Fraud Detection
Last updated - September 2024
We, at WealthRight, aim to adhere to the ethical standards pertaining to collection, usage and safeguarding of the information provided by you during the use of the Website.
The Insurance Regulatory and Development Authority of India ("IRDAI") has issued various guidelines for the development and regulation of the insurance sector in India, including the IRDAI Guidelines on Insurance E-commerce issued vide circular no. IRDA/INT/GDL/ECM/055/03/2017 dated 9th March 2017, which mandates the setting up of a proactive fraud detection policy for insurance e-commerce activities which is approved by its Board of Directors.
The Website is owned and operated by Fidential Insurance Brokers Private Limited, a company incorporated under the laws of India, having our office at 1701 B, 17th floor, One International Centre, Senapati Bapat Marg, Prabhadevi West, Mumbai, 400013 (hereinafter referred as “Company”, “WealthRight”, “We”, “Us” or “Our”).
WealthRight is engaged in the business of providing an online insurance marketplace platform to facilitate the sale of insurance products and services by licensed insurers in India.
Through its website and mobile applications, WealthRight enables customers to research, compare and purchase insurance policies digitally.
As an online insurance intermediary involved in e-commerce and digital transactions, WealthRight is exposed to the risks of insurance frauds, cyber-crimes and mis-selling if robust systems are not implemented to prevent, detect and address the same.
In terms of the E-commerce Guidelines, WealthRight is required to establish appropriate fraud monitoring mechanisms and governance structures to effectively deal with instances of fraud.
This Fraud Detection Policy aims to fulfill such regulatory mandate by laying down comprehensive procedures for governance, definitions, categorization, reporting, investigation, and mitigation of fraud occurring through WealthRight's online platforms and operations.
The Policy shall be binding on all employees, customers, and other stakeholders engaged in any activity pertaining to WealthRight to ensure compliance with applicable insurance laws and guidelines.
DEFINITIONS
Fraud shall have the same meaning as assigned to it under the Indian Penal Code, 1860.
Wrongful gain shall mean the gain by unlawful means of property to which the person gaining is not legally entitled, as defined under the Indian Penal Code, 1860.
Wrongful loss shall mean the loss by unlawful means of property to which the person losing is legally entitled, as defined under the Indian Penal Code, 1860.
Company shall mean WealthRight, its affiliates and subsidiaries carrying on insurance intermediation business through its online platforms.
Employees shall refer to all permanent, contractual staff employed by the Company.
Stakeholders shall carry the same meaning as defined in the Applicability section of this Policy.
Policy shall refer to this Fraud Detection Policy.
IRDAI shall refer to the Insurance Regulatory and Development Authority of India.
FRAUD MANAGEMENT AND GOVERNANCE STRUCTURE
The Company shall constitute a Fraud Management and Governance Team (“FMGT”) to review, recommend the policies, procedures and control mechanisms to identify, detect, and report insurance frauds.
The FMGT shall also be responsible for reviewing the findings of the investigations done and recommending the appropriate actions thereupon.
The primary administration of the functions of the FMGT will rest with the Principal Officer & Chief Executive Officer to carry out the same in coordination with the various departmental heads and business functions.
FMGT will be constituted with the following members, and it will report its findings/recommendations to the Principal Officer & Chief Executive Officer:
1. IT SPOC
2. Legal & Compliance SPOC
3. Business and Operations SPOC
For any interdepartmental support required by the FMGT, it shall have powers to invite SPOCs from other departments on a need basis.
The FMGT shall be responsible for the following:
1. Laying down processes and procedures to identify, detect and report frauds.
2. Follow-up mechanism to take appropriate actions against persons who committed frauds.
3. Cooperation amongst market participants to identify frauds and mitigate the risk.
4. Building a database of those committing frauds and sharing with other market participants.
5. Awareness among employees/policyholders to counter insurance frauds.
CATEGORIES OF FRAUDS
Internal fraud shall mean any act, omission, or concealment of facts committed by a director, manager, officer, or employee of the Company with intent to cause wrongful loss or wrongful gain to the Company or any other person.
Internal fraud may include but shall not be limited to misappropriation of funds, forgery or alteration of any account, fraudulent payment or receipt, fraudulent valuation of any asset, entry in the books of accounts of any fictitious expenditure or assets with malafide intent, fraudulent destruction of documents, or manipulating computer systems to defraud the Company.
Third-party fraud shall mean any act, omission, or concealment of facts committed by any person other than those covered under Internal Fraud.
Third-party fraud may include but shall not be limited to submission of fraudulent claims, providing false or forged documents to obtain insurance or claim settlement, colluding with employees of the Company to commit fraud.
