Reporting channel for insurance fraud

Finans Norge Forsikringsdrift participated in the joint sandbox organised by the Data Protection Authority and the Financial Supervisory Authority, proposing to set up a reporting channel through which the public can submit tips about potential insurance fraud.

Illustration: banknotes on a clothesline

About the project

Finans Norge Forsikringsdrift is a trade organisation for the insurance industry. The organisation undertakes tasks and activities that its member companies deem appropriate and advantageous to carry out collectively. They frequently receive tips from various organisations and individuals about suspected insurance fraud.

For this reason, Finans Norge Forsikringsdrift would like to establish a reporting channel to handle such tips. In this sandbox project, the organisation, under the guidance of the Data Protection Authority and the Financial Supervisory Authority, examined the legal issues related to setting up a reporting channel for members of the public to submit tips about suspected insurance fraud.

The final report, prepared by Finans Norge Forsikringsdrift, summarises the assessments made in the project. The assessments are based on the guidance provided by the Data Protection Authority and the Financial Supervisory Authority through their participation in the regulatory sandbox.

The need for regulatory amendments was also discussed. We used the experience from the project as a basis for providing input to the Ministry of Finance’s consultation on amendments to the Financial Institutions Act. This experience was also used by the Financial Supervisory Authority in its consultation draft.

Summary of findings and discussions in the project

Here, we summarise some of the findings from the sandbox project with Finans Norge Forsikringsdrift (FNF) that may be of relevance to similar organisations. The report provides the context for the assessments, and we therefore recommend reading it in its entirety.

FNF will act as the data controller when receiving tips from the public, carrying out initial case preparation and forwarding the tips to insurance undertakings or to the police.
FNF often receives information from insurance undertakings that are subject to a confidentiality obligation under the Financial Institutions Act. If FNF acts as a contractor for insurance undertakings, it may receive confidential information while being subject to a corresponding confidentiality obligation regarding such information.
If personal data about the tipster (i.e. non-anonymous tips) are processed, FNF must obtain the individual’s valid consent.
Legitimate interest may be a relevant legal basis for processing information about the person being reported.
It may be relevant for FNF to process sensitive personal data (special categories of personal data or data concerning criminal convictions and offences) when this is necessary to establish, exercise or defend legal claims.
FNF will have an obligation to provide general information about the processing of personal data in the reporting channel in accordance with the principle of transparency. Following a case-by-case assessment, FNF may be fully or partially exempt from the obligation to provide information to the person being reported. For example, there may be cases where providing information would make it impossible, or seriously hinder, the exposure and prevention of insurance fraud.

The final report has been prepared by the sandbox participant Finans Norge Forsikringsdrift. The legal assessments in the report have been made by the organisation, under the guidance of the Data Protection Authority and the Financial Supervisory Authority.

The final report is only available in Norwegian. Go to the article.