AFS Licensees must have processes, procedures or arrangements for ensuring that, as far as reasonably practicable, they comply with their obligations as a licensee (refer ASIC RG 104.23) and those measures should be documented (RG 104.26) APRA-regulated insurers must have mechanisms in place for monitoring and ensuring ongoing compliance with all prudential requirements (CPS 220 paragraph 35(f)). Insurers under the GI Code of Practice must have appropriate systems and processes in place to enable the Code Governance Committee to monitor compliance with the Code. (paragraph 180). Insurance brokers and their authorised representatives under the Brokers Code of Practice must have in place policies and procedures for their organisation and embed a culture that reflects the Code in the way they provide services and deal with others (paragraph 8.2(a)(iii)). If you don’t use an Obligations register to record your obligations, its likely: you have a reactive approach to compliance; compliance is seen as a series of random tasks and activities; providing evidence of compliance becomes a lengthy ‘search for a document’ process’; that compliance is not embedded within your business; there is a lack of assurance that you are complying with your obligations; and there is a heightened risk of non-compliance with unresolved incidents and breaches leading to increased operational risk, regulatory risk and regulatory scrutiny. The purpose of an Obligations register Irrespective of the source of an obligation, all obligations can be adequately managed by being recorded in an Obligations register. I adopt 2 approaches when designing an Obligations register for my clients (AFS Licensees such as brokers, underwriting agencies & TPAs; APRA regulated insurers and insurance service providers): I design the Obligations register within the Risk & Compliance Manual. This ensures that the obligation has context with a narrative explaining the source of the obligation and how it may operate with other obligations; or a stand-alone register, typically for larger organisations. Irrespective of the approach, the purpose of an Obligations Register is to identify obligations (irrespective of source) and capture those in a single register. Sources of obligations can arise under: Legislation such as Corporations Act, ASIC Act, Privacy Act, Autonomous Sanctions, Act, Competition and Consumer Act; APRA Prudential Standards such as CPS 230 (Operational risk) and CPS 234 (Information Security); ASIC Regulatory Guides such as RG 271 (Dispute resoultion) and RG 166 (Licensing financial requirements); Industry Codes – GI Code and Insurance Brokers Code; Binder Agreements; or Material Service Provider agreements. The [key] control environment Once Obligations have been captured in the register, Key controls are then assigned to each obligation, designed to ensure that each obligation is adequately managed. From this exercise, it is apparent that a Key control may adequately manage multiple obligations. This drives efficiency in business process and better customer experiences. Assigning key controls to each obligation enables a shift from a focus on obligations to a focus on the control environment. An annual control testing program ensures that key controls are tested from 2 perspectives: that they have been designed effectively (fit-for-purpose); and […]
ASIC has remade a legislative instrument that exempts Australian financial services (AFS) licensees from appointing a general insurance product distributor as their authorised representative. The ASIC Corporations (Basic Deposit and General Insurance Product Distribution) Instrument 2025/520 will extend the relief previously provided by ASIC Corporations (Basic Deposit and General Insurance Product Distribution) Instrument 2015/682 until 27 August 2030. This promotes the wide availability of general insurance products to consumers by reducing the compliance costs to providers. Criteria required to comply with the instrument In order to rely on the instrument, and provide a financial service without the need to be licensed or appointed as an Authorised Representative of a Licensee, the following criteria must be met: the principal must hold an Australian financial services licence covering the provision of the service; the service is dealing in a general insurance product; the provider is a product distributor of the licensee (but this does not include employees of the licensee); and the distributor is not an authorised representative of the licensee. Additional requirements when the general insurance products are distributed to Retail clients The licensee must have taken reasonable steps to ensure that when the distributor provides the financial service to a retail client: the distributor draws the client’s attention to the availability of a dispute resolution system of the licensee that covers complaints by the client in relation to the financial service and how that system may be accessed; and if the distributor is dealing in a general insurance product or a bundled consumer credit insurance product, the client is given information in writing about: (a) who the distributor acts for when providing the financial service; and (b) any remuneration (including commission) or other benefits that the distributor, or an associate of the distributor, may receive in respect of, or that is attributable to, the provision of the financial service. The Distributor must not provide financial product