Blog

The General Insurance Code of Practice is monitored and enforced by the Code Governance Committee (CGC) (paragraph 165 GI Code). The CGC’s constitution, functions and powers are set out in its Charter (paragraph 166). The CGC comprises: a consumer representative – Julia Davis an industry representative – Dallas Booth an independent chair – Veronique Ingram The Code Governance Committee Association Inc. (Association) powers and obligations are set out in the Charter (clause 5 Constitution). A management committee is responsible for controlling and managing the affairs of the Association. (clause 7 Constitution) CGC Charter The Code Governance Committee (CGC) is a committee of the Code Governance Committee Association Inc. The CGC is responsible for (Charter clause 1.2): (a) providing stewardship of the Code by helping the general insurance industry understand and comply with the Code; (b) identifying areas for improvement of insurance practices; (c) liaising with the ICA on relevant matters; (d) providing quarterly reports to the ICA Board; (e) publishing an annual public report containing aggregate industry data and consolidated analysis on Code compliance The CGC is also responsible for monitoring and enforcing compliance with the Code through (Charter clause 1.3 ): (a) investigations, analysis of data, analysis of evidence and stakeholder engagement; (b) receiving, investigating and making decisions about alleged breaches and giving Code Subscribers the opportunity to respond to any allegations that they have breached the Code; (c) considering whether it is more appropriate for ASIC or another enforcement agency to investigate an alleged breach of the Code; (d) agreeing with Code Subscribers on any corrective measures to implement within an agreed timeframe; (e) imposing sanctions; and (f) publishing breach decisions on a de-identified basis. The CGC is responsible for monitoring and enforcing compliance with the Code in the manner set out in the Code. Without limiting the CGC’s Code functions and powers, the CGC may for the purposes of monitoring compliance with the Code (Charter clause 4): (a) make reasonable requests for a Code Subscriber and/or the Service Provider to provide access to information, documents and systems, which the CGC considers necessary to discharge its functions; (b) seek independent professional legal, accounting or other advice; (c) request each Code Subscriber to lodge an annual data return and survey reporting on their compliance with the Code; and (d) enter into appropriate arrangements with the Service Provider or AFCA for the purpose of facilitating: (i) information exchange relevant to the CGC’s functions; and (ii) referrals to the CGC of an allegation that a Code Subscriber has breached the Code Additional powers CGC investigate Code Compliance (Charter clause 5) consider Code breaches (clause 5.3) and make breach decisions (5.4) impose sanctions (6.1) report Significant Breaches or serious misconduct to ASIC (6.2) publish significant breaches (7.1) publish an Annual report and provide to ICA Board and AFCA Board (9.2) develop policies, guidelines, reporting forms and operating procedure consistent with the Charter and Code (10) CGC reviews Upcoming review Motor insurance claims handling CGC are currently scoping a targeted review into motor […]

I continue to receive questions from general insurance brokers on the difference between general advice and personal advice. Personal advice is where the provider of the advice has considered one or more of the person’s objectives, financial situation and needs or a reasonable person might expect the provider to have considered one or more of those matters. (my emphasis) It is important to note that general advice is narrow in application and ASIC and the Court will adopt an approach of ‘substance over form’ as to whether general or personal advice has been provided. That is, providing a general advice warning does not mean that financial product advice is general advice per se, an examination of the facts and circumstances is required. This question was revisited by the High Court of Australia Westpac Securities Administration Ltd v Australian Securities and Investments Commission [2021] HCA 3. Also refer to ASIC media release 21-013MR Corporations Act Section 766B(3)(b) of the Corporations Act 2001 (Cth) defines “personal advice” so as to include “financial product advice” given or directed to a person in circumstances where a reasonable person might expect the provider to have considered one or more of the person’s objectives, financial situation and needs. Section 766B(4) defines “general advice” as financial product advice that is not personal advice. As the High Court stated [T]he division of the universe of financial product advice into “personal advice” and “general advice” serves to organise the obligations owed by a financial product adviser to a retail client, with more onerous obligations being imposed upon the adviser where the circumstances are apt to suggest to the client that the financial product, the subject of the advice, is appropriate to the particular circumstances of the individual client. Circumstances Westpac Bank subsidiaries, Westpac Securities Administration Limited (WSAL) and BT Funds Management Limited (BTFM), conducted two telephone campaigns by the Westpac companies which recommended that customers roll out of their other superannuation funds into a Westpac-related superannuation account. As a result of the campaigns, Westpac increased its funds under management by almost $650 million between 1 January 2013 and 16 September 2016. The High Court confirmed that WSAL and BTFM breached financial services laws, including the requirement to act in their clients’ best interests and the requirement to act honestly, efficiently and fairly. The unanimous High Court judgment upheld the Full Federal Court decision regarding the conduct of WSAL and BTFM, dismissing their appeal and holding that they breached the Corporations Act by providing personal financial product advice in calls made to 14 customers. Neither company was licensed to provide personal financial advice. Judgment In the judgment, Justice Gordon reinforced that s766B(3) of the Corporations Act, which outlines the meaning of general and personal advice, ‘is directed to the protection of the retail client’ and clarified that ‘[…] the general advice warning must be assessed in light of all the circumstances. The general advice warning was given only once, at the beginning of the telephone conversation. Members were subsequently asked […]

AFS Licensee’s must; have a dispute resolution system (process) that complies with standards and requirements made or approved by ASIC and covers complaints made by [retail] clients in connection with the provision of the financial services; and, be a member of AFCA. (refer s912A(1)(g) and (2) Corporations Act). The licensee’s IDR must include complaints against representatives including authorised representatives. It follows that authorised representatives must immediately notify the licensee about the complaint. In addition, subscribers to the GI Code of Practice and Insurance Brokers Code of Practice must comply with parts 11 and 9.0, respectively. Understanding the nuances of RG 271 – enforceable paragraphs The general obligation for IDR in section 912A(1) gives rise to a legal obligation imposed on the Licensee. However, the legal requirement only applies to the enforceable paragraphs in RG 271and not all paragraphs RG 271. Any paragraph that is not identified by ASIC as an ‘enforceable paragraph’ in RG 271 is regulatory guidance only and not a legal requirement. (refer RG 271.8 and RG 271.9) What are the enforceable paragraphs of RG 271 for general insurance? definition of complaint RG 271.27 – RG 271.29 (including note) posts (that meet the definition of ‘complaint’ set out in RG 271.27) on a social media channel or account owned or controlled by the financial firm that is the subject of the post, where the author is both identifiable and contactable RG 271.32 small business complaints RG 271.36 outsourcing IDR processes RG 271.48 what an IDR response must contain RG 271.43- RG 271.54 (including notes) when an IDR response must be provided by RG 271.56 – RG 271.60 (including note) complaint management delays RG 271.64- RG 271.66 (including notes) complaints closed within five business days of receipt RG 271.71 IDR response within 5 business days RG 271.75 the role of customer advocates RG 271.109- RG 271.110 (including note 1) links between the IDR process and AFCA RG 271.111- RG 271.112 how to manage systemic issues RG 271.118- RG 271.120 (including note) accessibility of IDR process RG 271.134 no charges or detriment RG 271.141 resourcing and staff numbers RG 271.142 – RG 271.143 empowering staff and financial delegations RG 271.146- RG 271.147 maximum IDR timeframes and closing complaints RG 271.163 and RG 271.165 policy and procedures RG 271.172 data collection, analysis and internal reporting RG 271.179 report complaints data internally and publicly RG 271.183 Disclaimer: Reproduction of statements made in this article by media outlets, whether in full or in part, is strictly prohibited without the written express consent of the author. The views, opinions, and positions expressed within this article are those solely of the author and Compliance Advocacy Solutions Pty Ltd and not the views of other individuals, companies or organisations they may be affiliated with. The author and Compliance Advocacy Solutions Pty Ltd make no representations as to accuracy, completeness, currency, suitability, or validity of any information in this article and will not be liable for any errors or omissions or any loss or damage arising from […]

I’m often asked to outline what is involved in obtaining an AFS Licence in Australia for general insurance. I have assisted many people to obtain a new AFS Licence, vary an existing Licence and add new responsible managers. The process to obtain an AFS licence to provide general insurance services or products is not overly complex however, it is time-consuming and labour-intensive, as ASIC’s information requirements are specific. All AFS licence applications (new and variations) must be submitted via ASIC’s online regulatory portal. I assist my clients in setting their business up in the portal and providing me with access so that I can facilitate the application for them. My typical clients requiring a new AFS licence include: insurance brokers who are currently authorised representatives; people who want to operate an Underwriting Agency in Australia (including Lloyds coverholders); foreign companies that want to provide financial services in Australia; and people wanting to provide claim services either for insurers (insurance claim managers) or insureds (claimant intermediaries) I manage AFS Licence variations (including adding responsible managers) for insurers, brokers, underwriting agencies, claim service providers and anyone who currently has an AFS Licence for general insurance products Typical general insurance authorisations AFSL authorisations relevant for general insurance are: providing financial product advice including general financial product advice only; dealing including issuing (when acting on behalf of insurers) and dealing on behalf of another person (insurance brokers including obtaining the use of restricted broker terms); and claims handling and settling services on behalf of insurers or on behalf of an insured. The financial services can be provided to Retail and/or Wholesale clients. The AFS Licence application process The process for a new AFS Licence application is more involved and complicated than a licence variation. This example deals with a new AFSL application however I can assist you with information requirements and the process for variations on request. Contact me here ASIC provides guidance on the process and information requirements in RG 1 and INFO 294. People requirements Information must be provided to ASIC on your fit and proper people and your responsible managers. Fit and Proper people Section 913BA of the Corporations Act requires that, before a licence is granted, ASIC must be satisfied that there is no reason to believe that certain people involved in the management or control of your financial services business are not ‘fit and proper persons’ to undertake that role. You will need to include details of your fit and proper people in the application (refer RG 1.138 – 1.166). A fit and proper person is your ‘officers’ and this is defined in section 9 Corporations Act, relevantly to include: a director or secretary of the corporation; or person: (i) who makes, or participates in making, decisions that affect the whole, or a substantial part, of the business of the corporation; or (ii) who has the capacity to affect significantly the corporation’s financial standing; or (iii) in accordance with whose instructions or wishes the directors of the corporation are accustomed to act […]

Typically, for home building claims, a cash settlement payment is offered as a settlement option when a repairer can’t guarantee repairs due to concurrent wear & tear or maintenance issues. Under paragraph 86 of the GI Code of Practice, insurers who have authorised repairs must accept responsibility for the quality of the builders work and the materials they use. This clause has led to an unfair practice of offering cash payments as a first resort. Most customers aren’t aware of their rights at law and under the GI Code, and simply accept the cash settlement offer. Problems arise when repair costs escalate (due to the rising cost of living or petrol cost increases and commensurate impact on supply chain) and the risks associated with project managing repairs. The standard claims settlement process appears to be that whenever there is a mix of covered damage and damage caused due to wear and tear or lack of maintenance, there is a default to a cash settlement payment. This position is difficult to reconcile when the same builder (under the guise of an expert report) has clearly been able to distinguish between storm damage and wear & tear/maintenance and provides a causation report. Most consumers don’t want the inconvenience of having to arrange repairs, coordinate trades and generally project management the work. A simple solution would be to provide the customer with the option of being provided with a detailed Scope of Works itemising insurance covered work and excluded work. The Code guarantee would be provided for the insurance covered work with the customer acknowledging their liability and payment for excluded work. Regulatory view of cash settlements (and cash settlement fact sheets) Cash settlements and cash settlement fact sheets (CSFS) remain on the radar of regulators. ASIC We will review general insurers’ use of cash settlements to better understand the practices and disclosures surrounding the offers being made and to assess whether there are risks of consumer harm. ASIC Corporate Plan 2025-2026 Code Governance Committee As part of our 2024-25 workplan, we committed to reviewing the information insurers provided to customers on cash settlements and the processes they follow when deciding to offer a cash settlement. We note that, in the Industry Action Plan, insurers have committed to a range of actions to address recommendations relating to cash settlements. We also note ASIC’s recent report, finding that insurers need to provide better information to consumers around cash settlements. We will review what information insurers provide to customers, and what information those customers need to make effective decisions around cash settlements. CGC Priorities 2025-26 Cash Settlement Fact Sheets An insurer, underwriting agency or TPA acting on behalf of either must provide a cash settlement fact sheet where: the financial service is claims handling and settling; and the service is offering to settle all or part of a claim under a general insurance product using a cash payment; and the customer is a retail client; and the PDS provides repair or replacement as settlement options. […]

The power of enforcement – ASIC’s perspective In the Enforcement session opening speech by ASIC Deputy Chair Sarah Court at the ASIC Annual Forum, 13 November 2025, the following example was provided as ‘the power of enforcement.’ I want to start though, with a reflection on ASIC’s enforcement posture. We are often asked why ASIC needs to take a strong enforcement approach. The suggestion seems to be that we should rather call out the issue of concern, allow the firm involved to remedy it, and avoid the cost and uncertainty of court-based litigation. Apart from the obvious answer that we are not, and never will be, the compliance arm of large corporations, the following example is telling. ASIC Commissioners are frequently guests around board tables where we engage with directors and senior executives about the important work that we do. At one recent such engagement I mentioned a 2023 ‘pricing promises’ case ASIC had taken against insurer RACQ. RACQ ultimately admitted to this misconduct, which involved misleading documents sent on millions of occasions, to nearly half a million customers. They collectively missed out on some $86m worth of discounts. A significant penalty was imposed, and there was widespread media attention. A woman at the board table was a former senior executive of another insurer. While that insurer had long been aware of pricing promise issues and the potential for problems of its own, until that point those problems had been secondary. Following this court action, she said the focus changed overnight. There was an immediate review of all pricing promises, whereupon widespread irregularities were discovered. What was interesting about this swift reprioritisation was the broader industry context. The sector was well on notice of ASIC’s concerns on this issue, and there was widescale remediation in place. Despite that fact it was only court action against another like firm that finally prompted this insurer to review, reprioritise and remediate. Therein lies the power of enforcement. Civil penalties as an enforcement action in General Insurance Over recent time, ASIC has commenced the following Federal Court proceedings seeking civil penalties: IAL penalised $40 million over pricing discount failures ASIC alleges QBE misled customers over pricing discounts ASIC takes court action alleging RACQ sent half a million misleading insurance renewal comparisons Cbus ordered to pay $23.5 million penalty for serious failures in processing members death benefits and insurance claims It should be noted that CBus was a superannuation matter.. Legal principles relevant to orders sought by agreement in regulatory proceedings O’Callaghan J. in Australian Securities and Investments Commission v United Super Pty Ltd [2025] FCA 1453 summarised the position: [8] There is an important public policy involved in promoting predictability of outcome in civil penalty proceedings.  The practice of receiving and, if appropriate, accepting agreed penalty submissions increases the predictability of outcome for regulators and wrongdoers.  Such predictability of outcome encourages corporations to acknowledge contraventions, which, in turn, assists in avoiding lengthy and complex litigation and thus tends to free the courts to deal with other […]

Insurance brokers, Underwriting Agencies, TPAs, Claimant Intermediaries and Service Providers must take care in the use of certain words that are either restricted or their use may lead to misleading or deceptive conduct. Use of words “insurance” and “insurer” Section 114 Insurance Act places restrictions on the use of the words ‘insurer’ and ‘insurance’. This is relevant for discretionary mutual funds and warranties. Use of the word “insurance” A person commits an offence if the person carries on a business or is proposing to carry on a business; and the person uses the word insurance to describe (expressly or by implication) a product or service that the person supplies, or proposes to supply, in the course of carrying on the business; and the product or service is not insurance; and it is likely in all the circumstances (including the use of the word insurance ) that the product or service could be mistakenly believed to be insurance. Use of the word ‘insurer’ Use of the word “insurer” A person commits an offence if the person carries on a business or is proposing to carry on a business; and the person uses the wordinsurer to describe (expressly or by implication) the person in connection with a product or service that the person supplies, or proposes to supply, in the course of carrying on the business; and either: the product or service is not insurance; or the person would breach a requirement mentioned in subsection (3) [need to be authorised to carry on insurance business] if the person supplied the product or service in the course of carrying on the business; and in a case where the product or service is not insurance–it is likely in all the circumstances (including the use of the wordinsurer ) that the product or service could be mistakenly believed to be insurance. Insurance brokers receiving commissions, remuneration or benefits from insurer or underwriting agency Brokers who receive commissions, remuneration or benefits from an insurer or underwriting agency are not permitted to use the word independent , impartial or unbiased. Refer Section 923A Corporations Act Insurance brokers – restricted terms A person may only use the following terms if authorised by a condition on their AFS Licence: insurance broker, insurance broking or general insurance broker (Section 923B Corporations Act) Restricted terms in Advertising financial products and services Care should be taken when using certain terms and phrases in an advertisement, particularly where the way those terms and phrases are used is not consistent with the ordinary meaning commonly recognised by consumers (e.g. ‘free’, ‘secure’ and ‘guaranteed’). RG 234.91 Inappropriately using terms and phrases can: create expectations that cannot be met; indicate a certain level of security that does not exist; and indicate different levels of protection and different levels of risk. The use of such terms may lead to misleading or deceptive conduct. Use of technical language and industry jargon in advertising Industry concepts or jargon may not be well understood by many consumers and should be […]

As more and more Insurance Brokers move away from a commission only based remuneration model to charging client fees, questions arise around obligations in respect of fees. Principles of equity and indemnity apply to the charging of fees however regulations and the brokers Code also apply. Providing financial services efficiently, honestly and fairly. The overarching general obligation for AFSL Licensees to provide financial services to clients ‘efficiently, honestly and fairly’, extends to the systematic practice of charging fees. The phrase (‘efficiently, honestly and fairly’) has been subject to significant judicial analysis, it is clear that the general obligation of a Licensed insurance broker and their [authorised] representatives means that they must, relevantly: perform their functions to a reasonable standard of performance by an insurance broker that the public is entitled to expect; a broker must be ethically sound; and includes where a licensee pursues its own self-interest and disregards the best interests of its clients . Conflicts of interests An AFS Licensee must adequately manage its conflicts of interests. (refer RG 181 Section B) Insurance brokers have a fiduciary duty to their clients. Subject to any terms governing the fiduciary relationship including Terms of Engagement, a broker will need to act in the client’s best interests, prioritise their interests, not profit without consent, and address any conflicts. A broker must take this duty into account when complying with its conflicts management obligation. This will also inform the adequacy of their conflict management arrangements. (ASIC RG 181.22) Best interests obligations An insurance broker (includes licensees and authorised representatives) providing personal advice to a retail client must act in the best interests of the client. This duty requires the broker to have: identified the objectives, financial situation and needs of the client in respect of the subject matter; identified the subject matter of the advice; and make reasonable enquiries to obtain complete and accurate information relevant to the client’s circumstances. This activity should be included in the factors for calculating the fee in addition to arranging the insurance cover, policy administration and claims advocacy. FSG AFS Licensees and, independently their authorised representatives, must provide a FSG to a retail client before providing their financial services (i.e. before any advice is provided). The FSG must be up to date and contain information about the remuneration being received for providing the services. ASIC INFO 291 is informative Information about remuneration should be presented in one location and in a way that is easy for the client to understand, consistent with the requirement when a client requests more detailed remuneration information in regulations 7.7.04A(4) and 7.7.07A(4). This could include ranges, rates, comparisons, simple tables and formulas. Price fixing and Bid rigging Under the Competition and Consumer Act, cartel activity is illegal. Types of cartel activity include price fixing and bid rigging: A broking practice must not collude with another unrelated broking pratice(s) in connection with the fees being charged or proposed to be charged. Price fixing Competing businesses must not agree to fix, control or […]

