On August 20, 2024, FSRA hosted a webinar for auto insurance professionals on its proposed Fraud Reporting Service Rule and Guidance.
The webinar focused on:
- the proposed definition of what constitutes a ‘fraud event’
- when insurers are required to report information about a fraud event
- how often insurers will need to report information about fraud events to FSRA
Over 240 attendees participated in the webinar and had the opportunity to ask questions directly to our FSRA team.
Proposed Rule and Guidance: Fraud Reporting Service (FRS)
Date: August 20, 2024
Presenter: Chris Georgakopoulos
You can view this video with closed captioning by selecting the “CC” button in the video menu. Note: the closed captioning text is automatically generated and has not been reviewed for accuracy.
Note: the text is automatically generated and has not been reviewed for accuracy.
0:03
Hello everyone and welcome to today's webinar, Kids Res Proposed Rule and Guidance Fraud Reporting Service.
0:10
Before we get started I'd like to go over a few items so you know how to participate in today's event.
0:15
You have the opportunity to submit text questions to today's presenters by typing your questions into the questions pane of the control panel.
0:22
You may send your questions at any time during the presentation and we will collect these and address them during the Q &A session at the end of the presentation.
0:30
And now I'd like to introduce Melissa Grover, Senior Manager Autostrategy at FISRA.
0:37
Good afternoon and thank you for attending FISRA's webinar on our proposed fraud reporting service FRS ruling guidance.
0:43
My name is Melissa Grover and I'm joined by my colleague Chris Georgiakopoulos, Director of Autopolicy here at FISRA.
0:49
We will be your hosts for the afternoon and we'll spend some time today walking you through the proposed FRS ruling guidance.
0:59
So we'll begin with the land acknowledgement and then Chris will cover key elements of proposed ruling guidance as well as details about the public consultation in next steps and we will conclude with some questions.
1:13
Some housekeeping items for this afternoon.
1:16
We will address all questions at the end of the presentation.
1:19
Please submit yours via the Q &A function.
1:21
If we receive questions that are similar, we will group them together and answer them once.
1:25
Any questions that we cannot take today, as well as a recording of today's webinar in the slide deck will be posted to our website.
1:31
I hope you find today's webinar informative.
1:33
Let's get started.
1:37
It's important to acknowledge that the land we are on the traditional territory of many nations, including the Mississaugas of the Credit, the Anishinaabeg, the Chippewa, the Haudenosaunee, and the Wendat people, and is now home to many diverse First Nations, Inuit, and Métis people.
1:52
We acknowledge that Toronto is covered by Treaty 13 with the Mississaugas of the Credit and the Williams Treaties signed with the multiple Mississaugas and the Chippewa Pans.
2:01
And I will now turn it over to Chris to discuss the proposed FRS rule and guidance.
2:07
Thank you, Melissa, and thanks to everyone on this webinar who have expressed interest in learning more about our proposed fraud reporting service rule and guidance.
2:16
Auto insurance fraud is cited as a major problem, but we currently have a gap in reporting of fraud information, making it difficult to define the problem and create accountability for solving it.
2:27
This was proposed rule and guidance seeks to create a baseline of fraud data that will help to quantify the amount of auto insurance fraud that is taking place.
2:35
Section 101.3 of the Insurance Act, once proclaimed into force, will give FISRA the authority to prescribe in a rule auto insurance fraud information that insurers must provide FISRA.
2:49
To summarize, the proposed ruling guidance is intended to quantify auto insurance fraud in Ontario, create a baseline for fraud detection, and identify trends throughout the industry.
3:01
Next slide please.
3:07
I am now going to go over the main elements of the ruling guidance.
3:11
First off, the rule will set out the reporting threshold and scope of information that insurers will be required to report.
3:19
The rule will also state the timing and process requirements for reporting.
3:23
The guidance provides more detailed information on the data points to be collected and now FISRA intends to supervise compliance with the FRS rule.
3:32
I will now go into more details on these key elements of the proposed rule and guidance.
3:37
Next slide please.
3:41
VISTA has defined a fraud event as a deceptive act or remission or series of deceptive acts or remissions intentionally committed by a person or persons to obtain advantage, financial gain or benefits beyond that to which one is entitled to with regard to any policy, claim, provision of goods or services, or other currents related to automobile insurance.
