๐๐ก๐ ๐ซ๐จ๐ฅ๐ ๐จ๐ ๐ฎ๐ง๐๐๐ซ๐ฐ๐ซ๐ข๐ญ๐ข๐ง๐ ๐๐ ๐๐ง๐๐ข๐๐ฌ ๐ข๐ง ๐๐ – ๐ ๐๐จ๐ฆ๐ฉ๐ฅ๐ข๐๐ง๐๐ ๐ฉ๐๐ซ๐ฌ๐ฉ๐๐๐ญ๐ข๐ฏ๐
Underwriting Agencies continue to play an important role in the Australian GI market. Underwriting Agencies (UA) provide specialist skills & services, often filling gaps with niche products. By nature, UA are agile & provide a mechanism for the industry to innovate through technology. UA can also assist in the growth & development of people competencies & skill-sets ๐พ๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ ๐๐ค๐ฃ๐จ๐๐๐๐ง๐๐ฉ๐๐ค๐ฃ๐จ UA are a core client segment for me. I provide AFS Licensing, risk & compliance frameworks, training & education together with general compliance advice. There are some unique compliance considerations for UA: 1. A UA may initially focus on underwriting & defer claims to their insurer partner or TPA. This brings benefits by being able to tap into wider expertise however it’s important that dedicated claims staff are appointed to manage the UA claims so that the UA market proposition & brand values are not compromised 2. Complaints. It’s important to triage new complaints to understand whose licence(s) the complaint falls under. If the UA has all AFSL authorisations (advice, issuing & claims) the complaint will be against the UA, & any referral to insurers, claim managers or Lloyds Australia (to tap into their skill-set) is done so on an outsourced basis. 3. Insurers have various obligations to monitor a UA (under AFSL, Code & CPS 230). This should be through initial due-diligence & the ongoing provision of data rather than constantly looking over the shoulder of the UA. 4. UA should push back when insurers try to implement an APRA regulated risk management system on the UA. UA compliance arrangements must be tailored & based on the nature, scale & complexity of the UA. 5. A UA should be a member of Underwriting Agencies Council (UAC), ensuring that they have a strong voice at the table to provide input for regulatory change & GI Code issues. 6. Excel spreadsheets & word docs are more than adequate to manage compliance at smaller UA. Automation & complex risk management practices are a factor of size & should be considered as the UA grows. 7. UA should adopt 3 lines of defence, risk maturity matrix & risk appetite statements to enable management to better manage risks. However, adopt the principle & tailor to the size of the UA 8. Unless large, most UA will default compliance to the COO or similar. It’s critical that business leaders manage compliance, with the COO providing support. Usually the COO will tap into someone like myself for more specialised compliance expertise ๐ผ๐๐๐๐๐ ๐๐๐๐๐๐๐๐๐๐ ๐๐๐๐๐๐๐๐๐๐ ๐๐๐ ๐ผ๐๐ ๐๐๐๐๐๐๐๐๐ ๐จ๐๐๐๐๐๐๐ Underwriting Agencies are a critical part of our General Insurance industry & are very exciting to be part of. However, they present unique compliance challenges that must be understood & managed.
๐๐ก๐ ๐จ๐๐ฅ๐ข๐ ๐๐ญ๐ข๐จ๐ง ๐ญ๐จ ๐ก๐๐ฏ๐ ๐ญ๐ซ๐๐ข๐ง๐๐ ๐๐ง๐ ๐๐จ๐ฆ๐ฉ๐๐ญ๐๐ง๐ญ ๐ฉ๐๐จ๐ฉ๐ฅ๐ – ๐ฐ๐ก๐๐ญ ๐๐จ๐๐ฌ ๐ญ๐ก๐ข๐ฌ ๐ฆ๐๐๐ง?