𝐭𝐡𝐞 𝐢𝐦𝐩𝐨𝐫𝐭𝐚𝐧𝐜𝐞 𝐨𝐟 𝐚𝐝𝐞𝐪𝐮𝐚𝐭𝐞 𝐜𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐦𝐞𝐚𝐬𝐮𝐫𝐞𝐬 ASIC has cancelled the Australian financial services (AFS) licence of securities dealer Pulse Markets Pty Ltd (Pulse Markets), effective from 11 February 2026. (ASIC Media Release 26-027MR) The licence was cancelled after ASIC found Pulse Markets had serious and sustained breaches of its duties under s912A of the Corporations Act 2001. These included Pulse’s failure to adequately supervise its corporate authorised representatives (CARs) providing financial services under its AFS licence, increasing the risk they will not comply with financial services laws and put clients at risk of financial loss. ASIC found that Pulse Markets failed to comply with its obligations, including failure to: maintain the competence required to provide the financial services it offered take reasonable steps to ensure that its representatives comply with the financial services laws by failing to: – undertake appropriate due diligence prior to the appointment of its CARs; – take adequate steps to monitor the websites and marketing of its CARs; – maintain adequate compliance, breach and incident registers; – and maintain compliance manuals with accurate information about AFS licence authorisations ensure adequate resources, including staffing, to provide the financial services covered by the licence and to carry out supervisory arrangements prepare and lodge financial statements (being a balance sheet and a profit and loss statement) for financial years 2024 and 2025 obtain an opinion by a registered company auditor regarding Pulse Market’s compliance with the financial conditions on their licence for the financial years 2024 and 2025 pay its Industry Funding Levy for the 2023-2024 financial year. Pulse Markets may apply to the Administrative Review Tribunal (ART) for a review of ASIC’s decision. Pulse Markets is a Queensland-based securities dealer and has held AFS licence number 220383 since 7 June 2002. The licence authorised Pulse Markets to provide financial product advice, deal in financial products and underwrite an issue of securities, for wholesale clients. Lessons for General Insurance It should be noted that Pulse Markets provided financial services to Wholesale clients. This case demonstrates that while firms operating in general insurance providing services to Wholesale Clients (typically Underwriting Agencies offering casualty or specialist general insurance products), don’t have some of the disclosure or other obligations of firms providing services to Retail Clients, they still have obligations that must be documented and managed. In addition, Authorised Representatives must be subject to due diligence, onboarding and ongoing monitoring and supervision irrespective of whether providing general insurance services or products to Retail or Wholesale Clients. The case also highlights the importance of documenting compliance measures for both the AFS Licensee and their authorised representatives. The documents should be tailored to the business of the licensee and its authorised representatives (and not an off-the-shelf manual) and be suitable to use in staff training and development and sharing with business partners. Typical documents for small-medium sized insurance brokers, underwriting agencies and TPA’s are: Risk and Compliance Manual; and Monitoring Program Insurers and larger firms require a taxonomy of risk and compliance documents (framework) […]

The General Insurance Code Governance Committee (CGC) has called on insurers to improve transparency and communication with customers after a review of online applications for motor vehicle insurance. The review looked at how 13 insurers handle online applications across 58 motor insurance brands. Authors note: the Design & Distribution obligations (inlcuding making a TMD available) together with Australian financial services laws requirements assists in understanding why there is a large number of brands compared to a smaller number of insurers. The review found that insurers could be doing more to clearly explain to customers why they ask for certain personal details. The report noted that some insurers could not demonstrate how some questions in the applications were relevant to their decisions. The review also found that when insurers decline to offer insurance, customers are often left with vague or confusing messages that do not clearly outline the reasons or what they can do next. Executive Summary The CGC found that: Insurers often ask for personal information, such as relationship or employment status, without clearly explaining why it is needed or how it affects the outcome. When insurers decide not to offer cover online, the messages provided are frequently vague, unhelpful, or lack guidance on next steps. Some underwriting practices, such as excluding applicants based on past bankruptcy or a lack of prior insurance, may unfairly penalise otherwise low-risk customers. Most insurers are meeting their Code obligations relating to declined applications, with some demonstrating best practice by including tailored explanations and clear guidance for declined applicants. Greater transparency, fairness, and relevance in data collection and decision-making will help insurers meet their obligations under the Code and improve the customer experience. Insurers do not always explain the relevance of their questions clearly to customers The Code obligations: When an insurer is unable or unwilling to explain the relevance of a question, it breaches its commitments to transparency and fairness in the Code (Paragraph 21). This also means the CGC cannot be satisfied the insurer is meeting its obligation to only ask for and rely on relevant information (Paragraph 45). Authors Note:failure to explain the relevance of a question, may impact the insurer’s reliance on an insured’s failure to meet their duty to take reasonable care not to make a rmisrepresentation. What the CGC found: CGC reviewed the online motor insurance application forms of 13 insurers. For six of these insurers, CGC had no concerns with the relevance of the questions they asked. However, for the remaining seven, CGC identified several types of questions where the relevance to the decision to provide motor insurance was not made clear to customers. These included questions about: Relationship status Employment status and occupation Ownership of other vehicles. The CGC noted – [w]here possible, insurers should request information directly, rather than making inferences or assumptions based on indirect questions. By asking specific and direct questions, insurers treat customers more fairly, based on their individual circumstances, and are more transparent about why the information is being requested The […]

ASIC has updated its regulatory guidance on managing conflicts of interest for Australian financial services businesses. One of the general obligations of an AFS Licensee is to have in place adequate arrangements for the management of conflicts of interest that arise from the licensees financial services (or from the services provided by the authorised representative of the licensee). Section 912A(1)(aa) Corporations Act. This obligation is a civil penalty provision. Action required Licensees should review their arrangements (and those of their authorised representatives) for identifying, raising and managing conflicts of interest, against the updated RG 181, specifically update Risk & Compliance Manual and/or Conflicts of Interest Policy; update conflicts of interest training modules; and update monthly attestations. It would be timely for Licensees to reiterate Conflicts of Interests obligations with staff and ARs based on the updated RG 181 and to submit any fresh conflict of interest declarations using the Appendix to RG 181. The Appendix provides a catalogue that outlines some key legal obligations and information relevant to conflicts management that may apply to an AFS licensee, representative, or AFS licence applicant. Key updates in the revised RG 181 include: how the law applies to conflicts of interest, including the scope of the conflicts management obligation and links to other related obligations the types of conflicts AFS licensees should identify and manage the need for robust, tailored arrangements to manage conflicts practical steps for effective conflict management, and a non-exhaustive ‘catalogue’ of related legal obligations and information. Scope of the obligation The conflicts management obligation is broad and is intended to apply widely—it is not limited in its application. It applies to all conflicts of interest other than those wholly outside (i.e. completely separate to) the financial services business of you or your representative. It applies to conflicts of interest that arise within the financial services business. It also applies to conflicts that arise between something within the financial services business and something outside it, particularly where the relationship, interest or activity may affect (or reasonably appear to affect) how financial services are provided by the business. For example, an employee prioritising their competing personal or financial interest outside the business may affect how they provide financial services within the business, as well as the quality of the services they provide. What is a conflict of interest? A conflict of interest can arise where there are competing financial interests, personal interests, business or related party interests—whether direct or indirect—or competing loyalties and obligations. In some circumstances, a combination of these may give rise to a conflict. You should take a ‘common-sense’ and objective approach to determining if there is a conflict of interest. Whether there is a conflict of interest will ultimately turn on the facts and circumstances of a situation. Conflicts of interest can be: (a) actual—where a conflict currently exists that could sway your judgement or actions (or those of your representatives); and (b) potential—where circumstances do not currently give rise to an actual conflict but could reasonably […]

Key areas of focus for 2026 AFCA Claims handling Approach – consultation on AFCA’s Approach to general insurance claims handling has closed. The new Approach is expected to be released shortly. Insurers have key obligations under the Insurance Contracts Act 1984 (Cth), including the duty of utmost good faith, which requires them to handle insurance claims fairly, transparently, and efficiently. This Approach provides information about how AFCA considers various types of complaints relating to the handling of general insurance claims, against an insurer’s legal obligations and has regard to industry standards. Cash Settlements. In ASIC’s Corporate Plan 2025-26 – We will review general insurers’ use of cash settlements to better understand the practices and disclosures surrounding the offers being made and to assess whether there are risks of consumer harm. CAsh Settlements were also called out as an area of 2026 focus by the Code Governance Committee and in AFCA’s [new] Claims Handling Approach. Industry use of external experts. has highlighted improvements in how insurers oversee and engage external experts, with better measures to strengthen accountability and quality assurance. The CGC, in its Oversight of external experts: follow up 8 December 2025 has identified areas of ongoing work. Pricing promises and pricing transparency. ASIC Corporate Plan 2025-26 We will examine the accuracy and transparency of general insurers’ disclosures about premiums and work to better understand consumer experiences. Complaints (IDR). In 2024, ASIC reviewed 11 general insurers to understand how they are supporting customers who make a complaint. ASIC’s Report 802 highlighted a failure to identify 1 in 6 complaints and a lack of identifying systemic issues. ASIC has also indicated that it will be moving to publishing IDR data at a firm-level (refer CP 383). The General Insurance Code Governance Committee highlighted complaints handling as a main priority for 2025-26. The Insurance Brokers Code Compliance Committee in their Annual Report 2024-25 found 42% of brokers reported no breaches or complaints Incident and Breach Reporting. ASIC’s review of reportable situations (4th December 2024) revealed a number of poor practices among licensees including deficiencies in Licensee’s incident mangement. The Insurance Brokers Code Compliance Committee in their Annual Report 2024-25 found 42% of brokers reported no breaches or complaints Privacy changes were introduced in December 2024 with automated-decision making to be regulated by December 2026. The OAIC launched a new Notifiable Data Breaches (NDB) statistics dashboard 4 November 2025. Additional changes are contemplated to the Privacy Act. CPS 230 – operational resilience and BCPs. The new prudential standard CPS 230 introduces strict requirements for insurers to strengthen operational resilience, meaning they must effectively manage operational risks and ensure continuity of critical functions during and after a disruption event and oversee “material service providers” such as claims processing and underwriting agencies. APRA will conduct a review of the large insurers during 2026 with learnings shared for all other insurers and there material servcie providers. GI Code of Practice. The insurance Council of Australia and insurers are moving to the next stage of the development […]

AFCA have published its updated Approach to family violence and Approach to financial abuse of older people following a comprehensive consultation process. AFCA have: expanded and refreshed the Approach to family violence, which will replace AFCA’s existing Approach to joint accounts and family violence revised and updated the Approach to financial abuse of older people, which will replace the superseded Approach to financial elder abuse. I have extracted the parts of the Approaches relevant to General Insurance however the full Approaches should be considered and can be accessed here. The AFCA Approach to family violence What is family violence? The Family Law Act 1975 (Cth) defines family violence as: “…violent, threatening or other behaviour by a person that coerces or controls a member of the person’s family (the family member),or causes the family member to be fearful.” Family violence can have serious and lasting effects on a person’s physical, psychological and financial wellbeing. These impacts may compound over many years. Family violence impact does not necessarily end when the relationship does. In some cases, it can begin or escalate after the relationship has ended. Family violence refers to both intimate partner violence and violence between family members. This includes (but is not limited to): physical, psychological, sexual and emotional abuse coercive control financial abuse parental or elder abuse General insurance Family violence in the misuse of insurance products is a growing risk. Insurance policies can be exploited to perpetrate abuse by changing or cancelling policies, changing beneficiaries, restricting access to information, interfering with the claims process, or preventing victim-survivors from obtaining a payout. Warning signs of potential family violence and financial abuse There are warning signs that a customer may be experiencing family violence and/or financial abuse specific to insurance products. These may include when one policyholder may: not understand, or is not aware, that: > cover has been taken out in their name or covering their property > they have been removed from a policy or the policy has been cancelled by a joint policyholder have concerns about protecting their personal privacy or safety or the security of their policies be reluctant to involve the other joint policyholder when making changes to the policy, making a claim or seeking hardship assistance. Warning signs that a policyholder may be a perpetrator of family violence include that they: ask questions about a joint policyholder’s behaviour or activities request to remove the other joint policyholder from a policy or claim are reluctant to involve the other joint policyholder when making changes to the policy, making a claim or seeking hardship assistance. Common issues that may arise In the context of insurance, issues that may arise with jointly held policies in situations involving family violence, include: cancellation of the policy by one policyholder payment of benefits under a jointly held policy disadvantage to innocent co-insured by a perpetrator’s failure to disclose perpetrators forcing victim-survivors to pay an excess following an accident policies that may exclude damage to property by the perpetrator of family […]

I’m often asked when must a certain document be provided to a client? Disclosure documents for general insurance generally have have 2 requirements: content requirements; and timing requirements This article will focus on the timing requirements. Customer/client journey The simplest way to think about the timing requirements for disclosure documents is to think about the various customer touchpoints or the customer journey. Insurance brokers often send an important noticedocument when invoicing clients containing all relevant information such as FSG, general advice warning, duty to take reasonable care, duty of disclosure etc. While convenient, care should be taken with this approach to ensure the regulatory timing requirements are met Code requirements Brokers and insurers (including underwriting agencies, TPAs and other material service providers) also have requirements under respective industry Codes to provide certain information at a specific time. The customer/client journey should not only be mapped out to cover regulatory disclosure documents but should also pick up Code requirements such as providing a Terms of Engagement (brokers). The regulatory disclosure cycle It should be noted that disclosure documents are only required to be provided to Retail clients however it is common practice for a FSG to be provided to both retail and wholesale clients. A TMD is not a disclosure document as it only must be made available by a product issuer before it distributes a general insurance product. The product issuer must make a TMD available and a distributor must not engage in retail product distribution conduct unless a TMD is available or not required (see RG 274). It’s important to note that a TMD is not only relevant for Retail clients. The test is whether a Retail client could purchase the product, even if intended for Wholesale clients. Let’s explore the disclosure documents relevant for general insurance based on the customer experience or journey. I’ve included the reference in the Corporations Act for the content requirements in case you wish to have a look at these requirements in addtiion to the timing requirements. FSG Obligation to give a FSG if financial services provided to a Retail client (s941A for licensees and s941B for authorised representatives) Timing of FSG (s941D) Content requirements (s942A – 942E including a combined FSG/PDS) A FSG must be given to the (retail) client as soon as practicable after it becomes apparent that the financial service will be, or is likely to be, provided to the client, and in any event must be given to the client before the financial service is provided. (s941C provides situations in which a FSG is not required). Practically speaking, the FSG will be provided before any financial product advice is provided, this means on appointment (for brokers) or at quote stage (for underwriters). A claimant intermediary must provide a FSG before they provide any claims handling settling services to the client (s941C(7A)). This is because they are acting on behalf of the insured. A claims manager, acting on behalf of the insurer, is not required to provide a FSG, as […]

In 2024, ASIC reviewed 11 general insurers to understand how they are supporting customers who make a complaint. ASIC’s review focused on how general insurers are complying with select enforceable obligations in Regulatory Guide 271 Internal dispute resolution (RG 271). While ASIC’s review focused on general insurers, the findings in this report are relevant for all financial firms that must comply with RG 271, this includes Underwriting Agencies, Claim Managers (TPAs), Claimant Intermediaries and Insurance Brokers. ASIC‘s key findings included: Insurers failed to identify 1 in 6 customer complaints Insurers only identified 85 systemic issues from over 1.4 million complaints Insurers had immature systems for handling complaints and reporting on complaints 1 in 8 IDR responses for rejected complaints did not meet mandatory content requirements 1 in 5 delay notifications failed to meet mandatory content requirements All insurers failed to provide delay notifications within required timeframes The General Insurance Code Governance Committee highlighted complaints handling as a main priority for 2025-26. Respondents to our consultation raised significant concerns about how insurers identify and handle complaints. We raised our own concerns about the handling of complaints in our Industry Data and Compliance Report FY24, with the number of complaints increasing by 18%. The Insurance Brokers Code Compliance Committee in their Annual Report 2024-25 found 42% of brokers reported no breaches or complaints (that) suggests continued underreporting and issues with internal monitoring… These failures represent service gaps that can expose clients to risk. Regulatory requirements AFS Licensees, as part of their general obligations (refer s912A(1)(g) and (2) Corporations Act) must have a dispute resolution system that consists of: an internal dispute resolution (IDR) procedure that complies with the enforceable paragraphs of RG 271; covers complaints against the licensee (and representatives) in connection with the provision of the financial services; and be a member of AFCA. All AFS Licensees that provide financial services to retail clients must submit an IDR report to ASIC. Firms must submit an IDR report to ASIC every six months. The reporting periods are: 1 January to 30 June, and 1 July to 31 December. A two-month submission window opens at the end of each reporting period. Submission windows are: 1 January to end of February, and, 1 July to 31 August. Financial firms that had complaints during the relevant six-month reporting period must submit an IDR report through ASIC’s Regulatory Portal that contains an IDR data file in machine-readable format, consistent with the specifications in the IDR data reporting handbook. In a recent media release, ASIC has confirmed that it will proceed with plans to publish IDR data at firm-level. The IDR dashboard will be published later this year. Code Complaint requirements Part 11 of The GI Code of Practice applies to Retail Insurance products. In addition, it is available to an uninsured person making a claim against a customer who is insured under a Retail Insurance policy (see paragraph 60). Part 11 also applies to Wholesale Insurance products where you are entitled to Financial Hardship support under […]

Compliance training in general insurance is not only a legal and Code requirement, it is also necessary to ensure that you have adequate compliance measures and for an individual’s growth and development as they progress through their insurance career. Compliance training for front-line staff, compliance teams, responsible managers and boards is one of the core compliance services that I offer to my clients. Over the years, I have identified what works. How do you know whether your compliance training has been successful? The measures of success Some of the metrics that can be adopted to measure the success of your compliance training are: a sustained increase in the number of incidents and complaints being identified and reported internally; an increase in the level of complexity of compliance questions being asked by front-line staff; a decrease in issues that were previously identified as pain points; a desire to attend future compliance training; better customer conversations (as assessed by monitoring); feedback from post-training surveys aimed at engagement and knowledge retention; and an increase in the maturity of compliance discussions within business team meetings. Importantly, some metrics that should not be used to assess the success of your compliance training are: the number of CPD/CIP points attained or annual hours of training completed. ; and the cost of training per employee. However these metrics are useful for other purposes The key requirements to conducting successful compliance In my professional experience, the following are some of the strategies that I adopt to ensure successful compliance training outcomes: Target the audience – training on financial services laws is not a one size fits all approach. Training for front-line staff differs to training for senior management, responsible managers or the board. Similarily, training must be tailored for different groups such as IDR teams, Authorised representatives, claims staff, sales & underwriters, onshore teams v offshore based teams. Understanding the lens of your audience is critical in how you poistion the same topic but to different audiences. For example RG 271 training for a mature IDR team will be different to complaints training for front-line customer service and claims teams. Fun and engaging – when an invite to a compliance training session pops in to your diary it may not necessarily generate your enthusiasm especially when accompanied by the dreaded words ‘attendance is compulsory.’ I consider that I have a training duty to ensure that the time that a person spends with me is of value and justifies them spending time away from their important day-to-day job (which continues even in their absence). Reading through the verbiage of s912A(1) Corporations Act may not be everyone’s cup of tea however, ensuring that s912A(1) is presented and discussed in a fun and engaging manner through, for example, story telling and case studies will faciliate learning as part of an overall enjoyable experience; Story telling – story telling brings compliance to life. I have 40 years experience in general insurance and in the last 8 years (as Compliance Advocacy Solutions) have […]

Misleading or deceptive regulatory obligations The Corporations Act prohibits engaging in conduct, in relation to a financial product or a financial service, that is misleading or deceptive or is likely to mislead or deceive (s1041H). Further, under the the ASIC Act, a person must not, in trade or commerce, engage in conduct in relation to financial services that is misleading or deceptive or is likely to mislead or deceive (s12DA). A breach of the misleading or deceptive conduct provisions is a Reportable Situation to ASIC unless: the breach has been rectified including consumer remediation within 60 days; and the number of impacted consumers is less than 10; and the total financial loss or damage to consumers is less than $1000. If a breach satisfies all these thresholds, it is not deemed reportable to ASIC. What is misleading or deceptive conduct? The key requirement is that the impugned conduct leads, or is likely to lead, a person into error. Advertising financial products and services (including insurance): Good practice guidance ASIC has developed good practice guidance (RG 234) to help promoters comply with their legal obligations to not make false or misleading statements or engage in misleading or deceptive conduct. The promoter will sometimes be the insurer, underwriting agency or broker but can also be a distributor or agent. ASIC’s guidance applies to advertising communicated through any medium in any form, including: magazines and newspapers radio and television; outdoor advertising, including billboards, signs at public venues, and transit advertising; the internet, including webpages, banner advertisements, video streaming (e.g. YouTube), and social networking and microblogging (e.g. LinkedIn); social media and internet discussion sites; mobile phone messages (e.g. SMS, MMS, text messages); product brochures and promotional fact sheets; direct mail (e.g. by post, facsimile or email); telemarketing activities and audio messages for telephone callers on hold; and presentations to groups of people, seminars and advertorials. Overview of Good practice guidance The following is extracted from RG 234, I have added general insurance context where relevant to do so. Returns, features, benefits and risks Advertisements for general insurance products should give a balanced message about the returns, features, benefits and risks associated with the product. Benefits should not be given undue prominence compared with risks. Warnings, disclaimers, qualifications and fine print Warnings, disclaimers and qualifications should not be inconsistent with other content in an advertisement, including any headline claims. Warnings, disclaimers and qualifications should have sufficient prominence to effectively convey key information to a reasonable member of the audience on first viewing the advertisement. Consumers should not need to go to another website (or other page of the website) or document (such as a PDS or TMD) to correct a misleading impression. Fees and costs Where a fee or cost is referred to in an advertisement, it should give a realistic impression of the overall level of fees and costs a consumer is likely to pay, including any indirect fees or costs. The premium, commission and government charges should be clearly identified. Comparisons Comparisons should […]