advice The ASIC instrument only applies to ‘dealing’. Dealing in a financial product within the meaning of s766C(1) Corporations Act (also refer RG 36 Part C) means: applying for or acquiring a financial product; issuing a financial product; varying a financial product; or disposing of a financial product. Arranging for a person to engage in the conduct referred to above also constitutes dealing. Arranging refers to the process by which a person negotiates for, or brings into effect, a dealing in a financial product (e.g. an issue, variation, disposal, acquisition or application). The person who is arranging may be acting for a product issuer, seller or consumer. As the instrument is restricted to ‘dealing’ only, this means that the distributor is not permitted to provide financial product advice, this restriction includes both general or personal advice. If the distributor requires authorisation to provide financial product advice, and the licensee is prepared to authorise the distributor to provide financial product advice, then the distributor must be appointed as an authorised representative of the licensee (or alternatively the distributor obtains their own AFSL). Typical general insurance situations when […]
I’m sometimes asked about the nature of work that I do or more accurately ‘what do your compliance services cover’. I thought it would be useful to share a ‘week in my life’. At the heart of my services is the expert knowledge and advice I provide on compliance, specifically across general insurance, for firms that operate within that sector, typically: insurers underwriting agencies lloyds coverholders TPAs (insurance claim managers) insurance brokers service suppliers and providers claimant intermediaries distributors Compliance is in respect of complying with financial service laws including those impacting AFS licensees, Authorised reps, Lloyds coverholders/security, APRA prudential standards, sanctions, privacy and the GI Code and Brokers Code of Practice. Including ASIC Regulatory Guides and other regulatory and Code materials. In a typical week, my work will fall within 1 of the 5 following areas. 1. AFS Licensing This is a broad category covering: new licence applications; variations to existing AFS Licenses such as to remove a key person condition, or add a new authorisation such as retail clients or claims handling; and changes to license, such as adding Responsible Managers. Licence work is very rewarding as often it signifies a key milestone in the client’s journey. It is a privilege to conduct such work for my clients. Licensing work is time-consuming and requires information to be provided and presented in a manner as required by ASIC however I enjoy the opportunity to work for the client on such an important piece of work. 2. Compliance documents and frameworks The documented evidence (as required under ASIC RG 104) is the output of the consideration of what a business is authorised to do, how it does it and developing an operating rhythm that provides: adequate compliance measures that manage the firms obligations (including under binder agreements or Auth Rep agreements); assurance to board, management, business partners (such as insurers) and regulators that obligations are being adequately managed; indicators of areas of potential concern; and data (incidents, complaints, control testing, monitoring etc) The documents I provide are all individually developed and include: tailored Risk and Compliance manual (~ 35 pages, an all-in-one document that represents the business from a compliance perspective and can also be used as a training tool); Monitoring Program (monitoring employees, Authorised Reps, Distributors and/or Material Service Providers); Obligations register covering relevant (to your business) financial service laws, Prudential Standards and Codes. This enables you to assign key controls, accountability and control testing to your obligations Registers inlcuding complaints; incidents and breaches; conflicts of interest and training; and ad hoc, tailored policies & documents. All documents are tailored to your business – what it does, how it does it and who does it. 3. Training and education Training is becoming an often requested compliance service that I provide with delivery through online, face-to-face or a combination of both. I really love engaging with your business and having fun and meaningful conversations with your people addressing compliance issues that are of concern (or confusing) to them. All training […]
ASIC has released proposed updates to its conflicts management guidance for financial services businesses. Media Release 25-150MR Regulatory Guide 181 Licensing: Managing conflicts of interest (RG 181) was last updated in August 2004. The proposed changes will align the guidance with developments in law and policy and have been informed by ASIC’s private markets surveillance work. ASIC Commissioner Kate O’Rourke said: ‘Conflicts management is a core obligation for financial services businesses and helps promote consumer protection and market credibility. ‘Conflicts of interest are more than mere moral dilemmas. They can undermine trust, integrity and performance, causing serious harm to consumers, investors and overall market confidence.’ The updated guidance sets out how Australian financial services (AFS) licensees should comply with their conflicts management obligation and explains: how the law applies, including its scope and interaction with other related obligations the types of conflicts AFS licensees need to identify and manage to meet their obligation the need to have robust and tailored arrangements that are adequate to manage conflicts, and how licensees can effectively manage conflicts. Consultation CP 385 was released 30 July 2025. Comments close 5 September 2025. Draft Regulatory Guide 181 July 2025 – AFS Licensing: Managing conflicts of interest Your obligation If you are an AFS licensee, or an AFS licence applicant, you must comply with your general licensing obligations under s912A of the Corporations Act 2001 (Corporations Act). This includes your obligation to have in place adequate arrangements for managing conflicts of interest that may arise wholly, or partially, in relation to activities undertaken by you or your representative in the provision of financial services as part of your financial services business (‘the conflicts management obligation’): see s912A(1)(aa). Scope of the obligation The conflicts management obligation is broad and is intended to apply widely—it is not limited in its application. It applies to all conflicts of interest other than those wholly outside the financial services business of you or your representative. It applies to conflicts of interest that arise within the financial services business. It also applies to conflicts that arise between something within thefinancial services business and something outside it. For example: (a) a conflict between the financial services business and corporate lending business within a conglomerate firm; or (b) a conflict between the financial services business and an employee’s personal or financial interest outside it. Complying with your obligation If ASIC have reason to believe you are not complying with your conflicts management obligation, ASIC may take administrative action. This could include suspending or cancelling your AFS licence or imposing additional licence conditions: see ss915C(1) and 914A(1). Depending on the severity, a breach of your conflicts management obligation may result in civil penalties for individuals or for corporations. What is a conflict of interest? A conflict of interest can arise where there are competing financial interests, personal interests, business or related party interests—whether direct or indirect—or competing loyalties and obligations. In some circumstances, a combination of these may give rise to a conflict. You should take […]
What is the obligation? Under s912B of the Corporations Act, AFS licensees must have arrangements for compensating retail clients for losses they suffer as a result of a breach by the licensee or its representatives of their obligations in Ch 7 of the Corporations Act. (also refer ASIC RG 126) This obligation does not apply to APRA regulated insurers (see reg 7.6.02AAA(3)) but does apply to Underwriting Agencies, Insurance Brokers, Insurance Claim Managers and Claimant Intermediaries who hold an AFS Licence. These arrangements must: satisfy the requirements in the Corporations Regulations, which are that licensees must obtain PI insurance that is adequate, considering the nature of the licensee’s business and its potential liability for compensation claims (see reg 7.6.02AAA); or be approved by ASIC as alternative arrangements For the purposes of this article, I will be focusing on PI insurance under reg 7.6.02AAA. What this means for AFS Licensees and consumers ASIC’s approach to administering the compensation requirements means that all AFS licensees that provide financial services to retail clients must have PI insurance that meets the minimum standards, unless an exemption applies. Tt is important, however, to recognise the limitations of PI insurance as a consumer protection mechanism. PI insurance is not designed to protect consumers directly and is not a guarantee that compensation will be paid. It is designed to protect the insured (i.e. the AFS licensee) against the risk of financial losses arising from poor quality services (e.g. poor advice or execution of services) and other misconduct by a financial services provider (e.g. fraud by its representatives). The insurance is not intended to cover product failure or general investment losses, claims for loss solely as a result of the failure (e.g. insolvency) of a product issuer or where a return on a financial product has not met expectations. Nor is it intended to underwrite the products of a product issuer. ASIC recognise that the PI insurance that is currently available in the market is unlikely to provide a source of funds when an AFS licensee has become insolvent before the claim was brought. Ideally, insurance policies would continue to cover the licensee after it has become insolvent or otherwise ceased business, but ASIC understands that this insurance is generally not available in the current market to the average licensee. ASIC also recognise that insurers may exclude some areas of cover in policies for risk management reasons. (see RG 126.8 – 126.11) Disclosure to retail clients AFS Licensee must disclose to retail clients the kind of compensation arrangements they have in place and whether these arrangements comply with s912B: see regs 7.7.03A and 7.7.06B. The disclosure must be presented as a statement in your Financial Services Guide (FSG) or website disclosure information and the FSG or website disclosure information of your representatives. (RG 126.19) Adequate PI Insurance What is adequate? (See Section C RG 126) The Corporations Regulations require you to hold PI insurance that is adequate, considering: (a) your liability for claims brought through the Australian Financial […]
