Fraud Detection Policy

It shall include but not limited to any act of commission or omission or distortion or any concealment of facts or suppression of information or practising deception or any acts of undue influence, misrepresentation with a view to cause any unjust richment or gain to any person (whether monetary or otherwise) or any wrongful loss or any detriment suffered by another, without there being any necessity to prove any such gain or loss.

Fraud is a significant business risk that needs to be managed like all other business risks. Fraud can have a devastating effect on organisations as it could result in a significant financial loss and have other long-term business repercussions such as loss of public trust. The risk of fraud can be reduced through a combination of prevention, deterrence, and detection measures.

Since fraud may be difficult to detect because it often involves concealment through falsification of documents and collusion among staff or third parties, it is important to place a strong emphasis on fraud prevention, which reduces opportunities for fraud to take place, and fraud deterrence, which persuades individuals that they should not commit fraud because of the likelihood of detection and punishment.

This Fraud Detection Policy is designed to establish a framework for preventing, detecting, and responding to fraudulent activities within the Company. This policy is in strict compliance with the regulations Prevention and Reporting of Fraud Under NPS Architecture Guidelines, 2023; Guidelines on Insurance e- commerce dated 9th March 2017 as set forth by the Pension Fund Regulatory and Development Authority (PFRDA) and the Insurance Regulatory and Development Authority of India (IRDAI), hereinafter referred to as “regulators” respectively. The objective is to safeguard the interests of our customers, shareholders, and stakeholders by maintaining the integrity of our operations.

Finzoomers Services Private Limited (hereinafter referred to as the “Company”) values integrity, honesty, and fairness in everyone, from the top to the bottom. The Company encourages openness to prevent malpractice or any cover-up of malpractice and create a positive workplace environment where employees have positive feelings about the Company itself and the Group and do not feel abused, threatened, or ignored. The Policy is established to set out a process to prevent, identify, investigate, and mitigate the insurance related fraud in the Company.

All individuals regardless of position, title, or tenure are expected to remain vigilant and are responsible for preventing, detecting fraud and report any suspicious fraudulent activity.

This policy has been framed with an aim to provide a clear guidance to the employees and others dealing with the Company, forbidding them from getting involved in any fraudulent activity and the action to be taken by them when they suspect any fraudulent activity.

This document applies to all the employees and officers of the Company irrelevant of their designation, location; the terms of employment, hours of work or length of service, including contractual staff and directors in the employment of the Company, as well as shareholders, service providers, consultants, vendors, contractors and subcontractors, prospective and existing customers and/or other parties having a business relationship with the Company.

Any required investigation will be conducted irrespective of the suspected wrongdoer’s length of services, position/title/designation, or relationship with the company.

Few scenarios of such frauds can be:
• Misappropriation of assets and misutilization of funds for personal usage
• deliberately misrepresenting, concealing, suppressing, or not disclosing one or more material facts relevant to the financial decision, transaction, or perception of the Company’s status.
• Breach of trust
• Fraudulent encashment through forged instruments, manipulation of books of account or through fictitious accounts.
• Cheating and forgery.
• Embezzlement or Misappropriation of funds, securities, supplies, or other assets
• Forgery or alteration of a cheque, bank draft, account, or any other financial instrument
• Incorrect financial reporting with a view to deceive impropriety in the handling or reporting of money or financial transactions.
• Profiteering because of insider knowledge of the organisation's activities
• Disclosing confidential and proprietary information to unauthorised parties
• Bribery or kickbacks

To adequately protect the company from the financial and reputational risks posed by insurance frauds, the policy is designed to prevent, detect, investigate, and mitigate occurrence of frauds in the company.

The policy includes measures to protect the Company from the threats posted by the following broad categories of frauds with illustrative list.

a. Internal Fraud: Fraud/misappropriation against the Company by its Director, Manager, employee and/or anyone else.