4:06
This includes fraud perpetrated through underwriting, claims, by a service provider, by selling or distribution of insurance products, and by internal employees of an insurer.
4:20
Next slide, please.
4:24
Insurers will be required to report automobile insurance fraud information, but the information provides reasonable grounds for the insurer to believe that a fraud event defined in the rule has occurred or is likely to occur.
4:37
This information must be provided to the fraud reporting service within 30 days after the close of each quarter of the calendar year.
4:45
For example, insurers will need to provide their first quarter information, January 1st to March 31st, by April 30th.
4:55
This also includes information on fraud events from the preceding quarter, where the insurer has taken action or made a decision based on reasonable grounds that a fraud event has occurred or is likely to occur.
5:08
We also want to ensure that insurers do not disclose personal information that is not necessary for the purposes set out in the Act, specifically to assess and detect automobile insurance fraud, which includes quantifying auto insurance fraud, creating a baseline for detection and identifying trends.
5:31
Insurers must de-identify all names and identifying numbers, symbols or other particulars assigned to individuals before an insurer provides this information, unless it is necessary for the purposes as I just mentioned.
5:44
Next slide, please.
5:49
Here are some of the reporting requirements that insurers must adhere to.
5:53
Insurers must ensure that all the information is complete, up to date and factually correct.
5:59
If the information becomes incomplete, out of date or factually incorrect, the insurer must inform FISRA and take reasonable steps to correct the deficiencies.
6:10
Insurers must also immediately notify and recommend to FISRA to withdraw the information if the information includes deficiencies that cannot be remedied or fails to meet the rule, every insurer must admit their fraud information through FISRA's yet to be developed electronic or computer-based system for the filing, delivery, or reporting of the prescribed information.
6:36
I will now go through the key elements of the proposed guidance.
6:40
Next slide, please.
6:45
As previously mentioned, we want to ensure that data minimization in order to limit the collection of personal information to what is directly relevant and necessary to accomplish purpose of this collection.
6:57
So just to reiterate, FISTER interprets the statutory purpose of assessing and detecting automobile insurance fraud to enable FISTER to quantify the prevalence of auto insurance fraud, create a baseline for fraud detection, and identify trends throughout the auto insurance industry. Next slide please.
7:22
FISTER intends to supervise against the FRS rule by using its investigation and examination powers under the Act.
7:29
We will exercise our discretion when conducting supervisor activities by considering the extent to which insurers have policies, processes, systems, and associated controls in place to be compliant with the FRS rule and guidance.
7:44
This encourages insurers to design and implement a broad management framework that encompasses the following elements.
7:52
have up-to-date policies and procedures to identify and report fraud information, have systems in place for monitoring and detecting fraud events, include regular internal audits and reviews of the framework, and have strong governance structures in place with clear accountability and oversight.
8:17
We are now going to get into the type of fraud information and data points that will need to report.
8:23
For underwriting fraud, this includes when someone intentionally conceals or misrepresents information when obtaining insurance coverage.
8:31
An example would be quote manipulation to generate the lowest premium.
8:36
For claims fraud, this includes fraud committed by a policyholder when a claim has been made.
8:41
An example would be falsely claiming damage that was not caused by the accident of the covered vehicle.
8:48
For fraud by a service provider, this includes fraud committed by persons who provide services to a policyholder after a claim has been made.
8:56
An example would be auto body shops that inflate the cost of repairs or repair areas of the vehicle that do not need repairs. Next slide please.
9:09
For fraud by those who sell or distribute insurance products such as independent agents and brokers, this can include deliberately failing to disclose policy information to obtain a lower premium for the insured and ghost brokering, where fake pink slips are sold deceiving the insured and thinking they have insurance.
9:27
Lastly, for fraud by internal employees of an insurer, this can include creating fictitious claims and receiving kickbacks from a third-party vendor.
9:37
We are now going to change gears and discuss the data points that will need to be reported.
9:42
Next slide, please.
9:45
As previously discussed, we want to ensure that insurers do not disclose personal information that is not necessary for the purposes set out in the Act.
9:54
Specifically, I'm going to reiterate to assess and detect automobile insurance fraud, which includes quantifying auto insurance fraud, creating a baseline for fraud detection, and identifying trends.