Online fraud shall mean any fraudulent activity committed using the digital platforms, systems, or online operations of the Company including the Company website, mobile applications, or online portals.
Online fraud may include but shall not be limited to issuance of fake online insurance policies, carrying out transactions using stolen or fake credit/debit cards or bank accounts, hacking, or unauthorized access of the Company's systems, phishing, or other social engineering attacks.
REPORTING PROCEDURE
Reporting Channels
Any employee, customer, or other stakeholder of the Company must report any instance of actual or suspected fraud to the designated email address: grievance@wealthright.com.
In addition to the above, protected disclosures relating to any fraudulent activity can also be made in writing to the FMGT Committee.
Initial Examination by FMGT Committee
Upon receipt of a protected disclosure, the FMGT Committee shall examine the disclosure and supporting documents/evidence.
If the initial examination indicates that the disclosure has no basis or is not a matter covered under this Policy, the FMGT Committee may dismiss the disclosure with documented reasons.
Where the initial examination indicates that further investigation is required, the FMGT Committee shall proceed to investigate the matter or nominate another person to conduct such investigation.
Process for Protected Disclosures
A protected disclosure may be made anonymously or otherwise in writing to the FMGT Committee.
The protected disclosure must contain all relevant details, including names, dates, and any other information that may facilitate the investigation of the alleged fraudulent activity.
The identity of any whistleblower making a protected disclosure shall be kept confidential by the FMGT Committee.
Investigation Process
Any investigation conducted pursuant to a protected disclosure shall be done in an impartial, fair, and unbiased manner.
The investigation shall be treated as a neutral fact-finding process wherein the principle of presumption of innocence shall be followed.
Reporting to Law Enforcement
Based on the findings of any investigation, the FMGT Committee shall recommend to the Company whether the matter needs to be reported to the appropriate law enforcement authorities.
MONITORING AND REVIEW
The FMGT shall review this Policy at least once every twelve (12) months from the Effective Date or as and when any changes are made to the Applicable Laws that require any amendment to the Policy.
The FMGT may also review the Policy as and when it deems necessary. A record of the reviews made to the Policy shall be maintained by the FMGT.
The objective of periodic review is to ensure that the Policy meets the current standards prescribed by IRDAI and other applicable laws and addresses the contemporary methods in which frauds are being committed against the Company.
Based on the review, the FMGT may recommend suitable amendments to the Policy to the Board.
All amendments/updates to the Policy shall be carried out with the approval of the Board.
The FMGT shall monitor implementation and adherence to the Policy on an ongoing basis.
It shall conduct periodic audits to identify any gaps, non-compliances, or deficiencies in implementation.
In the event of any non-compliance or deficiencies being identified, the FMGT shall recommend suitable corrective and remedial actions to the Board within the timelines prescribed by the Board.
The Company shall conduct periodic internal audits as per its Audit Policy to evaluate compliance with this Policy.
The findings shall be reported to the FMGT and Board.
Regulatory inspections may also review implementation and compliance with this Policy.
Necessary corrective actions shall be taken on the basis of such inspections.
ANNEXURE A
Misrepresentation of facts
Any misrepresentation or incorrect statement made in the proposal form, claim form, or any other document submitted to WealthRight which is material to the risk undertaken by the insurer shall constitute fraud under this Policy.
Concealment of material facts, providing incomplete or false details pertaining to pre-existing medical conditions, income, occupation, or any other information required shall also constitute fraud.
Misappropriation of funds
Dishonest misuse, taking wrongful possession, or diversion of any insurance money or premiums collected by WealthRight shall constitute fraud under this Policy.
Non-disclosure of material facts
Failure to disclose facts, circumstances, or information in the proposal form which would have influenced the underwriting decision of the insurer shall constitute fraud under this Policy.
Providing wrong claim information
Providing fabricated or incorrect details pertaining to the loss, damage, circumstances, or cause of the insured event while submitting a claim shall constitute fraud under this Policy.
Forged documents
Submission of forged documents such as bills, reports, receipts, or any other documents to support a fraudulent insurance claim shall constitute fraud under this Policy.
Employee fraud in policies
Any fraudulent or dishonest act committed by an employee of WealthRight such as issuing fake policies, manipulating policy data, or misappropriating premiums shall constitute fraud under this Policy.
Employee fraud in documents
Forgery of any details or tampering with documents such as proposal forms, policy documents by an employee of WealthRight to commit fraud shall constitute fraud under this Policy.
Theft of company assets
Theft or unauthorized access to laptops, computers, or documents containing confidential customer or policy information by an employee shall constitute fraud under this Policy.