AFS Licensees have an obligation to ensure that their ๐๐๐๐๐๐๐๐๐๐๐๐๐๐๐ are adequately trained & are competent (s912A(1)(f) Corps Act) ๐ช๐ต๐ผ ๐ถ๐ ๐ฎ ๐ฟ๐ฒ๐ฝ๐ฟ๐ฒ๐๐ฒ๐ป๐๐ฎ๐๐ถ๐๐ฒ? Representative means (s9): – an authorised representative of the licensee; – an employee or director of the licensee; – an employee or director of a related body corporate of the licensee; & – any other person acting on behalf of the licensee. ๐ผ๐๐๐พ’๐จ ๐๐ญ๐ฅ๐๐๐ฉ๐๐ฉ๐๐ค๐ฃ๐จ ASIC expects licensees to: (a) identify the knowledge & skills your representatives need to competently provide the financial services; (b) ensure they have the necessary knowledge & skills; (c) ensure they undertake continuing training programs to maintain & update their knowledge & skills; & (d) maintain a record of the training they have undertaken (this is required under reg 7.6.04(1)(d)). As you will observe, training is an ongoing obligation. ๐๐ง๐๐๐ฃ๐๐ฃ๐ Most firms adopt a CPD approach to training. However, in order to meet the obligation, representatives must be trained in financial services laws & in the specific financial services & insurance products offered. Simply attending functions or events to obtain CPD points may not satisfy the AFSL obligation. The training must have a connection with your authorised financial services. ASIC has specified minimum training for representatives who provide financial product advice to retail clients (RG 146): Tier 1 products – personal sickness & accident, CCI; Tier 2 – all other general insurance products. ๐พ๐ค๐ข๐ฅ๐๐ฉ๐๐ฃ๐๐ Competence includes skill, knowledge & experience. The competence must be aligned to the financial services (such as claims handling or insurance broking) & the products provided. Generally role descriptions, qualifications, short industry courses, on the job training & professional membership (ANZIIF, NIBA) are indicators of competence however on-going training is required to ensure professional development & remaining relevant. ๐๐ง๐๐๐ฃ๐๐ฃ๐ ๐จ๐ฅ๐๐๐๐๐๐๐๐ก๐ก๐ฎ ๐๐ค๐ง ๐ฅ๐๐ค๐ฅ๐ก๐ ๐ฌ๐ค๐ง๐ ๐๐ฃ๐ ๐๐ฃ ๐๐๐ฃ๐๐ง๐๐ก ๐๐ฃ๐จ๐ช๐ง๐๐ฃ๐๐ I have developed training options, specifically for general insurance, to assist in meeting your AFSL obligations: I provide training services to businesses: a) Facilitated training on financial services laws, Industry Codes, Responsible Managers; & b) Design of in-house tailored compliance training modules. Check out ‘Compliance Education & Training’ under the ‘Services’ tab on my website (link below) I provide training services to individuals: a) Compliance workshop in Brisbane 21st Mar b) Monthly virtual financial laws training: next course 14th Mar c) Membership subscription Click below & go the tabs ‘Training’ & ‘Membership’ to learn more & register Compliance Advocacy Solutions
๐๐ก๐ ๐ ๐๐ข๐ฅ๐ฅ๐๐ซ๐ฌ ๐จ๐ ๐๐จ๐ฆ๐ฉ๐ฅ๐ข๐๐ง๐๐
The purpose of compliance is to Protect Protect who? ๐๐ณ๐ฐ๐ต๐ฆ๐ค๐ต๐ช๐ฏ๐จ ๐ค๐ถ๐ด๐ต๐ฐ๐ฎ๐ฆ๐ณ๐ด & ๐ค๐ญ๐ช๐ฆ๐ฏ๐ต๐ด, ๐ต๐ฉ๐ฆ ๐ฃ๐ถ๐ด๐ช๐ฏ๐ฆ๐ด๐ด, ๐ช๐ต๐ด ๐ฑ๐ฆ๐ฐ๐ฑ๐ญ๐ฆ & ๐ฑ๐ข๐ณ๐ต๐ฏ๐ฆ๐ณ๐ด, ๐ด๐ต๐ข๐ฌ๐ฆ๐ฉ๐ฐ๐ญ๐ฅ๐ฆ๐ณ๐ด & ๐ต๐ฉ๐ฆ ๐ค๐ฐ๐ฎ๐ฎ๐ถ๐ฏ๐ช๐ต๐บ Protect from what? ๐ฉ๐ข๐ณ๐ฎ ๐ฐ๐ณ ๐ฅ๐ฆ๐ต๐ณ๐ช๐ฎ๐ฆ๐ฏ๐ต – financial, reputational, loss of licence, lost management time, disqualification, systematic failures, industry mistrust, regulatory scrutiny, anxiety etc Compliance provides a safe environment to operate, providing [insurance] products & services to customers. It does not matter whether you are an APRA regulated insurer, an underwriting agency, an insurance broker, a Claims manager (TPA) or material service provider. A systematic approach to compliance is critical. ๐๐ค๐ฌ ๐๐ค๐๐จ ๐๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ ๐ฅ๐ง๐ค๐ฉ๐๐๐ฉ? Think of a fortress, with inner & outer walls providing protection to those within. The 1st layer of protection is ๐๐ผ๐บ๐ฝ๐น๐ถ๐ฎ๐ป๐ฐ๐ฒ ๐ฎ๐ฟ๐ฟ๐ฎ๐ป๐ด๐ฒ๐บ๐ฒ๐ป๐๐ – policies, process, procedures , systems, trained & competent people that combined, form ‘a safe place to conduct business’ The 2nd layer is ๐๐๐ค๐ฅ๐ก๐ – employees, authorised reps, material service providers are ‘an early warning system’ reporting things that penetrate the 1st layer. Such as incidents, complaints, breaches, control breakdowns etc The 3rd layer of protection is your ๐๐ค๐ฃ๐๐ฉ๐ค๐ง๐๐ฃ๐ ๐๐ง๐ค๐๐ง๐๐ข – ‘providing assurance’ to board, management & stakeholders. The final layer of protection is ๐พ๐ช๐ก๐ฉ๐ช๐ง๐ – ‘a desire to do the right thing’, knowing what the right thing is, how to do the right thing & doing something when things go wrong – when no one is watching. ๐ง๐ต๐ฒ ๐ฐ ๐ฃ๐ถ๐น๐น๐ฎ๐ฟ๐ ๐ผ๐ณ ๐๐ผ๐บ๐ฝ๐น๐ถ๐ฎ๐ป๐ฐ๐ฒ It’s critical that the layers of protection are underpinned by a strong foundation. These are the ‘4 pillars of compliance’: 1. Governance & Frameworks 2. People & Culture 3. Procedures & Process 4. Systems & Reporting The 4 pillars of compliance, when combined, ensure a consistent, risk-based approach to compliance, with inherent oversight, monitoring & continuous improvement. The 4 pillars are used when: 1. Setting up & maintaining the compliance arrangements 2. Assessing the risk maturity of the arrangements 3. Managing regulatory change 4. Self-monitoring, highlighting potential areas of attention ๐๐๐ฉ๐ช๐ง๐, ๐จ๐๐๐ก๐ & ๐๐ค๐ข๐ฅ๐ก๐๐ญ๐๐ฉ๐ฎ A compliance framework, including the layers of protection & the 4 Pillars of compliance, is a conceptual, principle-based model that can be tailored to the nature, scale & complexity of any business operating within general insurance. The framework provides a compliance operating rhythm that is part of normal business operations with in-built early warning lights, self-monitoring, data-producing & continually evolving to meet consumer, regulatory & business standards & expectations.
๐๐๐ง๐๐ซ๐๐ฅ ๐จ๐๐ฅ๐ข๐ ๐๐ญ๐ข๐จ๐ง๐ฌ ๐จ๐ ๐๐ง ๐๐ ๐ ๐๐ข๐๐๐ง๐ฌ๐๐ ๐ข๐ง ๐ ๐๐ง๐๐ซ๐๐ฅ ๐ข๐ง๐ฌ๐ฎ๐ซ๐๐ง๐๐
AFS Licensee’s have several general obligations, these are set out in s912A(1) Corporations Act. Licensee’s must: 1. Provide their financial services (includes advice, dealing in general insurance products & claims handling) efficiently, honestly & fairly. Such as – acting without delay, responding to queries & claims – assessing claims & insurance applications in the least intrusive & onerous way – informing insured’s of processes & including fairness in those processes (eg procedural fairness for claim declines) – services tailored to customers experiencing vulnerability & – Code membership 2. adequately manage conflicts of interest. Disclosing conflicts, controlling conflicts & avoiding those conflicts that can’t be adequately managed (see RG 181) 3. comply with licence conditions. This may include a key persons requirement or the ability to use restricted broking terms. 4. comply with financial services laws. These include Corps Act Chap 7, ASIC Act Part 2 Div 2, Insurance contracts Act, Insurance Act & Privacy Act among others 5. Ensure representatives comply with financial service laws. This requires a monitoring program for employees, Authorised reps, claim servcie suppliers & material service providers. 6. Other than APRA regulated insurers, have adequate financial, people & IT resources to provide the financial services. Also refer RG 104 & RG 166. APRA insurers must comply with Prudential Standards 7. maintain the competence to provide the financial services. This entails having responsible managers with the requisite knowledge, skills & experience providing complete coverage of your financial services across the business (refer table 1 RG 105) 8. ensure that your representatives (see 5 above) are competent & adequately trained, including RG 146 when providing advice 9. Have a dispute resolution system complying with the enforceable paragraphs of RG 271, provide IDR data to ASIC & be a member of AFCA 10. other than APRA insurers have adequate risk management systems. APRA insurers must comply with CPS 220 & from July 2025 CPS 230 11. comply with Reg 7.6.04 which includes obligations to: – advise ASIC of material changes to financial position – adding/deleting Authorised reps – maintaining a training register – due diligence prior to appointing AR’s & including their AR number in documents – provdie a copy of AFSL/AR authorisations upon request – advise ASIC of change of control of licensee ๐ด๐๐๐๐๐๐๐ ๐๐๐๐๐๐๐๐๐๐๐ An obligations register or table (contained within a risk & compliance manual) should be used to manage these & other regulatory (& Code) obligations Accountability & key controls are aligned to the obligations, enabling management within risk appetite. Control testing, monitoring, data validation & reporting complete the picture. Speak to me to explore obligations management further.