10:07
And as I mentioned earlier, insurers must de-identify all names and identify numbers, symbols, or particulars assigned to individuals before an insurer provides this information unless it is necessary for the purposes I just mentioned.
10:21
With that said, we're looking to collect the following types of information.
10:25
For the insured, their contact information, date of birth, driver's license numbers, occupation, and vehicle ownership type.
10:35
For the insurance carrier, their corporate contact information, policy number, claim number, agent, broker name, and address.
10:43
policy duration, and status of the claim.
10:48
For the accident, we are looking to collect the date and time of loss, location of loss, and cause of loss.
10:58
For the parties involved, their contact information and any relevant details such as vehicle information, towing, and repair details.
11:08
Next slide, please.
11:14
This will also need to collect information on the estimated cost of the fraud.
11:19
All of this information will be categorized based on whether the fraud is through underwriting, claims, a service provider, an agent, broker, or an employee of an insurer.
11:32
I'll now quickly go over next steps before taking questions.
11:37
Next slide, please.
11:41
So we're currently in the public consultation.
11:44
It's going to be for 90 days and we'll close on Tuesday, October 14th.
11:49
We will consider feedback received and revise the proposed ruling guidance accordingly.
11:55
Thank you everyone for listening to the presentation.
11:58
And now it's time to open up for questions.
12:00
Over to you, Alyssa.
12:03
Thanks Chris.
12:04
So this concludes our formal presentation.
12:07
Thank you everybody for attending today's session.
12:09
Chris will now be joined by Jason Harris, director of policy for legal and rulemaking and Miki Yamakawa, director of market conduct P &C insurance.
12:18
They are going to take some time to respond to the questions we've received through the chat. If you have any questions you can still enter them using the Q &A icon on your screen.
12:27
Several questions have come in already.
12:28
We're going to do our best to respond but for those we aren't able to answer today we will issue an email to all attendees with the answers.
12:35
In some questions where questions are similar we will respond once.
12:39
The slide deck and webinar recording will be available on FISRA's website. And now for our first question.
12:47
So Chris, when will the FRS be operational and what are the timelines?
12:54
So we are targeting to have the rule and guidance published in April of 2025 and and we are looking at a goal-life target date to operationalize the FRS by December 2026.
13:13
Again, these are our target dates.
13:15
They can shift, but at this present time, these are the dates that we're looking for in terms of the rule and guidance being published and FRS being version. Thank you.
13:33
What, let me think, maybe I will ask Mickey, what specific steps should insurers take to ensure their internal policies align with FISRA's expectations? Yeah, great question.
13:48
The first thing is insurers should start by conducting a review of their current fraud policies and controls to ensure that any gaps are identified.
13:59
It should then be updated to ensure it meets the requirements outlined in the FRS rule and guidance.
14:06
And this would include establishing clear procedures for identifying and reporting fraud events, implementing robust monitoring systems, and ensuring regular audits and review are conducted.
14:20
Now FISRA encourages insurers to maintain strong governance structures to oversee these efforts.
14:27
Thank you. So I have another question for you.
14:32
How does FISRA supervision approach differ between large and smaller insurers?
14:37
OK.
14:39
Well, FISRA recognizes that not all insurers have the same level of resources to implement sophisticated fraud controls.
14:47
However, the expectations remains that all insurers, regardless of size, should have controls that are commensurate with the risks they face.
14:55
The key expectation is that these insurers have a governance framework and fraud prevention measures that are proportionate to their specific risk profile.
15:05
So ensuring that they are effectively managing potential fraud risks within their operational capacity.
15:14
Great, thank you.
15:15
Jay, is the information submitted through the secure portal subject to freedom of information requests?
15:23
So the Freedom of Information Request process has a number of carve-outs to protect this type of information, and our view is that those carve-outs should generally protect all this type of information being uploaded to FRS from being disclosed.
15:37
Great.
15:37
Thank you.
15:39
Chris, is FISRA looking to work with associations such as Equite who already collect some of this information?
15:46
Yeah, we have been in discussions with Equite and other stakeholders.
15:50
so I think what we're looking at is ensuring that there isn't a duplication of information sharing and really working together to have a system that works to be able to say you know in in 2026 this is how much fraud is out there this is where it's occurring this is where we need to tackle the information the fraud that's occurring so I think working with organizations such as equity and others in this space is very important and I think it is a priority.