Unauthorized use of customer data
Unauthorized access, use, sharing, or transmission of customer data such as contact details, financial information, health records without consent shall constitute fraud under this Policy.
Issuing fake policies
Misrepresenting on behalf of insurers and issuing fake policies in their name or siphoning premiums collected shall constitute fraud under this Policy.
Transactions through stolen payment modes
Carrying out transactions on WealthRight platforms using stolen or illegally acquired credit/debit cards, bank accounts shall constitute fraud under this Policy.
Cyberattacks compromising data
Any data security breach at WealthRight due to hacking, phishing, or other cyber-attacks resulting in theft or unauthorized use of confidential company or customer information shall constitute fraud under this Policy.
Residual clause
Any other fraudulent activity or practice not listed above but prejudicing the interests of WealthRight, insurers, customers or violating applicable insurance laws shall constitute fraud under this Policy.
ANNEXURE B
Illegal hacking and cyber-attacks
WealthRight shall deploy adequate technical security controls and protocols to prevent unauthorized access to its computer systems, networks, and databases used for e-commerce activities.
All access to WealthRight's digital infrastructure shall be provided only through authenticated user accounts with defined access privileges that are reviewed periodically.
WealthRight shall conduct regular vulnerability assessments and security audits to identify and address any technical defects or loopholes that could enable hacking, data theft, or security breaches.
In the event of any illegal hacking, security breach, or cyber-attack, WealthRight shall promptly notify the affected customers, initiate damage control and remediation steps, and report the incident to the appropriate authorities.
Bogus online activity
WealthRight shall implement appropriate protocols and automated checks to detect and prevent the generation of non-genuine website traffic, leads, transactions, or use of bots/automated scripts.
Any abnormal spikes or patterns indicative of bogus online activity shall be investigated by WealthRight's fraud monitoring team to identify the source of such irregularities and take suitable action.
Use of stolen payment credentials
WealthRight shall ensure all online payment gateways and transaction workflows adhere to prescribed industry standards for validation of customer credentials and detection of fraudulent transactions.
Additional verification shall be conducted for any high-risk transactions or where the source of funds appears suspicious or non-genuine.
WealthRight shall regularly monitor payment transaction data and patterns to proactively identify any misuse of stolen credentials or funds siphoning attempts at the earliest.
Compromised digital identities/accounts
Customers shall be provided security awareness training and advisories on best practices for online safety and protection of their digital identities and accounts.
Robust 'Know Your Customer' protocols shall apply to any changes in customer profile or payment details to prevent fraud through compromised identities or accounts.
The Website is owned and operated by Fidential Insurance Brokers Private Limited, a company incorporated under the laws of India, having our office at 1701 B, 17th floor, One International Centre, Senapati Bapat Marg, Prabhadevi West, Mumbai, 400013 (hereinafter referred as “Company”, “WealthRight”, “We”, “Us” or “Our”).
WealthRight is engaged in the business of providing an online insurance marketplace platform to facilitate the sale of insurance products and services by licensed insurers in India.
Through its website and mobile applications, WealthRight enables customers to research, compare and purchase insurance policies digitally.
As an online insurance intermediary involved in e-commerce and digital transactions, WealthRight is exposed to the risks of insurance frauds, cyber-crimes and mis-selling if robust systems are not implemented to prevent, detect and address the same.
In terms of the E-commerce Guidelines, WealthRight is required to establish appropriate fraud monitoring mechanisms and governance structures to effectively deal with instances of fraud.
This Fraud Detection Policy aims to fulfill such regulatory mandate by laying down comprehensive procedures for governance, definitions, categorization, reporting, investigation, and mitigation of fraud occurring through WealthRight's online platforms and operations.
The Policy shall be binding on all employees, customers, and other stakeholders engaged in any activity pertaining to WealthRight to ensure compliance with applicable insurance laws and guidelines.
DEFINITIONS
Fraud shall have the same meaning as assigned to it under the Indian Penal Code, 1860.
Wrongful gain shall mean the gain by unlawful means of property to which the person gaining is not legally entitled, as defined under the Indian Penal Code, 1860.
Wrongful loss shall mean the loss by unlawful means of property to which the person losing is legally entitled, as defined under the Indian Penal Code, 1860.
Company shall mean WealthRight, its affiliates and subsidiaries carrying on insurance intermediation business through its online platforms.
Employees shall refer to all permanent, contractual staff employed by the Company.
Stakeholders shall carry the same meaning as defined in the Applicability section of this Policy.
Policy shall refer to this Fraud Detection Policy.
