Guidance
☑ Interpretation ☑ Approach ☐ Information ☐ Decision
No. AU0140INT
Purpose
This Guidance outlines the Financial Services Regulatory Authority of Ontario’s (“FSRA”) interpretation of requirements under Authority Rule 2024-003 – Fraud Reporting Service (“FRS Rule”) and section 101.3 of the Insurance Act (the “Act”), and outlines FSRA’s approach to supervising against the reporting requirements outlined in the Act and the FRS Rule.
Specifically, this Guidance provides FSRA’s interpretation of several requirements under the FRS Rule regarding:
- the scope of prescribed information an insurer is required to provide when reporting information about fraud events to the Chief Executive Officer (“CEO”) or an agency designated by the CEO
- the threshold of what constitutes “reasonable grounds for the insurer to believe” that a fraud event has occurred or is likely to occur, and
- the “action” an insurer may take that triggers an insurer’s requirement to report prescribed information to the Fraud Reporting Service (“FRS”)
The purpose of the collection of information in the FRS is to support FSRA’s effective assessment and detection of automobile insurance fraud in Ontario.
Key outcomes associated with this purpose include:
- quantifying the prevalence of automobile insurance fraud in Ontario
- creating a baseline for fraud detection, and
- identifying fraud trends throughout the automobile insurance industry
Scope
This Guidance affects all insurers that are licensed to carry on automobile insurance business in Ontario.
Rationale and background
FSRA’s rule-making authority to enact a FRS is derived from paragraph 8.2 of subsection 121.0.1(1) of the Act in conjunction with subsection 101.3(1) of the Act.
The overall objective of the FRS is to improve the use of data in the auto insurance industry’s fraud management activities by statutorily authorizing and enabling insurers to report automobile insurance fraud information to the FRS.
The requirement to report information about automobile insurance fraud to the FRS builds on FSRA’s existing powers to supervise against unfair or deceptive acts and practices (“UDAP”) in the insurance sector. These powers are grounded in section 5 of FSRA’s UDAP Rule to address unfair claims practices, and section 6 of the UDAP Rule to address fraudulent or abusive conduct related to goods and services provided to a consumer. Conduct by policyholders, claimants, claims vendors, and other non-licensees is captured by many parts of the UDAP Rule, including sections 5 and 6.
FSRA’s collection and consolidation of the information about automobile insurance fraud that insurers are required to report under the Act will help create a baseline of data that can serve the purpose of assessing the amount of fraud in the automobile insurance system in Ontario.
In supervising and regulating the automobile insurance sector, FSRA is guided by its statutory objects under section 3 of the Financial Services Regulatory Authority of Ontario Act, 2016 (“FSRA Act”).
Specifically, this Guidance supports outcomes consistent with the following objects:
- to deter deceptive or fraudulent conduct, practices and activities by the regulated sectors
- to promote transparency and disclosure of information by the regulated sectors
- to contribute to public confidence in the automobile insurance sector
- to monitor and evaluate developments and trends in the automobile insurance sector
- to promote high standards of business conduct, and
- to protect the rights and interests of consumers
The FRS aims to reduce consumer harm, including unnecessary costs borne by consumers, as a result of auto mobile insurance fraud.
The FRS Rule and this accompanying Guidance represent the first phase of the development of the FRS. In the second phase of the FRS, FSRA anticipates that information collected in phase one will be available for insurers to access to enable the assessment and detection of fraud by insurers.
With regards to the first phase of the FRS, FSRA’s view is that “assessing and detecting automobile insurance fraud” includes:
- quantifying the prevalence of automobile insurance fraud in Ontario
- creating a baseline for fraud detection
- identifying trends throughout the industry
Interpretation
1. What is a “fraud event”?
All insurers must report information about “automobile insurance fraud” to the FRS in accordance with subsection 101.3(1) of the Act and the FRS Rule.
A common understanding of what events, circumstances, or actions are considered to amount to a “fraud event” is important for insurers to understand how to comply with the requirement to provide information to the CEO about “automobile insurance fraud”.