16:20
Thank you.
16:21
Well, another question for you.
16:23
Will there be clarification on if only confirmed fraud is submitted or suspected fraud?
16:31
There are times when fraud can't be proven, but a claim has to be paid, but there are suspicions of fraud.
16:39
Yeah, so if you look at the guidance, what we've tried to do is provide examples at the different levels of that fraud occurs.
16:47
So what the threshold has been set at reasonable grounds to believe that fraud has occurred or is likely to occur.
16:54
That is a threshold.
16:56
Suspicion of fraud, and we've given examples in the guidance as well, just having a suspicion will not meet that threshold.
17:03
Really there has to be a due diligence made by the insurer.
17:07
It doesn't have to be the point where the actual fraud has been confirmed.
17:12
So we haven't set the threshold that high.
17:14
However, with that said, once the reasonable grounds to believe fraud event has been reported into the FRS, as that fraud event continues through the process and gets to, say, a confirmed case, we also want to receive that information within the fraud reporting service. Thank you.
17:32
Mickey, how will FISRA assess an insurer's compliance with the 30-day reporting requirement? Oh, yeah, good question.
17:40
Insurers are required to report information prescribed in subsection, I believe, 3.1 of the rule.
17:47
Now, with respect to instances of honor, it will be a fraud.
17:49
So, within 30 days after the end of each quarterly period of the calendar year.
17:55
Now, the Visitor's Market Contact Team will assess compliance requirements as part of our ongoing supervision of insurers.
18:05
Let's see, Chris, will any, what if any data and information will be available to insurers?
18:13
So in phase one, the collection of information will only be used for FISRS purposes.
18:20
What we do intend, and we've provided some bit of detail within the guidance in terms of a future phase, is looking at sharing of information at a future state.
18:29
What we want to do first is collect that information, do analysis.
18:32
We do plan to post some of our findings through guidance in the future and then evaluate after sort of the review of the data and look at sort of a phase two, which we are hoping can include sharing of information with insurers.
18:50
Thank you.
18:50
And has FISRA consulted with the Ontario Privacy Commissioner with respect to putting in place adequate protection for the personal information FISRA is looking to collect?
18:59
and how long will FISRA retain the information?
19:04
I can take that, or Jay, do you want to take that?
19:08
You can go ahead.
19:10
Yeah, so we have been in discussions with the Office of Information Privacy Commissioner of Ontario, and in terms of what's in the guidance and the rule, you'll see from my presentation, I was really clear on data minimization, ensuring that we only collect the data that's necessary for the purposes within the rule.
19:33
So in addition to working with the IPC, I think we'll also be working with insurers and associations to make sure that the information that is provided to us does not include personal information that's not for the set purposes.
19:48
And Jay, I'm going to supplement that.
19:51
I think the only other part of the question was on retention and FISTER had a number of retention policies that would apply to any data we collect and it would certainly continue to apply to any data in the file reporting service database.
20:05
So another question for you, Jay, is how, if at all, does UDAP come into play?
20:12
So UDAP makes noncompliance with the act, generally an unfair deceptive act of practice, in and of itself.
20:19
And so the failure to comply with requirements could result in somebody being seen to engage in an unfair deceptive act of practice.
20:28
The other tie-in is that UDAP of course also applies to a number of claim situations.
20:34
So for example, you know, any of the examples of claims fraud that we've shared generally would find themselves being considered a UDAP.
20:41
And so in a future state, you know, the hope is that we'll be able to leverage the UDAP rule as another tool to fighting fraud and use it, you know, to really go after bad guys as opposed to really focusing on using it as a compliance tool.
20:57
Thank you. We're just waiting for some questions to follow up.
21:08
Jay, I don't know if you can speak to if Carrier A has proven fraud against an individual, whether Carrier B can decline to write the business at this point.
21:18
So as part of the first phase, as Chris noted, there won't be an ability to share information.
21:24
The, you know, what information could be shared as part of two will obviously, you know, need to be determined down the road, but certainly that's a possibility of a way that the data could be used to help combat auto fraud.
21:53
Will FRS provide immunity from being subject to FOI requests from consumers?
