Entities licensed by the Insurance Regulatory and Development Authority of India operate in a highly regulated framework where compliance is a continuous statutory obligation rather than a one-time licensing requirement. Their responsibilities arise from the Insurance Act, 1938, the IRDAI Act, 1999 and multiple regulations governing corporate governance, solvency, financial reporting, product approval, investments, policyholder protection, AML, IT systems and regulatory filings. After obtaining a licence, insurers and intermediaries must establish a robust internal compliance structure with defined roles, controls and monitoring mechanisms to ensure adherence to regulatory norms on a real-time basis.

The supervisory approach of IRDAI has shifted towards a principle-based and risk-oriented model, where entities are assessed not only on timely submission of returns but also on the effectiveness of their governance framework, risk management systems and customer servicing standards. Board oversight, enterprise risk management, solvency monitoring and transparent processes have become key evaluation parameters. This requires entities to integrate compliance with business operations, internal audit and technology systems to ensure regulatory sustainability and policyholder protection.

In this article, CA Manish Mishra talks about Ongoing Compliance for IRDAI Licensed Entities.

Corporate Governance and Board-Level Accountability

The IRDAI (Corporate Governance for Insurers) Regulations, 2024 place primary responsibility for compliance on the Board of Directors. The Board is required to define the risk appetite of the organisation, approve key policies and ensure that adequate internal control mechanisms are in place. Governance is no longer viewed as a procedural requirement but as a strategic oversight function.

Board Composition and Fit and Proper Criteria

Insurers must maintain an appropriate mix of executive, non-executive and independent directors. Independent directors must meet integrity, competence and experience standards. Any change in Board composition must be reported to the Authority along with a fit and proper declaration.

Mandatory Board Committees

The Audit Committee oversees financial reporting, internal audit and statutory audit. The Risk Management Committee monitors enterprise risk, solvency and stress testing. The Nomination and Remuneration Committee ensures that compensation structures are aligned with risk management objectives. The Policyholder Protection Committee reviews customer grievances, claims settlement performance and service standards.

Role of Control Functions

The Chief Compliance Officer is responsible for monitoring regulatory adherence and reporting non-compliance to the Board. The Chief Risk Officer manages enterprise risk and solvency monitoring. The Appointed Actuary certifies pricing, reserving and solvency calculations. The Chief Financial Officer certifies financial statements and regulatory filings. These roles are statutory and require direct reporting lines to the Board.

Annual Corporate Governance Report

Insurers must submit an annual governance report confirming compliance with governance norms, committee functioning, internal controls and remuneration disclosures. Any deviation must be explained with corrective action plans.

Solvency Margin, Capital Planning and Risk-Based Supervision

Solvency maintenance is a statutory obligation under Section 64VA of the Insurance Act, 1938. Insurers must maintain a solvency ratio of at least 150% at all times, ensuring that their available solvency margin exceeds the required solvency margin.

Continuous Solvency Monitoring

Solvency must be monitored on a monthly basis internally and reported periodically to the Authority. If solvency falls below control levels, the insurer must submit a restoration plan detailing capital infusion, risk reduction or reinsurance support.

Risk-Based Capital

The regulatory approach is shifting from a fixed solvency model to a risk-based capital that considers underwriting risk, market risk, credit risk and operational risk. This requires insurers to adopt advanced actuarial modelling and capital planning tools.

Ind AS 117 Implementation

The adoption of Ind AS 117 will change the way insurance revenue, liabilities and profit recognition are measured. Insurers must develop actuarial systems, data governance frameworks and financial reporting processes aligned with the new accounting standard.

Asset-Liability Management and Stress Testing

Insurers must implement ALM frameworks to ensure that long-term liabilities are backed by appropriate assets. Stress testing and scenario analysis must be conducted periodically and reported to the Board.

Financial Reporting and Statutory Returns

IRDAI licensed entities must submit a wide range of financial and actuarial returns within prescribed timelines.

Audited Financial Statements and Actuarial Reports

Annual financial statements must be accompanied by actuarial valuation reports, segmental reporting and notes on reserves. These documents must be certified by statutory auditors and the Appointed Actuary.

CEO and CFO Certification

Senior management must certify the accuracy of financial statements, adequacy of internal controls and compliance with regulatory norms.

