the compliance function is merged with the Secretarial function. The Secretarial function looks into the compliance of various commercial laws specially the Companies Act,2013 which stipulates many compliances like conducting minimum 4 board meeting in a financial year, maintenance of the minutes for a minimum number of years etc. Thus, as Company Secretaries already work for ensuring smooth compliance of the Companies Act,2013 and various standards issued by the ICSI etc. , the Compliance function is also entrusted to the Secretarial team.
The compliances pertaining to Insurance Companies can be of various types. They can be routine/non-routine or ad-hoc/event-based. Routine compliances are those which need to be carried out on a regular basis. They may be required to be submitted daily, monthly, quarterly, half-yearly or annually to the Authority.
These compliances can be report submissions or carrying out internal audit of commissions paid to intermediaries, reviewing the products annually etc. These need to be completed in a routine manner as per the timelines stipulated in the various regulations. At times these reports need to be submitted offline (via email) as well as online i.e. in the Authority’s portal.
Ad-hoc or non-routine compliances are the ones that do not have a statutory origin. IRDAI being the regulator, may ask for various data over e-mails. These e-mails are mostly written to the Chief Compliance Officers of the company who then coordinate with the concerned stakeholders and try their best to submit the required data with proper figures and in proper format to IRDAI within the stated deadline. Sometimes, when a deadline is not mentioned in the communication, an Insurer is expected to submit the data within a reasonable timeframe.
Event-based compliances are entirely dependent on the happening of certain events. For example, an Insurer has to file certain forms with IRDAI when a Statutory Auditor is appointed or it has to inform/intimate the Authority if it plans to relocate one of its offices or open a new office etc.
These requirements won’t originate unless the event related to it takes place. Hence obviously, unless an office is relocated, an Insurer does not need to submit the regulatory form.
Hence, it is very clear that for ensuring proper governance of an Insurer, the Authority levies the reporting requirement. The major goal of reporting is thus, transparency and accountability in the Organisation.
The Insurance Companies shall at all times comply with the provisions of reporting as non-compliance may lead to penalty also including the possibility of losing the license to operate as an Insurance company.
Author: Rukma Roy
Rukma is a Corporate Lawyer who is working in the legal & compliance department of a General Insurance Company. She has keen interest in Commercial laws including insurance laws, compliance’s etc.