The framework applies to all insurers and distribution channels and replaces the outdated 2013 version, which excluded distributors and had no mention of cyber fraud. Insurers and intermediaries must implement the guidelines from 1 April 2026.
Nitin Deo, chief technical officer, Zuno General Insurance, said, “The framework mandates insurers to adopt a board-approved anti-fraud policy, set up a dedicated fraud monitoring function, and report all fraud-related data promptly to the Insurance Information Bureau (IIB).
“It also standardizes fraud categorization across internal, claims-related, distribution-related, cyber/digital, and third-party fraud, while emphasizing clear governance and a zero-tolerance approach.”
Here are the key highlights of the updated guidelines.
View Full Image
Cyber or new-age fraud
The earlier framework made no reference to cyber fraud. The new one defines it as “any insurance fraud carried out using digital or new-age technologies”. It says insurers must deploy robust cybersecurity systems and access controls, monitor them continuously, and hire experts to manage cyber fraud risks.
Parthanil Ghosh, executive director, HDFC ERGO, said, “Being a joint venture between of one of the largest banks in the country and a global reinsurer, cyber fraud governance is a cornerstone for us. We already have a robust system to detect cyber fraud and closely follow what the framework says.”
More categories of fraud
The 2013 version had only three categories of fraud: internal, distributor and policyholder fraud. The updated one specifies five categories:
- Internal fraud: employees, senior management
- Distribution channel fraud: intermediaries
- Policyholder and/or claims fraud: individuals obtaining coverage or payout in a fraudulent manner
- External fraud: external parties/service providers, vendors
- Affinity or complex fraud: collusion among employees, agents, policyholders and others
Krishnan Gopalakrishnan, chief compliance officer, Bajaj General Insurance said, “Lately, the industry has seen frauds by external players unrelated to insurers, intermediaries, or policyholders. Identifying it as a separate category is a welcome move.”
Fraud monitoring committee
Under the new guidelines, every insurer must set up a fraud monitoring committee to oversee company-wide fraud management. This must include a fraud monitoring unit led by a key managerial person and senior executives from key departments.
“At HDFC ERGO, we have a formal fraud management committee with a proper governance structure. We already have a board-approved anti-fraud policy and an AI/ML-based fraud detection model running for the past five years,” said Ghosh.
Integrating distributors
Distribution channels must now have their own anti-fraud policies, procedures and controls. As their scale increases, they are also susceptible to cyber and other frauds the way insurers are. “We work with many agencies and platforms who alert us to fraudulent claims. Irdai now wants to bring uniformity to these efforts,” said Ghosh.
Red-flag indicators
The guidelines also call on insurers to identify red flag indicators suited to their operations — such as unusual claim patterns, vendor anomalies, or complaint trends — and maintain incident databases to proactively detect risks.
Some insurers have already set up internal systems for this, but the guidelines are expected to ensure a uniform approach. “Fraud control, for us, is not just about technology, it’s about culture. Our analytics-driven fraud monitoring helps us identify red flags early and keep the process fair for genuine customers,” said Deo of Zuno General Insurance.
Common fraud database under IIB
IIB will maintain an industry-wide fraud database and caution repository of blacklisted vendors, intermediaries and fraudsters. Insurers will share data with IIB and use a fraud monitoring technology framework for threat intelligence.
While some data reporting already exists, the new structure is aimed at ensuring consistency and better industry-wide intelligence.
What else do insurers want?
Though the revised guidelines address many of the industry’s concerns, there are some issues it doesn’t address.
A major problem for insurers is that they lack the ability to blacklist fraudulent policyholders, which allows repeat offenders to approach other insurers undetected. The industry also wants insurance fraud to be treated as financial fraud, similar to banking defaults tracked by credit bureaus.
“If insurance fraud is treated as financial fraud, data can be collected systematically. Just as loan defaulters can’t access new credit, repeat insurance fraudsters should face similar deterrents,” said Ghosh.
Gopalakrishnan added, “The next level should involve coordination among all financial institutions — banks, mutual funds and insurers — so any wrongdoing is visible across the ecosystem.”
Irdai’s new framework is a significant step toward a unified and tech-driven fraud management ecosystem. But its success will hinge on insurers, intermediaries, and financial institutions collaborating to ensure fraudsters have no gaps to exploit.
About the Author