๐๐๐๐ ๐ซ๐๐ ๐ฎ๐ฅ๐๐ญ๐จ๐ซ๐ฒ ๐๐ก๐๐ง๐ ๐ & ๐จ๐ญ๐ก๐๐ซ ๐๐๐ฏ๐๐ฅ๐จ๐ฉ๐ฆ๐๐ง๐ญ๐ฌ ๐ข๐ง ๐๐๐ง๐๐ซ๐๐ฅ ๐๐ง๐ฌ๐ฎ๐ซ๐๐ง๐๐
๐๐๐๐ ๐ซ๐๐ ๐ฎ๐ฅ๐๐ญ๐จ๐ซ๐ฒ ๐๐ก๐๐ง๐ ๐ & ๐จ๐ญ๐ก๐๐ซ ๐๐๐ฏ๐๐ฅ๐จ๐ฉ๐ฆ๐๐ง๐ญ๐ฌ ๐ข๐ง ๐๐๐ง๐๐ซ๐๐ฅ ๐๐ง๐ฌ๐ฎ๐ซ๐๐ง๐๐ We are almost at the mid-point of the year & already we have seen a plethora of changes, consultations & reviews impacting the General Insurance industry. Compliance never sleeps in General Insurance. ๐ช๐๐๐๐๐๐๐๐๐๐๐๐, ๐๐๐๐๐๐๐, ๐๐๐๐๐ ๐๐๐๐๐, ๐๐๐๐ ๐๐๐๐ & ๐๐๐๐๐ ๐๐๐๐๐๐๐ 11 June – Treasury – feedback on draft legislation (financial advice reform) which include requiring general insurance brokers to obtain commission consent from retail clients if personal advice has been or is likely to be provided. Closes July 8 May – 3 person-panel independent review of the GI Code of Practice – The Terms of Reference set out the reviewโs overarching principle of maintaining & enhancing consumer protections, along with Code modernisation, enhancement of customer experience, accessibility, effectiveness & efficiency, & providing customer value. Consultation closed, report due mid-year 28 May – ASIC to launch new Professional Registers search (for licences) late June 20 May – IBCCC publish guidance note ‘Supporting vulnerable clients’ as guidance for section 10.0 Insurance Brokers Code of Practice 16 May – Senate – Select Committee on the Impact of Climate Risk on Insurance Premiums & Availability established. The Committee has been established to inquire & report on the unaffordability & unavailability of insurance in some regions due to climate-driven disasters & the underlying causes & impacts of increases in insurance premiums. The committee is to present a final report by 19 November 2024. Submissions close 2 July 2024. 22 March – Federal Crt – In finding Auto & General did not include an unfair contract term in its PDS, determined that Utmost Good faith, Section 54 & construction of the PDS, must be taken into account when considering whether a term of the insurance contract is unfair. 7 March – Treasury – consultation on standardising definitions & standard cover for insurance terms – fire, storm, stormwater & rainwater run-off. Consultation closed 4th April 6 March – ASIC – letter to insurers to improve claims handling practices Feb – House of Reps – Parliament inquiry into insurersโ responses to 2022 major floods claims. Report due Sept 2024 Also, FAR commencing March 2025 – RG 279 issued 14 March 2024 CPS 230 commencing July 2025
๐๐น๐ฎ๐ถ๐บ ๐บ๐ฎ๐ป๐ฎ๐ด๐ฒ๐บ๐ฒ๐ป๐ ๐ฎ๐ฟ๐ฟ๐ฎ๐ป๐ด๐ฒ๐บ๐ฒ๐ป๐๐ – ๐๐ฒ๐ป๐ฒ๐ฟ๐ฎ๐น ๐๐ป๐๐๐ฟ๐ฎ๐ป๐ฐ๐ฒ