22:05
I assume that's for me?
22:06
Yes, thank you.
22:08
So the FOI process, immunity wouldn't necessarily be the right word, but the way a normal process works is a member of the public, whether it's a consumer, an insurance company, or even a bad guy can submit an FOI request and ask for something.
22:23
And we would apply the exceptions.
22:25
And this type of commercially sensitive information is exempt from needing to be disclosed.
22:30
And so we would certainly be using those and would be pushing aggressively to make sure that somebody is not attempting to use the FOI process to get into information that's not appropriate for them to have access to.
22:42
Thank you.
22:48
And, Jay, this might also be a question for you.
22:51
Is there a consumer complaint or dispute process if a party believes that they shouldn't be included in the FRS?
22:57
At this point, because it's just a data collection and information gathering, that's not something we've built into the process, but absolutely, when you sort of shift to the information being used as an FRS, there would be.
23:11
I think the important thing to remember is that if an insurer denies a claim and sort as this body shop engaged in fraud and therefore denying the claim or taking whatever actions, that body shop will of course have whatever rights they have as they would at any claims dispute like that.
23:27
But in terms of the actual information being submitted to FRS, that wouldn't have anything that's not already in that claims file to be part of that dispute.
23:35
It's that secondary use where we would need to assess what a process would be for that.
23:42
Thank you.
23:42
And in terms of the questions coming in, you'll see that the focus for the ruling guidance in phase one is on the collection of information.
23:54
So just being mindful of that, both of these sort of phase two with regards to sharing of information is something that is a future phase that we're anticipating, right?
24:06
So really to be clear in phase one, it's really collecting that information to try to get a sense of how much fraud is out there.
24:16
Creating baselines for fraud detection, identifying trends within the industry, within Ontario.
24:22
So those are the main purposes of sort of phased.
24:25
I just want to reiterate that as questions come in.
24:27
Thank you.
24:31
Thank you.
24:32
So Mickey, I have a question for you about whether FISRA will have a standard template or process for submitting information so that it's consistent between insurers?
24:50
There's currently no standard template or, there's a process through our online portal, which will be in phase two, but no, it's just the guidance, the rule and the guidance, the information outlined within the rule and the guidance that needs to be submitted.
25:07
Yeah, and I wonder if that- And there won't be a- I wonder if that question also has to deal with, like will there be a sort of template for the reporting of information?
25:16
I don't know what they actually asked them.
25:18
I'm guessing in terms of insurance getting ready to report for 2026, what's that going to look like, right?
25:28
So in terms of timelines, we are planning to explore an RFP process to get a vendor.
25:38
all those details will be capably indicated to insurers.
25:43
I think that's what the question was getting at in terms of for insurers having a standard process across the board of reporting this information.
25:52
But yeah, we will definitely be working with insurers associations to make sure that it's as easy and effortless as possible in having a system that actually works.
26:05
well, and that we're able to get the data on a timely manner to meet those I think that's what the question was speaking to you. Thank you.
26:17
Chris, are there plans to expand to other types of claims fraud, for example, property claims fraud?
26:24
Yeah, so right now in terms of our scope, the Insurance Act is limited to reporting on automobile insurance fraud.
26:35
So currently the scope is just automobile insurance fraud.
26:37
Who knows in the future if this becomes successful and we actually see that there's a great pathway here to tackle fraud through the assessing and detecting from fraud reporting service.
26:50
It's not ruled out, but right now in terms of the scope, it is specific to automobile insurance fraud.
26:57
Chris, will FISRA engage stakeholders in evaluating and understanding the trends that may be evident in the data being aggregated.
27:05
Alternately, will evaluation not include stakeholders, for example, ensure anti-fraud resources and be based entirely on business expertise?
27:14
Yeah, I think we do want to tap into expertise from those in the industry as well.
27:21
Like I mentioned, we do plan to report on the trends, on what we're seeing.
27:27
We have a few avenues to do that, whether it's through guidance, I could envision through our annual benchmark review guidance, including information there on an annual, maybe twice a year.
27:39
So again, give us some suggestions as well, like we're thinking of how can we best utilize this information to really tackle fraud?
27:49
Yes, phase one is collecting that information, and getting a sense of what the current state looks like, but also thinking about the future stage, right?