IRDAI shall refer to the Insurance Regulatory and Development Authority of India.
FRAUD MANAGEMENT AND GOVERNANCE STRUCTURE
The Company shall constitute a Fraud Management and Governance Team (“FMGT”) to review, recommend the policies, procedures and control mechanisms to identify, detect, and report insurance frauds.
The FMGT shall also be responsible for reviewing the findings of the investigations done and recommending the appropriate actions thereupon.
The primary administration of the functions of the FMGT will rest with the Principal Officer & Chief Executive Officer to carry out the same in coordination with the various departmental heads and business functions.
FMGT will be constituted with the following members, and it will report its findings/recommendations to the Principal Officer & Chief Executive Officer:
1. IT SPOC
2. Legal & Compliance SPOC
3. Business and Operations SPOC
For any interdepartmental support required by the FMGT, it shall have powers to invite SPOCs from other departments on a need basis.
The FMGT shall be responsible for the following:
1. Laying down processes and procedures to identify, detect and report frauds.
2. Follow-up mechanism to take appropriate actions against persons who committed frauds.
3. Cooperation amongst market participants to identify frauds and mitigate the risk.
4. Building a database of those committing frauds and sharing with other market participants.
5. Awareness among employees/policyholders to counter insurance frauds.
CATEGORIES OF FRAUDS
Internal fraud shall mean any act, omission, or concealment of facts committed by a director, manager, officer, or employee of the Company with intent to cause wrongful loss or wrongful gain to the Company or any other person.
Internal fraud may include but shall not be limited to misappropriation of funds, forgery or alteration of any account, fraudulent payment or receipt, fraudulent valuation of any asset, entry in the books of accounts of any fictitious expenditure or assets with malafide intent, fraudulent destruction of documents, or manipulating computer systems to defraud the Company.
Third-party fraud shall mean any act, omission, or concealment of facts committed by any person other than those covered under Internal Fraud.
Third-party fraud may include but shall not be limited to submission of fraudulent claims, providing false or forged documents to obtain insurance or claim settlement, colluding with employees of the Company to commit fraud.
Online fraud shall mean any fraudulent activity committed using the digital platforms, systems, or online operations of the Company including the Company website, mobile applications, or online portals.
Online fraud may include but shall not be limited to issuance of fake online insurance policies, carrying out transactions using stolen or fake credit/debit cards or bank accounts, hacking, or unauthorized access of the Company's systems, phishing, or other social engineering attacks.
REPORTING PROCEDURE
Reporting Channels
Any employee, customer, or other stakeholder of the Company must report any instance of actual or suspected fraud to the designated email address: grievance@wealthright.com.
In addition to the above, protected disclosures relating to any fraudulent activity can also be made in writing to the FMGT Committee.
Initial Examination by FMGT Committee
Upon receipt of a protected disclosure, the FMGT Committee shall examine the disclosure and supporting documents/evidence.
If the initial examination indicates that the disclosure has no basis or is not a matter covered under this Policy, the FMGT Committee may dismiss the disclosure with documented reasons.
Where the initial examination indicates that further investigation is required, the FMGT Committee shall proceed to investigate the matter or nominate another person to conduct such investigation.
Process for Protected Disclosures
A protected disclosure may be made anonymously or otherwise in writing to the FMGT Committee.
The protected disclosure must contain all relevant details, including names, dates, and any other information that may facilitate the investigation of the alleged fraudulent activity.
The identity of any whistleblower making a protected disclosure shall be kept confidential by the FMGT Committee.
Investigation Process
Any investigation conducted pursuant to a protected disclosure shall be done in an impartial, fair, and unbiased manner.
The investigation shall be treated as a neutral fact-finding process wherein the principle of presumption of innocence shall be followed.
Reporting to Law Enforcement
Based on the findings of any investigation, the FMGT Committee shall recommend to the Company whether the matter needs to be reported to the appropriate law enforcement authorities.
MONITORING AND REVIEW
The FMGT shall review this Policy at least once every twelve (12) months from the Effective Date or as and when any changes are made to the Applicable Laws that require any amendment to the Policy.
The FMGT may also review the Policy as and when it deems necessary. A record of the reviews made to the Policy shall be maintained by the FMGT.
The objective of periodic review is to ensure that the Policy meets the current standards prescribed by IRDAI and other applicable laws and addresses the contemporary methods in which frauds are being committed against the Company.
Based on the review, the FMGT may recommend suitable amendments to the Policy to the Board.
All amendments/updates to the Policy shall be carried out with the approval of the Board.
The FMGT shall monitor implementation and adherence to the Policy on an ongoing basis.
