INSURANCE REGULATORY AND
DEVELOPMENT AUTHORITY OF INDIA
IRDA/ INT/ GDL/ ECM/055/03/2017
9th March, 2017
Guidelines on Insurance e-commerce
1. Short title and commencement: (1) These guidelines are issued under Section 34 of the Insurance Act, 1938 and Section 14 of the IRDA Act, 1999 and are known as Guidelines on insurance e-commerce.
(2) They shall come into force on the date of their issuance.
2. Objective: e-commerce is seen as an effective medium to increase insurance penetration and enhance financial inclusion in a cost-efficient manner. The Authority as part of its developmental mandate, issues these guidelines to promote e-commerce in insurance space which is expected to lower the cost of transacting insurance business and bring higher efficiencies and greater reach.
3. Definitions – In these guidelines, unless the context otherwise requires:
(a)”Act” means the Insurance Act, 1938;
(b) “Applicant” means a registered insurer or an insurance intermediary or any other person recognized by the Authority desiring to set-up an Insurance Self Network Platform for selling and servicing of insurance products.
(c) “Authority” means the Insurance Regulatory and Development Authority of India established under sub-section (1) of Section 3 of the Insurance Regulatory and Development Authority Act, 1999 (41 of 1999);
(d) Insurance Self-Network Platform means an electronic platform set-up by any applicant with the permission of the Authority.
Explanation: For the purposes of these guidelines an insurance agent is not permitted to set up a separate insurance self-network platform and instead can use respective insurer’s self-network platform, if available. However, the insurer shall be responsible for compliance of these guidelines on behalf of the insurance agents.
(e) “Market Participants” on Insurance Self-Network Platform shall include
i) Insurers registered by the Authority
ii) Insurance Intermediaries registered by the Authority
iii) Insurance Agents appointed by insurers registered by the Authority
iv) Any other person so recognized by the Authority
(f) Words and expressions used and not defined in these guidelines but defined in the Insurance Act, 1938 (4 of 1938) or Insurance Regulatory and Development Authority Act, 1999 (41 of 1999), shall have the meanings respectively assigned to them in those Acts, Rules, Regulations, Guidelines issued under those Acts as the case may be.
PERMISSION FOR ESTABLISHING INSURANCE SELF-NETWORK PLATFORM FOR
UNDERTAKING INSURANCE e-COMMERCE ACTIVITIES IN INDIA
Procedure for grant of permission for establishing an Insurance Self-Network Platform (ISNP)
a) The applicant desiring to set-up an ISNP for undertaking Insurance e-commerce activities in India shall make an application in Form – ISNP – 1.
5. Application for grant of permission
(a) No person shall set-up an ISNP for undertaking Insurance e-commerce activities in India unless he obtains permission from the Authority.
(b) The application shall be accompanied with a non-refundable fees of rupees ten thousand plus applicable taxes.
(c) Existing ISNP’s – Insurers and Insurance Intermediaries who already have set-up their own ISNP’s or insurance portals for selling and servicing insurance products may continue to operate these platforms / portals
Provided that they comply with the requirements of these guidelines within a period of three months and obtain necessary permission from the Authority.
6. Application to conform to the requirements
(a) An application in Form – ISNP -1, which is not complete in all respects and does not conform to the instructions contained in these guidelines, shall be rejected. Provided before rejecting the application, the applicant shall be given an opportunity of being heard.
(b) A time period of 15 days shall be given to the applicant to complete the application.
(c) The Authority looking into the circumstances of the application shall endeavour to decide on the application within a period of 60 days from the date of submission of all documents.
7. Furnishing of information, clarification and personal representation
(a) The Authority may require the applicant to furnish such further information or clarification or personal presentation regarding matters relevant to ISNP for undertaking Insurance e-commerce activities in India.
8. Conditions for Grant of permission
(a) The Authority on being satisfied that the applicant can set-up an ISNP for undertaking insurance e-commerce activities in India, may grant permission subject to the ISNP complying with the provisions of the Insurance Act, 1938, the IRDA Act, 1999, the Regulations made there under, guidelines and circulars issued by the Authority from time to time.