Expenses of Management Reporting

Under the IRDAI (Expenses of Management including Commission) Regulations, 2024, insurers must ensure that their operating expenses and commissions remain within prescribed limits. Any deviation must be supported by a Board-approved remediation plan.

Policyholder Protection and Customer-Centric Compliance

Policyholder protection is the foundation of insurance regulation, requiring insurers to adopt a customer-centric approach in product design, sales and servicing. Policy documents must clearly disclose benefits, exclusions, waiting periods and claim procedures in simple language to ensure transparency and informed decision-making. Mis-selling and unfair inducements are strictly prohibited, and products must be offered based on the customer’s needs and risk profile. Timely and fair servicing of policies throughout their lifecycle is essential to maintain trust and regulatory compliance.

Claims must be processed and settled within prescribed timelines after receipt of complete documentation, and any deficiencies must be communicated promptly. Unjustified delays may attract penal interest and regulatory action. Insurers must maintain a structured grievance redressal system with proper tracking, escalation and resolution mechanisms, along with periodic reporting to the Authority. A Board-level Policyholder Protection Committee monitors claims performance, complaint trends and servicing standards, ensuring corrective measures are implemented to safeguard policyholder interests and improve customer outcomes.

Product Governance and Lifecycle Management

Product governance under the IRDAI (Insurance Products) Regulations, 2024 requires insurers to ensure that insurance products are properly designed, approved and continuously monitored so that they remain fair, transparent and suitable for policyholders. Compliance is not limited to product launch; it extends throughout the product lifecycle, including periodic performance review and necessary modifications.

Product Approval Process

Filing Route

Before introducing any product, insurers must follow the “file and use” or “use and file” procedure depending on the risk category and regulatory classification. This ensures that higher-risk products undergo prior regulatory scrutiny while standard products can be introduced with post-filing compliance.

Role of Product Management Committee

A Product Management Committee must review actuarial pricing, benefit structure, policy terms, risk coverage, exclusions and the identified target customer segment. The committee must ensure that the product offers value to policyholders, is not misleading and complies with all disclosure requirements.

Documentation and Governance

All actuarial assumptions, pricing models, internal approvals and policy wordings must be properly documented and maintained for regulatory inspection and audit purposes.

Post-Launch Product Review

Performance Monitoring

After launch, insurers must periodically analyse claims experience, loss ratios, persistency levels and customer grievances to assess whether the product is performing as expected.

Corrective Measures

If adverse trends such as high claims, low persistency or mis-selling risks are observed, insurers must take corrective action by revising pricing, modifying product features or withdrawing the product.

Ongoing Customer Suitability

The product must continue to meet the needs of the intended target segment and remain aligned with regulatory expectations and market conditions.

Health Insurance Reforms

Expanded Coverage Requirements

Recent regulatory changes have removed age restrictions, reduced waiting periods and standardised certain policy features, thereby increasing accessibility for policyholders.

Underwriting and Pricing Updates

Insurers must revise underwriting guidelines, actuarial assumptions and premium structures to reflect the revised risk profile.

Policy Documentation and Training

Policy wordings, customer disclosures, distribution training material and marketing communications must be updated to ensure compliance with the new regulatory structure.

Investment, Reinsurance and Exposure Norms

Investment of policyholder funds is a highly regulated activity because insurers hold money in trust for future claim payments. IRDAI requires insurers to follow prudent investment practices that ensure safety, liquidity and reasonable returns. All investments must be made in accordance with a Board-approved investment policy and within the regulatory framework to protect policyholder interests and maintain financial stability.

Investment Policy and Exposure Limits

Insurers are permitted to invest only in specified instruments such as government securities, approved corporate bonds, equities and infrastructure investments, subject to prescribed limits. Exposure norms restrict the amount that can be invested in a single company, group, sector or asset class to avoid concentration risk. Credit rating requirements ensure that investments are made in financially sound instruments. The investment policy must define risk appetite, asset allocation strategy, internal monitoring mechanisms and delegation of investment powers.