Subsection 3(2) of the FRS Rule requires insurers to provide information in accordance with subsection 101.3(1) of the Act when an insurer has taken action or made a decision based on reasonable grounds for the insurer to believe that a “fraud event” has occurred or is likely to occur. Subsection 1(1) of the FRS Rule defines a “fraud event” as follows:
“fraud event” means a deceptive act or omission, or series of deceptive acts or omissions intentionally committed by a person(s) to obtain advantage, financial gain, or benefits from an insurer beyond that to which one is entitled to in with regard to any policy, claim, provision of goods or services or other occurrence related to automobile insurance […]
FSRA interprets this phrase broadly to cover a wide range of “deceptive acts or omissions intentionally committed by a person(s) to obtain advantage, financial gain, or benefits from an insurer beyond that to which one is entitled to”. This broad interpretation empowers insurers to identify activities that meet this definition.
Recognizing that the scope of what may constitute a fraud event under the FRS Rule is constantly evolving and that a prescriptive list could not capture all potential occurrences within scope of the definition, subsection 1(1)(e) of the FRS Rule provides a non-exhaustive list of categories of “fraud events”. Examples of specific instances of “fraud events” under these broad categories is included as Appendix A in this Guidance.
2. What is the extent of information about automobile insurance fraud that an insurer must provide?
Section 3(1) of the FRS Rule outlines the scope of “prescribed information” that an insurer must provide:
“Prescribed information includes all information, including personal information, in the insurer’s possession, control or power [… ] where the information provides reasonable grounds for the insurer to believe that a fraud event has occurred or is likely to occur”.
FSRA interprets “all information” to mean all relevant information, without restriction or limitation, where the information provides reasonable grounds for the insurer to believe that a “fraud event” has occurred or is likely to occur.
The scope of information in section 3(1) is unqualified. As a result, if an insurer knowingly or unknowingly withholds prescribed information in their possession, control or power, including any and all relevant data points outlined in Appendix B of this Guidance, then the insurer would be in contravention of the Act and the FRS Rule, which may result in FSRA initiating measures to enforce compliance.
3. What type of information provides “reasonable grounds for an insurer to believe that a fraud event has occurred or is likely to occur”?
Insurers are required under the FRS Rule to report all information about automobile insurance fraud where the information provides reasonable grounds for the insurer to suspect that a fraud event has occurred or is likely to occur.
Understanding the difference between the prescribed “reasonable grounds to believe” (“RGB”) threshold for reportable information and other thresholds is important for an insurer to understand the standard and scope of information that must be reported to the FRS.
This RGB threshold is intentionally prescribed in the FRS Rule to prevent premature, unnecessary, or inaccurate information from being reported to the FRS, but also to encourage reporting before an adjudicated finding of automobile insurance fraud is secured. The RGB is intended to reflect a middle-ground between suspicion, and confirmation of fraud, resulting in information most beneficial to the automobile insurance sector in assessing and detecting these fraud events.
To illustrate the RGB threshold, this guidance distinguishes between three thresholds of information: suspicion of fraud, reasonable grounds to believe fraud has occurred, a conclusion that fraud has occurred. A suspicion of fraud is the lowest threshold, and a conclusion that fraud has occurred is the highest threshold.
The highest threshold will include all information captured by the lower thresholds, with the only difference being an increased level of evidence or facts that confirm the existence of automobile insurance fraud.
Lowest Threshold: Suspicion that a fraud event has occurred
Insurers are not required to report information if they only have suspicion that a fraud event has occurred or is likely to occur.
Suspicion means an insurer may have an indication that something is unusual or suspicious, but does not yet have verified facts that can confirm the suspicion of a fraud event or elevate the suspicion into a reasonable belief that a fraud event has occurred. Indications of a fraud event may be based on not-yet-verified evidence received from an external source, such as a law enforcement agency or another insurer.
The suspicion could come from a discrepancy from: a written document that was filed on a claim, a claim filed shortly after a new policy is bound, a conversation with the insured, claimant or other involved party, a tip from a broker, police officer or other party, external intelligence (such as information from a conference or meeting), and an indicator from a fraud software solution.