9. Renewal of permission
(a) Permission granted for setting up an ISNP shall be normally valid as long as the certificate of registration is valid in case of insurance intermediaries.
(b) in case of insurers, the permission will be valid unless it is revoked.
(c) However the Authority may revoke the permission so granted at any time, if it of the view that the activities carried out on the ISNP is:
i. not in the interest of the policyholders
ii. not conducive for the orderly growth of the industry
iii. violating the code of conduct given in Chapter III
iv. not meeting the requirements as specified in these guidelines
v. in violation of the provisions of the Insurance Act, 1938, IRDA Act, 1999, Insurance Rules. Regulations Guidelines, circulars, orders. notices etc issued by the Authority.
Provided that before revoking permission, the applicant shall be given an opportunity of being heard.
10. Internal monitoring, review and evaluation of systems and controls
(a) An ISNP granted permission shall ensure:
i) that the integrity of the automatic data processing systems is maintained at all
ii) privacy of data is maintained.
iii) adequate internal mechanisms for reviewing, monitoring and evaluating its controls, systems, procedures and safeguards.
11. Review of operations of the ISNP
(a) A review of the controls, systems, procedures and safeguards put in place by the ISNP, shall be carried out, atleast once a year, by an external certified information system auditor (CISA) or Chartered Accountants with DISA (ICAI) qualification or CERT-IN expert at their cost.
(b) The scope of such external audit of the ISNP shall be as prescribed by the Authority from time to time.
(c) In addition, the applicant shall ensure compliance to information security management system standard of the International Organization for Standardization or the International Electro-technical Commission or its equivalent of the ISNP, at all times, by having an annual review of the systems.
(d) The applicant shall place the report of the CISA auditor or DISA (ICAI) qualified expert or CERT-IN expert and the information security management system of the ISNP before the Board or its sub-committee for their observations.
(e) Any adverse findings which are material to the operations of the ISNP of the applicant or which results in financial loss to the policyholders shall be reported to the Authority along-with an action plan to address them.
(f) The Authority has the right to undertake by itself or through an external agency an independent inspection into the affairs of the ISNP at any time if it so desires.
Code of Conduct
12. Every applicant shall undertake to do the following with respect to its ISNP:-
(a) provide in electronic form a summary of the information provided in the proposal form to the prospect before a contract is concluded;
(b) provide the policyholder with a copy of the insurance policy in electronic form that enables reproduction and storing;
(c) provide to the policyholder through electronic means, post sales servicing of insurance policies sourced through it;
(d) furnish any information as required by the Authority relating to insurance business;
(e) submit periodical returns as required by the Authority;
(f) cooperate in any inquiry conducted by the Authority;
(g) any other requirement which the Authority may specify.
13. Every applicant shall undertake not to do the following with respect to its ISNP:-
(a) conduct its business in a manner prejudicial to the interests of the policyholders;
(b) indulge in manipulating the insurance business;
(c) indulge in unfair trade practices;
(d) accept redirected internet traffic/ references from other than market participants and to the extent permitted.
(e) make default in complying with, or acts in contravention of, any requirement of the Act, IRDA Act, 1999 or of any rule or any regulation or order made or any direction issued thereunder;
(f) make a default in complying with any direction issued or order made, by the Authority;
(g) offer any discounts, incentives or payments by whatever name called, other than those approved by the Authority
(h) allow cashback, promotional incentives or payments by whatever name called, by payment gateway companies or other entities by whatever name called.
(i) make a default in complying with, or act in contravention of, any requirement of the Foreign Exchange Management Act, 1999 or the Prevention of Money Laundering Act, 2002.