Reinsurance Programme

Reinsurance is used by insurers to transfer a portion of their risk exposure to reinsurers, thereby protecting their solvency and stabilising underwriting results. Every insurer must have a Board-approved reinsurance policy that outlines retention limits, catastrophe risk management strategy and selection criteria for reinsurers. The reinsurance programme must follow the prescribed order of preference and be reviewed periodically to ensure adequate risk transfer and capital efficiency.

Investment Reporting

Insurers are required to submit quarterly and annual investment returns to the Authority. These filings include details of asset allocation, compliance with exposure norms, credit ratings, yields and duration of investments. Proper classification of assets and documentation of investment decisions are necessary for regulatory review and audit. Non-compliance with investment norms may result in regulatory directions, reclassification of assets or restrictions on future investments.

Rural, Social Sector and Motor Third-Party Obligations

IRDAI requires insurers to contribute to financial inclusion by expanding insurance coverage in rural areas and among economically weaker sections. These obligations are monitored through periodic reporting and form part of the overall compliance framework for insurers.

Rural and Social Sector Targets

Insurers must achieve minimum business targets in rural areas by issuing policies to individuals, small businesses and agricultural segments located in notified rural regions. In the social sector, insurers are required to provide coverage to vulnerable groups such as low-income households, unorganised workers and beneficiaries of government welfare schemes. These targets are measured in terms of number of lives covered or policies issued and must be reported periodically to the Authority. Failure to meet these targets may attract regulatory observations and corrective directions.

Motor Third-Party Insurance

Motor third-party insurance is a statutory requirement under the Motor Vehicles Act and insurers must ensure availability of such coverage. Compliance is monitored through underwriting data, policy issuance volumes and claims settlement ratios. Insurers must also participate in industry mechanisms for high-risk vehicle pools and maintain adequate reserves for third-party claims. Non-compliance may lead to business restrictions and regulatory action.

Anti-Fraud, AML and KYC Compliance

Insurance entities are required to establish a comprehensive framework to prevent fraud, money laundering and misuse of insurance products for illegal activities. These controls are aligned with the Prevention of Money Laundering Act and IRDAI guidelines.

Fraud Risk Management

Insurers must constitute a Fraud Monitoring Committee responsible for identifying suspicious transactions, investigating fraud cases and reporting them to the Authority. A whistle-blower mechanism must be in place to enable reporting of unethical practices by employees or intermediaries. Fraud risk assessment must be integrated with internal audit and risk management systems.

AML and KYC Requirements

Entities must conduct customer due diligence at the time of policy issuance, verify identity and beneficial ownership, and maintain transaction records. Suspicious transactions must be reported to the Financial Intelligence Unit as per PMLA norms. Periodic review of high-risk policies and ongoing monitoring of customer transactions are also required to ensure compliance with AML regulations.

Intermediary-Specific Ongoing Compliance

Insurance intermediaries such as insurance brokers, corporate agents, web aggregators and third-party administrators are subject to a separate and continuous compliance framework under IRDAI regulations. Their obligations focus on financial soundness, professional competence, proper conduct and transparent dealings with policyholders and insurers. Compliance is not limited to licence renewal but requires maintenance of prescribed financial, operational and reporting standards throughout the period of registration.

Net Worth and Professional Indemnity

Intermediaries are required to maintain the minimum net worth specified for their category at all times. This ensures their financial stability and ability to meet operational obligations. Any erosion of net worth must be reported to the Authority along with a plan for restoration. In addition, intermediaries must obtain and continuously maintain a valid professional indemnity insurance policy. This policy protects clients against losses arising from errors, omissions, negligence or misconduct in the course of providing insurance advisory or distribution services.

Training and Certification

Specified persons, principal officers and authorised employees must complete mandatory training hours and obtain certification from approved institutions before soliciting or servicing insurance business. Continuous professional education is required to keep them updated on regulatory changes, product features and ethical sales practices. Records of training and certification must be maintained and produced during inspections.

Periodic Returns and Conduct Compliance

Intermediaries must submit periodic returns to IRDAI containing details of business sourced, commissions earned, grievances received and resolved, and financial statements where applicable. Proper books of accounts, client records, policy documentation and communication logs must be maintained for audit and regulatory review. They must also comply with the code of conduct, ensure full disclosure of commissions and avoid mis-selling, unfair inducements or conflict of interest. Non-compliance may attract penalties, suspension of licence or other supervisory action.