ASIC expects that financial firms (including those providing general insurance products and services – insurers, Underwriting Agencies, TPAs, Insurance brokers and Claimant Intermediaries) to have adequate compliance measures for ensuring that, as far as reasonably practicable, licensees comply with their obligations as a licensee, including the general obligations in section 912A(1) Corporations Act. (refer RG 104 Section B) ‘compliance measures’ refer to your processes, procedures or arrangements for ensuring compliance with your AFSL obligations. This includes people, systems and policies and processes. Documenting your measures Documentation helps you demonstrate whether or not you are complying with the general obligations. When you document your measures, ASIC expects this will include details of who is responsible, the timeframes involved and associated record keeping and reporting. (RG 104.26) It follows that your documented compliance measures should be tailored to your business based upon the nature, scale and complexity’ of your business. Care needs to be taken in adopting an ‘off-the-shelf’, ‘one-size-fits-all’ compliance manual. Implementing, monitoring and reporting on your measures It is not enough just to document your measures. You also need to fully implement them. This means you need to put them into practice and integrate them into the day-to-day conduct of your business. For measures to work effectively in practice, you need people at all levels of your business, including your senior management, to understand them and be committed to their success. Integrating your measures into the culture of your business helps ensure they are effective on an ongoing basis. You also need to monitor and report on your compliance, including reporting relevant breaches to ASIC. ASIC expects that you will keep records of your monitoring and reporting, including records of reports on compliance and breach notifications. (refer RG 104.27 – RG 104.29) Reviewing your measures Regularly reviewing your measures will help to ensure they remain effective. In some cases, it may be sensible for you to consider external review. Where compliance issues have arisen (such as major breaches or repeated compliance failures), external compliance review is particularly appropriate. You need to review your measures when there are changes to your obligations, your business or the environment in which you operate. ASIC expects that you will have a process for identifying changes that may impact on the effectiveness of your measures. Your compliance measures Compliance with your obligations as a licensee is central to the protection of consumers and the promotion of market integrity. Having effective compliance measures is a way for you to ensure you comply with your obligations as a licensee, including identifying and appropriately dealing with instances of non-compliance. Compliance measures also help you demonstrate to ASIC that you can comply and are complying with your obligations. (RG 104.41) What your compliance measures need to cover ASIC considers that the broad compliance obligations (s912A(1) are both stand-alone obligations and obligations that encompass the other general obligations. For this reason, ASIC expect your measures for ensuring compliance with the broad compliance obligations will cover all of your obligations as […]
Many Insurance brokers operate as an Authorised Representative (AR) under the AFS licence of another insurance broker. The risks for the Licensee, from its AR network, are clear and generally well understood: The licensee has obligations in respect of its AR’s, including: take all reasonable steps to ensure that the AR complies with the financial services laws (s912A(1)(ca) Corporations Act; ensure that its AR’s are adequately trained and are competent to provide the financial services (s912A(1)(f)); and NIBA members must ensure that their AR’s comply with the Insurance Brokers Code of Practice (Part 8.1) Generally, the Licensee will: conduct extensive due diligence before appointing an AR under s916A Corporations Act including checking with any previous licensee that the AR was authorised by; provide a risk and compliance framework; provide training; provide systems to facilitate compliance; sign off on marketing materials, disclosure documents and other such collateral; have adequate compliance resources to carry out supervision of the ARs (s912A(1)(d) Corps Act); provide specialist skill sets such as cybersecurity (refer Fortnum case below) monitor and supervise; provide advice and ongoing support; and manage incidents, reportable situations and complaints. Contagion risks A significant risk that must be considered and managed is contagion risk. This is the risk where inadequate compliance arrangements for one AR, will quickly spread to other ARs, resulting in regulatory and reputational impacts for the Licensee and all AR’s in the newtork. This was the case in proceedings recently filed in the NSW Supreme Court by ASIC against Fortnum Private Wealth Limited alleging it failed to properly manage and mitigate cybersecurity risks. ASIC alleges Fortnum did not meet its obligations as an AFS licensee because it failed to have adequate policies, frameworks, systems and controls in place to deal with