The true purpose of Compliance What is your compliance narrative? Is it about rules, regulations and laws? A legalistic approach to compliance does not engage your people and projects compliance as a series of task and activities that must be undertaken – hardly inspiring or motivational, with the outcome that compliance is often reactive in nature. How do you change the compliance narrative so that it is about people and caring, driving a proactive approach to compliance? The true purpose of compliance is to protect. The question becomes – protect who and from what? Your firm’s response to this fundamental question is important. People are motivated to act by caring, and its what we care about, that we want to protect. The protect analogy Think about driving a car. You need a drivers licence to drive a motor vehicle on a public road. This licensing process requires you to gain knowledge and skills to operate a motor vehicle in accordance with the road rules. Why? to protect yourself, people you care about (as your passengers), other road users and the community from the cost of motor vehcile accidents – fatalities, injuries and property damage and consequential social costs. Similarily, in order to conduct a general insurance business in Australia you need to be authorised by APRA and to provide a financial service (which includes general insurance) you need to be licensed by ASIC, or be a representative of a licensee. Like a drivers licence, you need to demonstrate to APRA and ASIC the knowledge, skills, and experience in general insurance with the approriate capital requirements and human, financial and IT resources with people who meet standards of honesty, ethics and integrity. Why, to protect what matters, and who you care about. Let’s explore this further. Who does compliance protect? Compliance, in a general insurance context, protects: our customers, clients and consumers from the risk of financial harm and detriment and consequential impacts on their life, business and assets (due to issues such as availability and affordability; partial or total declined claims; underinsurance, claim delays etc); our people (this includes staff, external representatives, material service providers and anyone involved in the insurance sales & claims supply chain) from the risk of being banned or disqualified, individual fines & penalties, damage to their reputation and asscoaited mental health issues and impacts to the enjoyment of their life; our business – the risk of fines & penalties, loss of licence, enforcement action, lost management time, loss of business, reputational impacts and class actions including shareholder actions for ASX listed entities; our business partners such as insurers, MGAs, TPAs, service suppliers, authorised representatives, referrers, distributors, and material service providers from the risk of financial and reputational harm, regulatory enforcement action, loss of business partner and associated loss of business; and the community, arising from systemic failures and mistrust in the general insurance industry. What happens when we care? Caring motivates people to take action, and to perform tasks that make a positive difference. This […]

The following are extracted from remarks by ASIC Commissioner Alan Kirkland at the Insurance Council of Australia Annual Conference on 10 October 2025. I have grouped the remarks under various headings for ease of reference. The full speech may be accessed here. Claims handling – 2022 floods It’s hard to forget those who let you down when you’ve had a hard time – and that was unfortunately the experience of many Australians in the aftermath of the 2022 floods. “Some people, who turned to their insurer in their darkest hour after paying premiums for years, felt that they became engaged in an adversarial situation with a company meant to be on their side.”[9] That quote is from the House of Representatives Standing Committee on Economics report into claims handling failures after the 2022 floods, which was handed down almost a year ago. It’s fair to say that there remains a significant trust gap to be addressed following this report. Reputation data from RepTrak[10] and Roy Morgan[11] suggests that insurance is among Australia’s most distrusted industries – and you only need to look at the testimony of individuals impacted to understand why. David Norris, whose family owned the Central Hotel in Eugowra, told the inquiry after more than 60 years with their insurer it was apparent that “loyalty only goes one way[12]. This is the challenge that must be addressed by you as you try to “pitch your tent” in the middle of these storms – showing people like David that loyalty is a two-way street. Areas of improvement in claims handling As insurers though, you are in the business of recovery. You know that rebuilding doesn’t happen overnight. It takes continual effort and care. And we know from our latest review that some of you are putting in the work and starting to see some green shoots of recovery as a result of that work. As noted recently by AFCA[13], the industry has made progress on reducing historically high complaint numbers, which should be commended. And we have also observed some promising signs in our recent follow-up on Report 768 – which of course was the report that examined claims handling practices following the 2022 floods[14]. When that report was published, we found that poor communications, poor resourcing, and poor treatment of vulnerable customers were endemic across the insurance industry. But it is clear that a lot of work has happened in the past two years in response to those findings. For example, every insurer we looked at this time around had established a program to improve their approach to claims handling. Most had introduced a single point of contact for claims, so customers didn’t have to tell their stories over and over again. Some had gotten smarter about how they used their data to identify and support vulnerable customers, before and after major events. And a few went beyond this – towards truly consumer-centric practices. For example, we’ve seen some insurers appoint a dedicated consumer advocate to be a […]

Last month I attended the AILA 2025 National Conference in Melbourne. One of the highlights was the regulators panel featuring: Jane Magill Executive Director General Insurance & Banking, APRA Peter Soros Executive Director, Regulation & Supervision, ASIC David Locke CEO, AFCA Chair Alexandra Hordern General Manager, Regulatory & Consumer Policy, ICA (Insurance Council of Australia) General insurance – areas of increased regulatory oversight The following areas were identified as subject to regulatory oversight during 2026: it was noted the increased complaints for motor vehicle insurance, this will be a focus for ASIC claims handling is improving however areas such as cash settlements will be a focus risk culture including how this permeates throughout the organisation feedback on CPS 230 based on reviews of larger insurers the use of AI however both ASIC and APRA consider that the existing regulatory regime is sufficient to manage the risks and are continuing to observe this space. A human should be involved in any AI decision-making process. APRA will be undertaking a narrow review of larger entities to test that principle based Prudential Standards 220, 230 & 234 are adequate to manage the risk of AI the use of AI by complainants as part of the IDR and EDR was observed and is being considered by AFCA (and is consistent with what I’m being told by my clients) pricing; the expectation is for transparency, and insurers to recognise efforts by insureds to improve their own risk sustainability reporting requirements The role of the regulator David Locke provided the following view on the role of the regulator which I have produced below with David’s permission: As a regulator your role is to clearly spell out where the red and yellow flags are on the beach and make it very easy for the public (and financial firms) to swim between the flags. There will always be some people who drift or accidentally swim just outside them and you blow your whistle and use the lightest regulatory tools necessary to get them to swim back in safe water. You then focus the majority of your compliance resources on the idiots jumping off the rocks at the end of the beach. You want to prosecute them to deter others from doing so, and in some cases want them permanently off the beach. David’s analogy strongly resonates with my ‘Compliance protects what matters‘ theme. A company’s compliance arrangements can serve a similar purpose of keeping their people and other representatives swimming safely between the flags (that is: conducting general insurance business efficiently, honestly, fairly, transparently and timely) by adopting the following compliance operating rhythm: the documented compliance process and procedures, training and IT systems provides a safe place to conduct business protecting the business, its people, its customers and cliients and its business partners; the firm’s people acting as ‘an early warning system’ to quickly identify and raise incidents and complaints; an effective monitoring program; and a culture of wanting to do the right thing. Disclaimer: Reproduction of statements […]

Underwriting Agencies generally require an APRA-regulated insurer as a partner to provide general insurance products in Australia. The Underwriting Agency typically has delegated binding authority from an insurer (see section 916E Corporations Act). In this instance, the Agency is acting on behalf of the insurer. In other arrangements, such as an open-market placement, it’s likely that the agency is acting on behalf of the insured (commonly referred to as wholesale broking) and would require the relevant authorisation under their AFS Licence. It is necessary for an Underwriting Agency to ensure that the insurer is authorised by APRA to carry on general insurance business in Australia. Who is an insurer and what authorisation does an insurer require to carry on general insurance business in Australia? Under the Insurance Act 1973, it is an offence to conduct insurance business in Australia without the proper authority. If your business intends to conduct any business that can be classed as insurance business, you need a licence from APRA giving you the authority to conduct insurance business in Australia. Part 3 of the Insurance Act defines ‘insurance business’ as the business of undertaking liability by way of insurance (including reinsurance), in respect of any loss or damage. It includes liability to pay damages or compensation, contingent upon the happening of a specified event, and any business incidental to insurance business as so defined. There are some exclusions to the definition of insurance business, such as life insurance (covered by the Life Insurance Act 1995) and health insurance (covered by the Private Health Insurance Act 2007). The Insurance Act only allows corporations or Lloyd’s underwriters to carry out insurance business in Australia, which means APRA cannot consider applications from partnerships or unincorporated entities. APRA expects all applicants to be able to comply with all of its prudential requirements, as set out in the Insurance Act and prudential standards, from the commencement of insurance business in Australia and continuously thereafter. Requirements APRA will consider the following matters in the application: ownership governance including board composition and FAR Capital and Assets in Australia including minimum capital requirements Risk management framework Compliance Reinsurance management Informations security and accounting systems Intra-group transactions and arrangements General insurers authorisation – Section 12 A general insurer, including a foreign general insurer, is authorised under section 12 to carry on general insurance business in Australia. The obligation to comply with APRA Prudential Standards applies to general insurers authorised under section 12. Lloyds Underwriters – Section 93 Part VII, section 93 of the Insurance Act authorises Lloyd’s Underwriters to write Australian insurance business. Sections 65 to 73 of the Act provide for special Australian policyholder protection provisions associated with Lloyd’s. At all times, Lloyd’s must ensure that security trust fund arrangements, and ancillary or incidental arrangements, in accordance with Lloyd’s security trust fund instrument No. 2 of 2017 are in existence. Unauthorised foreign insurers Certain insurance business is an exemption under the Insurance Act (subsection 3A(1)) Insurance Regulation Section 8 provides that where insurance is […]

ASIC has released its Corporate Plan 2025-26. ASIC Chair Joe Longo Mr Longo said the plan formalised ASIC’s focus on regulatory simplification. (Media Release 25-177MR) ‘A focus on simpler and better regulation is now a concrete part of ASIC’s 2025-29 plan and will see the agency continue that focus to make it easier to interact with ASIC, to understand our expectations, for us to administer the law, and ultimately to cut red tape.’ ASIC’s Corporate Plan also outlines how the agency is maturing its approach to measuring and assessing its performance, including introducing a new suite of performance measures. ‘This will help our stakeholders better understand ASIC’s impact,’ Mr Longo said. Impacts for General Insurance I have extracted the parts of ASIC’s Corporate Plan 2025-26 that impact general insurance. 12 month work Guided by the strategic priorities set out in the plan, ASIC’s work over the next 12 months and beyond will include: driving regulatory reform to ensure the stability, fairness and transparency of our capital markets ensuring stable, secure and resilient market infrastructure pursuing continuous improvement in artificial intelligence (AI) governance and cyber security holding superannuation trustees accountable for Australians’ retirement savings, and reducing the regulatory burden on businesses. 2025-29 plan highlighting general insurance impacts ASIC are focused on addressing the most significant issues in the regulatory environment and bolstering ASIC’s capabilities to achieve this. In 2025–29, work under ASIC’s key activities will be guided by five strategic priorities. Improve consumer outcomes Strengthen market disclosure and professional conduct Support better retirement outcomes and member services Strengthen operational digital and data resilience and safety Drive integrity and transparency across markets Improve consumer outcomes – general insurance IDR – ASIC will review compliance by licensees with their obligations to report to ASIC on complaints, IDR processes, and outcomes. ASIC will continue publishing IDR data, a key part of the IDR reporting requirement. General insurance premiums – ASIC will examine the accuracy and transparency of general insurers’ disclosures about premiums and work to better understand consumer experiences. General insurance cash settlements – ASIC will review general insurers’ use of cash settlements to better understand the practices and disclosures surrounding the offers being made and to assess whether there are risks of consumer harm. Indigenous consumer outcomes – ASIC will maintain their Indigenous Outreach Program to ensure ASIC consider and understand the needs of Indigenous consumers responding to misconduct impacting Indigenous communities. ASIC will continue to build our understanding of how Indigenous communities are engaging with general insurance products and using these products to manage risks to assets of value. Strengthen market disclosure and professional conduct Sustainability-related actions – ASIC will take regulatory or enforcement action, where necessary, to protect investors and consumers. ASIC will focus on greenwashing and complaints handling by insurers following severe weather events. Auditor independence and conflicts of interest – ASIC will continue to examine auditors’ compliance with their independence and conflicts of interest obligations and publish our surveillance findings. Director and officer conflicts of interest – ASIC will […]

AFS Licensees must have processes, procedures or arrangements for ensuring that, as far as reasonably practicable, they comply with their obligations as a licensee (refer ASIC RG 104.23) and those measures should be documented (RG 104.26) APRA-regulated insurers must have mechanisms in place for monitoring and ensuring ongoing compliance with all prudential requirements (CPS 220 paragraph 35(f)). Insurers under the GI Code of Practice must have appropriate systems and processes in place to enable the Code Governance Committee to monitor compliance with the Code. (paragraph 180). Insurance brokers and their authorised representatives under the Brokers Code of Practice must have in place policies and procedures for their organisation and embed a culture that reflects the Code in the way they provide services and deal with others (paragraph 8.2(a)(iii)). If you don’t use an Obligations register to record your obligations, its likely: you have a reactive approach to compliance; compliance is seen as a series of random tasks and activities; providing evidence of compliance becomes a lengthy ‘search for a document’ process’; that compliance is not embedded within your business; there is a lack of assurance that you are complying with your obligations; and there is a heightened risk of non-compliance with unresolved incidents and breaches leading to increased operational risk, regulatory risk and regulatory scrutiny. The purpose of an Obligations register Irrespective of the source of an obligation, all obligations can be adequately managed by being recorded in an Obligations register. I adopt 2 approaches when designing an Obligations register for my clients (AFS Licensees such as brokers, underwriting agencies & TPAs; APRA regulated insurers and insurance service providers): I design the Obligations register within the Risk & Compliance Manual. This ensures that the obligation has context with a narrative explaining the source of the obligation and how it may operate with other obligations; or a stand-alone register, typically for larger organisations. Irrespective of the approach, the purpose of an Obligations Register is to identify obligations (irrespective of source) and capture those in a single register. Sources of obligations can arise under: Legislation such as Corporations Act, ASIC Act, Privacy Act, Autonomous Sanctions, Act, Competition and Consumer Act; APRA Prudential Standards such as CPS 230 (Operational risk) and CPS 234 (Information Security); ASIC Regulatory Guides such as RG 271 (Dispute resoultion) and RG 166 (Licensing financial requirements); Industry Codes – GI Code and Insurance Brokers Code; Binder Agreements; or Material Service Provider agreements. The [key] control environment Once Obligations have been captured in the register, Key controls are then assigned to each obligation, designed to ensure that each obligation is adequately managed. From this exercise, it is apparent that a Key control may adequately manage multiple obligations. This drives efficiency in business process and better customer experiences. Assigning key controls to each obligation enables a shift from a focus on obligations to a focus on the control environment. An annual control testing program ensures that key controls are tested from 2 perspectives: that they have been designed effectively (fit-for-purpose); and […]

ASIC has remade a legislative instrument that exempts Australian financial services (AFS) licensees from appointing a general insurance product distributor as their authorised representative. The ASIC Corporations (Basic Deposit and General Insurance Product Distribution) Instrument 2025/520 will extend the relief previously provided by ASIC Corporations (Basic Deposit and General Insurance Product Distribution) Instrument 2015/682 until 27 August 2030. This promotes the wide availability of general insurance products to consumers by reducing the compliance costs to providers. Criteria required to comply with the instrument In order to rely on the instrument, and provide a financial service without the need to be licensed or appointed as an Authorised Representative of a Licensee, the following criteria must be met: the principal must hold an Australian financial services licence covering the provision of the service; the service is dealing in a general insurance product; the provider is a product distributor of the licensee (but this does not include employees of the licensee); and the distributor is not an authorised representative of the licensee. Additional requirements when the general insurance products are distributed to Retail clients The licensee must have taken reasonable steps to ensure that when the distributor provides the financial service to a retail client: the distributor draws the client’s attention to the availability of a dispute resolution system of the licensee that covers complaints by the client in relation to the financial service and how that system may be accessed; and if the distributor is dealing in a general insurance product or a bundled consumer credit insurance product, the client is given information in writing about: (a) who the distributor acts for when providing the financial service; and (b) any remuneration (including commission) or other benefits that the distributor, or an associate of the distributor, may receive in respect of, or that is attributable to, the provision of the financial service. The Distributor must not provide financial product advice The ASIC instrument only applies to ‘dealing’. Dealing in a financial product within the meaning of s766C(1) Corporations Act (also refer RG 36 Part C) means: applying for or acquiring a financial product; issuing a financial product; varying a financial product; or disposing of a financial product. Arranging for a person to engage in the conduct referred to above also constitutes dealing. Arranging refers to the process by which a person negotiates for, or brings into effect, a dealing in a financial product (e.g. an issue, variation, disposal, acquisition or application). The person who is arranging may be acting for a product issuer, seller or consumer. As the instrument is restricted to ‘dealing’ only, this means that the distributor is not permitted to provide financial product advice, this restriction includes both general or personal advice. If the distributor requires authorisation to provide financial product advice, and the licensee is prepared to authorise the distributor to provide financial product advice, then the distributor must be appointed as an authorised representative of the licensee (or alternatively the distributor obtains their own AFSL). Typical general insurance situations when […]

I’m sometimes asked about the nature of work that I do or more accurately ‘what do your compliance services cover’. I thought it would be useful to share a ‘week in my life’. At the heart of my services is the expert knowledge and advice I provide on compliance, specifically across general insurance, for firms that operate within that sector, typically: insurers underwriting agencies lloyds coverholders TPAs (insurance claim managers) insurance brokers service suppliers and providers claimant intermediaries distributors Compliance is in respect of complying with financial service laws including those impacting AFS licensees, Authorised reps, Lloyds coverholders/security, APRA prudential standards, sanctions, privacy and the GI Code and Brokers Code of Practice. Including ASIC Regulatory Guides and other regulatory and Code materials. In a typical week, my work will fall within 1 of the 5 following areas. 1. AFS Licensing This is a broad category covering: new licence applications; variations to existing AFS Licenses such as to remove a key person condition, or add a new authorisation such as retail clients or claims handling; and changes to license, such as adding Responsible Managers. Licence work is very rewarding as often it signifies a key milestone in the client’s journey. It is a privilege to conduct such work for my clients. Licensing work is time-consuming and requires information to be provided and presented in a manner as required by ASIC however I enjoy the opportunity to work for the client on such an important piece of work. 2. Compliance documents and frameworks The documented evidence (as required under ASIC RG 104) is the output of the consideration of what a business is authorised to do, how it does it and developing an operating rhythm that provides: adequate compliance measures that manage the firms obligations (including under binder agreements or Auth Rep agreements); assurance to board, management, business partners (such as insurers) and regulators that obligations are being adequately managed; indicators of areas of potential concern; and data (incidents, complaints, control testing, monitoring etc) The documents I provide are all individually developed and include: tailored Risk and Compliance manual (~ 35 pages, an all-in-one document that represents the business from a compliance perspective and can also be used as a training tool); Monitoring Program (monitoring employees, Authorised Reps, Distributors and/or Material Service Providers); Obligations register covering relevant (to your business) financial service laws, Prudential Standards and Codes. This enables you to assign key controls, accountability and control testing to your obligations Registers inlcuding complaints; incidents and breaches; conflicts of interest and training; and ad hoc, tailored policies & documents. All documents are tailored to your business – what it does, how it does it and who does it. 3. Training and education Training is becoming an often requested compliance service that I provide with delivery through online, face-to-face or a combination of both. I really love engaging with your business and having fun and meaningful conversations with your people addressing compliance issues that are of concern (or confusing) to them. All training […]