๐๐น๐ฎ๐ถ๐บ ๐บ๐ฎ๐ป๐ฎ๐ด๐ฒ๐บ๐ฒ๐ป๐ ๐ฎ๐ฟ๐ฟ๐ฎ๐ป๐ด๐ฒ๐บ๐ฒ๐ป๐๐ – ๐๐ฒ๐ป๐ฒ๐ฟ๐ฎ๐น ๐๐ป๐๐๐ฟ๐ฎ๐ป๐ฐ๐ฒ Following on from my previous post on Distribution arrangements, I thought I would cover off the typical general insurance claim arrangements. ๐๐๐ฃ๐๐ฃ๐๐๐๐ก ๐จ๐๐ง๐ซ๐๐๐๐จ & ๐ก๐๐๐๐ฃ๐จ๐๐ฃ๐ Claims handling & settling services (CHSS) has been a financal service since 1 Jan 2022. CHSS covers the activities as defined under section 766G Corporations Act. The need to hold an AFS licence is determined by s 911A(2)(ek). You need to hold an AFSL for CHSS if you are: the insurer under the insurance product or an underwriting agency with authority from the insurer to provide CHSS; an insurance fulfilment provider but only where you have authority to reject all or part of a claim; an insurance claims manager aka TPA (acting for an insurer) but only where this is a primary part of your business. For example, if assessing or investigations is the primary part of your business, you don’t need an AFSL (Reg 7.1.04CB); an insurance broker, but only if they have authority from an insurer to provide the CHSS. Brokers acting on behalf of insured’s can rely on the exemption & not hold an AFSL; a claimaint intermediary, that is a person providing CHSS on behalf of an insured for a prescribed product other than insurance brokers, accountants, vets, travel agents, financial advisers & counsellors, property managers, estate management & public trustees. An exemption applies for CHSS where the issuer of the general insurance product is Lloyd’s underwriters or an UFI. A licensee may appoint others as an Authorised Rep to provide CHSS. ๐๐ ๐พ๐ค๐๐ ๐ค๐ ๐๐ง๐๐๐ฉ๐๐๐ There are obligations for CHSS under the Code. It is necessary to examine the definitions in Part 16 of the Code to determine how the Code applies to your business. Service Supplier – means an Investigator, Loss Assessor or Loss Adjuster, Collection Agent, who is not an employee of the insurer but is contracted to manage claims on behalf of an insurer (including a broker) & any of their approved sub-contractors. Investigator, Loss Assessor or Loss Adjuster, Collection Agent are all defined terms in Part 16. External Expert means a company, entity, or a person who is not an Employee or a Service Supplier & is contracted solely to provide an expert opinion about the likely cause of loss or damage. ๐ฎ ๐ฝ๐ฎ๐ฟ๐ ๐ฝ๐ฟ๐ผ๐ฐ๐ฒ๐๐ It follows from the above, in order to determine your obligations under financial services laws & the Code, you need to understand: 1. Your requirement to hold an AFS Licence; & 2. The category you fall within under the GI Code This starts with the questions (in context of CHSS): what CHSS do you do? how do you do the CHSS? who do you do the CHSS on behalf of?