Reasonable grounds to suspect that a fraud event has occurred may exist where the insurer investigates into their suspicion of a fraud event having occurred, and discovers further indicators or facts that warrant verification and further investigation. The suspicion at this stage is based on limited unverified evidence and does not raise to a belief that a fraud event has occurred.
Suspicion of a fraud event is relevant to the extent that it may prompt an insurer to assess the factual circumstances of the situation to identify any additional information or evidence that would support or confirm this simple suspicion.
Example: A consumer purchases an automobile insurance policy on their truck. 3 days after purchasing the policy, the individual reports the vehicle as stolen. At this point, the insurer has no evidence that the consumer has fraudulently reported the vehicle as stolen, but the insurer nevertheless suspects that the consumer may be engaging in automobile insurance fraud based on previous investigations with similar facts. The insurer does not report any information to the FRS as the information only rises to the threshold of suspicion.
Prescribed Threshold: Reasonable grounds to believe (“RGB”) a fraud event has occurred or is likely to occur
Insurers are required to report prescribed information once it meets this threshold.
Section 3(1) of the FRS Rule clarifies that information is prescribed information is only where “the information provides reasonable grounds for the insurer to believe that a fraud event has occurred or is likely to occur”.
FSRA interprets “reasonable grounds […] to believe” to include evidence, verified facts, context, or indicators that support a high degree of certainty that a fraud event has occurred or is likely to occur, warranting further action by the insurer but not allowing the insurer to conclude that a fraud event has occurred.
Information that meets the RGB threshold will allow an insurer to demonstrate and articulate their belief that a fraud event has occurred or is likely to occur in such a way that another insurer reviewing the same material with similar knowledge, experience, or training would likely reach the same conclusion.
Many factors will support an insurer’s assessment and conclusion that there are reasonable grounds to believe a fraud event has occurred or is likely to occur, all of which are required to be reported to the FRS.
Example: A consumer purchases an automobile insurance policy on their truck. 3 days after purchasing the policy, the consumer reports the vehicle as stolen. One week following the consumer reporting the theft, the insurer receives a tip from a credible source that the consumer has been implicated in a vehicle theft ring. After verifying the information provided by the tip, the insurer has reasonable grounds to believe that the consumer is engaging in automobile insurance fraud with respect to their own car that they have reported as stolen. Even though the insurer does not have any direct evidence to conclude that the consumer has engaged in fraud, the insurer has opened an investigation and has started gathering evidence relating to the consumer’s claim. The insurer reports all information that supports their reasonable grounds to believe a fraud event has occurred to the FRS.
Highest Threshold: Conclusion of Fraud
Insurers should update the reported information once they have concluded that a fraud event has in fact occurred. If an insurer comes into possession of information that allows them to bypass the lower thresholds and immediately conclude that a fraud event has concurred, then the insurer will still need to report the information to the FRS.
At this threshold, an insurer has investigated, verified, and concluded that a fraud event has in fact occurred.
The threshold of information may cause the insurer to:
- pay or process a claim despite having information that allows the insurer to conclude that fraud has occurred
- deny a claim on the basis of it being fraudulent
- refer the claim or policy to a law enforcement or state agency to further the investigation and pursue criminal or other action
- seek an adjudicated finding of civil or criminal fraud, or
- secure an “in-fact determination” that fraud has occurred
Example: A consumer purchases an automobile insurance policy on their truck. 3 days after purchasing the policy, the consumer reports the vehicle as stolen. One week following the consumer reporting the theft, the insurer receives a tip from a credible source that the consumer has been implicated in a vehicle theft ring. The insurer launches an investigation during which the insurer obtains video evidence that places the consumer in the vehicle at the location where the truck was later recovered. Based on this evidence, the insurer denies the claim on the basis of it being fraudulent and refers the claim to law enforcement to pursue criminal charges. The insurer updates the information they previously reported to the FRS, including a description of the video evidence that led to their conclusion that a fraud event had occurred.