27:58
So I anticipate that we will be working with the industry and others in this space to ensure that whatever evaluation is done, does it in a transparent way, in a way that's collaborative and all that comes.
28:16
So a related question for you, Chris, is one of the goals of the rule is to establish a baseline of data for quantifying fraud in the sector and implementation potentially to get underway in December 2025 with reporting for the previous quarter only.
28:31
How long do we anticipate it might be before a useful baseline data is established?
28:37
Yeah, in terms of useful baseline data, typically you'd want at least a year of data, right?
28:48
I'm not a data scientist, So typically you're going to want to at least a year, I would say, but we could take that back.
28:55
And as part of our Q's and A's, we could provide a more fossil response.
29:01
Thank you.
29:03
So another question about templating, a template would help, this is for you, Chris, a template would help collect the data points in a format of fizz or consume without a lot of reworking and also ensure insurers have enough lead time to automate the gathering of the data points.
29:17
When will you confirm the exact data points?
29:21
Yes, in terms of the exact data points, currently we have data points that are provided within the guidance. Following the consultation, we'll make any necessary adjustments.
29:33
The finalized ruling guidance, like I said, is anticipated for April of 2025.
29:39
So by that time, insurers will know what the actual data points are.
29:47
In addition to that, we will be working with, like I mentioned, a vendor to actually operationalize FRS.
29:54
So I'm hearing loud and clear that, you know, we want to design something that insurers can work with and be able to be sort of compliant.
30:05
And again, this isn't, you know, a compliance matter in terms of, hey, Fistra needs this information just for Fistra.
30:11
This is a starting point of ICS journey, right?
30:14
To collect that information, share that information in terms of the trends, but then future state is how do we utilize that information to really tackle fraud and get the you know bad actors out of the system. Thank you.
30:26
So just to remind our attendees any questions we can't take today as well as reporting of the webinar in the slide deck are going to be posted to our website.
30:36
I'm not sure if the next question is for Chris or Jay but will FISRA at some point provide tips or alerts to insurers if they identify subjects or entities of concern?
30:51
you may take that one. Thank you.
30:55
So as far as the FRS in terms of unsubstantiated or where we have using our kind of acronym of Reasonable Grounds to Believe, that likely isn't going to form a basis on phase one that we can provide those types of notifications to the extent that we have actionable data where we're going to initiate some sort of enforcement proceeding.
31:16
Then of course those would be public and we would be able to share those, you know, for those have been impacted by those in the past, we have started doing that.
31:26
So I would say for now, it would be relatively limited, but again, for phase two, depending on the way that gets structured, that's certainly a function that could be, you know, that one could envision being part of it.
31:39
Thank you.
31:42
And for Chris, will FISRA look to collaborate with other superintendents and other jurisdictions to support a national management approach?
31:51
That's actually a great question.
31:55
I think that's something that we need to consider.
31:58
This is, I believe, a first in Canada, having a regulator mandate for all insurers to provide fraud information.
32:09
So I totally see an opportunity here to collaborate with other jurisdictions.
32:17
Thank you.
32:18
Jay, are there requirements to report abusive business practices or violence and threats in addition to fraud?
32:27
So there's not any sort of standalone obligation as part of FRS to report those.
32:32
There could be other areas of law where reporting abuse could be important, but not arising out of the FRS rule or the sections of the Insurance Act that relate to it.
32:43
Thank you.
32:52
This might be a phase two question, but with future considerations of sharing information with insurers, is there a intention or a possibility to allow insurers to screen current and potential insurance for a fraud history? I don't know if Jay or Chris want to take that.
33:21
Yeah, in terms of the current use of fraud reporting service, I don't think so.
33:32
You'd be looking at possible phase two. Can you repeat the second part of the question?
33:38
Okay. Sorry, what was the second? Yeah, like the end of the question. I'm just trying to see where they're going with this question, just to answer it more fully.
33:52
Oh, so it had to do with screening insurance potential or current for fraud history.
33:59
Right, yeah, so in phase one, the information that's provided to the fraud reporting services is really for FISRA to quantify, create a baseline, and identify trends, not beyond that.
34:13
Jay, do you want to supplement?
34:15
Sure.
34:15
So any sort of questions like that are really kind of, I think, relating to the take-all-comers rule, and it's a question of what any given insurers underwriting rules that have been approved by FISRA say.