Distribution Arrangements
Distribution Arrangements Compliance with requirements for 3rd party GI distribution arrangements is critical for Brokers, underwriting agencies & insurers. It is an offence to distribute general insurance products if you are not: an ASF licensee; an AR of a licensee; acting under an ASIC instrument; or relying upon an exemption. ๐๐๐๐๐ง๐ง๐๐ก ๐๐ง๐ง๐๐ฃ๐๐๐ข๐๐ฃ๐ฉ๐จ This arrangement allows a broker or MGA to access the referrer’s customer database & offer them insurance products/service. Typically the referrer is a non-financial service business. A referrer does not provide financial services (& is not required to hold a licence or be appointed as an AR) provided: they only inform their customers that another person (A) provides insurance products or services; provide the contact details of (A); & disclose to their client if they are being paid a referral fee by (A). It is critical that the referrer does no more than referring. The more involved in the insurance transaction, the more likely they are to provide a financial service. ๐ผ๐ช๐ฉ๐๐ค๐ง๐๐จ๐๐ ๐ง๐๐ฅ๐ง๐๐จ๐๐ฃ๐ฉ๐๐ฉ๐๐ซ๐๐จ An AR arrangement enables firm B to provide financial services under firm A’s AFS Licence. An AR may be authorised to provide all or part of the Licensee’s financial services. The licensee is responsible for ensuring the AR complies with financial service laws & its licence conditions however, the AR also has independent obligations. Generally, AR’s must be notified to ASIC within 30 business days of appointment. There are also a number of other formalities that are required. ๐ผ๐๐๐พ ๐๐๐จ๐ฉ๐ง๐๐๐ช๐ฉ๐๐ค๐ฃ ๐๐ฃ๐จ๐ฉ๐ง๐ช๐ข๐๐ฃ๐ฉ Under this instrument, a person may distribute insurance products on behalf of the licensee, subject to: the distributor not being an AR of the Licensee; provides details of the licensee’s IDR; discloses the relationship & remuneration received; & does not provide financial product advice. ๐๐ฆ๐๐ ๐๐ฟ๐ผ๐๐ฝ ๐ฃ๐๐ฟ๐ฐ๐ต๐ฎ๐๐ถ๐ป๐ด ๐๐ผ๐ฑ๐ ๐ถ๐ป๐๐๐ฟ๐๐บ๐ฒ๐ป๐ Under this instrument, typically a person is provided with a master insurance policy & extends cover to its clients as a named individual for payment of a premium. The GPB: must not be carrying on financial services as its primary business, the arrangement is ‘incidental’ to its primary business; & must not make a profit from the arrangement. They can only cover their reasonable expenses in administering the arrangement. ๐ ๐ผ๐ป๐ถ๐๐ผ๐ฟ๐ถ๐ป๐ด & ๐ฆ๐๐ฝ๐ฒ๐ฟ๐๐ถ๐๐ถ๐ผ๐ป A licensee has obligations to monitor all these arrangements & should adopt a systematic approach.
Tidying up after a busy June: a compliance perspective
Insurance brokers – Tidying up after a busy June: a compliance perspective Youโve had a hectic June but feel satisfied because you assisted so many clients There is an alarming amount of paperwork that you need to clear & youโre desperately trying to remember all the compliance stuff that youโre supposed to do. Iโm not condoning non-compliance however you have a small window to rectify. We are only human after all & we all make mistakes. Donโt forget to raise any non-compliance as an incident in either CCX 360 or similar register & declare on your attestation. ๐ฌ๐ผ๐๐ฟ ๐ต๐ถ๐ป๐ฑ๐๐ถ๐ด๐ต๐ ๐ฐ๐ผ๐บ๐ฝ๐น๐ถ๐ฎ๐ป๐ฐ๐ฒ ๐ฐ๐ต๐ฒ๐ฐ๐ธ๐น๐ถ๐๐ Over the past 4 weeks 1 Did you provide Terms of engagement to prospective clients? Did you provide an FSG? If the client is a retail client did you disclose your actual $ remuneration? Was any client dissatisfied with your service? If so, raise as a complaint, give the client a call to check in, apologise & advise of your IDR process Did you provide support to any client experiencing vulnerability? Did you correctly identify consumer insurance contracts & comply with your client’s duty to take reasonable care not to make a misrepresentation? In all other cases did your client comply with their duty of disclosure? Did you contact your client at least 14 days before the policy expiry date? Did you bind terms for your client? If the insurer or underwriting agency did not provide renewal terms or non-renewal notice to you 14 days prior to the due date your client has the benefit of statutory