(j) any other requirement which the Authority may specify
14. Obligations of applicant’s ISNP
(a) Every applicant shall ensure compliance of the following:
i) the record of conduct and performance of the persons in management of the applicant’s ISNP is satisfactory;
ii) the applicant’s ISNP is protected against unauthorised access, alteration, destruction, disclosure or dissemination of records and data;
iii) the network through which electronic means of communications are established amongst the market participants on applicant’s ISNP is secure against unauthorized entry or access;
iv) the applicant’s ISNP has standard transmission and encryption formats amongst the market participants on the Platform in order to protect the information from any disruption, hacking, etc;
v) the applicant’s ISNP has established adequate procedures and facilities to ensure that it is protected against loss or destruction and arrangements have been made for disaster recovery at a location different from the existing place;
vi) the applicant’s ISNP has a mechanism in place to ensure that the interests of the persons buying or other services under insurance policies including their privacy on the ISNP are adequately protected;
vii) the applicant’s ISNP to have procedures, processes and timelines for pre-sales solicitation and post-sales servicing of insurance policies.
viii)the applicant’s ISNP has Management Information System supporting Internet-based insurance business operations in order to realize a real-time connection with Insurance core systems and of ensuring effective isolation between other application systems of the insurers, avoiding the external transmission and spread of information security risks for insurers;
ix) the applicant’s ISNP has robust firewall, intrusion detection. data encryption, disaster recovery and other Internet information security management systems;
x) the applicant’s ISNP has the domain name of the website registered and with servers hosting them located within India:
xi) the applicant’s ISNP has specialized Internet insurance business administration, equipped with appropriate professionals;
xii) the applicant’s ISNP has means available to ensure that the information displayed on the webs-site, the processes, procedures and any other mechanism by whatever name called, displayed and implemented on the platform are available all times for verification and scrutiny;
xiii) any other requirements which the Authority may specify
e-COMMERCE ON INSURANCE SELF-NETWORK PLATFORM
15. Operational issues:
The applicant granted permission by the Authority to set-up an ISNP for undertaking Insurance e-commerce activities in India shall ensure that the following minimum requirements are addressed at all times:
1. Online offering
a. The applicant’s ISNP may be available as a
i. regular internet web-site (desktop or mobile version) or
ii. mobile app or
b. The applicant’s ISNP shall enroll only those market participants that are granted certificate of registration by the Authority.
Explanation: It is clarified that an insurer can enroll only insurance intermediaries on its Insurance Self-Network Platform and no other insurer.
An insurance intermediary can enroll only insurers to the extent allowed under the respective regulations on its ISNP and no other insurance intermediary or an insurance agent.
c. If any unregistered market participant is enrolled by the applicant’s Insurance Self-Network Platform, then it will be viewed as a very serious violation which may even lead to cancellation of Authority’s permission given to the applicant.
2. Internet Web-site and mobile app
2. The applicant’s ISNP website shall prominently display on its website the following information:
i. Legal name of the applicant
ii. Geographical Address of the applicant
iii. Telephone and electronic contact information of the applicant
iv. Certificate of Registration Number and its validity
v. Category of certificate of registration of the applicant
vi. Contact information and information on how policyholders can file a complaint, including a link to the Authority’s website.
vi. any other relevant information of the applicant.
b. Every insurer’s ISNP facilitating transaction of insurance business through the ISNP of an insurance intermediary and vice-versa may do so provided it is allowed under the Act and Regulations and there exists a signed agreement in-force between them.
3. Disclosures —
a. The applicant shall ensure that only those features of the products which are approved under Product Approval terms by the Authority are displayed on its
b. Any information which is detrimental to the interests of the policyholder or is misleading and is not approved by the Authority shall not be displayed by the applicant on its ISNP.
c. Products that are displayed on the applicant’s ISNP shall be up to date and reflect a true picture.
d. The ISNP of a registered insurer:
i. may display its products
ii. shall not display products of other registered insurers except for any combi-products developed in association with other insurers.
e. The ISNP of a registered insurance intermediary:
i. may display the products of insurers
ii. shall not make any promise or commitment to insurers for sale of their products.
iii. shall not favour any one insurer.
Provided it may recommend a particular product to the prospect based on his need analysis
4. Pre-sale solicitation: Every applicant’s ISNP to provide details of procedures, processes and timelines for pre-sales solicitation of insurance policies for activities given in Schedule II.