Information Technology, Cybersecurity and Digital Insurance

Digital governance has become an important compliance requirement for IRDAI licensed entities due to the increasing use of online policy issuance, digital servicing, electronic records and platform-based distribution models. Insurers and intermediaries are expected to maintain secure, reliable and auditable IT systems that protect policyholder data and support uninterrupted operations. Regulatory expectations now extend beyond basic system controls to include enterprise-level IT governance, cyber risk management and secure digital integration.

IT Governance and Data Protection

Entities must establish a formal IT governance framework approved by the Board that defines roles, responsibilities, risk controls and reporting mechanisms.

Cybersecurity Controls

Insurers are required to implement firewalls, intrusion detection systems, multi-factor authentication, regular vulnerability assessments and penetration testing. These measures help prevent cyberattacks, data breaches and unauthorized access to sensitive policyholder information.

Data Privacy

Policyholder data must be protected through encryption, restricted access, secure storage and defined data retention policies. Access to sensitive information should be role-based and monitored through system logs.

Business Continuity and Disaster Recovery

A documented business continuity plan and disaster recovery mechanism must be maintained to ensure that critical operations such as policy servicing and claims processing continue during system failures, cyber incidents or natural disruptions.

Digital Platforms and System Integration

With the adoption of digital insurance marketplaces and electronic policy management systems, insurers must ensure secure integration of their IT infrastructure with external platforms.

Digital KYC Compliance

Electronic KYC processes must follow prescribed authentication standards and maintain proper audit trails to verify customer identity.

Secure Data Exchange

All data exchanges between insurers, intermediaries and digital platforms must be encrypted and transmitted through secure channels to prevent data leakage or manipulation.

Interoperability and Audit Trails

Systems must be capable of seamless data sharing while maintaining transaction logs, user access records and audit trails for regulatory inspection and reporting purposes.

Regulatory Filing Calendar and Supervisory Action

Ongoing compliance for IRDAI licensed entities requires adherence to a structured regulatory filing calendar that includes monthly, quarterly and annual submissions. These filings enable the Authority to monitor the financial health, governance standards and policyholder servicing performance of insurers and intermediaries.

Periodic Regulatory Filings

Monthly Filings

Monthly internal reporting generally includes solvency monitoring, investment exposure tracking, grievance status review and risk management updates. These reports are placed before senior management and the Board to ensure timely corrective action where required.

Quarterly Filings

Quarterly submissions to the Authority typically cover investment returns, solvency position, asset classification, rural and social sector business data and details of policyholder complaints. These filings provide a periodic snapshot of financial strength and operational performance.

Annual Filings

Annual filings include audited financial statements, actuarial valuation reports, corporate governance reports, expenses of management returns and CEO/CFO certifications. These documents confirm overall compliance with regulatory norms and are subject to detailed supervisory review.

Supervisory Monitoring

IRDAI uses these filings to assess solvency resilience, investment compliance, governance effectiveness and policyholder protection standards. Entities with weak financial indicators or governance gaps may be placed under enhanced monitoring.

Consequences of Non-Compliance

Failure to comply with filing timelines or regulatory requirements may lead to supervisory action depending on the severity and frequency of default.

• Monetary Penalties: Financial penalties may be imposed for delayed, incomplete or incorrect filings.

• Regulatory Directions: The Authority may issue directions requiring corrective measures, enhanced reporting or changes in internal controls.

• Business Restrictions: Entities may be restricted from launching new products, opening new branches or writing new business until compliance is restored.

• Capital Infusion Requirements: If solvency levels fall below prescribed thresholds, the entity may be directed to infuse additional capital and submit a restoration plan.

• Licence Suspension or Cancellation: In cases of persistent non-compliance, governance failures or financial weakness, the Authority may suspend or cancel the licence, which can significantly impact business operations and market reputation.

Recent Regulatory Trends and Supervisory Focus

The IRDAI has consolidated multiple regulations into a unified principle-based charter in 2024. The regulatory focus has shifted towards risk-based capital, Board accountability, customer outcomes, digital governance and enterprise risk management. Supervisory inspections now evaluate governance effectiveness, solvency resilience and policyholder servicing standards rather than merely checking filing compliance.