cover for renewals. Did you ensure that your retail client fell within the Target Market Determination? Did you send your retail client the PDS? (Which also includes the policy schedule). If you are a NIBA member & won the account but the previous broker did all the renewal work. Did you send the commission to the previous broker? In your client dealings, did you act honestly & with integrity? Did you act with commercial decency? Did you provide a duty of care to your client that a reasonable broker in your circumstances would? Was all client money paid into your trust account? Any E&O matters that you need to disclose to your PI insurer? ๐๐ค๐จ๐ฉ ๐ ๐ช๐ฃ๐ ๐๐จ ๐ ๐๐ง๐๐๐ฉ ๐ฉ๐๐ข๐ ๐๐ค๐ง ๐ ๐๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ ๐๐๐๐ก๐ฉ๐-๐๐๐๐๐ As the dust settles in June, now is a great time to think about a compliance health check. When conducting a compliance health check of your broking business I consider: 1. Financial service laws 2. Your AFSL authorisations & conditions 3. Your obligations as an Authorised Rep 4. Your monitoring of your staff, ARs & referrers 5. If youโre a Steadfast member – Steadfast Broker Code of conduct 6. If youโre a NIBA member – the Code of Practice 7. CCX 360 or equivalent (evidence of compliance)
๐๐ฟ๐ฒ๐ฎ๐ฐ๐ต ๐บ๐ฎ๐ป๐ฎ๐ด๐ฒ๐บ๐ฒ๐ป๐ ๐ถ๐ป ๐๐ฒ๐ป๐ฒ๐ฟ๐ฎ๐น ๐๐ป๐๐๐ฟ๐ฎ๐ป๐ฐ๐ฒ
Under-reporting of breaches continues to be an industry-wide issue A business focus on incidents is key to successfully managing breaches ๐๐ค๐๐ช๐จ ๐ค๐ฃ ๐๐ฃ๐๐๐๐๐ฃ๐ฉ๐จ An incident is something that has happened that shouldn’t have (this includes inaction) All people across the business, Authorised Reps, distributors & anyone acting on your behalf should be trained in understanding, identifying & raising incidents If you focus on breaches then you are expecting your people to know ‘000’s laws Your obligations should be linked to key control(s) therefore control breakdowns are automatically an incident. The training should include practical examples of what an incident(s) looks like within your business & for each business area. If your incident management is inadequate, the incident will continue to grow & cause harm & detriment until such time that it manifests into a breach or a significantly larger breach than if immediately detected. There is also the risk that the breach will be identified by a customer. This suggests that your compliance arrangements are inadequate & may lead to a systemic issue investigation by ASIC or AFCA. An incident & breach register should be maintained. ๐๐ง๐๐๐๐ ๐ค๐ ๐๐ฃ๐๐๐๐๐ฃ๐ฉ๐จ It is important that you don’t allow the business to determine whether an incident is a breach. This analysis requires expertise. An experienced compliance person should review all incidents periodically (frequency based on the size of the organisation) & determine whether (1) additional information is required (2) the incident is a breach & if so, (3) the law &/or Code that has been breached & (4) comply with breach reporting requirements ๐๐ค๐ช๐ง๐๐๐จ ๐ค๐ ๐๐ง๐๐๐๐ ๐ค๐๐ก๐๐๐๐ฉ๐๐ค๐ฃ๐จ Each Law/Code has its own requirements on what needs to be reported, to who & the timing Chp 7 Corporations Act (AFS Licensees) – Section 912DAA – note that ‘financial services laws’ is defined widely (s761A) & include, for example, breaches of the Insurance Contracts Act & the ASIC Act. Insurance Act (APRA regulated insurers) – Section 38AA Privacy Act – Division 3 (notifiable data breaches) GI Code of Practice – paragraph 181 Insurance Brokers Code of Practice – paragraph 11.2 Having separate processes for each law/code is impractical, adds complexity & creates gaps. A single breach management process is paramount ๐ฝ๐ง๐๐๐๐ ๐ข๐๐ฃ๐๐๐๐ข๐๐ฃ๐ฉ ๐ฅ๐ง๐ค๐๐๐จ๐จ Your breach management process should incorporate RG 78 with pathways to incorporate the breach reporting requirements of all other laws/industry Codes. The process should include: timeframes roles & responsibilities information gathering analysis breach committee or similar breach reporting remediation & rectification learning from the breach & continual improvement Contact me for assistance with your incident & breach management process.