5. Information sharing with Prospect : The applicant’s ISNP offering insurance products online shall bring to the prospects attention the following information, in clear and simple language:
a. The type of consumer for whom the product is intended;
b. Main characteristics of the product;
c. Options and coverage provided by the product, as applicable;
d. Exclusions and limitations associated with the product, if any;
e. The total premium and other charges that the consumer shall pay (including all applicable taxes) or, if an exact amount cannot be indicated, the basis for the calculation of the sothat the prospects can verify it;
f. The prospects right to cancel, if applicable, as well as the duration of the cancellation period and procedures for exercising that right;
g. Any time limit on the validity of the information provided.
a. No refilling of insurance products will be necessary in case there is no change in the terms, conditions, benefits, exclusions, pricing including discounts, etc of these products.
b. In case of any change to the existing product or introduction of a new product, the Product Approval terms shall be followed.
c. All products shall be sold in electronic form in accordance with IRDAI (Issuance of e-insurance policies) Regulations, 2016 as amended from time to time.
d. The ISNP of a registered insurer is permitted to offer all products that are approved under the Product Approval terms.
e. The ISNP of a registered insurance intermediary is permitted to offer products that are permitted under the applicable regulations.
a. The pricing of every product shall be decided by the insurer and it shall be the responsibility of the insurer that product pricing is in compliance to product approved by the Authority.
b.Insurers may offer discounted pricing on the product when sold through its ISNP as specified by the Authority.
c. The differential price for products offered on ISNP of any of the applicants shall be the same.
8. Commission or remuneration to the Insurance Self-Network Platform
a. A product sold through the applicant’s ISNP shall be governed by IRDAI (Payment of commission, remuneration or reward to insurance agents and insurance intermediaries) Regulations, 2016.
b. No fees, charges or payments by whatever name called other than that allowed IRDAI (Payment of commission, remuneration or reward to insurance agents and insurance intermediaries) Regulations, 2016 shall be paid or shared between the market participants for utilizing the applicant’s ISNP.
9. Proposal Form
a. A proposal form for insurance business procured on the applicant’s shall be in accordance to Regulation 3 of IRDAI’s (Issuance of e-insurance policies) Regulations, 2016.
b. Electronic ACR by online authentication through login id and password shall be recognised for an Agent / insurance intermediary for the purposes of selling an insurance policy, wherever required.
10. Compliance to KYCI AML norms –
a. The applicant’s ISNP shall be responsible for compliance of the directions issued by the Authority or any other statutory Authority for compliance of KYC/ AML
b. Compliance to the KYC/ AML guidelines issued by the Authority can be undertaken using any of the following facilities
i. e-KYC facility offered by UIDAI
ii. e-PAN facility offered by NSDL
iii. valid KYC documents permitted under Authority’s AML circular no IRDA/ SDD/ GDLJ CIR/ 175/ 09/ 2015 dt 28thSeptember, 2015.
iv. any other facility recognized by the Authority
11. Creation of e-Insurance Account
a. Creation of an e-insurance account in accordance with the IRDA Guideline No. IRDA/ INT/ GDL/ INSRE/ 111/ 05/ 2015 dated 29thMay, 2015 shall be undertaken within 15 days post selling of insurance policies on the applicant’s ISNP.
b. It shall be necessary for a customer to have either an email id or a registered mobile phone number while transacting insurance business on the applicant’s ISNP.
12. Payment of premium
a. The market participants shall ensure that provisions of Section 64VB(1) of the Act are complied with at all times.
b. The manner of payment of premiums for online sale shall be by way of credit card/ debit card/ net banking/ e-wallet or any other electronic mode as permitted by the Reserve Bank of India from time to time through a payment gateway normally used by the insurer for online sale of insurance policies.
c. In addition, the applicant’s ISNP may facilitate payment of premiums through cheque/ demand draft.
d. The ISNP may accept cash payments only on the condition that the insurers system gives an immediate acknowledgement on either the policyholder’s email address or his mobile phone number of having received the premium.
e. The agreements entered into by the insurers with the ISNP for integrating their web portals for sale of products or receipt of premiums online shall not be in any way detrimental to the interests of the policyholders.