cybersecurity risks. As a result, ASIC claims Fortnum exposed the company, its authorised representatives (ARs) and clients of its ARs to an unacceptable level of risk of a cyber-attack or a cybersecurity incident. (refer ASIC Media Release 25-143MR). Obligations of an Authorised Representative An AR must assist the Licensee in meeting the Licensee’s financial service obligations (and under the Code) however, the AR has independent and seperate obligations, as an AR, under financial services laws, including: must not hold out that they have an AFS Licence (s911C Corporations Act); must comply with licence conditions imposed by regulations (s914(8) Corps Act and Reg 7.6.04) , specifically: – can only sub-authorise individuals with the Licensee’s consent (note that an AR is not permitted to sub-authorise a company, it can only sub-authorise individuals); – refer to its AR number in all business documents including registered business office and website; – provide a copy of its authorisation on request, to any person, free of charge and as soon as practicable after receiving the request, but no later than 10 business days; provide retail clients with a FSG (s941B); obtain the retail client’s informed consent to any commission payment where personal advice will, or will likely, be provided before insurance is issued or sold (s963BB Corps Act and […]
The doctrine of proximate cause, expressed simply, means that if the insured cause is within the risks covered, the insurer is liable in respect of the loss but if it is within the perils exempted the insurer is not liable. The leading authority is the Leyland Shipping case [1918]. The proximate cause is complicated when concurrent causes, that is, two or more events have caused the loss. Such causes being of equal efficiency. Particular issues arise where the loss results from an excepted peril and from an insured peril, as concurrent causes, in which case the policy exclusion is given effect. This is the well known and often quoted (by IDR teams) the Wayne Tank principle [1974]. However, for consumer insurance claims – is this a fair outcome? Fairness and general insurance claims You will immediately note that this rich area of insurance law is more than 100 years old. The Wayne Tank case is more than 50 years old. Since that time we have seen: Claims handling and settling introduced as a financial service; the Unfair Contract Terms regime applying to general insurance claims; the ongoing development of the GI Code of Practice; and the duty to take reasonable care not to make a misrepresentation replacing the more onerous Duty of Disclosure for consumer insurance contracts. The common theme of these changes is the introduction of fairness, particularly for general insurance products provided to individuals and small business. AFS licencees must provide their claims handling and settling services efficiently, honestly and fairly. Contract terms in a PDS or SME general insurance product can not create a significant imbalance in the parties rights & obligations. The GI Code requires Code subscribers to be honest, efficient, fair, transparent and timely in dealings with the insured. The duty to take reasonable care requires the insurer to consider the characteristics of the insured when considering innocent misleading representations during the sales process. Does it sit comfortably to decline an insurance claim to a consumer (and potentially a consumer experiencing vulnerability) applying strict legal doctrines that were developed at a different time and in a different consumer environment? Clearly the doctrine of proximate cause can not be completely discarded. However, its application can be applied differently to claims for retail clients, consumer insurance contracts and small business standard contracts resulting in a fairer outcome. Fairness and proximate cause The Duty of Utmost Good Faith requires insurers to operate with commercial standards of decency and fairness (High Court Allianz v Deloe Vue). There is a school of thought whether this extends to ‘community standards of decency and fairness’ (refer Mann’s Annotated Insurance Contracts Act 9th ed2025 Lawbook Co. at [13.10.5]). For the purpose of discussion not controversy, how would the proximate cause be considered through a lens of community standards of decency and fairness? How would this operate in practice, in a claims or complaint context? The starting point is in respect of expert’s reports. The expert when considering causation must have a genuine ‘objective’ […]
Note: Reference for my summary of broker’s duties: Sutton on Insurance Law, Enright, Merkin & Hawke, 5th Ed Lawbook Co 2025, at page 323. Section 11 Insurance Contracts Act defines “insurance broker” as a person who carries on the business of arranging contracts of insurance, whether in Australia or elsewhere, as agent for intending insureds. A broker holding an AFS Licence has general obligations as a financial service licensee. A NIBA member has obligations under the Insurance Brokers Code of Practice. a general insurance broker who is a licensee or authorised representative of a licensee must provide the financial services efficiently, honestly and fairly. Financial services includes providing financial product advice and dealing in general insurance products on behalf of a client. the NIBA Code requires brokers to be competent through relevant qualifications, continued education and training; act honestly and with integrity