As we immerse ourselves in the ever-evolving era of digitalization, where e-commerce has become a way of life, the insurance industry is keeping pace by harnessing the potential of online platforms. In this dynamic landscape, Insurance Self Networking Platform (ISNP) compliance emerges as a vital pillar, ensuring the security and privacy of online insurance transactions. Championed by the Insurance Regulatory and Development Authority of India (IRDAI), ISNP stands tall as an electronic platform authorized to revolutionize insurance e-commerce activities.
Today, many businesses use the internet to gain a competitive advantage. However, the insurance industry has been a little slow to catch up. When IRDAI through ISNP allowed insurers or insurance intermediaries to conduct insurance e-commerce activities in India, the insurance sector finally opted to develop e-commerce in the insurance domain. ISNP is an e-commerce portal in India that deals with insurance services. It enables brokers or firms to sell policies at a lower cost. The Insurance Self Network Platform was established with the approval of the insurance regulatory authorities.
In the world of insurance, where online transactions are becoming the norm, ensuring the security, efficiency, and compliance of self-networking platforms is of utmost importance. This is where ISNP Audit comes into play. An ISNP Audit involves a comprehensive evaluation of an insurance organization's self-network platform, with the aim of assessing its compliance with regulatory standards, security measures, functionality, and overall effectiveness.
During an ISNP audit, a team of auditors meticulously examines various aspects of the ISNP. They review the platform's design, architecture, policies, procedures, and controls to evaluate its adherence to industry regulations and best practices. The auditors also assess the implementation of security measures, access controls, and data management practices specific to the insurance industry.
The primary purpose of an ISNP audit is to ensure that the platform operates efficiently, securely, and in line with industry standards. By identifying any vulnerabilities, weaknesses, or non-compliance issues, the audit provides valuable insights and recommendations for improvement. This empowers insurance organizations to enhance their ISNP, strengthen data security and privacy measures, mitigate risks, and maintain compliance with regulatory requirements.
The ISNP audit process involves a thorough examination of the platform's design, functionality, and security measures. Auditors review documentation, policies, and procedures related to the ISNP, and may conduct interviews with key personnel involved in its management and operation. Technical assessments, such as vulnerability scans and penetration testing, may also be conducted to identify potential security flaws or weaknesses.
The audit findings are compiled in a comprehensive report that highlights any identified issues, areas of non-compliance, and recommended improvements. This report serves as a roadmap for the organization, guiding them in addressing the identified issues and enhancing the overall performance and security of their ISNP.
By conducting ISNP audits, insurance organizations demonstrate their commitment to maintaining high standards of security, compliance, and operational efficiency. These audits play a crucial role in identifying and mitigating potential risks, preventing data breaches, and ensuring that the ISNP functions effectively to support the organization's insurance operations. Ultimately, ISNP audits promote transparency, accountability, and trust within the insurance industry by ensuring that self-network platforms are robust, secure, and compliant with relevant regulations.
As the insurance industry embraces digitalization, ISNP compliance and audits become essential components in safeguarding online insurance transactions. By conducting regular ISNP audits, insurance organizations can bolster the security, efficiency, and compliance of their self-network platforms, reinforcing trust and providing enhanced services to their customers in the rapidly evolving digital landscape.
ISNP audits are typically conducted by independent audit firms or internal audit teams with expertise in information security, risk management, and regulatory compliance. The specific organizations that should be conducting ISNP audits include:
All these individuals and organisations should be doing ISNP Audit.
ISNP audits are typically conducted by a range of insurance organizations that have integrated an Insurance Self Networking Platform (ISNP) into their operations. These organizations include insurance companies, underwriters, brokers, and any entity involved in managing and administering an insurance self-network platform.
The detailed steps involved in an ISNP audit are as follows:
By following these comprehensive steps, the ISNP audit aims to provide a thorough assessment of the platform's security, functionality, and compliance. It enables auditors to identify any gaps or deficiencies in the implementation of technical controls, thus facilitating the development of appropriate recommendations for improvement. Ultimately, an ISNP audit helps insurance organizations strengthen the security and effectiveness of their ISNP, enhancing operational efficiency and instilling confidence in customers and stakeholders.
Organizations that have implemented an Insurance Self Networking Platform (ISNP) should conduct ISNP audits on a regular basis to ensure compliance and maintain the integrity of their operations. The frequency of these audits may vary based on factors such as regulatory requirements, industry best practices, and the organization's risk management strategy.
The Insurance Regulatory and Development Authority of India (IRDAI) mandates that controls, procedures, systems, and safeguards put in place by the ISNP should be reviewed at least once a year. This review is typically conducted by an external certified information system auditor (CISA) or qualified Chartered Accountants (CA) with expertise in information system audit. These auditors are responsible for assessing the ISNP's compliance with regulatory standards and identifying any adverse findings that may impact the platform's operations or cause financial loss to policyholders.
Insurance organizations that have implemented an Insurance Self Networking Platform (ISNP) must ensure timely renewal of their ISNP license to maintain its validity. The ISNP certification is initially granted for a period of three years. Once this period expires, the certificate of incorporation for the ISNP becomes invalid, indicating the need for renewal.
During the audit, the auditors thoroughly examine the controls, procedures, and systems implemented by the ISNP. They assess the code of conduct and performance of the individuals managing the platform, review the website information and processes, and scrutinize the mechanisms in place. Additionally, auditors ensure that the ISNP only enrolls market participants who have received a certificate of registration from the regulatory authority.