ASIC has released proposed updates to its conflicts management guidance for financial services businesses. Media Release 25-150MR Regulatory Guide 181 Licensing: Managing conflicts of interest (RG 181) was last updated in August 2004. The proposed changes will align the guidance with developments in law and policy and have been informed by ASIC’s private markets surveillance work. ASIC Commissioner Kate O’Rourke said: ‘Conflicts management is a core obligation for financial services businesses and helps promote consumer protection and market credibility. ‘Conflicts of interest are more than mere moral dilemmas. They can undermine trust, integrity and performance, causing serious harm to consumers, investors and overall market confidence.’ The updated guidance sets out how Australian financial services (AFS) licensees should comply with their conflicts management obligation and explains: how the law applies, including its scope and interaction with other related obligations the types of conflicts AFS licensees need to identify and manage to meet their obligation the need to have robust and tailored arrangements that are adequate to manage conflicts, and how licensees can effectively manage conflicts. Consultation CP 385 was released 30 July 2025. Comments close 5 September 2025. Draft Regulatory Guide 181 July 2025 – AFS Licensing: Managing conflicts of interest Your obligation If you are an AFS licensee, or an AFS licence applicant, you must comply with your general licensing obligations under s912A of the Corporations Act 2001 (Corporations Act). This includes your obligation to have in place adequate arrangements for managing conflicts of interest that may arise wholly, or partially, in relation to activities undertaken by you or your representative in the provision of financial services as part of your financial services business (‘the conflicts management obligation’): see s912A(1)(aa). Scope of the obligation The conflicts management obligation is broad and is intended to apply widely—it is not limited in its application. It applies to all conflicts of interest other than those wholly outside the financial services business of you or your representative. It applies to conflicts of interest that arise within the financial services business. It also applies to conflicts that arise between something within thefinancial services business and something outside it. For example: (a) a conflict between the financial services business and corporate lending business within a conglomerate firm; or (b) a conflict between the financial services business and an employee’s personal or financial interest outside it. Complying with your obligation If ASIC have reason to believe you are not complying with your conflicts management obligation, ASIC may take administrative action. This could include suspending or cancelling your AFS licence or imposing additional licence conditions: see ss915C(1) and 914A(1). Depending on the severity, a breach of your conflicts management obligation may result in civil penalties for individuals or for corporations. What is a conflict of interest? A conflict of interest can arise where there are competing financial interests, personal interests, business or related party interests—whether direct or indirect—or competing loyalties and obligations. In some circumstances, a combination of these may give rise to a conflict. You should take […]

What is the obligation? Under s912B of the Corporations Act, AFS licensees must have arrangements for compensating retail clients for losses they suffer as a result of a breach by the licensee or its representatives of their obligations in Ch 7 of the Corporations Act. (also refer ASIC RG 126) This obligation does not apply to APRA regulated insurers (see reg 7.6.02AAA(3)) but does apply to Underwriting Agencies, Insurance Brokers, Insurance Claim Managers and Claimant Intermediaries who hold an AFS Licence. These arrangements must: satisfy the requirements in the Corporations Regulations, which are that licensees must obtain PI insurance that is adequate, considering the nature of the licensee’s business and its potential liability for compensation claims (see reg 7.6.02AAA); or be approved by ASIC as alternative arrangements For the purposes of this article, I will be focusing on PI insurance under reg 7.6.02AAA. What this means for AFS Licensees and consumers ASIC’s approach to administering the compensation requirements means that all AFS licensees that provide financial services to retail clients must have PI insurance that meets the minimum standards, unless an exemption applies. Tt is important, however, to recognise the limitations of PI insurance as a consumer protection mechanism. PI insurance is not designed to protect consumers directly and is not a guarantee that compensation will be paid. It is designed to protect the insured (i.e. the AFS licensee) against the risk of financial losses arising from poor quality services (e.g. poor advice or execution of services) and other misconduct by a financial services provider (e.g. fraud by its representatives). The insurance is not intended to cover product failure or general investment losses, claims for loss solely as a result of the failure (e.g. insolvency) of a product issuer or where a return on a financial product has not met expectations. Nor is it intended to underwrite the products of a product issuer. ASIC recognise that the PI insurance that is currently available in the market is unlikely to provide a source of funds when an AFS licensee has become insolvent before the claim was brought. Ideally, insurance policies would continue to cover the licensee after it has become insolvent or otherwise ceased business, but ASIC understands that this insurance is generally not available in the current market to the average licensee. ASIC also recognise that insurers may exclude some areas of cover in policies for risk management reasons. (see RG 126.8 – 126.11) Disclosure to retail clients AFS Licensee must disclose to retail clients the kind of compensation arrangements they have in place and whether these arrangements comply with s912B: see regs 7.7.03A and 7.7.06B. The disclosure must be presented as a statement in your Financial Services Guide (FSG) or website disclosure information and the FSG or website disclosure information of your representatives. (RG 126.19) Adequate PI Insurance What is adequate? (See Section C RG 126) The Corporations Regulations require you to hold PI insurance that is adequate, considering: (a) your liability for claims brought through the Australian Financial […]

ASIC expects that financial firms (including those providing general insurance products and services – insurers, Underwriting Agencies, TPAs, Insurance brokers and Claimant Intermediaries) to have adequate compliance measures for ensuring that, as far as reasonably practicable, licensees comply with their obligations as a licensee, including the general obligations in section 912A(1) Corporations Act. (refer RG 104 Section B) ‘compliance measures’ refer to your processes, procedures or arrangements for ensuring compliance with your AFSL obligations. This includes people, systems and policies and processes. Documenting your measures Documentation helps you demonstrate whether or not you are complying with the general obligations. When you document your measures, ASIC expects this will include details of who is responsible, the timeframes involved and associated record keeping and reporting. (RG 104.26) It follows that your documented compliance measures should be tailored to your business based upon the nature, scale and complexity’ of your business. Care needs to be taken in adopting an ‘off-the-shelf’, ‘one-size-fits-all’ compliance manual. Implementing, monitoring and reporting on your measures It is not enough just to document your measures. You also need to fully implement them. This means you need to put them into practice and integrate them into the day-to-day conduct of your business. For measures to work effectively in practice, you need people at all levels of your business, including your senior management, to understand them and be committed to their success. Integrating your measures into the culture of your business helps ensure they are effective on an ongoing basis. You also need to monitor and report on your compliance, including reporting relevant breaches to ASIC. ASIC expects that you will keep records of your monitoring and reporting, including records of reports on compliance and breach notifications. (refer RG 104.27 – RG 104.29) Reviewing your measures Regularly reviewing your measures will help to ensure they remain effective. In some cases, it may be sensible for you to consider external review. Where compliance issues have arisen (such as major breaches or repeated compliance failures), external compliance review is particularly appropriate. You need to review your measures when there are changes to your obligations, your business or the environment in which you operate. ASIC expects that you will have a process for identifying changes that may impact on the effectiveness of your measures. Your compliance measures Compliance with your obligations as a licensee is central to the protection of consumers and the promotion of market integrity. Having effective compliance measures is a way for you to ensure you comply with your obligations as a licensee, including identifying and appropriately dealing with instances of non-compliance. Compliance measures also help you demonstrate to ASIC that you can comply and are complying with your obligations. (RG 104.41) What your compliance measures need to cover ASIC considers that the broad compliance obligations (s912A(1) are both stand-alone obligations and obligations that encompass the other general obligations. For this reason, ASIC expect your measures for ensuring compliance with the broad compliance obligations will cover all of your obligations as […]

Many Insurance brokers operate as an Authorised Representative (AR) under the AFS licence of another insurance broker. The risks for the Licensee, from its AR network, are clear and generally well understood: The licensee has obligations in respect of its AR’s, including: take all reasonable steps to ensure that the AR complies with the financial services laws (s912A(1)(ca) Corporations Act; ensure that its AR’s are adequately trained and are competent to provide the financial services (s912A(1)(f)); and NIBA members must ensure that their AR’s comply with the Insurance Brokers Code of Practice (Part 8.1) Generally, the Licensee will: conduct extensive due diligence before appointing an AR under s916A Corporations Act including checking with any previous licensee that the AR was authorised by; provide a risk and compliance framework; provide training; provide systems to facilitate compliance; sign off on marketing materials, disclosure documents and other such collateral; have adequate compliance resources to carry out supervision of the ARs (s912A(1)(d) Corps Act); provide specialist skill sets such as cybersecurity (refer Fortnum case below) monitor and supervise; provide advice and ongoing support; and manage incidents, reportable situations and complaints. Contagion risks A significant risk that must be considered and managed is contagion risk. This is the risk where inadequate compliance arrangements for one AR, will quickly spread to other ARs, resulting in regulatory and reputational impacts for the Licensee and all AR’s in the newtork. This was the case in proceedings recently filed in the NSW Supreme Court by ASIC against Fortnum Private Wealth Limited alleging it failed to properly manage and mitigate cybersecurity risks. ASIC alleges Fortnum did not meet its obligations as an AFS licensee because it failed to have adequate policies, frameworks, systems and controls in place to deal with cybersecurity risks. As a result, ASIC claims Fortnum exposed the company, its authorised representatives (ARs) and clients of its ARs to an unacceptable level of risk of a cyber-attack or a cybersecurity incident. (refer ASIC Media Release 25-143MR). Obligations of an Authorised Representative An AR must assist the Licensee in meeting the Licensee’s financial service obligations (and under the Code) however, the AR has independent and seperate obligations, as an AR, under financial services laws, including: must not hold out that they have an AFS Licence (s911C Corporations Act); must comply with licence conditions imposed by regulations (s914(8) Corps Act and Reg 7.6.04) , specifically: – can only sub-authorise individuals with the Licensee’s consent (note that an AR is not permitted to sub-authorise a company, it can only sub-authorise individuals); – refer to its AR number in all business documents including registered business office and website; – provide a copy of its authorisation on request, to any person, free of charge and as soon as practicable after receiving the request, but no later than 10 business days; provide retail clients with a FSG (s941B); obtain the retail client’s informed consent to any commission payment where personal advice will, or will likely, be provided before insurance is issued or sold (s963BB Corps Act and […]

The doctrine of proximate cause, expressed simply, means that if the insured cause is within the risks covered, the insurer is liable in respect of the loss but if it is within the perils exempted the insurer is not liable. The leading authority is the Leyland Shipping case [1918]. The proximate cause is complicated when concurrent causes, that is, two or more events have caused the loss. Such causes being of equal efficiency. Particular issues arise where the loss results from an excepted peril and from an insured peril, as concurrent causes, in which case the policy exclusion is given effect. This is the well known and often quoted (by IDR teams) the Wayne Tank principle [1974]. However, for consumer insurance claims – is this a fair outcome? Fairness and general insurance claims You will immediately note that this rich area of insurance law is more than 100 years old. The Wayne Tank case is more than 50 years old. Since that time we have seen: Claims handling and settling introduced as a financial service; the Unfair Contract Terms regime applying to general insurance claims; the ongoing development of the GI Code of Practice; and the duty to take reasonable care not to make a misrepresentation replacing the more onerous Duty of Disclosure for consumer insurance contracts. The common theme of these changes is the introduction of fairness, particularly for general insurance products provided to individuals and small business. AFS licencees must provide their claims handling and settling services efficiently, honestly and fairly. Contract terms in a PDS or SME general insurance product can not create a significant imbalance in the parties rights & obligations. The GI Code requires Code subscribers to be honest, efficient, fair, transparent and timely in dealings with the insured. The duty to take reasonable care requires the insurer to consider the characteristics of the insured when considering innocent misleading representations during the sales process. Does it sit comfortably to decline an insurance claim to a consumer (and potentially a consumer experiencing vulnerability) applying strict legal doctrines that were developed at a different time and in a different consumer environment? Clearly the doctrine of proximate cause can not be completely discarded. However, its application can be applied differently to claims for retail clients, consumer insurance contracts and small business standard contracts resulting in a fairer outcome. Fairness and proximate cause The Duty of Utmost Good Faith requires insurers to operate with commercial standards of decency and fairness (High Court Allianz v Deloe Vue). There is a school of thought whether this extends to ‘community standards of decency and fairness’ (refer Mann’s Annotated Insurance Contracts Act 9th ed2025 Lawbook Co. at [13.10.5]). For the purpose of discussion not controversy, how would the proximate cause be considered through a lens of community standards of decency and fairness? How would this operate in practice, in a claims or complaint context? The starting point is in respect of expert’s reports. The expert when considering causation must have a genuine ‘objective’ […]

Note: Reference for my summary of broker’s duties: Sutton on Insurance Law, Enright, Merkin & Hawke, 5th Ed Lawbook Co 2025, at page 323. Section 11 Insurance Contracts Act defines “insurance broker” as a person who carries on the business of arranging contracts of insurance, whether in Australia or elsewhere, as agent for intending insureds. A broker holding an AFS Licence has general obligations as a financial service licensee. A NIBA member has obligations under the Insurance Brokers Code of Practice. a general insurance broker who is a licensee or authorised representative of a licensee must provide the financial services efficiently, honestly and fairly. Financial services includes providing financial product advice and dealing in general insurance products on behalf of a client. the NIBA Code requires brokers to be competent through relevant qualifications, continued education and training; act honestly and with integrity in all dealings; and communicate with clients and prospective clients in a clear and timely manner. Who is my client? A broker must determine: whether the client is a Retail client or wholesale client for the purposes of disclosures and warnings); if a retail client, whether personal advice or general advice will or will likely be provided, to meet obligations for consent for commissions, modified best interest duty and Statement of Advice for personal accident or a General Advice warning; whether the contract is, or is deemed by an insurer as, a consumer insurance contract for the purposes of determining whether the duty to take reasonable care not to make a misrepresentation or the duty of disclosure applies. At common law a broker has concurrent duties to a client under contract and in tort. A broker has a duty to ‘[use] reasonable skill and care in and about obtaining insurance on the client’s behalf‘ (JW Bollom & Co Ltd v Byas Mosley & Co) The expected standards of brokers were summarised in Infinity Reliance Ltd v Heath Crawford Ltd: to perform the agreed services properly, a broker should take reasonable steps to understand the client’s business, and its insurance needs (note the best interest modified duty when providing personal advice to Retail clients under the Corps Act); the broker should aim (reasonably) to match as precisely as possible the risk exposures which have been identified with coverage available; how far the broker, instructed to place specific insurance, is obliged to assess the client’s needs beyond that particular instruction is a case-specific question; to enable the client to take an informed decision, the broker must take reasonable steps to ensure that the client understands the key terms of the cover that is being obtained; where the market offers a variety of different terms which might meet the client’s needs, the reasonable broker will take care to explain the range of available cover and the advantages and disadvantages of each. That way, the client can make an informed choice; the broker should take reasonable steps to enable the client to understand the key aspects of the placement process, for example […]

ASIC’s new website provides streamlined access to licence management services including easy access to ASIC portals such as the new Regulatory Portal for applying for a new AFS Licence or managing an existing licence. In addition, the wesbite provides a wide range of very useful regulatory resources. Regulatory resources for AFS Licensees in general insurance The following pages are relevant for firms providing general insurance products or services: Note: APRA Regulated insurers should also refer to the resources on APRA’s webapge. I’ll cover these resources in a seperate article. regulatory resources search financial services insolvency corporate governance Regulatory resources research This page enables users to search for regulatory guides, information sheets, reports, ASIC consultations. forms and ASIC instruments. Advanced search functionality enables the search to be focused, relevantly, on financial services, financial reporting, dealing with ASIC, financial advice & technology. Financial services Any AFS Licensee in general insurance should bookmark this page There are a number of sub-categories which are very helpfully categorised as follows: regulatory reforms financial advice giving advice financial product disclosure design & distribution obligations dispute resolution reportable situations client money reporting financial accountability regime claims handling and settling AFS Licensees I would also recommend that you bookmark these pages: Information for AFS Licensees ASIC Regulatory Portal – Applications for a new AFS licence, variation or cancellation of an existing licence, or notifications of some changes to an existing licence. Information for AFS Licensees This page also includes links to: Do you need an AFS Licence? Applying for and managing an AFS licence AFS Licensee obligations Changing details and lodging forms varying or cancelling your AFS licence AFS Licensee obligations A comprehensive page that provides a great overview of your obligations as an AFS licensee with links to the relevant ASIC Regulatory Guides and Information Sheets. Insolvency As an AFS licensee (other than APRA regulated insurers), you must meet the base level financial requirements. This includes the solvency and positive net assets requirement – At all times you must be solvent (i.e. be able to pay all your debts as and when they become due and payable) and have total assets that exceed total liabilities (as shown in your most recent annual balance sheet lodged with ASIC), and at all times have no reason to suspect that total assets would no longer exceed total liabilities on a current balance sheet. This ASIC page contains useful general information on insolvency. Corporate governance This is a very useful page for Directors and Company officers. The page also includes a sub-link to cyber resilience and a very useful series of ASIC speeches in connection with Directors as gatekeepers. I will use this page to publish a future article on the role of Directors in setting the right culture. Disclaimer: Reproduction of statements made in this article by media outlets, whether in full or in part, is strictly prohibited without the written express consent of the author. The views, opinions, and positions expressed within this article are those solely of the […]

ASIC is suing financial advice business Fortnum Private Wealth Limited alleging it failed to properly manage and mitigate cybersecurity risks. (ASIC Media release 25-143MR) In proceedings filed in the NSW Supreme Court, ASIC alleges Fortnum did not meet its obligations as an Australian financial services licensee because it failed to have adequate policies, frameworks, systems and controls in place to deal with cybersecurity risks. As a result, ASIC claims Fortnum exposed the company, its authorised representatives (ARs) and clients of its ARs to an unacceptable level of risk of a cyber-attack or a cybersecurity incident. While Fortnum introduced a specific cybersecurity policy from April 2021, ASIC contends the policy was not an adequate response to manage cybersecurity risk. Before Fortnum revised its policy in May 2023, several of its ARs experienced cyber incidents. One of these was a cyber attack that ASIC alleges led to a major breach and saw the data of more than 9,000 clients published on the dark web. As part of the action, ASIC alleges Fortnum did not: require that its ARs undertake a prescribed minimum amount of cybersecurity education or training, adequately supervise or monitor the cybersecurity risk management framework of its ARs, have any employees with specialised expertise or experience in cybersecurity or engage a consultant with appropriate expertise to assist with the development of its cybersecurity policy, and have a risk management system which addressed cybersecurity or policies, frameworks, systems or controls which enabled the identification and evaluation of cybersecurity risks across its ARs. ASIC is seeking a declaration and pecuniary penalty against Fortnum. Cybersecurity risks It is alleged by ASIC that in the course of their business, Fortnum’s ARs electronically received, stored and accessed confidential and sensitive personal information and documents in relation to Retail Clients, including (among other things) copies of identification documents, tax file numbers, and financial information such as bank account and credit card details (Personal Information). It was necessary for the clients of Fortnum’s ARs to provide their Personal Information in order to receive Personal Advice. As a result of the nature and extent of the Personal Information collected and held in the course of providing financial services, Fortnum and each of its ARs were potential targets for cyber-related attacks and cybercrimes, the consequences of which could include serious harm and loss. It therefore was, and is, incumbent on Fortnum in discharging its duties and obligations as a licensee to identify and understand the cybersecurity risks that it and its ARs faced, and to have adequate policies, frameworks, systems and controls in place to appropriately manage and mitigate those risks Alleged breaches of the Corporations Act 1) financial services were not provided efficiently, honestly and fairly, and thereby contravened s 912A(1)(a) by [Fortnum’s] failure to: implement any adequate cybersecurity policy to manage and mitigate cybersecurity risks for it and its authorised representatives (ARs); provide any adequate education or training to its ARs on cybersecurity; and iimplement any, or any adequate, processes, systems or frameworks for the oversight and monitoring […]