Insurers are required to update information in the FRS when the information meets the threshold of conclusion that a fraud event has occurred
Section 4 of the FRS Rule requires insurers to ensure all prescribed information provided to the CEO shall be complete, up to date, and factually correct.
If an insurer subsequently becomes aware that the information the insurer previously provided is or has become incomplete, out-of-date, or factually incorrect (e.g., the insurer has discovered information that has allowed them to conclude that fraud has occurred), then compliance with section 4 of the FRS Rule necessitates that the insurer take steps to update the information to ensure that the information provided to the FRS remains complete, up to date, and factually correct.
If an insurer reports information based on the RGB threshold, and subsequently collects further information that leads to a conclusion that a fraud event has occurred, the insurer shall update the originally-reported information based on the new information that resulted in a higher threshold.
4. What “action” triggers an insurer’s requirement to report prescribed information about automobile insurance fraud to the FRS?
Subsection 3(2) of the FRS Rule requires that:
An insurer shall within thirty days after the close of each quarterly period of the calendar year provide the information prescribed in subsection 3(1) with respect to instances of automobile insurance fraud which in the preceding quarter the insurer has taken action or made a decision based on reasonable grounds for the insurer to believe that a fraud event has occurred or is likely to occur.
“Action” is interpreted to mean any definitive decision to act based on reasonable grounds to believe a fraud event has occurred or likely to occur. To trigger an insurer’s requirement to report the prescribed information, an insurer must both have information that meets the RGB threshold and the insurer must take action based on information that meets the RGB threshold.
The following is a non-exhaustive list of “actions” an insurer could take that would trigger an insurer’s requirement to provide the prescribed information to the CEO:
- escalating a file for further investigation to SIU
- denying a claim
- voiding or otherwise terminating an insurance policy
The following is a non-exhaustive list of “decisions” an insurer could take that would trigger an insurer’s requirement to provide the prescribed information to the CEO:
- paying or processing a claim despite having information that provides reasonable grounds to believe that fraud has occurred or is likely to occur
- closing a claim made under a policy that has been abandoned by the claimant
5. How much personal information is necessary for the purposes of subsection 101.3 of the Act?
Subsections 3(3) and 3(4) of the FRS Rule limit insurers from providing more personal information than is necessary for the purposes set out in subsection 101.3(2) of the Act (“assessing and detecting automobile insurance fraud”), and requires insurers to de-identify all names and identifying numbers, symbols or other particulars assigned to individuals unless disclosure of this information is necessary for the purposes set out in the Act:
3(3) An insurer shall not disclose personal information that is not necessary for the purposes set out in subsection 101.3(2) of the Act when providing the prescribed information to the Chief Executive Officer.
3(4) An insurer shall de-identify all names and identifying numbers, symbols or other particulars assigned to individuals before an insurer provides the prescribed information to the Chief Executive Officer unless disclosure of the names or other identifying information is necessary for the purposes set out in subsection 101.3(2) of the Act.
Insurers are not required to report personal information that is not necessary for the purposes set out in subsection 101.3(2) of the Act.
FSRA interprets the statutory purpose, “assessing and detecting automobile insurance fraud” to enable FSRA to:
- quantifying the prevalence of automobile insurance fraud in Ontario
- creating a baseline for fraud detection, and
- identifying trends throughout the industry
This interpretation reflects the first phase of FSRA’s approach to building the FRS, which focuses solely on the FRS collection of information about automobile insurance fraud.
FSRA anticipates a second phase where information collected in phase one will enable insurers to use the information. The personal information listed in the Appendix may be necessary to include in phase two reporting.
FSRA will work with insurers to create unique identifiers for each instance of reporting. These unique identifiers will allow insurers to update information provided in phase one with personal information where necessary for phase two. This Guidance will need to be updated before proceeding to this second phase.
Approach
Supervision and enforcement
The main outcome that FSRA aims to achieve through administering the FRS requirements under the Act and the FRS Rule is to empower insurers to better manage and reduce automobile insurance fraud by mandating the reporting of prescribed information about automobile insurance fraud to the FRS. To that end, insurers should design and organize internal policies, processes, controls, and governance procedures in a manner that facilitates compliance with the requirements under the Act and the FRS Rule, as interpreted in this Guidance.
