ASIC expects that financial firms (including those providing general insurance products and services – insurers, Underwriting Agencies, TPAs, Insurance brokers and Claimant Intermediaries) to have adequate compliance measures for ensuring that, as far as reasonably practicable, licensees comply with their obligations as a licensee, including the general obligations in section 912A(1) Corporations Act. (refer RG 104 Section B)
‘compliance measures’ refer to your processes, procedures or arrangements for ensuring compliance with your AFSL obligations. This includes people, systems and policies and processes.
Documenting your measures
Documentation helps you demonstrate whether or not you are complying with the general obligations. When you document your measures, ASIC expects this will include details of who is responsible, the timeframes involved and associated record keeping and reporting. (RG 104.26)
It follows that your documented compliance measures should be tailored to your business based upon the nature, scale and complexity’ of your business. Care needs to be taken in adopting an ‘off-the-shelf’, ‘one-size-fits-all’ compliance manual.
Implementing, monitoring and reporting on your measures
It is not enough just to document your measures. You also need to fully implement them. This means you need to put them into practice and integrate them into the day-to-day conduct of your business.
For measures to work effectively in practice, you need people at all levels of your business, including your senior management, to understand them and be committed to their success. Integrating your measures into the culture of your business helps ensure they are effective on an ongoing basis.
You also need to monitor and report on your compliance, including reporting relevant breaches to ASIC. ASIC expects that you will keep records of your monitoring and reporting, including records of reports on compliance and breach notifications. (refer RG 104.27 – RG 104.29)
Reviewing your measures
Regularly reviewing your measures will help to ensure they remain effective. In some cases, it may be sensible for you to consider external review. Where compliance issues have arisen (such as major breaches or repeated compliance failures), external compliance review is particularly appropriate.
You need to review your measures when there are changes to your obligations, your business or the environment in which you operate. ASIC expects that you will have a process for identifying changes that may impact on the effectiveness of your measures.
Your compliance measures
Compliance with your obligations as a licensee is central to the protection of consumers and the promotion of market integrity. Having effective compliance measures is a way for you to ensure you comply with your obligations as a licensee, including identifying and appropriately dealing with instances of non-compliance. Compliance measures also help you demonstrate to ASIC that you can comply and are complying with your obligations. (RG 104.41)
What your compliance measures need to cover
ASIC considers that the broad compliance obligations (s912A(1) are both stand-alone obligations and obligations that encompass the other general obligations. For this reason, ASIC expect your measures for ensuring compliance with the broad compliance obligations will cover all of your obligations as a licensee including:
- all of the [relevant] general obligations in s912A(1);
- your licence conditions; and
- any other financial services laws that apply to you such as the ASIC Act, Insurance Contracts Act, Insurance Act and all other parts of Chapter 7 of the Coprorations Act.
ASIC also expects that your compliance measures will:
- take into account the specific compliance risks of your business, especially those that may materially affect consumers ; and
- enable you to:
(i) communicate to your representatives (including authorised representatives) what they need to do to comply;
(ii) monitor compliance with all of your licensee obligations; and
(iii) address and report any compliance breaches.
Responsibility for compliance
ASIC expects that you will allocate to a director or senior manager responsibility for:
(a) overseeing your compliance measures; and
(b) reporting to the governing body (including having ready access to the governing body).
You need to ensure that the area responsible for compliance:
(a) is independent enough to do its job properly;
(b) has adequate staff, resources and systems; and
(c) has access to relevant records.
It may be appropriate for you to have a separate compliance function. This is likely to be the case for larger, more complex businesses (including a corporate group), but not for licensees who business is small.
The role of senior management
The level of senior management involvement in overseeing your compliance measures might extend to:
(a) communicating the measures to those responsible for implementing them and other stakeholders;
(b) ensuring that the area responsible for the measures has adequate staff and resources;
(c) ensuring staff education and awareness of the measures;
(d) implementing clear reporting lines for the manager(s) responsible for the measures; and
(e) receiving regular reports on the measures.
Compliance support
If you need compliance support to:
- set up your compliance measures that are relevant for and tailored to your unique business;
- are documented;
- operate as a compliance cycle providing data to you and informing you and senior management of the adequacy of your arrangements;
- monitor your representatives including authorised representatives; and/or
- conduct an independent review of the adequacy of your complianace measures from a top-down holistic perspective
contact me Paul Muir at Compliance Advcacy Solutions
I specialise in providing compliance services to the General Insurance industry.
Disclaimer: Reproduction of statements made in this article by media outlets, whether in full or in part, is strictly prohibited without the written express consent of the author. The views, opinions, and positions expressed within this article are those solely of the author and Compliance Advocacy Solutions Pty Ltd and not the views of other individuals, companies or organisations they may be affiliated with. The author and Compliance Advocacy Solutions Pty Ltd make no representations as to accuracy, completeness, currency, suitability, or validity of any information in this article and will not be liable for any errors or omissions or any loss or damage arising from its use or reliance. This article is intended for educational and informational purposes only and should not be relied upon as professional legal advice.