34:26
So, if people have ideas for how they'd like to do that sort of screening, that's certainly something you can speak to your relationship manager on our auto insurance product team for a specific under rule, underwriting rule with respect to your organization.
34:39
I suspect at this point, you know, the big question is what are you screening through or what's the data source, but they would be in the right position to assess those and ultimately we would have the approval to approve an underwriting rule if you're able to come up with an idea that they're supportive of.
34:54
Yeah, I think that speaks to, you know, a process that's in place when providing a filing to FISRA.
35:05
So it's not something specific to the Fraud Reporting Service per se, I just want to be make it clear that when you're looking at underwriting rules, there's a process already in place for that, but I don't want to confuse the two linking the question to the Fraud So thank you.
35:30
As mentioned, we will send out an email with questions that we weren't able to answer. The session recording and the slides will be available on our website.
35:45
I want to thank my first colleagues, Chris Georgiopoulos, Jason Harrison, Michio Makkala for their expertise and thanks to all of you for taking the time to join us online today.
35:54
Please take the time submit your feedback with respect to the FRS rule and guidance.
35:58
The consultation period, as Chris mentioned, will close on October 14th.
36:02
I'd also like to remind you that you can also contact FISRA if you have any other additional questions.
36:07
We hope that you found this session helpful and have a great day.
36:11
Thanks everyone.
Questions & Answers
-
Will FSRA engage stakeholders in evaluating/understanding trends that may be evident in the data being aggregated?
-
FSRA will look to industry for expertise and will engage at the appropriate time. FSRA is planning to report on the trends and are looking at different avenues such as through FSRA guidance or a FSRA report.
-
-
What is the timeframe for the FRS to produce useful baseline data?
-
FSRA has not confirmed the length of time but has contemplated collecting data for at least a year for suitable results.
-
-
The Guidance recommends that insurers undergo an internal audit and review, and suggests insurers should conduct reviews to assess the effectiveness of their "fraud management plans." Does this not bring the scope of the FRS beyond the stated public policy purposes?
-
FSRA recommends insurers to conduct internal regular audits and reviews to evaluate the effectiveness of their fraud management framework.
-
This is an expectation rather than a regulatory requirement, intended to help insurers proactively identify gaps or areas for improvement in their fraud management strategies. By conducting these assessments, insurers can strengthen their own systems, ensuring they remain aligned with best practices.
-
-
Is FSRA looking to work with associations such as Équité who also collect fraud data?
-
FSRA has been in discussions with Équité and other stakeholders.
-
Working with other organizations such as Équité is very important, as we will need to work together to understand how much automobile insurance fraud is really in the system.
-
-
Are there plans to expand to other types of claim fraud (e.g., property claim fraud)?
-
As per the Insurance Act the scope is limited to reporting on automobile insurance fraud.
-
-
Are there requirements to report abusive business practices, violence/threats in addition to fraud?
-
There are no standalone obligations to report those types of practices as part of the FRS.
-
There could be other areas of law where reporting abuse could be important, but not arising out of the FRS Rule or the sections of the Insurance Act that relate to it.
-
-
When will FSRA confirm the exact data points? Will FSRA create a template for insurers to complete and submit the data points? How will FSRA ensure consistency in submissions?
-
FSRA currently has data points provided within the FRS Guidance. Following the consultation, we will make necessary adjustments and then finalize the FRS Rule and Guidance. By that time insurers will have a more concrete idea of what the actual data points are.
-
FSRA will be working with a vendor to operationalize the FRS. As we operationalize, we will consider designing a template that insurers use in their submissions.
-
-
Are insurers required to submit only confirmed fraud, or suspected fraud?
-
The FRS Guidance provides examples of different thresholds of information about fraud events. The threshold that has been set for reporting is at reasonable grounds to believe that fraud has occurred or is likely to occur.
-
If the fraud event continues through the process and becomes a confirmed case of fraud, then that information will need to be updated/reported to the FRS.
-
-
Are there concerns that insurers could be exposed to bad faith claims if they report fraud into the FRS that is not confirmed by courts?
-
Insurers are required to de-identify all names and identifying numbers, symbols or other particulars assigned to individuals before an insurer provides the prescribed information, unless it is necessary for the purposes set out in the Insurance Act.