  A positive compliance culture, one that truly embraces compliance, ensures that compliance serves its true purpose – to protect. If you begrudge compliance, it’s likely that you and your team see compliance as a bunch of rules that get in the way of doing business. Choosing a safe vehicle to protect your loved ones. When looking for a new or used car, you may consider buying one with some safety features. You may look for new cars that have a 5 star Australasian New Car Assessment Program (ANCAP) rating. Vehicle safety features can significantly improve safety. Technologies like autonomous emergency braking (AEB), blind-spot monitoring and lane-support systems can reduce the risk of a crash. Side curtain airbags can reduce the severity of an injury if a crash cannot be avoided. Going beyond this, we have a strict drivers licensing regime requiring knowledge and application of the road rules. Finally, we have a set of complicated road rules that govern road usage. In NSW alone these rules cover 353 clauses not including sub-clauses, amendments and regulations, Notwithstanding the complexity & cost (& at times frustrations of fines & lost points) of the governance around the use of a motor vehicle, we accept it. Why? because we know that this system of governance protects people & the community that we care about . There is a connection between the head and the heart. Compliance in general insurance is no different, compliance protects what matters. Compliance should not only engage your head, it should engage your heart. Protecting what matters, what you care about. Compliance: protecting what matters It is clear that compliance protects our customers and clients. However, it also protects our people, colleagues, your business, your partners and the wider community. Compliance protects against the risk of non-compliance, such as: Customers and clients: protecting against financial harm or detriment, anxiety, stress, mental health, frustration and time. The business: protecting against financial impact, loss of licence, regulatory enforcement action, reputational impact, lost management time. Your people and representatives: protecting against banning/disqualification, civil penalties, reputation, frustration, stress. Your business partners: protecting against reputational impact, enhanced regulatory scrutiny, financial impact. The community: protecting against systemic insurance industry failures, mistrust, failure to insure. How does compliance protect in general insurance? Imagine a fort: fortified protection through towers and walls designed to protect what matters. A fort provides safety to those within its walls. Compliance protects what matters: customers/clients, the business and its people, partners, stakeholders and the community. How? The four pillars (towers) of Compliance Compliance must have an operating rhythm, producing data indicating the adequacy of your compliance measures, evolving as your business grows and responding to external & internal change. Compliance is an ecosystem continually protecting what matters. The compliance operating rhythm is a structured, predictable way a business operates through its compliance measures incorporating: Governance & frameworks People & culture Procedures & process Systems & reporting Layers of protection Surrounding the fort are layers (walls) of protection. Compliance measures are your combination […]

  ASIC previously examined insurers’ claims handling practices following the major floods of 2022 and found weaknesses across key areas. ASIC’s findings were consistent with other reviews, including the House of Representatives Standing Committee on Economics inquiry into insurers’ responses to the 2022 major floods. Recently, ASIC went back to assess how home insurers had addressed the areas of improvement identified in Report 768 Navigating the storm: ASIC’s review of home insurance claims (REP 768), published in August 2023. ASIC’s latest review has found that while insurers implemented programs to improve claims handling functions in recent years, and some progress has been made, there is still significant room for further improvement. ASIC identified that without further work, there is considerable risk of ongoing consumer harm, as well as breaches of Australian financial services (AFS) licensee obligations and the General Insurance Code of Practice (Code). Claims handling obligations Insurers holding an AFSL must meet the general obligations of financial service licensees under s912A(1) Corporations Act. These obligations include providing the claims handling & settling services efficiently, honestly and fairly. ASIC provides guidance on these obligations in INFO 253. ASIC can take enforcement action for a breach of obligations as an AFS Licensee. This includes cancelling or suspending the AFS Licence or imposing conditions on the licence as well as seeking civil penalties. Insurers who subscribe to the Code must comply with, and ensure their employees and Service Suppliers comply with the requirement to be honest, efficient, fair, transparent and timely in all dealings with customers (paragraph 21). Additional obligations arise under Parts 5 (Standards for Service Suppliers), 8 (Making a claim), 9 & 10 (customers experiencing vulnerability including financial hardship), 11 (Complaints), 12 (access to information) and 15 (Claims Investigation Standards). A breach of the Code can lead to sanctions being imposed by the Code Governance Committee with Significant breaches or serious misconduct being reported to ASIC. Insurers must act with the Utmost Good Faith under Section 13 of the Insurance Act With effect from 1 July 2025, CPS 230 applies to insurers (other than Lloyd’s underwriters). ‘Claims processing’ is deemed a critical operation under paragraph 36. Insurers must (1) take reasonable steps to minimise the likelihood and impact of disruptions to its critical operations, and; (2) identify and maintain a register of its material service providers (this includes those providing claim services) and manage the material risks associated with using these providers. What ASIC found ASIC’s review revealed that general insurers made progress to address the areas for improvement identified in their August 2023 report, which focused on better consumer communications, project management, handling of complaints, identification and treatment of vulnerable customers, and resourcing for dealing with claims and complaints. However, ASIC found there was inconsistent progress across the industry and still room for more work. ASIC have outlined high-level observations (see below). High level observations Oversight of independent experts needs work Insurers generally have well-documented quality assurance over their builders and repairers. This includes monitoring data on key performance […]

  Misleading or deceptive regulatory obligations The Corporations Act prohibits engaging in conduct, in relation to a financial product or a financial service, that is misleading or deceptive or is likely to mislead or deceive (s1041H). Further, under the the ASIC Act, a person must not, in trade or commerce, engage in conduct in relation to financial services that is misleading or deceptive or is likely to mislead or deceive (s12DA). A breach of the misleading or deceptive conduct provisions is a Reportable Situation to ASIC (other than conduct impacting a single customer where no harm is caused). What is misleading or deceptive conduct? The key requirement is that the impugned conduct leads, or is likley to lead, a person into error. Advertising financial products and services (including insurance): Good practice guidance ASIC has developed good practice guidance (RG 234) to help promoters comply with their legal obligations to not make false or misleading statements or engage in misleading or deceptive conduct. The promoter will sometimes be the insurer, underwriting agency or broker but can also be a distributor or agent. ASIC’s guidance applies to advertising communicated through any medium in any form, including: magazines and newspapers radio and television; outdoor advertising, including billboards, signs at public venues, and transit advertising; the internet, including webpages, banner advertisements, video streaming (e.g. YouTube), and social networking and microblogging (e.g. LinkedIn); social media and internet discussion sites; mobile phone messages (e.g. SMS, MMS, text messages); product brochures and promotional fact sheets; direct mail (e.g. by post, facsimile or email); telemarketing activities and audio messages for telephone callers on hold; and presentations to groups of people, seminars and advertorials. Overview of Good practice guidance The following is extracted from RG 234, I have added general insurance context where relevant to do so. Returns, features, benefits and risks Advertisements for general insurance products should give a balanced message about the returns, features, benefits and risks associated with the product. Benefits should not be given undue prominence compared with risks. Warnings, disclaimers, qualifications and fine print Warnings, disclaimers and qualifications should not be inconsistent with other content in an advertisement, including any headline claims. Warnings, disclaimers and qualifications should have sufficient prominence to effectively convey key information to a reasonable member of the audience on first viewing the advertisement. Consumers should not need to go to another website (or other page of the website) or document (such as a PDS or TMD) to correct a misleading impression. Fees and costs Where a fee or cost is referred to in an advertisement, it should give a realistic impression of the overall level of fees and costs a consumer is likely to pay, including any indirect fees or costs. The premium, commission and government charges should be clearly identified. Comparisons Comparisons should only be made between products that have sufficiently similar features or, where an advertisement compares different products, the differences should be made clear in the advertisement. This is important for comaprison websites. Use of certain terms […]

  Insurers, Underwriting Agencies (MGA), Insurance Claims Managers (TPA), Insurance Brokers and any other entity who holds an AFSL for general insurance has general obligations that must be complied with: A financial services licensee must: do all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly. have in place adequate arrangements for the management of conflicts of interest (also refer RG 181) comply with the conditions on the licence. The standard licence conditions are set out on PF 209 and include a ‘key person requirement condition’ if you are heavily dependent on the competence of one or two responsible managers (refer RG 105,52) comply with the financial services laws. These include Chapter 7 Corporations Act, ASIC Act Part 2 Div 2, Insurance Contracts Act, Insurance Act (including Prudential Standards & legislation specifically for APRA regulated insurers) and the Privacy Act. have available adequate resources (including financial (see RG 166) , technological (RG 104.97-100) and human resources (RG 104.93-96)) to provide the financial services covered by the licence and to carry out supervisory arrangements. This obligation does not apply to APRA regulated insurers. maintain the competence to provide those financial services (refer RG 105) ensure that its representatives are adequately trained, and are competent, to provide those financial services (RG 104.81-88) have an IDR system that meets the enforceable paragraphs of RG 271 and be a member of AFCA have adequate risk management systems (RG 104.59-66). This obligation does not apply to APRA regulated insurers. comply with regulation 7.6.04. This includes keeping training records, advising ASIC of certain matters & requirements in respect of authorised representatives. ASIC’s approach to the broad compliance obligations The broad compliance obligations are both stand-alone obligations and obligations that encompass the other general obligations. This means that: (a) if you fail to comply with one or more of the other general obligations, you are also likely to breach the broad compliance obligations; and (b) even though you may be complying with all of the other general obligations, you may still be in breach of the broad compliance obligations. This is because the broad compliance obligations are also stand-alone obligations (RG 104.54) Reportable situations to ASIC Obligations 1, 2, 5, 6, 7, 8, 9, 10 are civil penalty provisions. Therefore a breach of these obligations is a Reportable Situation to ASIC (see 912D(4)) all other breaches must be assessed under the criteria in s912D(5). Documenting your Compliance measures It is common for some licensees’ compliance measures to be integrated into their risk management systems. Compliance measures can be one of several controls you can use to address or mitigate risks to your business (including the risk of non-compliance with your obligations under the Corporations Act). (refer RG 104.48) Documentation helps you demonstrate whether or not you are complying with the general obligations. When you document your measures, ASIC expects this will include details of who is responsible, the timeframes involved and associated record keeping and reporting. (RG 104.26) […]

ASIC’s recent review of reportable situations (4th December 2024) revealed a number of poor practices among licensees (the review covered 14 licensees across all financial sectors): Licensees were generally slow to report to ASIC. The key driver of these delays was that licensees took a long time to identify breaches in the first place and begin investigating. When ASIC reviewed why this was happening, ASIC found that there were deficiencies in licensees’ incident management, particularly how they identified, escalated and recorded incidents. Most licensees had gaps in how they monitored their own compliance with the regime. These poor practices had real impacts on consumers. The failures to promptly identify breaches meant that licensees were very slow to rectify breaches and remediate customers. Start with a focus on incidents GI Licensees should focus on raising awareness for staff and authorised representatives so that they can identify and raise incidents. This ensures all potential harm and areas of continuous improvement are identified in a timely manner and potentially before a breach of obligations (or Industry Code has arisen). ASIC advises to adopt a simple definition of an incident. This reduces the risk of the business acting as a filter or blockage. Once an incident is pushed down the incident pipeline an experienced person can review the incident and determine whether it is a breach, or likely breach, of an obligation. ‘An incident is an event that occurs where something has gone wrong.’ Operational risk incidents All incidents have the potential to cause harm or detriment. Adopt the APRA CPS 230 definition of operational risk: ‘Legal risk, regulatory risk, compliance risk, conduct risk, technology risk, data risk and change management risk. To this definition, add financial risk incidents (including insurance risk) and strategic risk incidents. Reportable situations Once an incident has been identified, raised and reported by the business and/or distributors & service suppliers the incident(s) need to be categorized and managed to ensure the proper treatment. Incidents need to be considered singularly and, as part of a group in case of an emerging trend or theme. Compliance incidents need to be considered in context of the reportable situations regime. In addition, they must be considered in context of all financial services laws, privacy laws and Code (where relevant) and the separate reporting regime that applies for APRA insurers, the privacy notifiable breaches scheme and the relevant industry Codes. The reportable situations regime arises under Section 912DAA Corporations Act (also refer RG 78). There are 3 types of reportable situations for general insurance: (a) breaches or ‘likely breaches’ of core obligations that are significant; (b) investigations into breaches or likely breaches of core obligations that are significant; (c) additional reportable situations. What does significant breach mean? There are two ways to determine whether a breach is significant: (a) Deemed significant breaches: In certain situations, a breach or likely breach of a core obligation is taken to be significant; Generally speaking a breach is deemed significant if it is a civil/criminal penalty breach however […]

The use of technology in general insurance is increasing at a cautious pace due to the perceived lack of regulatory guidance or guardrails. APRA guardrails In respect of the General Insurance industry, it’s more likely that APRA will shape the governance for the use of technology rather than ASIC. Having said that, the influence of ASIC will continue to be significant at the operational level especially for Insurance brokers. We have already seen the influence of CPS 234 (Information security) on the industry & moreso with CPS 230 (Operational risk). APRA regulated insurers are responsible for their service suppliers therefore the Prudential Standards result in a cascading effect leading to industry change for Insurers and their Underwriting Agencies, TPAs and other service suppliers. A similar situation exists for Lloyds coverholders due to UK regulations and governance applying to Lloyds underwriters. ASIC recently released REP 798 Beware the gap: Governance arrangements in the face of AI innovation (29th October 2024). ASIC reviewed how 23 AFS licensees and credit licensees are using and planning to use artificial intelligence, how they are identifying and mitigating associated consumer risks, and their governance arrangements. The report outlines the key findings from that review. ASIC commented but on the whole, the way licensees used AI was quite cautious in terms of decision making and interactions with consumers: AI generally augmented rather than replaced human decision making and there was only limited direct interaction between AI and consumers. From a regulatory compliance perspective, the blending of human expertise and technology efficiency appears to be the sensible approach in the short to medium term. As a rule of thumb, the more severe the consequences of non-compliance, the higher involvement of people in technology driven processes and decision-making. The theme from ASIC’s report was that the (t)he maturity of governance and risk management did not always align with the nature and scale of licensees’ AI use (finding 7). This supports an APRA driven approach for governance. Start with insurers and allow the changes to cascade downstream to service suppliers and throughout the industry. Regulations are technology neutral It’s important to note that financial services laws are technology neutral. The AFSL general obligation to provide financial services ‘efficiently, honestly and fairly’, does not care whether human or technological means are used to provide the financial services, provided the overarching obligation is met. This is supported by the AFSL adequate resources general obligation, requiring AFS Licensees to have adequate resources (that is, the adequacy of human, technological and financial resources) to provide the financial services. This requirement does not apply to APRA regulated insurers as their obligations in this respect are covered by Prudential Standards such as CPS 234 and 230. Technology and the law – General insurance: where to start? The starting point should be Australia’s AI Ethics Principles Australia’s 8 Artificial Intelligence (AI) Ethics Principles are designed to ensure AI is safe, secure and reliable. They will help: achieve safer, more reliable and fairer outcomes for all Australians reduce […]

Change is constant – none moreso the case in General Insurance – regulatory change, upcoming Code changes, changes due to regulator reviews, Court decisions, Code compliance reviews, the list is endless, add to that internal change due to binder & capacity changes, service supplier changes and the list goes on. Large insurers manage change through project management teams & change pipelines however what do you do if your resources are limited? This article has been written for Underwriting Agencies, Lloyds coverholders, Insurance Brokers, TPAs, Service Suppliers & small to medium sized insurers who must manage regulatory change and remain compliant through the complexity created by change. 1. The importance of a compliance operating rhythm The starting point is to have a tailored to your business, Risk & Compliance Manual that describes your compliance measures and provides you with an operating rhythm to managing risk & compliance. The Manual must include your obligations (financial services laws, GI or NIBA Code, binder agreement(s), service supplier agreements etc) and the key controls that are assigned to manage the obligations. A seperate Obligations register is suitable for larger firms provided the register is referenced in the Manual including how the register is managed. 2. The source of regulatory change Your manual must identify your sources of regulatory change. They are numerous and generally include (for non-lawyers) signing up to receive email feeds from regulators such as ASIC, APRA, OAIC, Austrac, ACCC AFCA Industry Associations such as ICA, NIBA, UAC and Insurtech Australia Financial services legal firms Insurance news services me via my Linkedin posts and my monthly Newsletter Navigating Compliance in General Insurance Also be mindful of internal change or change from your business partners. 3. High level review You’ve identified the regulatory change. What next? At this stage ask 3 questions: does this change apply to General Insurance? and, if so, does this change apply to the cohort I’m part of? (brokers, underwriting agency, TPA, service suppliers, insurers); and/or will this change impact me upstream/downstream (eg a Prudential Standard or the GI Code of Practice that applies to an insurer)? If yes to these questions proceed with step 4 otherwise ignore the change. 4. Deep analysis You need to work out the impact of the regulatory change to your business. It is useful to engage with your Industry Association, peers or your risk & compliance advisor (I’m happy to assist with any queries) to understand the common approaches that are being adopted across the industry to the regulatory change. Adopting the Who, What, When, Where, Why, and How approach is useful start with ‘why’ and understand the underlying rationale and purpose of the change ‘what’ is about the details. What does the new law require me to do? ‘when’ does the regulatory change take effect? This assists in planning the runway. ‘Where’ does the regulatory change apply? eg underwriting, claims, broking ‘how’ provides the details of what you must do to comply with the new regualtory change ‘who’ does the change apply to […]

An Australian financial services licensee (Kalkine) must appoint an independent compliance consultant to address ASIC concerns that the Kalkine’s customer service representatives were giving unlicensed advice. (refer ASIC Media Release 25-085MR) New licence conditions have been imposed on the Kalkine’s licence to ensure compliance with its obligations as an AFS licensee. These conditions require Kalkine to engage a consultant to review, assess and report to ASIC whether Kalkine’s interactions with its customers are compliant and its supervision mechanisms are adequate. ASIC had concerns that: Kalkine’s representatives, who are based in India, may have provided personal advice as part of the sale of subscription services when Kalkine’s AFS licence only authorised it to provide general financial product advice, Kalkine’s representatives may have misrepresented to customers the kind of advice being given, by qualifying this as general advice but leaving customers with the impression that the advice was directed to their own personal circumstances, Kalkine failed to do all things necessary to ensure that the financial services covered by its AFS licence were provided efficiently, honestly and fairly including but not limited to ensuring the advice being given by its representatives was appropriate and within the scope of its licence, and Kalkine’s processes to ensure that its representatives were complying with the law when interacting with consumers were inadequate. Westpac case and personal advice The High Court in Westpac Securities Administration Ltd v Australian Securities and Investments Commission [2021] HCA 3 held that WSAL and BTFM breached the Corporations Act by providing personal financial product advice in calls made to 14 customers. Neither company was licensed to provide personal financial advice. The decision of the High Court clarified the difference between general and personal advice for consumers and financial services providers. ASIC Commissioner Danielle Press said (ASIC Media Release 3 February 2021), ‘The High Court has provided clarity concerning the differences between personal advice and general advice. Westpac were actively conducting a sales campaign aimed at rolling customers into Westpac products under the banner of general advice.’ In the judgment, Justice Gordon reinforced that s766B(3) of the Corporations Act, which outlines the meaning of general and personal advice, ‘is directed to the protection of the retail client’ and clarified that ‘[…] the general advice warning must be assessed in light of all the circumstances. The general advice warning was given only once, at the beginning of the telephone conversation. Members were subsequently asked directly about their personal objectives. Members were not encouraged to seek personal advice before deciding whether to accept the rollover service.’ Key compliance takeaways A General Advice Warning does not make the advice provided general advice. It is substance over form When you are giving general advice to a client, in addition to giving a general advice warning, it is good practice to take reasonable steps to ensure that the client understands upfront that they are getting general advice and not personal advice. You should take reasonable steps to ensure that the client understands that you have not taken […]