Iterative List
The list is only illustrative and not exhaustive:

• Embezzlement (i.e., misappropriation of money, securities, supplies, property, or other assets).
• Fraudulent financial reporting (e.g., forging or alteration of accounting documents or records.
• Overriding decline decisions to open accounts for family and friends
• inflating expenses claims/over billing.
• paying false (or inflated) invoices, either self-prepared or obtained through collusion with suppliers.
• permitting special prices or privileges to customers, or granting business to favoured suppliers, for kickbacks/favours.
• Forgery or alteration of documents or accounts belonging to the Company.
• Conflicts of Interest resulting in actual or exposure to financial loss.
• Removing money from customers’ accounts
• Payroll fraud.
• Tax evasion. • Unauthorized or illegal use of confidential information (e.g., profiteering because of insider knowledge of company activities).
• Unauthorized or illegal manipulation of information technology networks or operating systems.
• Intentional failure to record or disclose significant information accurately or completely.

b. Customers fraud (Policyholders/ Subscribers) Fraud Fraud against the Company at the time of entering transaction with or through Company, including fraud at any time during the relationship with the Company Illustrative Lis

The list is only illustrative and not exhaustive:
The list is only illustrative and not exhaustive:
• Exaggerating damages/loss
• Staging the occurrence of incidents
• Reporting and claiming of fictitious damage/loss.
• Fraudulent by claimant in case of death claims
• Unauthorized transactions being initiated on policies such as switches, withdrawals, surrenders etc.
• Unauthorized changes in contact details
• Cash, cheques handed over by policyholders to agents however, they have not received any intimation from the company of its receipt.
• Fraud at the time of making NPS contribution
• Fraud at the time of exit; pre-mature or partial withdrawal
• Concealing material facts with the intention of fraud

c. Third party Frauds

Iterative List

The list is only illustrative and not exhaustive:

d. Online Fraud This type of fraud is typically a third-party fraud; however, this could involve any of the following types of frauds.

Illustrative list

The list is only illustrative and not exhaustive:

The Fraud Investigation Unit shall be head by Mr. Nikhil Sharad, who shall, basis the nature of fraud under investigation, include employees from different units on ad-hoc basis for immediate support and assistance.

• Put in place robust mechanism: Utilize advanced tools to identify unusual patterns, trends, or anomalies in financial transactions and customer behaviour. Implement predictive modelling to assess the likelihood of fraudulent activities based on historical data.
• Real-time Monitoring: Establish real-time monitoring systems to detect and respond to suspicious activities as they occur. Monitor key performance indicators (KPIs) and transactional data to quickly identify deviations from normal patterns
• Whistleblower Mechanism: Encourage employees, customers, and other stakeholders to report suspected fraudulent activities through a confidential whistleblower mechanism. Ensure that the whistleblower system complies with regulatory requirements and protects the identity of the individual providing information.
• Customer Verification Processes: Implement robust customer identity verification processes to prevent identity theft and fraudulent account openings. Regularly update customer information and conduct periodic reviews to ensure accuracy.
• Risk assessment: The Fraud Investigation Unit shall conduct risk assessment and assess potential fraud risk. Assessment of internal and external factor that can cause prospective fraud such as hardware and software, people, procedure, customer interaction.

• Employee Training: Conduct regular training programs to educate employees on fraud risks, prevention techniques, compliance with regulatory guidelines and the importance of ethical behaviour. Ensure that employees are aware of their role in maintaining a fraud-free environment.
• Internal Controls: Implement segregation of duties to prevent a single individual from having too much control over a critical process. Establish access controls to limit access to sensitive information and systems only to authorized personnel.
• Vendor and Third-Party Risk Management: Evaluate and monitor the security measures of vendors and third-party partners. Establish contractual obligations that require third parties to adhere to the same level of security standards and fraud prevention measures.
• Authentication and Authorization Protocols: Implement multi-factor authentication for sensitive transactions and access to critical systems. Regularly review and update authorization protocols to ensure that only authorized personnel have access to confidential information.
• Regular Audits and Reviews: All the required IT and cyber audits shall be conducted on regular basis to assess the effectiveness of fraud prevention measures.
• Collaboration with Regulatory Authorities: Collaborate with regulatory authorities, such as PFRDA and IRDAI, to stay informed about the latest fraud trends and regulatory requirements. Implement measures in alignment with regulatory guidelines to ensure compliance.
• CIncident Response Plan: Develop and regularly update an incident response plan to respond efficiently and effectively to detected fraud incidents. Clearly define roles and responsibilities within the organization in the event of a fraud incident.