Conclusion

Ongoing compliance for IRDAI licensed entities is not limited to periodic filings but functions as a continuous governance and risk management responsibility. Insurers and intermediaries must ensure active Board oversight, real-time monitoring of solvency, effective internal controls and customer-focused product management. Strong AML, KYC and grievance redressal systems are essential to maintain regulatory confidence and policyholder trust. A well-structured compliance framework enables early identification of risks, prevents regulatory breaches and supports stable operations.

With the move towards a risk-based supervisory approach and the implementation of Ind AS 117, compliance obligations have become more data intensive and technically demanding. Entities must align compliance with enterprise risk management, actuarial processes, financial reporting and digital systems. A proactive compliance mechanism supported by technology, regular internal audits and Board supervision is crucial to maintain financial strength, meet regulatory expectations and ensure protection of policyholders.

Frequently Asked Questions (FAQs)

Q1. What is meant by ongoing compliance for IRDAI licensed entities?

Ans. Ongoing compliance refers to the continuous regulatory obligations that insurers, reinsurers and insurance intermediaries must fulfil after obtaining an IRDAI licence. These obligations include maintaining solvency margins, filing periodic returns, complying with corporate governance norms, protecting policyholder interests, adhering to product and investment regulations, implementing AML and KYC controls and submitting financial and actuarial reports within prescribed timelines.

Q2. Which laws and regulations govern ongoing compliance for insurers?

Ans. Ongoing compliance is primarily governed by the Insurance Act, 1938, the IRDAI Act, 1999 and various regulations such as the Corporate Governance Regulations, Actuarial, Finance and Investment Regulations, Expenses of Management Regulations, Insurance Products Regulations and Policyholder Protection Regulations issued by IRDAI.

Q3. What is the minimum solvency margin requirement for insurers?

Ans. Insurers are required to maintain a solvency margin of at least 150% of the required solvency margin at all times as per Section 64VA of the Insurance Act, 1938. This ensures that insurers have sufficient financial strength to meet policyholder liabilities.

Q4. What happens if the solvency ratio falls below the prescribed level?

Ans. If the solvency ratio falls below the control level, the insurer must immediately inform IRDAI and submit a solvency restoration plan. The Authority may impose restrictions on new business, require capital infusion or take supervisory action until solvency is restored.

Q5. What are the key corporate governance requirements for insurers?

Ans. Insurers must maintain a Board with independent directors, constitute mandatory committees such as Audit, Risk Management, Nomination and Remuneration and Policyholder Protection Committees and file an annual corporate governance report. Key management personnel including the Chief Compliance Officer, Chief Risk Officer, Chief Financial Officer and Appointed Actuary must perform statutory functions and provide certifications.

Q6. Are insurance intermediaries also subject to ongoing compliance?

Ans. Yes, insurance brokers, corporate agents, web aggregators and third-party administrators must maintain minimum net worth, valid professional indemnity insurance, trained and certified personnel, proper record keeping and periodic filing of returns. They must also comply with code of conduct and disclosure norms.

Q7. What are the periodic filings required by IRDAI licensed entities?

Ans. Periodic filings include annual financial statements, actuarial valuation reports, solvency returns, expenses of management returns, corporate governance reports, rural and social sector returns, grievance redressal reports, investment returns and CEO/CFO certifications. The frequency may be monthly, quarterly or annually depending on the nature of the return.

Q8. What is the role of the Policyholder Protection Committee?

Ans. The Policyholder Protection Committee is responsible for monitoring customer service standards, reviewing grievance redressal performance, analysing claim settlement timelines and ensuring fair treatment of policyholders.

Q9. What are the requirements relating to product governance?

Ans. Insurers must follow “use and file” or “file and use” procedures for launching products. A Product Management Committee must evaluate pricing, risk features, target market suitability and post-launch performance. Products with adverse claims experience or mis-selling risks must be modified or withdrawn.

Q10. What are the limits on expenses of management?

Ans. Under the IRDAI (Expenses of Management including Commission) Regulations, insurers must ensure that operating expenses and distribution commissions remain within prescribed limits aligned with their business plan. Any deviation requires justification and regulatory reporting.