It shall conduct periodic audits to identify any gaps, non-compliances, or deficiencies in implementation.
In the event of any non-compliance or deficiencies being identified, the FMGT shall recommend suitable corrective and remedial actions to the Board within the timelines prescribed by the Board.
The Company shall conduct periodic internal audits as per its Audit Policy to evaluate compliance with this Policy.
The findings shall be reported to the FMGT and Board.
Regulatory inspections may also review implementation and compliance with this Policy.
Necessary corrective actions shall be taken on the basis of such inspections.
ANNEXURE A
Misrepresentation of facts
Any misrepresentation or incorrect statement made in the proposal form, claim form, or any other document submitted to WealthRight which is material to the risk undertaken by the insurer shall constitute fraud under this Policy.
Concealment of material facts, providing incomplete or false details pertaining to pre-existing medical conditions, income, occupation, or any other information required shall also constitute fraud.
Misappropriation of funds
Dishonest misuse, taking wrongful possession, or diversion of any insurance money or premiums collected by WealthRight shall constitute fraud under this Policy.
Non-disclosure of material facts
Failure to disclose facts, circumstances, or information in the proposal form which would have influenced the underwriting decision of the insurer shall constitute fraud under this Policy.
Providing wrong claim information
Providing fabricated or incorrect details pertaining to the loss, damage, circumstances, or cause of the insured event while submitting a claim shall constitute fraud under this Policy.
Forged documents
Submission of forged documents such as bills, reports, receipts, or any other documents to support a fraudulent insurance claim shall constitute fraud under this Policy.
Employee fraud in policies
Any fraudulent or dishonest act committed by an employee of WealthRight such as issuing fake policies, manipulating policy data, or misappropriating premiums shall constitute fraud under this Policy.
Employee fraud in documents
Forgery of any details or tampering with documents such as proposal forms, policy documents by an employee of WealthRight to commit fraud shall constitute fraud under this Policy.
Theft of company assets
Theft or unauthorized access to laptops, computers, or documents containing confidential customer or policy information by an employee shall constitute fraud under this Policy.
Unauthorized use of customer data
Unauthorized access, use, sharing, or transmission of customer data such as contact details, financial information, health records without consent shall constitute fraud under this Policy.
Issuing fake policies
Misrepresenting on behalf of insurers and issuing fake policies in their name or siphoning premiums collected shall constitute fraud under this Policy.
Transactions through stolen payment modes
Carrying out transactions on WealthRight platforms using stolen or illegally acquired credit/debit cards, bank accounts shall constitute fraud under this Policy.
Cyberattacks compromising data
Any data security breach at WealthRight due to hacking, phishing, or other cyber-attacks resulting in theft or unauthorized use of confidential company or customer information shall constitute fraud under this Policy.
Residual clause
Any other fraudulent activity or practice not listed above but prejudicing the interests of WealthRight, insurers, customers or violating applicable insurance laws shall constitute fraud under this Policy.
ANNEXURE B
Illegal hacking and cyber-attacks
WealthRight shall deploy adequate technical security controls and protocols to prevent unauthorized access to its computer systems, networks, and databases used for e-commerce activities.
All access to WealthRight's digital infrastructure shall be provided only through authenticated user accounts with defined access privileges that are reviewed periodically.
WealthRight shall conduct regular vulnerability assessments and security audits to identify and address any technical defects or loopholes that could enable hacking, data theft, or security breaches.
In the event of any illegal hacking, security breach, or cyber-attack, WealthRight shall promptly notify the affected customers, initiate damage control and remediation steps, and report the incident to the appropriate authorities.
Bogus online activity
WealthRight shall implement appropriate protocols and automated checks to detect and prevent the generation of non-genuine website traffic, leads, transactions, or use of bots/automated scripts.
Any abnormal spikes or patterns indicative of bogus online activity shall be investigated by WealthRight's fraud monitoring team to identify the source of such irregularities and take suitable action.
Use of stolen payment credentials
WealthRight shall ensure all online payment gateways and transaction workflows adhere to prescribed industry standards for validation of customer credentials and detection of fraudulent transactions.
Additional verification shall be conducted for any high-risk transactions or where the source of funds appears suspicious or non-genuine.
WealthRight shall regularly monitor payment transaction data and patterns to proactively identify any misuse of stolen credentials or funds siphoning attempts at the earliest.
Compromised digital identities/accounts
Customers shall be provided security awareness training and advisories on best practices for online safety and protection of their digital identities and accounts.
Robust 'Know Your Customer' protocols shall apply to any changes in customer profile or payment details to prevent fraud through compromised identities or accounts.