AFS Licensed insurers, underwriting agencies, TPAs (insurance claim managers), general insurance brokers and claimant intermediaries must comply with the general obligations set out in Section 912A(1) Corporations Act. You must have measures for ensuring you comply with your obligations ASIC uses the expression ‘measures’ or ‘compliance measures’ to refer to your processes, procedures or arrangements for ensuring that, as far as reasonably practicable, you comply with your obligations as a licensee, including the general obligations (see RG 104.23-24). ASIC expects you too: (a) document your measures in some form; (b) fully implement them and monitor and report on their use; and (c) regularly review the effectiveness of your measures and ensure they are up to date Tip: For most licensees (other than APRA regulated insurers) a single, tailored (describing your business and your products/services & your obligations; & how these are managed), Risk & Compliance Manual is sufficient. The Manual should also include governance & breach management. Contact me for assistance. What are the general obligations? the financial services covered by the licence must be provided efficiently, honestly and fairly In INFO 253 ASIC provides insights into what this obligation means in context of claims handling & settling services. The principles can be provided to sales & underwriting. providing the financial services in a timely manner including meeting time frames and standards in the GI Code of Practice or Insurance Brokers Code of Practice providing the financial services in the least onerous and intrusive way possible providing the financial services fairly and transparently, and in a way that supports consumers, particularly ones who are experiencing vulnerability or financial hardship 2. have in place adequate arrangements for the management of conflicts of interest This means identifying conflicts of interests and managing them by: disclosure controlling (through key controls); and avoiding. All conflicts (& there management) should be included in a conflicts of interest register with training provided to employees and other representatives. 3. comply with the conditions on the licence The conditions on your AFS licence reinforce some of the general obligations, so breaching a licence condition will sometimes also be a breach of the general obligation that the condition relates to. You must have measures in place to manage your licence conditions including, for example, a key person requirement condition or for insurance brokers the use of restricted broker terms. 4. comply with the financial services laws Financial services laws is a wide concept and in addition to Corporations Act & ASIC Act includes any other Commonwealth, State or Territory legislation that covers conduct relating to the provision of financial services (whether or not it also covers other conduct), but only in so far as it covers conduct relating to the provision of financial services. Financial services laws therefore relevantly includes: Insurance Contracts Act, Insurance Act and other Acts applying to APRA regulated insurers and the Privacy Act. 5. take reasonable steps to ensure that its representatives comply with the financial services laws This obligation requires licensees to train and […]

General insurance products are excluded from the conflicted remuneration obligations in respect of monetary or non-monetary benefits. However, from 9th July 2025, where personal advice is provided, or is likely to be provided, on general insurance products, the exclusion for monetary benefits only applies if the client’s informed consent to the monetary benefit has first been given. Refer: Corporations Act s963B(1)(a), s963BB, s963C(1)(a), and reg 7.7A.12G. Also refer ASIC RG 246 and INFO 292. what are the requirements? If you are a general insurance broker holding an AFS licence (or an [authorised] representative of a licensee) that receives monetary benefits (e.g. commissions) in connection with issuing or selling general insurance to a retail client while providing, or being likely to provide, personal advice to that client, you must: – obtain the client’s informed consent to receive the benefit before the insurance is issued or sold; – have the client’s written consent (or a copy of it), or a written record of any verbal consent that the client gave, and – as soon as practicable after the client provided informed consent, give the client a copy of the written consent, or a copy of the written record of the client’s verbal consent what does this mean in practice? The informed consent requirement applies to monetary benefits received by brokers from insurers (including underwriting agencies & Lloyds coverholders) given in connection with general insurance issued or sold after 9th July 2025 (including renewals after that date). if a broker is an authorised representative, the obligation applies to you in your capacity as an authorised representative. personal advice is financial product advice where the broker has considered one or more of the clients objectives, financial situation and needs or a reasonable person might expect the broker to have considered one or more of those matters. All other financial product advice is general advice. The informed consent requirement does not apply to monetary benefits given in connection with insurance issued or sold by AFS licensees and representatives if only general advice is provided or likely to be provided. If the situation involves both general advice and personal advice, the informed consent requirement applies to these benefits. The informed consent requirement does not apply to the giving of non-monetary benefits (e.g. education and training) to AFS licensees or representatives in connection with issuing or selling insurance. Note that AFSL general obligations ‘efficient, honest & fair’ and ‘conflicts of interest’ would apply to these arrangements especially if they are used to ‘disguise’ otherwise commission payments. This would also be misleading or deceptive conduct. If you are paid a monetary benefit without obtaining informed consent from your client, the monetary benefit you receive will breach the ban on conflicted remuneration. The consequences of breaching this ban could include a civil penalty, a banning order, or AFS licence suspension or cancellation. what must be provided to the client before they provide informed consent? Before a client can provide informed consent, you must disclose the following information to them: […]

‘Documentation helps you demonstrate whether or not you are complying with the general obligations.’ – ASIC RG 104.26 Insurers, underwriting agencies, TPAs, Lloyds coverholders, insurance brokers and claim service suppliers have a myriad of obligations to comply with. Compliance with your obligations, through your processes, procedures, systems and people are collectively known as your ‘compliance measures‘. Your compliance measures, together with your governance mechanisms, should work as an operating rhythm that manages your obligations in a systematic manner, incorporates changes, evolves as your business grows and responds to the external environment. The Risk & Compliance Manuals that I design and are tailored for my general insurance clients achieve this purpose, through the following: 1. Identifying the source of your obligations The source of your obligations are defined by: Who you are ? – an APRA regulated insurer holding an ASF Licence and who subscribes to the GI Code has different obligations to a NIBA insurance broker who is an authorised representative of a Licensee. Who do you act on behalf of? an underwriting agency or material service provider acting on behalf of an insurer or an insurance broker acting on behalf of a client? What do you do? – provide financial advice, issue general insurance products, provide a claims handling service or are a claims service supplier to an APRA regulated insurer How do you do it? – do you distribute direct or through brokers, do you sell through human interaction or automated processes, do you provide claims under your licence or through a TPA? Who are your clients? – retail or wholesale clients , consumer insurance contract or other insurance contracts. standard form contracts 2. Capture your obligations For my smaller-medium sized clients I capture obligations within their Risk & Compliace Manual, providing a single source document. Larger clients usually have a stand-alone obligations register. The manual or register should also include the source of the obligations (e.g., Section 912A(1)(a) Corporations Act or paragraph 21 GI Code of Practice), this enables the reader to deep-dive into the actual obligation when required. 3. Assign key controls This is the heart of ensuring your compliance measures are adequate. Key control(s) are assigned to each obligation, so that the obligation is managed within risk appetite. The focus of the Board, Senior Managers and Risk & Compliance Committee now shifts from the numerous obligations to a suite of more manageable key controls. 4. Test your key controls A key control that is not periodically tested is no control. Testing should incorporate (1) design effectiveness – is it fit for purpose? and (2) operational effectiveness – is it operating as intended? Gaps must be identified, reported and closed out in a timely manner. The gaps must be assessed for regulatory or Code breaches. You must have a control testing program. 5. Monitoring and reviewing your compliance measures Your compliance measures must be monitored on an ongoing basis. An effective risk & compliance operating rhythm generates data – incidents, complaints, control testing, file reviews, attestations, […]

The obligation One of the general obligations for AFS Licensees under Section 912A(1) Corporations Act is the ‘organisational competence obligation’. s912A(1)(e) ASIC assesses your compliance with this obligation by looking at the knowledge and skills of the people who manage your financial services business. ASIC refer to these people as your ‘responsible managers’. (refer RG 105) This is on ongoing obligation therefore it is important that your compliance measures, including how you comply with your obligations, are documented. How many responsible management should we nominate? At a minimum, you need to nominate responsible managers who: (a) are directly responsible for significant day-to-day decisions about the ongoing provision of your financial services; (b) together, have appropriate knowledge and skills for all of your financial services and products; and (c) individually, meet one of the five options for demonstrating appropriate knowledge and skills (refer Table 1 of RG 105). If you have a responsible manager with appropriate knowledge and skills for some, but not all, of your financial services or products, you need to ensure that your other responsible managers have appropriate knowledge and skills for the remaining services and products. The number of people you need to nominate as responsible managers will depend on the nature, scale and complexity of your business. However, ASIC expects that you will nominate at least two responsible managers. If you are heavily dependent on the competence of one or two responsible managers (e.g. in a small organisation with one or two principals), ASIC will generally impose a ‘key person’ condition on your AFS licence. Telling ASIC about your responsible managers You must demonstrate your organisational competence when you apply for an AFS licence. You may also need to demonstrate your organisational competence if you later apply to vary your licence authorisations. When you apply for an AFS licence, or to vary your licence authorisations, you must nominate your responsible managers in your application and answer questions about their role, training and experience, and which of the five options in they meet. You must also support your application with a ‘core proof’ demonstrating that your responsible managers: (a) individually meet one of the five options for demonstrating appropriate knowledge and skills; and (b) together have appropriate knowledge and skills to cover all of your financial services and products You must advise ASIC within 10 Business Days when you remove or add a responsible manager, refer the following link Changing your responsible managers If the responsible manager you are changing is named on your AFS licence as a key person, you must also apply to vary the key person condition on your licence. (Form FS03) If you need assistance with adding/removing responsible managers or varying your AFS Licence conditions, contact me. Obligations of a responsible manager The obligation for organisational competence applies to the licensee not the responsible manager with civil penalties applying for non-compliance however responsible managers may be subject to banning or disqualification orders for failing to fulifill their duties. The following cases are relevant […]

In its preamble, The Insurance Contracts Act is, an Act to reform and modernise the law relating to certain contracts of insurance so that a fair balance is struck between the interests of insurers, insureds and other members of the public and so that the provisions included in such contracts, and the practices of insurers in relation to such contracts, operate fairly, and for related purposes The Act provides the foundation of insurance: the Utmost Good Faith, and for consumer insurance contracts ‘the insureds duty to take reasonable care not to make a misrepresentation.’ The powers that ASIC has under the insurance Contracts Act add significant weight to ASIC’s enforcement tool-kit and their already far-reaching enforcement powers under the ASIC Act & Corporations Act. ASIC responsible for general administration of Act The Insurance Contracts Act (Act) is one of several financial service laws referenced in section 912A(1) Corporations Act. AFS Licensees must: comply with the financial services laws (s912A(1)(c)); and take reasonable steps to ensure that its representatives comply with the financial services laws (s912A(1)(ca)) Powers of the ASIC (section 11B) ASIC’s powers are set out in Part IA of the Act. ASIC has the general administration of the Act (s11A) ASIC has power to do all things that are necessary or convenient to be done in connection with the administration of the Act and, without limiting the generality of that power, has power: (a) to promote the development of facilities for handling inquiries in relation to insurance matters; (b) to monitor complaints in relation to insurance matters (note that this is in addition to Corporations Act and enforceable paragraphs of RG 271); (c) to liaise generally with other persons or bodies having a responsibility to deal with inquiries, complaints and disputes concerning insurance matters (such as Code Governance Committee and AFCA); (d) to review documents (including documents promoting particular kinds of insurance cover) issued by insurers (such as PDS, TMD, key fact sheets etc) and given to ASIC in compliance with section 11C; (e) to review particulars, statistics and documents given to ASIC in compliance with section 11D; and (f) to monitor legal judgments, industry trends and the development of community expectations that are, or are likely to be, of relevance to the efficient operation of the Act; and (g) to promote the education of the insurance industry, the legal profession and consumers as to the objectives and requirements of the Act. Supervisory powers—ASIC may obtain insurance documents (section 11C) 1) ASIC may, for any purpose connected with the general administration of the Act , require an insurer within 30 days (following ASICs written notice) provide: (a) documents specified in the notice relating to insurance cover provided, or proposed to be provided, by the insurer; or (b) documents relating to insurance cover of a kind specified in the notice provided, or proposed to be provided, by the insurer. Non compliance without reasonable excuse is a strict liability offence. Supervisory powers—ASIC may review administrative arrangements (section 11D) ASIC may, require an insurer to give to ASIC, within 30 days of receipt of […]

As Tropical Cyclone Alfred approaches Queensland & Northern NSW, it is appropriate for general insurers, underwriting agencies, brokers, insurance claim managers and service suppliers to consider how the GI Code of Practce (Code) responds to Catastrophes. Firstly, for consumers the ICA has advised, where possible, to prepare, residents should: Clear their property and gutters from loose material that possibly cause injury or damage during extreme winds or heavy rain, including moving outdoor furniture and pool accessories Secure boats or vehicles and move their car under cover Place important documents and valuables in plastic bags or other waterproof containers and put in a safe place Check your emergency kit is ready and nearby Insurance disaster response specialists are on standby, and the Insurance Council is liaising with the State Government, Queensland Reconstruction Authority and the National Emergency Management Agency in preparation. Code overarching obligations Insurers & their Distributors and Service Suppliers will be honest, efficient, fair, transparent and timely in dealings with customers. This is the Code’s overarching obligation to consumers and continues during Catastrophes (paragraph 21) Fast-tracking urgent claims Where an event (for example, a natural disaster) caused an insured to be in urgent financial need of the benefits they are entitled to under the policy, insurers we will do either or both of the following: fast-track both the insurers assessment of the claim and the process followed to make a decision about the claim; pay an advance amount to help ease an urgent financial need — insurers will do this within 5 Business Days after demonstration of an urgent financial need. If the insured is not happy with the insurers response to a request about urgent financial need, then the insurer must tell the insured about their Complaints process. (paragraphs 64-66) Claims for total loss When an insured has suffered a total loss, the insurer and Service Suppliers will treat the claim with sensitivity. If the claim has been accepted for a total loss under a home building and home contents insurance policy and the insured is unable to provide proof of ownership for the relevant insured property because it was lost in or damaged by the insured event (and ownership is clear) insurers will not: require proof of ownership; or require a list of insured property that was lost or damaged. (paragraph 80) Responding to Catastrophes Insurers will respond to Catastrophes efficiently, professionally, practically and compassionately. Insurers will co-operate and work with the Insurance Council of Australia on industry coordination and communications under the Insurance Council of Australia’s industry Catastrophe coordination arrangements. If an insured has a property claim resulting from a Catastrophe and the insurer has finalised the claim within 1 month after the Catastrophe event causing the loss, the insured can request a review of the claim if they think that assessment of the loss was not complete or accurate, even though a release was signed. Insureds have up to 12 months from the date of finalisation of the claim to ask for a review of […]

The key to successfully managing your compliance obligations is to ensure that all your people are on the same page – this requires a consistent, documented approach to compliance & training. Your people includes employees, authorised representatives, distributors and service providers acting on your behalf. General Insurance Obligations AFS Licensees must ensure that its representatives: comply with the financial services laws; & adequately trained (including by complying with the CPD provisions), and are competent, to provide those financial services Subscribers to the GI Code of Practice must: ensure Employees and Distributors to receive appropriate education and training; that claim Service Suppliers and their employees are qualified by education, training or experience Insurance brokers under the Brokers Code of Practice must: ensure all of their employees, agents and representatives receive appropriate education and training to provide their services competently; and receive training on the Code at least once every year. It is obvious from the above that the training and competency obligations are specific and must be documented to demonstrate evidence of compliance. Compliance training To often I observe that organisations simply mandate that their employees and others acting on their behalf must undertake xx number of hours each year or achieve 20/25 CPD or CIP points. This requirement, of itself, does not comply with your Code or financial service laws obligations. The training must be relevant & cover financial service laws, Industry Codes and your general insurance products and services. Key principles The training must be conducted during induction and at least annually. That is there is a regular, systematic approach to training The training must cover the financial service laws, the relevant Industry Code and the products and services being provided by your business Training must be recorded in a register (for Licensees, this is a regulatory requirement Responsible Managers should undertake specific training designed for responsible managers Compliance measures should be documented in a tailored, fit-for-purpose & easy-to-read manual and compliment the training. (Contact me for assistance) Your people need constant reminding about raising incidents & complaints through FAQs, standing meeting agenda items, attestations etc. This ensures training is put into practice Use breach investigations and quality assurance activities as an oportunity to provide refresher training when gaps are identified The training should use business case studies and scenarios and test understanding

AFS Licensees must have in place adequate arrangements for the management of conflicts of interest that may arise wholly, or partially, in relation to activities undertaken by the licensee or an employee, authorised representative or any other person acting on behalf of the licensee. (section 912A(1)(aa) Corporations Act. ASIC notes the underlying principles for this obligation (refer RG 181.13 and 181.14): Adequate conflicts management arrangements help minimise the potential adverse impact of conflicts of interest on clients. Conflicts management arrangements thereby help promote consumer protection and maintain market integrity. Without adequate conflicts management arrangements, licensees whose interests conflict with those of the client are more likely to take advantage of that client in a way that may harm that client and may diminish confidence in the licensee or the market. and Having adequate conflicts management arrangements should also help a licensee ensure that the quality of their financial services is not significantly compromised by conflicts of interest. The quality of a service is significantly compromised if the service is of materially lesser quality than the licensee would have been likely to provide if they were not subject to the relevant conflict of interest Examples of Conflicts of Interest in General Insurance Typical examples include: having a family or personal relationship with a client. Such as a family member holding an insurance policy with your company and making a claim on that policy and you are an underwriter/claims handler at that company or your partner works at an insurance broker with whom your company does business with; having an interest in a service supplier who provides services to your business; receiving confidential non-public information (as a broker or underwriter) about an insured who is an ASX listed company and using that information to trade on the stock exchange prior to any public disclosure by the ASX listed company or informing another person who subsequently trades (insider trading); brokers (when acting on behalf of an insured) receiving commissions, profit share or other monetary arrangements or non-monetary benefits from an insurer such as IT systems, training, marketing etc; Acting on behalf of an insured in a third-party claim where indemnity made be declined in full or in part or acting on behalf of 2 or more insureds in the same insurance claim; Brokers acting for 2 or more clients who are looking (or have) to enter into a contractual relationship; Underwriters or brokers with aggressive sales targets based on volumes without any counter-balancing metrics; receiving gifts, benefits, gratuities or entertainment from a provider; brokers or service suppliers having equity in an insurer or underwriting agency; and being a director on a board of a client. Retail or wholesale clients A licensee’s obligation to manage conflicts of interest does not depend on whether its clients are retail or wholesale. Licensees must have adequate arrangements to identify and manage all conflicts of interest (other that those that occur wholly outside a licensee’s financial services business), whether they relate to retail clients or wholesale clients. Licensees […]

Brokers generally place business with Insurers and Lloyds underwriters authorised under the Insurance Act (sections 12 and 93 respectively). This includes a foreign general insurer who is authorised under section 12 of the Act. The purpose of being APRA authorised to carry on insurance business in Australia is to protect our local market and policyholders. There are inherent protections in the Insurance Act and through the Prudential Standards issued by APRA. This protection flows through to an Underwriting Agency or Lloyds Coverholder who act on behalf of an APRA regulated insurer (including Lloyds underwriters). Additional consumer protection arises under financial service laws. When can an Insurance Broker place business with an Unauthorised Foreign Insurer (UFI)? Our laws recognise that the Australian market relies on the global insurance market to adequately meet the needs and requirements of Australian businesses, hence there is a mechanism available to use an UFI (or DOFI) in certain circumstances. Section 3A of the Insurance Act and the Insurance Regulations 2024 provide 4 exemptions: High-value clients; Insurance for atypical (or unusual) risks; Insurance required by foreign law; and Risks that cannot be reasonably placed in the Australian market. High-value clients A person is a high‑value insured at a time (the test time) in a financial year if: (a) the average of the person’s Australian operating revenue for the 3 previous financial years is at least $200 million; or (b) the average of the person’s gross Australian assets for the 3 previous financial years is at least $200 million; or (c) the average of the person’s number of Australian employees for the 3 previous financial years is at least 500. Insurance for atypical (or unusual) risks This exemption applies to a contract of insurance if each risk insured under the contract is a risk of any of the following: (a) loss or liability arising from the hazardous properties (including radioactive, toxic or explosive properties) of nuclear fuel, nuclear material or nuclear waste; (b) loss or liability arising from the hazardous properties of biological material or biological waste; (c) loss or liability arising from war or warlike activities (within the meaning of theInsurance Contracts Regulations 2017); (d) loss or liability arising from a terrorist act (within the meaning of section 100.1 of theCriminal Code); (e) liability arising from health‑care related research; (f) loss of, or liability arising from the operation of, a space object (within the meaning of theSpace (Launches and Returns) Act 2018); (g) liability arising from the ownership or operation of an aircraft (but not loss of the aircraft or its cargo); (h) liability and expenses arising from a person owning, chartering, managing, operating or being in possession of a vessel other than a pleasure craft (within the meaning of subsection 9A(2) of theInsurance Contracts Act 1984); (i) loss or liability arising from equine mortality or fertility and related risks. However this does not apply to Equestrian packages (as defined in the Reg); (j) loss or liability incidental to a loss or liability mentioned in paragraphs (a) to (i). Insurance required by foreign law If a law of a foreign country requires that the […]