The ISNP audit also requires the organization to maintain a proactive fraud detection policy and process approved by the board. Proper record-keeping, adherence to standard operating procedures (SOPs), and supervision by the insurer over the ISNP are essential. The organization must also comply with reporting requirements to the insurance regulatory authority, including informing them of any actions taken by the government or regulatory bodies. Filing an annual compliance certificate, signed by the CEO and compliance officer, demonstrates the organization's commitment to meeting the guidelines set by the regulatory authority.
By conducting ISNP audits at regular intervals, insurance organizations can ensure that their self-network platform remains compliant with regulatory requirements, operates securely, and protects the interests of policyholders. These audits play a crucial role in maintaining transparency, preventing fraudulent activities, and upholding the standards of the insurance industry.
The Insurance Self Networking Platform (ISNP) was proposed by the regulator in April 2017 to facilitate e-commerce in the insurance industry. The latest version of the Insurance Self Networking Platform (ISNP) has been introduced by the Insurance Regulatory and Development Authority of India (IRDAI) in April 2017. The ISNP aims to promote e-commerce in the insurance industry, with the goal of reducing transaction costs, increasing efficiency, and expanding insurance penetration. However, there is a lack of comprehensive information available regarding the ISNP itself, the entities participating in it (such as insurance companies, brokers, and corporate agents), and the regulatory framework governing their operations.
Despite the establishment of a dedicated portal (https://isnp.irda.gov.in/) by the IRDAI, there is limited transparency regarding the entities registered on the ISNP portal and the nature of their business activities. The regulatory authority has not provided explicit details about the authorization process for selling or servicing insurance policies through the ISNP platform. Consequently, stakeholders remain unaware of the number of insurance companies, brokers, and corporate agents that have applied for registration, the status of their applications, and the specific responsibilities they have toward insurance consumers.
According to available information, approximately 50 insurance broking companies have been approved for participation in the ISNP by the IRDAI, while others are still awaiting permission or have had their applications rejected. The lack of awareness among insurance policy buyers about authorized intermediaries operating through ISNPs increases the risk of falling victim to fraudulent entities that exploit the ISNP name for illegitimate purposes. Moreover, there is a concern that some entities may be conducting business under the guise of ISNPs without proper authorization from the IRDAI.
This situation is particularly significant given the rising prevalence of online cyber fraud, particularly in the insurance sector. Unscrupulous entities posing as insurance companies or intermediaries could perpetrate fraud against unsuspecting customers. However, the IRDAI has not disclosed any information about entities associated with or authorized by the ISNP, and there is currently no consumer grievance redressal mechanism available on the ISNP portal.
Interestingly, while the IRDAI's portal for policyholders (https://www.policyholder.gov.in) emphasizes caution and awareness during the policy purchase process, highlighting the risk of mis-selling by insurers and intermediaries, similar cautionary measures are not explicitly evident on the ISNP portal.
The circular issued by the IRDAI on 12 April 2017 outlined the filing process for the online application for ISNP in line with the guidelines for insurance e-commerce published on 9 March 2017. The circular stated that insurance companies, brokers, and corporate agents could sell and service insurance policies through the ISNP platform. The services offered under the ISNP include the issuance and delivery of policy documents, certificates of insurance, proposal forms, medical reports, and endorsements.
To facilitate policyholders' access to their insurance information, the ISNP allows the creation of e-insurance accounts (eIAs) that store policy documents in electronic format. Four entities, namely NSDL Database Management Ltd, Central Insurance Repository Ltd, Karvy Insurance Repository Ltd, and CAMS Repository Services Ltd, have been authorized by the IRDAI to open eIAs for policyholders. It is mandatory for customers transacting on the ISNP to possess an eIA, and insurers or intermediaries registered with the ISNP must facilitate the opening of eIAs within 15 days of policy issuance.
Despite the ISNP's importance and its potential impact on the insurance industry, the IRDAI has not provided proactive information about the platform under the Right to Information (RTI) Act. Requests for detailed information about the ISNP, including the names and businesses of registered entities, and the supervisory and regulatory measures undertaken by the IRDAI, have been met with silence from the regulatory authority.
It is crucial for the IRDAI to address these information gaps and enhance transparency regarding the ISNP. By doing so, they can foster trust among policyholders, mitigate the risks associated with fraudulent activities, and ensure effective regulation and supervision of the entities operating within the ISNP framework.
The Insurance Self Networking Platform (ISNP) audit for an organization can be conducted by qualified and independent auditors who possess the necessary expertise and knowledge in insurance regulations, compliance, and information technology systems. The audit aims to assess the organization's adherence to the ISNP guidelines and regulatory requirements set forth by the Insurance Regulatory and Development Authority of India (IRDAI).
Who can conduct ISNP audit for an organization?
Some key considerations regarding the entities that can conduct ISNP audits:
Regardless of whether the audit is conducted by a third-party firm, an empaneled auditor, or an internal audit team, the auditors should adhere to certain principles and considerations during the ISNP audit process:
In summary, the ISNP audit for an organization can be conducted by qualified third-party audit firms, IRDAI-empaneled auditors, or internal audit departments with the necessary expertise and knowledge in insurance regulations, compliance, and technology. The auditors should ensure independence, compliance assessment, risk assessment, and provide a comprehensive audit report to support the organization in improving its ISNP operations and complying with regulatory requirements.