Though the management has the primary responsibility for establishing and monitoring all aspects of the Company’s fraud risk assessment and prevention activities and performing the fraud risk assessment. Individuals from throughout the organization with different knowledge, skills, and perspectives (e.g., accounting/finance, non-financial business units and operations personnel, legal & compliance, risk management, internal audit, etc.) shall be involved in the fraud risk assessment.

Once the fraud risk assessment has taken place, management shall reduce and eliminate identified fraud risks by making changes to the Company’s activities and processes and identify the processes, controls and other procedures that are needed to mitigate the identified fraud risks. Effective and appropriate internal controls, whether automated or manual, which include a well-developed control environment, an effective and secure information system and appropriate control and monitoring activities, are essential to reduce and eliminate identified fraud risks.

Employees and officers at every level, in every department and at every location have a responsibility to speak up when they believe that they have knowledge or suspect that fraud is being committed. As soon as it is learnt that a fraud or suspected fraud has taken or is likely to take place, they should immediately apprise the same to the concerned party as per the current procedures in place.

All the frauds detected by any department/or detected by any person with knowledge of confirmed, attempted, or suspected fraud or any person who is personally being placed in a position by other person to participate in the fraudulent activity shall be reported to the functional head from the detection of any confirmed, attempted, or suspected fraud.

Any one (full time and part time employees or persons appointed on ad hoc/ temporary/ contract basis, trainees, apprentices, representatives of vendors/ suppliers/ contractors / consultants /service providers or any other third party doing any business with the Company) as soon as he / she comes to know of any fraud or suspects a fraud or notices any other fraudulent activity, he/she must report such incident(s) immediately without delay to the Compliance team in writing in below mentioned ways:

The Head of Fraud Investigation Unit/ or any other authorised person, is entrusted with the full authority for the investigation of all suspected/actual fraudulent acts as defined in this policy. He will take the necessary support from all concerned departments, external outsourced investigation agencies, and forensic experts, etc for investigation, if required. Moreover, the PO/ head of Fraud Investigation Unit has the power to form a team from case-to-case basis and such investigation team will be given all the rights, authority to investigate, any company’s books, desk, cabinets, storage, emails, files, or access, to any premises etc., whatsoever to investigate the case.

Timeline for completion of Investigation:

The investigations shall be completed normally within forty-five (45) days from the disclosure or discovery of the fraud case and be extended to Sixty (60) days in exceptional cases. However, the Investigating unit has the discretion to extend the duration of the investigation, depending upon the complexity of the case.

The conclusion and results of the investigations must be duly documented in writing. The fraud report regarding the results of the investigations and the corrective actions shall capture at least the fraud incident description, the fraud perpetrator details, the estimated fraud loss and recovery amounts, the controls implications, and the resolution. Management is responsible for resolving fraud incidents. The fraud report along with the recommendation is shared with the Legal and Compliance team for final decision.

Once investigations are completed and risk findings are identified, thereafter the Legal team shall initiate and take necessary action by approaching Law Enforcement Agencies, whenever appropriate

The Company has zero tolerance policy towards fraud. The Company shall take legal and penal actions in case any employee/ or anyone associated with the Company is found to be involved in any kind of fraud. The following actions shall be taken in response to an alleged or suspected incident of fraud:

All employees shall cooperate fully with an investigation into any alleged or suspected fraud.

CREATION OF DATABASE

Fraud Investigation Unit will prepare and maintain all the records pertaining to the fraud such as name of the personnel; fraudulent act undertaken by him/her; decision of the company etc.

If required, this data base may be circulated among the industry to establish a well-informed and safe environment.

OWNERSHIP AND REVIEW

This policy is owned by Compliance team of the Company, and it shall be reviewed at least annually or whenever required by Board of Directors of the Company

COMMUNICATION PLAN

Company will maintain an effective communication plan to keep employees, stakeholders, and regulatory authorities informed about fraud prevention measures, incidents, and outcomes of investigations.