The obligation (also refer RG 105) If you are an AFS licensee, you must maintain the competence to provide the financial services covered by your AFS licence: see s912A(1)(e) of the Corporations Act. ASIC refers to this obligation as the ‘organisational competence obligation’. This is because this obligation requires you to be competent at the organisational level. You need to nominate responsible managers who: are directly responsible for significant day-to-day decisions about the ongoing provision of your financial services; together, have appropriate knowledge and skills for all of your financial services and products; & individually, meet one of the five options for demonstrating appropriate knowledge and skills (Table 1 RG 105). If you breach or are likely to breach the organisational competence obligation, you may need to notify ASIC of that breach: see s912DAA. Nominating responsible managers The people you nominate as responsible managers must have direct responsibility for significant day-to-day decisions about your financial services. In context of general insurance; together, your responsible managers must have the skills & knowledge in: providing financial product advice or general advice only; and/or dealing in a general insurance product, including (a) issuing [typically insurers or underwriting agencies] or (b) on behalf of another person [typically insurance brokers]; and/or claims handling and settling services (a) by an insurer or acting on behalf of the insurer [typically underwriting agencies or insurance claim managers] or (b) on behalf of the insured [claimant intermediaries]. The number of people you need to nominate as responsible managers will depend on the nature, scale and complexity of your business. However, ASIC expects that you will nominate at least two responsible managers. If you are heavily dependent on the competence of one or two responsible managers (e.g. in a small organisation with one or two principals), ASIC will generally impose a ‘key person’ condition on your AFS licence Tips to assist in meeting your personal obligations As a responsible manager you need to stay across the business operations. I provide the following practical advice to my clients: all responsible managers should work together as a team, regularly meeting to exchange views and observations and share concerns receive regular risk & compliance dashboard reporting – complaints, incidents & breaches, QA & audit outcomes, control breakdowns, breach remediation & rectification updates, control testing outcomes, risk profiles & training completion keep across industry issues such as AFCA complaints & regulatory and Code reviews engage with the internal risk and compliance committee, CRO, directors , management & extrenal auditors be curious – ask questions look behind the data, what is it telling you? A lack of data is not healthy the effectiveness of your compliance arrangements and monitoring program to meet licence, regulatory and Code obligations the adequacy of your incident & breach reporting and dispute resolution systems. Notifying ASIC of changes to your responsible managers You must advise ASIC within 30 business days of adding or removing a responsible manager. You need to complete the relevant sections of Form FS20 and lodge it […]

It can be difficult for insurers, underwriting agencies, insurance brokers and other distributors to consistently meet compliance obligations to customers especially when processes are not automated. A simple way to think about compliance obligations is to align them to the customer journey. This can be reduced to a 1 page ready-reckoner for all sales staff, account executives, business development managers & authorised representatives. Pre-appointment or pre-purchase During this stage of the customer journey the customer is considering their insurance needs and may engage an insurance broker or shop around online Insurance brokers, who are NIBA members and subscribe to the Insurance Brokers Code of practice, must provide a Terms of engagement to a prospective client who agrees to engage the broker. Underwriting Agencies or Insurers selling direct must not engage in misleading or deceptive conduct, whether through their website, advertising or otherwise & comply with the hawking prohibitions in respect of retail clients. These obligations also apply to Insurance Brokers Referrers ofAgencies, Insurers or Brokers can only ‘refer’ the client to the financial service provider and must disclose any payment for the referral. All licensees & ARs must be efficient, honest & fair when providing their financial services. Insurers and their distributors, under the GI Code, must be honest, efficient, fair, transparent & timely in all dealings with the customer. NIBA Insurance Brokes must act honestly and with integrity in all dealings with clients under the Insurance Brokers Code. All staff must be trained and competent to provide the financial services. Purchasing general insurance products Before providing the financial services, a licensee or authorised representative must provide a FSG , if the services are to be provided to a Retail cleint. Having said that, its best practice to provide a FSG to all clients. Before providing any financial product advice, a general advice warning must be provided to a retail client if providing general advice and brokers providing personal advice must be aware of the modified best interest duty for general insurance & provide a Statement of advice for sickness & accident insurance. In addition for retail product distribution, insurers and Agency’s must ensure that a TMD is available, usually on their website, and the direct sales process is aligned to the TMD. Brokers must ensure they distribute the insurance products in accordance with the TMD. The sales process Where relevant, the deferred sales-model for add-on insurance must be complied with where an insurance product is sold or offered for sale at the time of purchasing a primary product and an insurance product exemption does not apply. At the start of the sales process the underwriting agency or insurer must determine whether the general insurance product is a consumer insurance contract, if so, the insured’s duty to take reasonable care not to make a misrepresentation applies otherwise the duty of disclosureapplies. Brokers should note to take care when commencing renewal activities to clarify with the agency or insurer whether the product is being treated as a consumer insurance contract (in […]

I was talking to my ‘coffee guy’ at my local cafe this morning (he is also a small business owner) about how well my compliance business is travelling and he commented, ‘it’s because you love what you do.’ As I was walking back home, sipping my coffee (pure bliss), I reflected on his comment and how it aligned to my compliance mantra; the purpose of compliance is to ‘protect what matters’. Protecting what matters Compliance is about placing ‘what matters’ at the heart of everything we do & building layers of protection around that heart. What matters? Our customers & clients, our people, our business, our business partners & stakeholders and the wider community. The pillars of compliance provide the foundation for the layers of protection, the 4 pillars of compliance are: Governance & frameworks People & culture Procedures & process Systems & reporting each of these 4 pillars work together to provide robust compliance arrangements. Protecting what matters, is designed on a fortress of layers of protection: Compliance arrangements People Monitoring program Culture The Compliance model for General Insurance is represented diagramatically: The importance of people As you will observe from the Compliance Model, people are critical to the strength of the Compliance Model. People include employees, directors, authorised representatives, service suppliers & fulfillment providers. Anyone who is providing the financial services on your behalf. We need people to: identify and self-report incidents and complaints quickly; follow process and procedures (doing the right thing); meet their continual development training requirements; understand the obligations that apply to their business area; test the controls that manage the obligations applying to their area; genuinely care about protecting the business, customers, colleagues and partners; close out gaps identifed through reviews, monitring and audit activties; and generally be compliance-focused Simply, without people, the Compliance model collapses and harm & detriment results: complaints & breaches increase regulator scrutiny of the business intensifies business partners raise issues and concerns customers are impacted management time is lost focusing on customer remediation and rectification reputational & financial impacts are felt the risk of civil penalties naming & shaming the risk of banning & dsqualification the risk of product stop orders Simply, trust is eroded The test of ‘engaged people’ A simple test of whether your people are truly engaged in compliance is to look at your registers: incidents, breaches, complaints, conflicts, training etc . Are they well populated, indicating that people are engaged taking an active role in compliance, and compliance is part of what we do around here, or are they empty or contain a small number of entries? Do people actively attend compliance training? Do people actively close out issues ahead of time? Do people view compliance as an addition to their role or as part of their role? Do leaders talk about the importance of compliance in the same tone & passion as when they talk about their family and other things they love, care about & want to protect? Connecting the heart with the […]

Governance is a system that provides a framework for managing organisations. It identifies who can make decisions, who has the authority to act on behalf of the organisation and who is accountable for how an organisation and its people behave and perform. A simple illustration of good governance is the doctrine of the separation of powers. The doctrine of the separation of powers divides the institutions of government into three branches: legislative, executive and judicial: the legislature makes the laws; the executive puts the laws into operation; and the judiciary interprets the laws. Governance is about the time you dedicate to working ‘on’ your business, rather than ‘in’ it. This includes all the checks and balances you put in place to ensure your business runs smoothly, meets its objectives, stays out of trouble and protects the things that matter (your business, people, customers, business partners and other key stakeholders). The elements of Governance for General Insurance A system of good Governance comprises the following elements: A framework approach – frameworks provide a system of consistency of approach ensuring that an operating rhythm is created for risk & compliance. A framework ensures that the risk & compliance measures of a business evolve as the business grows & adapts to internal & external change. Roles and responsibilities – clarity and accountability of who does what is important – ‘doing, monitoring and oversight’ require seperate & independent people, boards or committees with a specific focus and purpose (documented through position descriptions and charters). Examples of roles & responsibilities in insurance include directors, officers, responsible persons (FAR), responsible managers (AFSL) and fit & proper people (AFSL). Aligned to roles and responsibilities is delegated authority, the 3 lines of defence model & reporting lines. Delegated authorities – the key to DA is the source of ultimate authority. Typically this will be the Board, SOOA (for foreign insurers) or business owner(s). Authority provides a mechanism to manage decision-making. Authorities (underwriting, claims, financial, strategy etc) are linked to experience, skills and knowledge therefore ensuring decisions are being made by the appropriate people. The key to delegated authority is that you can’t give (authority) what you don’t have. 3 lines of defence model – conceptually, the 3 lines of defence model continues to be the fundamental cornerstone of good governance across general insurance. The 1st line, typically business operations, manages risk & compliance, the 2nd line provides frameworks, oversight, monitoring and advice while the 3rd line is Internal Audit. Significantly APRA Prudential Standards create the role of the Auditor with reporting obligations to the Board and seperate & disctinct obligations to APRA ensuring a degree of independence. The key to the 3 lines of defence model is based on the the doctrine of the separation of powers – each line is seperate to and with a degree of independence from the other lines. Reporting lines – it’s critical that organisation structures and reporting lines enable unfettered ability to perform work and discharge responsibilities. For example, 2nd line risk […]

The white noise associated with APRA Prudential Standard CPS 230 in connection with material service providers has tended to distract from the benefits of CPS 230. It should be remembered that CPS 230 includes an amalgamation of 2 existing prudential standards: CPS 231 Outsourcing; and CPS 232 Business continuity management With effect from July 2025, outsourcing and business continuity management for general insurers will be governed by CPS 230. CPS 230 requirements only apply to General Insurers who are authorised by APRA under section 12 of the Insurance Act. However, CPS 230 and the asssociated Prudential Practice Guide CPG 230 (PPG CPG 230) provides very useful guidance and information for anyone operating a business in general insurance including Underwriting Agencies, TPAs, Insurance Brokers and service providers. It should be remembered that holders of an AFS Licence must have adequate risk management systems. Business continuity and outsourcing is a critical part of risk management. Process mapping material business processes APRA expects that, in implementing CPS 230, a prudent general insurer would start with the identification of its critical operations. A general insurer would (see paragraph 2 PPG CPG 230): a) identify its critical operations (note that claims processing is a deemed critical business operation for an insurer however any other critical operation must also be identified); b) set tolerance levels for disruption of these critical operations; and c) identify the processes and resources needed to deliver these critical operations, including material service providers. Identification of critical (or material) business operations is a very sensible starting point. Business continuity steps As mentioned, business continuity not only applies to general insurers and is relevant for Underwriting Agencies, TPAs, Insurance brokers and anyone providing general insurance products or services. Here are some simple steps to get you started: Identify, at an enterprise level, material business activitiessuch as distribution, underwriting, claims, broking, complaints, information management, marketing etc for each of the material business activities, map out the end-to-end, 5-10 key sub-activitiesthat combined, enable the material business activity to be delivered. As an example, think about the end-to-end process for claims: FNOL, assessment, claim decision etc consider each of the sub-activities in terms of people, IT, process, outsourcing & information (collectively resources). This provides a matrix of sub-activities x resourcesneeded to deliver your material business activities. This information alone provides very useful insights into managing your business and business risks. Consider the tolerance level for each of the sub-activities in the event of a disruption to any of the identified resources. Tolerances should be set based on (refer PPG 230 paragraph 32): – the impact on customers and other stakeholders of a disruption; – the financial and reputational impact on your business from a prolonged or material disruption; – the financial and reputational impact on the broader financial system, including any flow-on effects or contagion; – legal or regulatory requirements; and – recovery objectives. Factors to consider when setting tolerances include (refer Table 4 PPG CPG 230): (i) the maximum allowable disruption period; (ii) the minimum […]

Compliance never sleeps however it may slow down while we take a well-deserved break. How do you kick-start compliance to ensure that compliance is protecting what matters – your business, people, customers, business partners and other key stakeholders? There’s a few simple steps that you should take. Incidents are a critical source of information including as an early-warning system for potential breaches, its important that staff, authorised representatives and material service providers are reminded of their obligations to raise and report incidents. This could be as simple as an email with a FAQ, checklist, link to the incident management system etc and through leader-led team meetings complaints go hand-in-hand with incidents as a critical source of information and business continual improvement in addition to meeting obligations under RG 271 and Code. A quick refresher to staff and representatives in combination with incidents is all that is needed to get complaints back to front-of-mind. Storm season, most teams are returning to full resourcing during the middle of storm season in Australia therefore transitioning back to sense of heightened alert is critical. A reminder of event plans at a team morning tea is a great refresher to shift minds from holiday mode to event readiness mode. This includes IDR teams and service providers. Regulatory change projects – it’s likely that CPS 230, Privacy Act amendments and other regualtory changes were paused over the break. It’s time to reignite the projects and enthuse the teams. A workshop to recap the purpose, the plan & timeframe, the successes achieved to date and what lies ahead, is an awesome way to get the wheels of the project team spinning again and moving the project ahead with a sense of urgency. Monitoring, of internal teams, authorised representatives, material service providers and any other person providing insurance services or products on your behalf is essential to ensure that onbligations are being met and that compliance measures are operating effectively to protect the business & customers. January is a great time to revisit your Monitoring program and pause to reflect on its effectiveness in meeting AFSL, Code and upcoming CPS 230 requirements. Don’t have a Monitoring Program? January is also a great time to develop and implement a tailored monitoing program (contact me for assistance) ASIC IDR data reporting, its time to submit an IDR report to ASIC for the reporting period 1 July to 31 December. A two-month submission window is now open and closes end of February. Failure to report IDR data is a reportable situation to ASIC. Contact me for assistance or read more about your IDR data reporting obligations here Training, if you are half-way through your financial year or at the end of your calendar year it’s nevertheless a good time to review how your staff are progressing with their training. It’s mandatory for AFS Licensees to maintain a training register so it should be a relatively easy exercise to see who is lagging and needs a gentle requirement about the importance of […]

Financial services relevant for general insurance are: providing financial product advice; dealing in a financial product; and providing a claims handling and settling service. Section 912A(1) Corporation Act (also refer RG 104) sets out the general obligations that a AFS licensee in general insurance must comply with: (a) A licensee must do all things necessary to ensure that the financial services covered by the licence are provided efficiently, honestly and fairly. This is a broad and overarching obligation. Generally speaking an insurer who fails to act with the utmost good faith (under the Insurance Contract Act) would also be a failure to provide the financial services efficiently, honestly and fairly. Subscribing to and complying with the standards and timeframes of the General Insurance Code of Practice or Insurance Brokers Code of Practice are typically a strong indicator of a commitment to providing the financial services efficiently, honestly and fairly (refer ASIC INFO 253). (aa) A licensee must have in place adequate arrangements for the management of conflicts of interest that may arise wholly, or partially, in relation to activities undertaken by the licensee or a representative of the licensee in the provision of financial services as part of the financial services business of the licensee or the representative. The 3 ways to manage conflicts are (refer RG 181): – disclosing the conflict; – managing the conflict through controls; and/or – avoiding the conflict (b) A licensee must comply with the conditions on the licence (c) A licensee must comply with the financial services laws. These laws include: – Corporations Act – ASIC Act – Insurance Contracts Act – Insurance Act (plus a number of other Acts applying specifically to general insurers) – Privacy Act (ca) A licensee must take reasonable steps to ensure that its representatives comply with the financial services laws. Representatives include employees or directors of the licensee or of a related body corporate of the licensee , authorised representatives and any other person acting on behalf of the licensee. This is often referred to as the ‘monitoring obligation’ and should be incorporated in a Monitoring program that also includes CPS 230 (for general insurers in context of material service providers) and under the GI Code & Brokers Code responsibilites for the conduct of employees, authorised representatives, distributors and sevice suppliers (d) A licensee must have available adequate resources (including financial (refer RG 166), technological and human resources (refer RG 104)) to provide the financial services covered by the licence and to carry out supervisory arrangements. Note that this requirement does not apply to APRA regulated insurers. General insurers authorised under section 12 of the Insurance Act (including foreign general insurers) must comply with APRA Prudential Standards such as CPS 220, CPS 230 and CPS 234 while Lloyds underwriters (authorised under section 93 of the Insurance Act) must comply with the FCA UK Prudential Standards. (e) A licensee must maintain the competence to provide those financial services. This obligation requires that the licensee must have sufficient Responsible Managers […]

ASIC’s investigation into Sanlam Private Wealth Pty Ltd (Sanlam) uncovered concerns that the AFS licensee had breached its general obligations, including by failing to adequately supervise its many authorised representatives and corporate authorised representatives. (ASIC Media Release MR 24-290) ASIC Deputy Chair Sarah Court said, ‘At one point, Sanlam had 42 CARs and 71 authorised representatives operating under its licence. Despite this, it had plainly inadequate resources and processes to ensure its diverse cohort of authorised entities complied with the law and to oversee those who used its licence to offer risky financial products to retail clients. ‘Licensees like Sanlam must have robust compliance processes that are fit-for-purpose to ensure that those who operate under their licence comply with the law and don’t place Australian investors at risk.’ Sanlam admitted to breaching its licensee obligations and provided a court enforceable undertaking to ASIC. Under section 93AA of the ASIC Act, Sanlam has offered, and ASIC has agreed to accept as an alternative to pursuing civil penalty proceedings, the undertakings. Insurance brokers Insurance brokers often use a network of authorised representatives as a viable business model. An insurance broker, as an AFS licensee, must monitor its authorised representatives and ensure they comply with financial service laws & are trained & competent. Additionally, under the NIBA Code of Practice, brokers must ensure authorised representatives comply with the Code. The undertakings to ASIC in the Sanlam case provide some useful insights for insurance brokers: Due diligence must be undertaken and continue on an ongoing basis to review the ARs’ suitability to operate under the brokers AFSL; A formalised & systematic review process must be implemented to assess whether employees and AR’s are complying with financial service laws; Informal processes and self-reporting by AR’s, of itself, is not adequate as a supervisory mechanism; Brokers must have adequate human resources directed to risk management or overseeing an effective review programme to monitor ARs (my observation – the ‘adequacy of human resources’ should be included as a standing agenda item for the brokers Risk & Compliance Committee); Brokers should develop a human resourcing plan consistent with its current and future needs; Brokers should have an adequate, documented succession plan when heavily dependent on 1 or 2 people and especially when a ‘key person’ requirement’ condition is included on their licence; Brokers must have an adequate number of Responsible Managers for the number and breadth of ARs and must devote sufficient time to effectively discharge their duties as a responsible manager; Brokers must also adequately document and implement processes to ensure they have the appropriate number of suitably qualified RMs having regard to the financial services provided, the complexity of those services, as well as the number and breadth of ARs authorised. There also needs to be an adequate and structured process to assess the ongoing suitability of its RMs. (my observation – the ‘suitability of responsible managers’ should be included as a standing agenda item for the brokers Risk & Compliance Committee) Brokers must implement a […]

Compliance in General Insurance can be complex. Over the years I have developed Paul’s ‘Rules of Thumb’, to assist simplying compliance for my clients. Naturally, when considering compliance arrangements the complete obligation needs to be considered however, the following can be adopted by front end staff as a mantra. Start with Codes – when designing compliance arrangements, start with the GI Code and/or Insurance Brokers Code. Codes go beyond the law and are customer friendly, the end result is a more dynamic and customer experience based compliance approach. It is still necessary to bring in financial service laws however starting with Codes assists in developing a customer centric approach to compliance. Align dislosures with the customer experience – aligned with Rule of Thumb 1, General Advice Warnings, FSG, PDS and many other obligations for Retail Clients have timing requirements (when to provide the notice or warning). Aligning these compliance requirements with the customer sales experience provides a more meaningful & contextual approach for front-end staff. APRA or ASIC– APRA is primarily focused on policyholder protection (carrying on insurance business in Australia) while ASIC is primarily concerned with consumer protection (carrying on a financial services business in Australia). Advice – when a sales person or distributor or broker or underwriter talks to a client/customer, assume they are providing advice. Cash Settlement Fact Sheet (CSFS) – If a PDS has been provided to a client, & that PDS states that claim settlement options include repair or replace, a CSFS will be required to be provided when settlement is to be via a cash settlement. An incident is where something has happened that wasn’t supposed to happen. The intention is for front-end staff to report as many incidents as possible. A trained person can then filter/triage as necessary. A complaint is where a customer is not satisfied with an outcome. The intention is for front-end staff to report as many complaints as possible. A trained person can then filter/triage as necessary. Commissions are an inherent conflict of interest, and must be managed accordingly through disclosure, control(s) or avoiding. Financial Service laws are technology-neutral, the obligation applies irrespective of whether performed by a human or technology (including AI). If in [compliance] doubt, speak to Paul. The key theme from my ‘Rules of Thumb’ is to create simple, meaningful messages for front-end staff as a quick reminder of important compliance obligations. Engaging with customers and clients can be challenging with complex problems requiring a solution. Simple tips and messaging enables compliance to be part of the solution.