FSRA intends to supervise against the requirements outlined under the Act and the FRS Rule by using its investigation and examination powers under the Act. Following an investigation and examination of an insurer’s acts and practices, pursuant to the provisions of the Act, FSRA has the authority to:
FSRA will exercise its discretion when conducting its supervisory activities by considering the extent to which an insurer’s fraud reporting system has been implemented effectively by management through policies, processes, systems and associated controls.
FSRA will evaluate insurers’ processes, controls, and governance during supervisory reviews. This includes verifying the presence of adequate controls and ensuring that reporting meets the requirements as outlined. While FSRA retains the authority to sanction non-compliance with the FRS requirements, the supervisory approach will take in account the efforts made by insurers to comply and their efforts to achieve the desired outcomes.
Implementation of Controls and Governance
To comply with the FRS requirements, FSRA encourages insurers to design and implement a robust framework that encompasses the following elements:
Policies and Procedures: Clear and detailed policies and procedures that facilitate compliance with the FRS Rule and Act. This should include steps to identify and report information related to instances of automobile insurance fraud. These should be regularly updated to reflect any changes in the regulatory environment and/or emerging fraud trends.
Monitoring and Reporting Systems: Systems for monitoring and detecting fraud events as outlined in the FRS Rule and Act. These systems should be capable of capturing and reporting the prescribed information in a timely and accurate manner.
Internal Audits and Reviews: Regular internal audits and reviews to assess the effectiveness of the fraud management framework. This helps in identifying any gaps or areas for improvement.
Governance and Oversight: Strong governance structures with clear accountability and oversight mechanisms.
Effective date and future review
This Guidance will become effective on [TBD] and will be reviewed no later than [TBD].
About this Guidance
This document is consistent with FSRA’s Guidance Framework. As Approach guidance, it describes FSRA’s internal principles, processes and practices for supervisory action and application of CEO discretion. It does not create compliance obligations for regulated parties but can be considered indicative of FSRA’s position, and it does not alter requirement to comply with existing legal and regulatory framework. As Interpretation guidance, it describes FSRA’s view of requirements under its legislative mandate (i.e. legislation, regulations and rules) so that non-compliance can lead to enforcement or supervisory action.
Appendices and reference
Appendix A: Examples of fraud events that insurers are required to report information about to the Fraud Reporting Service
The following is a non-exhaustive list of the types of fraud events that insurers must report to the Fraud Reporting Service. The following is categorized according to the automobile insurance life cycle.
Fraud Category |
Description |
Example |
---|---|---|
Fraud perpetrated through underwriting fraud |
Fraud committed by persons which occurs when someone intentionally conceals or misrepresents information when obtaining insurance coverage |
|
Fraud perpetrated through fraudulent claims |
Fraud committed by policy holder when a claim has been made on a policy |
|
Fraud perpetrated by a service provider |
Fraud committed by persons who provide services to a policy holder after a claim has been made on a policy. |
|
Fraud perpetrated by selling or distribution of insurance products |
Fraud perpetrated by individuals directly involved in the distribution or sale of an insurance policy |
|
Fraud perpetrated by internal employees of an insurer |
Fraud perpetrated by individuals employed within the insurance industry |
|
Appendix B: Data points to be submitted when reporting information about fraud events to the Fraud Reporting Service
The following is a non-exhaustive list of the data elements that may be necessary for the purposes of assessing and detecting fraud. To the extent that the following list includes personal information that is not necessary for the purposes of assessing and detecting fraud, an insurer should not report the personal information during phase one of the FRS.
Category |
Data Type |
---|---|
Insured/policyholder/claimant |
|
Insurance carrier |
|
Accident information |
|
Involved parties: |
|
Cost |
|
Category/Fraud Details |
|
Effective date: [TBD]
[1] FSRA seek a court issued compliance order pursuant to s. 448(1) of the Act.
[2] FSRA may pursue the laying of provincial offences as set out in s. 447(2) of the Act.