13. Issuance of e-lnsurance policies
a. On completion of online transaction, for payment of premium and sale of the policy, the insurer shall generate the e-premium receipt and send the same to the prospect through email immediately and the Policy document/ bond along-with copy of the proposal form and other underwriting documents within the timelines prescribed under the IRDA’s (Protection of Policyholders Interest) Regulations, 2017 and amendments thereto.
b. The Policy document may also be credited to his e-Insurance Account in accordance with IRDA Guideline No. IRDA/ INT/ GDL/ INSRE/ 111/ 05/ 2015 dated 29thMay, 2015.
14. Servicing of Policies
a. Every applicant’s ISNP to provide details of procedures, processes and timelines for post-sales servicing of insurance policies for activities given in Schedule III.
15. Privacy of personal information and data security
a. It shall be the duty of every applicant’s ISNP to keep the personal information collected during the course of the business transaction confidential and prevent its misuse.
b. The applicant before commencing the operations shall put in place measures to safeguard the privacy of the data maintained and adequate systems to prevent manipulation of records and transactions.
c. The applicant’s ISNP shall ensure data security as per Authority’s guidelines.
d. The safeguards put in place shall be reviewed on a continuous basis and the same shall be reported to the sub-committee of the applicants Board which shall review it and take corrective steps if warranted.
a. a The web-site/ portal of the applicant shall carry not more than 80% image
b. The insurers may merge all disclaimers under one single link “disclaimer” and the customers can access all disclaimers together through this single link.
c. All other requirements/ conditions as given in the IRDA’s (Insurance Advertisement and Disclosures) Regulations, 2015 shall be complied.
a. The applicant’s ISNP shall have in place a mechanism to address policyholders’ grievances including expeditious refund of premium in case of double or more debiting of the policyholder’s account.
b. The grievances of policyholders shall be attended to in the time frame specified by Authority from time to time.
c. The grievances registered shall be managed through the Integrated Grievance Management System put in place by the Authority.
a. The applicant’s Insurance Self-Network Platform shall have a pro-active fraud detection policy for the insurance e-commerce activities which is approved by its Board of Directors.
b. The policy shall amongst other things include the following areas:
i. Manner of detecting and identifying frauds
ii. Follow-up mechanism for prosecuting persons who committed fraud
iii. Cooperation amongst market participants to identify frauds
iv. Building a database of those committing frauds and sharing with other market participants
19. Maintenance of records – Every participant shall maintain records in accordance with the IRDA Guideline No. IRDA/ INT/ GDL/ INSRE/ 111/ 051 2015 dated 29thMay,
20. Standard Operating Procedure –Every applicant shall follow a standard operating procedure for its IT and non-IT processes for the activity undertaken on it and shall keep the same ready for inspection by the Authority at all times. The applicant shall also keep ready an updated version incorporating the changes as and when they are Any non-compliance shall be viewed seriously and can invite penal action on part of the Authority.
21. Supervision and Control -The supervision and control of applicant’s ISNP shall be in accordance with Guideline 12 above.
22. Compliance – The Chief Executive Officer and the compliance officer of applicant’s ISNP shall file with the Authority annually a compliance certificate certifying that the information displayed on the webs-site, the processes, procedures and any other mechanism by whatever name called. displayed and implemented on the platform were in compliance to the these guidelines at all times.
23. Other issues – The applicant shall immediately report to the Authority any regulatory or supervisory action taken by any Government or other Regulatory Authorities with full details and the penalty, any administrative action, if any imposed and the remedial steps taken by it to prevent its recurrence with regard to the applicant’s
24. Reporting requirements –The applicant shall submit to the Authority the reports as specified by it.
25. Further powers of the Authority
a. the Authority shall have the right to call, inspect or investigate any document, record or communication from the applicant’s ISNP.
b. Notwithstanding the above, where the Authority is of the opinion that the operations of the applicant’s ISNP are not in the interests of the Indian market or the insurance policyholders, the Authority reserves the right to take appropriate steps including suspension or cancellation of permission granted.
c. Power of the Authority to issue clarifications: In order to remove any difficulties in respect of the application or interpretation of any of the provisions of these Guidelines, the Chairperson of the Authority may issue appropriate clarifications from time to time.