ASIC Report 798, Beware the gap: Governance arrangements in the face of AI innovation, identified the most common uses of AI for insurance claims as: Supporting the claims process: Claims triaging, decision engines to support claims staff, document indexation, identifying claims for cost recovery; and Automating a component of the claims decisioning process, but humans remain responsible for overall claims decision. and emerging uses as: The use of generative Al and natural language processing techniques to extract and summarise key information from claims, emails and other key documents. Financial service laws are technology neutral therefore when providing claims handling and settling services using AI, the general obligation to provide those services ‘efficiently, honestly and fairly’, remains. Providing claims handling and settling efficiently, honestly and fairly ASIC INFO 253 provides guidance on providing claims handling and settling efficiently, honestly and fairly. To satisfy this obligation, you will generally need to handle and settle insurance claims: in a timely way; in the least onerous and intrusive way possible; fairly and transparently; and in a way that supports consumers, particularly ones who are experiencing vulnerability or financial hardship Australia’s AI Ethics Principles The incorporation of the eight Australian AI Ethics Principles in AI policies and procedures is supported by ASIC, and should be used when adopting AI in claims processing. The 8 AI Ethics Principles are: Human, societal and environmental wellbeing: AI systems should benefit individuals, society and the environment. Human-centred values: AI systems should respect human rights, diversity, and the autonomy of individuals. Fairness: AI systems should be inclusive and accessible, and should not involve or result in unfair discrimination against individuals, communities or groups. Privacy protection and security: AI systems should respect and uphold privacy rights and data protection, and ensure the security of data. Reliability and safety: AI systems should reliably operate in accordance with their intended purpose. Transparency and explainability: There should be transparency and responsible disclosure so people can understand when they are being significantly impacted by AI, and can find out when an AI system is engaging with them. Contestability: When an AI system significantly impacts a person, community, group or environment, there should be a timely process to allow people to challenge the use or outcomes of the AI system. Accountability: People responsible for the different phases of the AI system lifecycle should be identifiable and accountable for the outcomes of the AI systems, and human oversight of AI systems should be enabled. Licensees must consider their existing regulatory obligations What licensees need to do to comply with their existing regulatory obligations when using AI depends on the nature, scale and complexity of their business. It also depends on the strength of their existing risk management and governance practices. This means there is no one-size-fits-all approach for the responsible use of AI. (ASIC REP 798) ASIC provides the following examples in REP 798: Licensees must do all things necessary to ensure that financial services or credit services are provided in a way that meets all of […]

Much has been said and written about CPS 230 however, the time for talking and planning is rapidly coming to an end (& has probably passed for the large insurers). It’s time for implementation! Debunking the CPS 230 myths There continues to be some misinformation circulating about CPS 230, what it is and what it isn’t. Let’s deal with these first: What are the facts? CPS 230 (i) only applies as an obligation for insurers & (ii) only for those authorised by APRA under section 12 of the Insurance Act 1973 (Act); this means CPS 230 applies to general insurers in Australia including foreign general insurers, and does notapply to Lloyds underwriters. Lloyds underwriters are authorised under section 93 of the Act and do not come within the definition of General Insurers (s11 of the Act). Lloyds underwriters (and Coverholders) do not get a ‘free ride’. FCA UK Operational resilience rules come into effect in the UK in March 2025. Also refer to LLoyds Principle 12 Operational Resilience. The FCA rules are similar to CPS 230. CPS 230 compliance is not a complex technical issue per se. Much should already exist. It’s a resourcing issue especially the work around critical operations, process mapping, controls testing, material service providers and updating existing or creating new risk artefacts. A risk person within the CRO team of an APRA regulated insurer would be very familiar with the key CPS 230 requirements: operational risk; tolerance levels, criticial operations (& disruption thereof), outsourcing, business continuity, risk profile, control testing and scenarios. Service providers do nothave any obligations under CPS 230. CPS 230 is the insurers responsibility. The obligations for service providers manifest when they perform critical operations for the insurer (for general insurance this is claim processing) or expose the insurer to material operational risk (at a minimum, for general insurance unless justified otherwise: underwriting, claims management, insurance brokerage and reinsurance). The Service Provider obligations would be reflected in the Binder Agreement and/or Service Provider Agreement as obligations imposed on the Service Provider by the insurer. Non-compliance with CPS 230 does have significant consequences. Section 38AA of the Act requires insurers to notify APRA of certain matters. These include immediate notification of a breach of a Prudential Standard that relates to financial obligations the general insurer has to its policy holders or to the general insurer’s minimum capital requirements & for other breaches of a Prudential Standard within 10 Business Days where the breach is significant within the meaning of s 38AA(5). What should insurers be doing? As I mentioned earlier, compliance with CPS 230 requires some ‘risk-thinking’ [within risk appetite]. However, CPS 230 is more of a resource and project management challenge. There are a number of risk ‘task-based’ activities that insurers should be doing now: identify critical operations; set tolerance levels; process mapping – identify the processes and resources needed to deliver these critical operations, including material service providers; updating risk artefacts: RMF, Operational risk profiles, BCP, controls and control testing including scenario […]

A great indicator of the health of your compliance arrangements is the quantity and quality of data in your compliance registers. No data or limited data, could indicate issues with your people and/or authorised representatives and the adequacy and effectiveness of your compliance arrangements. So what registers should you have and what should you expect to see? Risk register The risk register should include the 10-15 risks that could seriously impact your business operations. They should cover (as relevant) strategic risk, reputational risk, financial risk, people risk, legal risk, regulatory risk, compliance risk, conduct risk, technology risk, data risk and change management risk. The risk register should include accountability, key controls, control testing & action plans to close out any gaps arising from control testing. The risk register (plus all other registers) should be a standing agenda item at your quarterly Risk & Compliance Committee meeting where control testing outcomes, action plans, the internal & external business environment and emerging risks are discussed. Obligations register This register is similar to the risk register but manages your compliance obligations. The register can be a stand-alone register or, for most underwriting agencies, TPA’s and insurance brokers, included as part of your Risk & Compliance Manual. The register should capture AFS Licence obligations, financial service laws (including Prudential Standards for insurers), industry Codes & obligations arising from binder & other agreements. Typically an APRA regulated insurer will have ~300 material obligations, underwriting agencies & TPAs ~130 & insurance brokers ~80. The obligations register enables a shift in focus from the large number of obligations to 20-40 key controls. You can’t manage what you don’t know, an obligations register is critical. Conflict of interest register Conflicts arise in many situations and are a normal part of conducting business. Conflicts may arise from: family or personal relationships other business interests gifts & entertainment commission & fee arrangements related companies multiple directorships roles within an organisation – operational role v member of a risk committee Financial service laws require licensees to adquately manage conflicts. This is usually by disclosure, controlling or avoiding. The conflict and the signed-off management of the conflict must be recorded in the conflicts register. Incident & breach register This register is the lifeblood of your business. People make mistakes, often. A well populated incident & breach register, covering a wide range of incidents, from a wide range of people across the business, is a sure sign of a continuous improvement culture. Incidents should be raised across all risk categories (refer risk register) just not compliance incidents. However, a compliance specialist must review the register to further investigate incidents & be on the look out for breaches or likely breaches of financial service laws or Code. Typically, APRA regulated insurers should be capturing 200-300 incidents per quarter, Underwriting agencies & TPA’s 50 -75 & insurance brokers 40 – 50. The number of incidents per quarter will be a factor of the nature, complexity & scale of your business. Complaints register If an incident […]

The obligation to have trained, competent and experienced employees arises from many different sources of obligations: AFS Licence general obligations: employees must be trained & competent and comply with financial services laws. These laws include financial service obligations in the Corporations Act, misleading & deceptive & Unfair Contract terms in the ASIC Act, APRA Prudential Standards including CPS 230 & 234, Insurance Contracts Act and Privacy Act; A person providing financial product advice must have RG 146 training. Tier 2 is sufficient for general insurance products unless the person provides product advice for sickness and accident insurance; Responsible Managers, Directors & Officers, Accountable Persons and Fit & Proper People should receive specific training based upon the requirements of each regulatory role; Under the GI Code of Practice, a requirement that employees, Distributors and Claim Service Suppliers are trained to provide their services competently; In addition, its a GI Code obligation to ensure employees are trained in respect of supporting customers experiencing vulnerability. This will most likely include trauma-based training going forward. Under the Insurance Brokers Code of Practice, a professional commitment that employees maintain & improve competency through relevant qualifications, continued education & training Also, Insurance Brokers under the Code must ensure that their employees, Authorised Representatives and agents receive appropriate education and training. ANZIIF CIP and NIBA CPD points A number of organisations use ANZIIF & NIBA methodology and points as evidence of compliance with the various training obligations. This is a great start however ANZIIF & NIBA points are part of the membership requirements for those industry bodies. By themselves, they may not meet the various regulatory obligations. Firms within General Insurance must stipulate specific training A requirement to annually achieve 20/25 hours of training for CIP or CPD purposes is a a good starting point however in order to meet the various training obligations, the training must be specific enough to meet each individual obligation. For example, a firm may mandate that employees must successfully complete 25 hours of training per year, allocated as follows: 7 hours for financial service laws An additional 3 hours for regulatory roles (responsible managers etc) 5 hours for the relevant GI or Insurance Brokers Code of Practice 3 hours on customers supporting vulnerability 5 hours on the products and services provided by the firm. The remaining hours can be left to the choice of the employee noting that ’25 hours’ is not a magical competency figure. Competency is both a subjective and objective test. Some employees, due to the complexity of their role or their inexperience, may require additional hours beyond mandatory requirements The point is that general insurance firms must mandate the nature, quality and quantity of training to be undertaken, in order to meet the various regulatory & Code obligations. Additional obligations It is a regulatory requirement that training must be recorded in a training register. This provides evidence of meeting the AFSL general obligation therefore the register should be maintained and current. Training should be provided during induction […]

More than 10,000 members and claimants of the Construction and Building Unions Superannuation Fund (Cbus) were impacted by death benefits and total and permanent disability (TPD) insurance claims taking more than 90 days to be processed, according to allegations contained in documents lodged by ASIC in the Federal Court (Media Release 24-251MR). ASIC alleges that Cbus may have contravened the following provisions of the Corporations Act: ss 912A(1)(a) & (5A) by failing to act efficiently, honestly and fairly in the handling of its members’ claims for death benefit payments and TPD insurance payments; section 912DAA(1) and (7) for failing to lodge a reportable situation report within 30 days of becoming aware of a reportable situation; and Section 1308(5) for failing to take reasonable steps to ensure the breach report lodged on 5 August 2023 was not false or misleading in a material particular. ASIC is seeking penalties, declarations, adverse publicity orders and orders for compliance matters to be implemented. What does this mean for General Insurance claims handling? There are 3 takeaways: providing claims handling efficiently, honestly & fairly; adequate resourcing & adequately trained staff; and failure to take appropriate action. Providing claims handling efficiently, honestly and fairly. As set out in ASIC INFO 253, ASIC considers that timeliness is a critical component of meeting the AFSL general obligations to provide claims handling & settling services efficiently, honestly & fairly. ASIC also consider that industry Code timeframes are useful indicators of what industry considers to be appropriate standards. In the CBUS matter, ASIC alleges that CBUS management had received reports from their outsourced material service provider that very large numbers of death & TPD claims were (1) older than 90 days & (2) even older than 365 days. Nothwithstanding this data the Board committees did not suggest any cause for alarm. Takeaway: General Insurers, Underwriting Agencies and their claim service suppliers must not only monitor timeframes under the GI Code of Practice but also take appropriate action when data shows that timeframes are consistently not being met. Adequate resourcing & adequately trained staff ASIC allege that the CBus Risk Committee were aware that the material service provider had significant staff turnover & that the provider’s claims processing staff were not adequately trained. ASIC further allege that Cbus failed to implement or adequately implement measures that would address the delays in processing death and TPD benefit claims. Insurers were on notice from ASIC ASIC wrote to insurers on 6 March 2024 ‘Obligations of general insurers: Insurance claims and severe weather events‘. In that letter, ASIC set out their expectations of insurers including Insurers are required to sufficiently resource claims handling and dispute resolution functions, and ensure staff are adequately trained. This is a general obligation for AFSL holders. Relevantly, ASIC also advised insurers our message is that ASIC is watching how insurers support their customers very closely. Evidence of significant misconduct identified through these channels may result in enforcement action. Takeaway: General Insurers, Underwriting Agencies and their claim service suppliers such […]

The requirement of CPS 230 for general insurers is that they must effectively manage operational risks, maintain critical operations through disruptions, and manage the risks arising from service providers. It’s the latter requirement that has caused recent tension, with APRA expressing concern with Insurers use of Underwriting Agencies, reminding insurers that they can outsource critical underwriting & claims functions, but not accountability. Underwriting Agencies as an AFS Licensee It’s all well & good for insurers to impose their requirements on agencies (& rightly so, to a degree) however, among all this, it should be remembered that an Agency who holds an AFSL must comply with its obligations or face severe consequences including reputational harm & civil penalties. Somewhat ironically this may potentially also ‘severly disrupt’ the insurer’s operations. An Agency, holding an AFSL must have adequate risk management systems. The requirement for risk management systems ensures that agencies explicitly identify the risks they face and have measures in place to keep those risks to an acceptable minimum. This requirement sounds remarkably similar to the CPS 230 requirement on insurers. Therein lies the answer ( lightbulb moment – I feel like a ‘tahdah’ is warranted at this point), the insurer meets its CPS 230 requirement to manage the risks arising from material service providers and the agency meets its AFSL obligation to have an adequate risk management system & manage its own risks. ASIC (in RG 104) states that a licensee’s risk management systems will depend on the nature, scale and complexity of its business and risk profile. ASIC also states that the licensee’s risk management systems will need to adapt as their business develops and business risk profile changes over time. This would include enhancing the agency’s risk management system to enable it to meet the risk of their binder agreement being terminated. Taking a step back, an insurer would eventually terminate the agencies binder agreement if they presented an unmanageable CPS 230 risk (or any risk for that matter including in respect of CPS 234 Security Information). What does an adequate risk management system look like for an insurance Underwriting Agency? The risk management system must not only cover the risks of the Agency but also, any of its representatives (such as authorised reps or distributors acting under an ASIC instrument). Risk management components: A risk identification (risk profiling) brainstorming session including relevant stakeholders (potentially the insurer(s)) assists in identifying material risks to the business; to ensure nothing is missed, risks are catergorised. CPS 230 provides assistance defining operational risk as legal risk, regulatory risk, compliance risk, conduct risk, technology risk, data risk and change management risk. To this you would add strategic/reputational risk and financial risk. Risk appetite statement (RAS) – a board/senior management approved RAS is critical to define the amount of risk the Underwriting agency is willing to accept in pursuit of its objectives, expressed against each risk category. This can be a simple 1 pager for a typical Underwriting Agency. Risks should be recorded in […]

Distribution Arrangements Compliance with requirements for 3rd party GI distribution arrangements is critical for Brokers, underwriting agencies & insurers. It is an offence to distribute general insurance products if you are not: an ASF licensee; an AR of a licensee; acting under an ASIC instrument; or relying upon an exemption. ???????????????????????????????? ???????????????????????????????????????????????? This arrangement allows a broker or MGA to access the referrer’s customer database & offer them insurance products/service. Typically the referrer is a non-financial service business. A referrer does not provide financial services (& is not required to hold a licence or be appointed as an AR) provided: they only inform their customers that another person (A) provides insurance products or services; provide the contact details of (A); & disclose to their client if they are being paid a referral fee by (A). It is critical that the referrer does no more than referring. The more involved in the insurance transaction, the more likely they are to provide a financial service. ???????????????????????????????????????? ???????????????????????????????????????????????????????????? An AR arrangement enables firm B to provide financial services under firm A’s AFS Licence. An AR may be authorised to provide all or part of the Licensee’s financial services. The licensee is responsible for ensuring the AR complies with financial service laws & its licence conditions however, the AR also has independent obligations. Generally, AR’s must be notified to ASIC within 30 business days of appointment. There are also a number of other formalities that are required. ???????????????? ???????????????????????????????????????????????? ???????????????????????????????????????? Under this instrument, a person may distribute insurance products on behalf of the licensee, subject to: the distributor not being an AR of the Licensee; provides details of the licensee’s IDR; discloses the relationship & remuneration received; & does not provide financial product advice. ???????????????? ???????????????????? ???????????????????????????????????????? ???????????????? ???????????????????????????????????????? Under this instrument, typically a person is provided with a master insurance policy & extends cover to its clients as a named individual for payment of a premium. The GPB: must not be carrying on financial services as its primary business, the arrangement is ‘incidental’ to its primary business; & must not make a profit from the arrangement. They can only cover their reasonable expenses in administering the arrangement. ???????????????????????????????????????? & ???????????????????????????????????????????? A licensee has obligations to monitor all these arrangements & should adopt a systematic approach.

Insurance brokers – Tidying up after a busy June: a compliance perspective You’ve had a hectic June but feel satisfied because you assisted so many clients There is an alarming amount of paperwork that you need to clear & you’re desperately trying to remember all the compliance stuff that you’re supposed to do. I’m not condoning non-compliance however you have a small window to rectify. We are only human after all & we all make mistakes. Don’t forget to raise any non-compliance as an incident in either CCX 360 or similar register & declare on your attestation. ???????????????? ???????????????????????????????????? ???????????????????????????????????????? ???????????????????????????????????? Over the past 4 weeks 1 Did you provide Terms of engagement to prospective clients? Did you provide an FSG? If the client is a retail client did you disclose your actual $ remuneration? Was any client dissatisfied with your service? If so, raise as a complaint, give the client a call to check in, apologise & advise of your IDR process Did you provide support to any client experiencing vulnerability? Did you correctly identify consumer insurance contracts & comply with your client’s duty to take reasonable care not to make a misrepresentation? In all other cases did your client comply with their duty of disclosure? Did you contact your client at least 14 days before the policy expiry date? Did you bind terms for your client? If the insurer or underwriting agency did not provide renewal terms or non-renewal notice to you 14 days prior to the due date your client has the benefit of statutory cover for renewals. Did you ensure that your retail client fell within the Target Market Determination? Did you send your retail client the PDS? (Which also includes the policy schedule). If you are a NIBA member & won the account but the previous broker did all the renewal work. Did you send the commission to the previous broker? In your client dealings, did you act honestly & with integrity? Did you act with commercial decency? Did you provide a duty of care to your client that a reasonable broker in your circumstances would? Was all client money paid into your trust account? Any E&O matters that you need to disclose to your PI insurer? ???????????????? ???????????????? ???????? ???? ???????????????????? ???????????????? ???????????? ???? ???????????????????????????????????????? ????????????????????????-???????????????????? As the dust settles in June, now is a great time to think about a compliance health check. When conducting a compliance health check of your broking business I consider: 1. Financial service laws 2. Your AFSL authorisations & conditions 3. Your obligations as an Authorised Rep 4. Your monitoring of your staff, ARs & referrers 5. If you’re a Steadfast member – Steadfast Broker Code of conduct 6. If you’re a NIBA member – the Code of Practice 7. CCX 360 or equivalent (evidence of compliance)

https://www.youtube.com/watch?v=7kcmeyl0jYg&feature=youtu.be