In the Digital Age, Data Privacy & Protection Carry Immense Importance

Mr. Bireswar Chatterjee, General Manager, Legal, Compliance and Annuity, Shriram Life Insurance, speaks to India Employer Forum about 
insurance regulatory and development authority, data privacy, industry-specific compliances, and more.

Q. What does the overall regulatory framework look like for the insurance industry? 

In the 20th century, the insurance industry was a closed sector with no private players. The government regulated the public sector companies within the sector through the Tariff Advisory Committee and the Department of Financial Services. Post-liberalisation, a need for opening the insurance sector for private players was identified. Subsequently, the Insurance Regulatory and Development Authority of India (IRDAI) was formed in 1999 under the Insurance Regulatory and Development Authority Act, 1999. The regulator was tasked with regulating private companies and promoting the growth of the insurance and reinsurance business within the country. 

For instance, insurance companies are required to file periodic reports (monthly, quarterly, annually). These reports include information on business activities, policyholder grievances, and balance sheets, among others. Furthermore, the companies must disclose solvency ratios and maintain records as per the prescribed standards and formats. They must also disclose the number of Board and Committee meetings in a financial year and details of discussions and resolutions in the Board and Committees. A life insurance business must also disclose the persistency ratio of the policies it sells. Further disclosures include details of claims, claim settlement ratios, risk management architecture, related party transactions and pecuniary relationships or transactions of non-executive directors, among others. In all the supervisory activity of the regulator, protection of policy holders’ interest is given top most importance.

Q. What is the major difference between life and non-life insurance?

The difference between life and non-life insurance regulations stems from the difference in the genus of contracts they represent. Non-life insurance contracts are indemnity contracts wherein any loss is made good after assessment by the insurance company. On the other hand, life insurance contracts are contracts of benefit wherein some benefit is passed on to the family of the insured. Human life cannot be made good by any financial compensation as the emotional value of loss of life cannot be assessed. Consequently, the premiums for life insurance policies are affected by the mortality and morbidity table, as well as health reports, among others. Similarly, non-life insurance policies are dependent on tariff rates for pricing, wherein the tariff is left to the company to decide on the basis of past claim experience. However, in certain instances, such as liability insurance, particularly third-party liability insurance for motor vehicles, IRDAI sets the tariff rates.

Q. How will the Insurance Industry be affected by the Digital Personal Data Protection Act, 2023?

The Digital Personal Data Protection Act, 2023 (DPDP Act) brings the country a much-needed data protection regime. Once the rules are introduced, every business that handles and stores personal data in bulk will have a clear framework for compliance. In the digital age, data privacy and protection carry immense importance, and the digitisation of the economy, services, and platforms leads to the generation and exchange of massive amounts of data. Companies will need to introduce organisational and infrastructural changes to adapt and implement data protection measures.

Q. Has IRDAI moved towards technology in terms of filings and reportings that insurance companies do?

At present, data sharing is done in BAP portals with no other system or format. However, in the coming years, API integration may completely eliminate the need for manual intervention in filings and reporting. The DPDP Act also provides for relaxation in the sharing of data with the regulatory and legal authorities. 

Q. How do you keep track of all pending, ongoing, and upcoming compliance obligations? How has technology aided your organisation in its compliance functions?

Apart from Industry-specific compliances for the Insurance companies, the rest of the compliances are similar to those of any other organisation. For instance, compliances under LODR regulations, MCA requirements, and other SEBI regulations for listed companies are also applicable to insurance companies. Companies, depending on their size, choose between whether to hire contractors with the technological capabilities for compliance services or invest in in-house compliance teams. These compliance teams are then responsible for tracking and managing compliances and maintaining records using sheets and trackers. However, technology-based digital platforms that enable tracking and monitoring of compliances have allowed businesses to take greater control over their compliance functions. The senior management, KMPs, and the Board have greater visibility over the compliance status of the company due to these platforms.

Q. Can you paint us a picture of how boardroom conversations have moved towards compliance and good governance?

Directors, KMPs, and senior management have come to realise that compliance is not a constraint but a necessity. It is an enabler that allows the company to maintain control and check over its operations and activities. It is a necessary element to direct the business growth and development of the company. As such, the compliance department shoulders the responsibility of keeping the Board updated on the compliance status of the organisation. Boards are faced with conflicting and contradicting decisions that affect business on a daily basis. Compliance allows them to ensure that the foundation of the business remains robust. 

Q. How can young professionals become familiar with compliance and integrate it into the culture of compliance?

Young professionals must understand the purpose of compliance and their role within the organisation. They are not there to vote against ideas but act as facilitators of the business. Their role is to figure out how something can be done and make things easier for the business while keeping a balance between business growth and compliance.

They need to be able to explain compliance complexities and the role of the Board and senior management in it. The management must be advised on how non-compliance-induced disruptions can affect the business. It has to be realised that a loss of reputation carries much more weight than a financial penalty.

About Bireswar Chatterjee

Working in Shriram Life Insurance as General Manager, Legal, Compliance and Annuity. Worked in LIC for 24 years and 3 years in IRDAI. Total experience of 31 years in legal, Compliance and Risk in Insurance Industry.  A fellow of Insurance Institute of India, masters in Corporate Law and Masters in Finance.

Disclaimer: The opinions and views expressed in this article, including any accompanying data, are the sole responsibility of the author and should not be construed as reflecting the official policy or position of India Employer Forum.

Comments are closed.