How IRDAI Evaluates Health Insurance Companies – Key Takeaways from a Recent Regulatory Order

How IRDAI Assesses Insurers – Regulatory Review Explained

Introduction

Regulatory orders issued by the Insurance Regulatory and Development Authority of India (IRDAI) are often viewed as isolated enforcement actions. In practice, they offer much deeper insight into how the regulator interprets compliance, evaluates insurer conduct, and prioritises policyholder interests.

This article draws learning from a recent IRDAI regulatory order that followed a remote inspection of a health insurance company. The insurer has been deliberately anonymised. The analysis is educational in nature and aims to explain IRDAI’s supervisory thinking, expectations, and enforcement logic in a clear and accessible manner.

Read IRDAI and Its Role in Shaping Health Insurance in India

Why IRDAI Conducts Inspections

IRDAI conducts periodic on-site and remote inspections to assess whether insurers are operating in line with:

  • The Insurance Act, 1938
  • IRDAI regulations and circulars
  • Policyholder protection principles
  • Corporate governance and risk management standards

Inspections focus not only on written policies, but also on how processes function in practice. Gaps between documented procedures and actual execution are often at the centre of regulatory findings.

Grievance Redressal: Accessibility Is a Regulatory Expectation

One of the first areas examined in the enforcement order relates to grievance redressal. While the insurer had a defined grievance process, communications sent to complainants did not consistently provide complete details of the jurisdictional Insurance Ombudsman when grievances were closed without a favourable resolution.

From a regulatory perspective, IRDAI views grievance redressal as a policyholder right rather than a procedural formality. Merely providing customer care contact details or hyperlinks was considered insufficient. The regulator’s expectation is clear: escalation options must be explicit, direct, and easily usable by the policyholder.


Effective grievance redressal is not just about internal closure timelines. It is equally about empowering customers with clear information on external remedies when internal mechanisms fail.

Cybersecurity and Information Risk: Timelines Matter

The inspection also reviewed the insurer’s Information Security and Cyber Risk framework, particularly vulnerability assessment and penetration testing (VAPT). While vulnerabilities were identified and addressed, a significant number of critical and high-severity issues were closed beyond prescribed turnaround timelines.

IRDAI acknowledged that remediation of complex systems can take time. However, delayed closure of high-risk vulnerabilities was viewed as a governance issue rather than a technical one. Health insurers handle sensitive personal and medical data, making timely cyber risk mitigation a regulatory priority.


Cybersecurity compliance is increasingly evaluated at the Board and senior management level. Delays, even if technically justified, must be formally escalated, documented, and monitored through risk governance structures.

Claims Processing: The Foundation of Policyholder Trust

Claims management emerged as the most critical area of concern in the enforcement action. Multiple issues, when viewed together, pointed to weaknesses in transparency and control.

Incomplete Documentation

The inspection revealed that patient or attendant signatures were present on discharge summaries and final bills in only a minority of reviewed cashless claims. Although the insurer cited operational challenges and the desire to avoid customer hardship, the regulator viewed this as a material control gap.

Signatures serve as an important confirmation mechanism, helping ensure that billed services and settlement outcomes are acknowledged by the insured party.

Application of Hospital Discounts

Another issue related to hospital discounts. While discounts negotiated with network hospitals were applied during claim settlement, they were not consistently reflected in the hospital bills provided to policyholders. As a result, customers lacked visibility into how the final payable amount was derived.

Communication of Settlement Details

Final settlement communications explaining deductions, disallowances, and paid amounts were primarily addressed to hospitals. The insurer could not consistently demonstrate that policyholders received clear, standalone settlement letters.


IRDAI expects policyholders to be treated as the primary audience for claim communications, even in cashless arrangements where payments are made directly to hospitals. Transparency is evaluated based on evidence of communication, not intent.

Financial Reporting and Reinsurance Accounting: Substance Over Form

The enforcement order also examined the accounting treatment of certain reinsurance arrangements. The insurer accounted for treaties on a grossed-up basis despite treaty terms specifying net rates with nil commission and expenses.

IRDAI concluded that this approach overstated profits and solvency margins in earlier years and distorted key financial ratios. The regulator’s concern was not limited to accounting techniques but extended to the broader implications for financial transparency and prudential oversight.

In regulatory accounting, economic substance takes precedence over industry convention. Practices that accelerate profit recognition or inflate solvency indicators attract close scrutiny.

Unclaimed and Unidentified Amounts: Governance Beyond Day-to-Day Operations

The inspection further identified unidentified proposal deposits that were retained beyond prescribed timelines without transfer to the unclaimed amount account. The insurer argued that internal reconciliation challenges delayed classification.

IRDAI rejected this interpretation, reiterating that funds not refunded or adjusted within regulatory timelines must be treated as unclaimed, irrespective of operational difficulties.

Handling of customer funds is a governance issue, not merely an operational one. Retention of unidentified or unallocated amounts is viewed as adverse to the policyholder’s interest.

How IRDAI Responded: A Graduated Enforcement Approach

IRDAI’s final actions reflected a graduated enforcement approach:

  • Warnings were issued for grievance handling, cybersecurity management, and reinsurance accounting lapses.
  • A monetary penalty was imposed for serious and cumulative deficiencies in claims processing and communication.
  • Advisories and directions were issued to strengthen internal controls and ensure Board-level oversight.

This demonstrates that enforcement outcomes are influenced by severity, recurrence, policyholder impact, and quality of evidence provided.

Key Regulatory Learnings

  1. Execution matters more than documentation: Well-written policies do not offset weak operational controls.
  2. Transparency is evidence-based: Regulators rely on demonstrable proof of communication and compliance.
  3. Claims governance is high-risk: Small operational shortcuts can escalate into material regulatory breaches.
  4. Board oversight is essential: Cyber risk, accounting practices, and unclaimed funds require senior-level attention.
  5. Policyholder interest is the lens: Regulatory interpretation consistently prioritises customer impact.

Closing Perspective

This educational analysis highlights how IRDAI applies regulatory standards in practice. The enforcement action illustrates a clear regulatory philosophy: insurers are expected to operate not only within the letter of the law, but also in alignment with its underlying intent.

For insurers, the lesson is straightforward: compliance is no longer a back-office function. It is a strategic, governance-driven responsibility that directly influences regulatory trust, financial outcomes, and long-term sustainability.

Leave a comment