-
-
What processes will be in place to provide diligence after a report of fraud is made - to confirm that fraud has occurred?
-
Insurers are required under the FRS Rule to report all information about automobile insurance fraud where the information provides reasonable grounds to believe (RGB) that a fraud event has occurred or is likely to occur.
-
It will be up to the insurer to validate any fraud or potential fraud internally. The RGB threshold is intentionally prescribed in the FRS Rule to prevent premature, unnecessary, or inaccurate information from being reported to the FRS, but also to encourage reporting before an adjudicated finding of automobile insurance fraud is secured.
-
The RGB is intended to reflect a middle-ground between suspicion, and confirmation of fraud, resulting in information most beneficial to the automobile insurance sector in assessing these fraud events.
-
-
Has FSRA consulted with the Information and Privacy Commissioner of Ontario with respect to putting in place adequate protections for collecting personal information?
-
FSRA consulted with the Information and Privacy Commissioner of Ontario (IPC) on the Proposed Rule and Guidance.
-
The FRS Rule and Guidance contain specific sections on personal information, including data minimization.
-
FSRA plans to consult further with the IPC and the sector to ensure that both FSRA and reporting entities have adequate protections in place in furtherance of data minimization and protection.
-
-
Will the FRS be subject to Freedom of Information (FOI) requests from consumers?
-
Any member of the public can submit an FOI request under the Freedom of Information and Protection of Privacy Act (FIPPA).
-
Before providing information in response to an FOI request, FSRA must assess whether one or more of the exemptions under FIPPA provide a basis for or require FSRA to refuse access to the information.
-
-
Some of the data elements FSRA is requesting are related to personal information, yet all information submitted to the FRS should be de-identified information. How can an insurer comply with that requirement?
-
The data elements in the FSRA Guidance are not necessarily all the data points FSRA will collect in phase one. An insurer should not report personal information during phase one of the FRS. Certain data points with personal information will be required at later phases once the FRS is implemented.
-
-
Can FSRA comment on data retention for the FRS - rules/timelines for deletion?
-
FSRA has retention policies in place when collecting data.
-
FSRA will review its existing retention standards when implementing the FRS and ensure that it aligns with Freedom of Information and Protection of Privacy Act (FIPPA) requirements during implementation.
-
-
How does FSRA’s supervision differ between large and smaller insurers?
-
FSRA recognizes that insurers vary in size and resources; however, the core expectation remains that all insurers, regardless of size, implement fraud controls that are proportionate to the level of risk they face. Insurers must establish a governance framework and fraud prevention measures tailored to their specific risk profile. This approach ensures that each insurer within their operational capacity, effectively manages potential fraud risks.
-
-
How will FSRA assess an insurer’s compliance with the 30-day reporting requirement
-
Insurers are required to report information prescribed in subsection 3.1 of the FSRA Rule. FSRA’s Market Conduct Team will review and assess insurer compliance with this requirement as part of our ongoing supervision of insurers. This process includes evaluating the timeliness, accuracy, and completeness of the reports submitted, ensuring insurers meet their obligations under the FRS framework.
-
-
How does non-compliance with the FRS relate to the Unfair or Deceptive Acts or Practices (UDAP) Rule
-
Under the UDAP Rule, non-compliance with the Act, including the FRS requirements, constitutes an unfair or deceptive act or practice (UDAP) in and of itself. This means that failing to adhere to FRS rules may result in regulatory actions under UDAP. Furthermore, UDAP applies to several claim scenarios, and examples of claims fraud identified in the FRS Guidance could be categorized as a UDAP violation. FSRA aims to leverage the UDAP Rule as an additional enforcement tool to combat fraud, strengthening our ability to address and deter fraudulent activities in the insurance industry.
-
-
What specific steps should insurers take to ensure their internal policies align with FSRA’s expectations?
-
Insurers should closely review FSRA’s FRS Rule and Guidance to understand compliance requirements. Specifically, FSRA recommends insurers focus on the section titled “Implementation of Controls and Governance” within the Guidance, which outlines key expectations for governance frameworks, internal controls, and fraud prevention measures. Regularly reviewing and updating internal policies to align with these expectations is crucial to ensure compliance with the FRS requirements.
-