in all dealings; and communicate with clients and prospective clients in a clear and timely manner. Who is my client? A broker must determine: whether the client is a Retail client or wholesale client for the purposes of disclosures and warnings); if a retail client, whether personal advice or general advice will or will likely be provided, to meet obligations for consent for commissions, modified best interest duty and Statement of Advice for personal accident or a General Advice warning; whether the contract is, or is deemed by an insurer as, a consumer insurance contract for the purposes of determining whether the duty to take reasonable care not to make a misrepresentation or the duty of disclosure applies. At common law a broker has concurrent duties to a client under contract and in tort. A broker has a duty to ‘[use] reasonable skill and care in and about obtaining insurance on the client’s behalf‘ (JW Bollom & Co Ltd v Byas Mosley & Co) The expected standards of brokers were summarised in Infinity Reliance Ltd v Heath Crawford Ltd: to perform the agreed services properly, a broker should take reasonable steps to understand the client’s business, and its insurance needs (note the best interest modified duty when providing personal advice to Retail clients under the Corps Act); the broker should aim (reasonably) to match as precisely as possible the risk exposures which have been identified with coverage available; how far the broker, instructed to place specific insurance, is obliged to assess the client’s needs beyond that particular instruction is a case-specific question; to enable the client to take an informed decision, the broker must take reasonable steps to ensure that the client understands the key terms of the cover that is being obtained; where the market offers a variety of different terms which might meet the client’s needs, the reasonable broker will take care to explain the range of available cover and the advantages and disadvantages of each. That way, the client can make an informed choice; the broker should take reasonable steps to enable the client to understand the key aspects of the placement process, for example […]
ASIC’s new website provides streamlined access to licence management services including easy access to ASIC portals such as the new Regulatory Portal for applying for a new AFS Licence or managing an existing licence. In addition, the wesbite provides a wide range of very useful regulatory resources. Regulatory resources for AFS Licensees in general insurance The following pages are relevant for firms providing general insurance products or services: Note: APRA Regulated insurers should also refer to the resources on APRA’s webapge. I’ll cover these resources in a seperate article. regulatory resources search financial services insolvency corporate governance Regulatory resources research This page enables users to search for regulatory guides, information sheets, reports, ASIC consultations. forms and ASIC instruments. Advanced search functionality enables the search to be focused, relevantly, on financial services, financial reporting, dealing with ASIC, financial advice & technology. Financial services Any AFS Licensee in general insurance should bookmark this page There are a number of sub-categories which are very helpfully categorised as follows: regulatory reforms financial advice giving advice financial product disclosure design & distribution obligations dispute resolution reportable situations client money reporting financial accountability regime claims handling and settling AFS Licensees I would also recommend that you bookmark these pages: Information for AFS Licensees ASIC Regulatory Portal – Applications for a new AFS licence, variation or cancellation of an existing licence, or notifications of some changes to an existing licence. Information for AFS Licensees This page also includes links to: Do you need an AFS Licence? Applying for and managing an AFS licence AFS Licensee obligations Changing details and lodging forms varying or cancelling your AFS licence AFS Licensee obligations A comprehensive page that provides a great overview of your obligations as an AFS licensee with links to the relevant ASIC Regulatory Guides and Information Sheets. Insolvency As an AFS licensee (other than APRA regulated insurers), you must meet the base level financial requirements. This includes the solvency and positive net assets requirement – At all times you must be solvent (i.e. be able to pay all your debts as and when they become due and payable) and have total assets that exceed total liabilities (as shown in your most recent annual balance sheet lodged with ASIC), and at all times have no reason to suspect that total assets would no longer exceed total liabilities on a current balance sheet. This ASIC page contains useful general information on insolvency. Corporate governance This is a very useful page for Directors and Company officers. The page also includes a sub-link to cyber resilience and a very useful series of ASIC speeches in connection with Directors as gatekeepers. I will use this page to publish a future article on the role of Directors in setting the right culture. Disclaimer: Reproduction of statements made in this article by media outlets, whether in full or in part, is strictly prohibited without the written express consent of the author. The views, opinions, and positions expressed within this article are those solely of the […]