๐๐ผ๐บ๐ฝ๐น๐ถ๐ฎ๐ป๐ฐ๐ฒ ๐ฎ๐ป๐ฑ ๐ฎ๐ฐ๐ฐ๐ผ๐๐ป๐๐ฎ๐ฏ๐ถ๐น๐ถ๐๐
I’ve been sorting out banking & accounting issues. While frustrating, & taking me away from my client work, I appreciate that as a small business owner such work is necessary. Without banking & accounting my business simply can’t function. I appreciate that many people see compliance in the same way. Frustrating & time-consuming, however a necessity for the business. Unfortunately, this approach can diminish the importance of compliance & not truly embed compliance within the business & each role. The purpose of compliance is to protect – your business, clients, people & partners. Think about how important your car is to you. Yes, you can arrange for other, more skilled people to service the car & attend to repairs & the like however, you have accountability to ensure the car is roadworthy & that you know the road rules. You can outsource certain tasks that require a specialist skill set however, at the end of the day, you are accountable for your car when you drive it on a public road. Compliance is no different. The FAR regime [for insurers] creates the concept of Accountable Persons & [for enhanced entities] the requirement for Accountability maps. These concepts are sound & can be scaled down & tailored to a business of any size so that compliance is role-based & part of day-to-day business activities. Let’s see how this works for underwriting agencies, Insurance claim managers & Insurance brokers [& insurers]. ๐พ๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ ๐๐๐๐ค๐ช๐ฃ๐ฉ๐๐๐๐ก๐๐ฉ๐ฎ ๐๐จ ๐ฅ๐๐ง๐ฉ ๐ค๐ ๐ฎ๐ค๐ช๐ง ๐๐ช๐จ๐๐ฃ๐๐จ๐จ ๐ง๐ค๐ก๐ 1. Ensure that your risk & compliance manual includes an obligation table or you have a stand-alone register. This simply captures your AFSL, Code & other obligations at an operational level; 2. For each business leader/manager identify the obligations that fall within their area of business responsibility (sales, underwriting, claims, finance). Each manager now has their own compliance plan; 3. Assign key controls to each of the obligations. This ensures the obligation is being managed; 4. Periodically (at least annually), each manager tests the control(s) to ensure it is designed & operating effectively; 5. Each manager receives complaints, incidents, QA & other data, for their area, to validate the control testing results; 6. The manager oversights action plans to rectify any control that is ineffective 7. The manager provides reporting for their area that is consolidated into an enterprise report. ๐ผ๐๐๐ค๐ช๐ฃ๐ฉ๐๐๐๐ก๐๐ฉ๐ฎ ๐๐ค๐ง ๐๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ ๐๐จ ๐ฅ๐๐ง๐ฉ ๐ค๐ ๐ฎ๐ค๐ช๐ง ๐ง๐ค๐ก๐ Adopting a systematic approach to compliance within each business area of responsibility & accountability will ensure that compliance is something that is done as part of each role. If you need assistance in setting up compliance arrangements that work for you, provide business value & protect your business, people, customers, partners & YOU, contact me.
๐ ๐ฎ๐ป๐ฎ๐ด๐ถ๐ป๐ด ๐๐ต๐ฒ ๐ฐ๐ผ๐บ๐ฝ๐น๐ฒ๐ ๐ถ๐๐ ๐ผ๐ณ ๐ฐ๐ผ๐บ๐ฝ๐น๐ถ๐ฎ๐ป๐ฐ๐ฒ ๐ถ๐ป ๐ด๐ฒ๐ป๐ฒ๐ฟ๐ฎ๐น ๐ถ๐ป๐๐๐ฟ๐ฎ๐ป๐ฐ๐ฒ
I was chatting to some Lloyd’s underwriters last night & they mentioned the complexity of the Australian regulatory landscape for general insurance. I agree that the landscape is complex however, I also made the point, of how a systematic approach to compliance enables that complexity to be adequately managed. ๐ผ ๐จ๐ฎ๐จ๐ฉ๐๐ข๐๐ฉ๐๐ ๐๐ฅ๐ฅ๐ง๐ค๐๐๐ ๐ฉ๐ค ๐พ๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ Identify the sources of your obligations. Obligations will arise from (i) what you do (& the licences & authorisations you need/hold); different obligations apply to insurers, Underwriting Agencies, brokers & TPAs & (ii) how you provide your services e.g., different distribution channels & use of claim service suppliers Record your material obligations. Larger firms may do this through a stand-alone register while smaller firms should incorporate it within their risk & compliance manual Adopt a risk appetite statement (RAS) position for regulatory/compliance risk. Assign key control(s) to each obligation until the obligation is within your RAS. Periodically test the control to ensure that it is designed effectively & operating effectively. Take action to close out any identified gaps Train your people (& ARs) on how compliance protects, the importance of a systemic approach to compliance & their role in control testing & self-reporting by promptly identifying & reporting incidents, breaches & complaints Use data generated by the systematic approach to compliance (incidents, breaches, complaints, self-reports, file reviews, QA etc) to validate the control test results & to report breaches to regulators or Code committees Use external information such as regulatory/Code reviews, ASIC letters, Court cases, regulator speeches & media releases & the like to question ‘could this happen to us?’ or ‘How are we managing this?’ Report the control test results & data & external information to your risk & compliance committee. The data should be analysed, connections & insights provided & decisions made. Incorporate regulatory change mechanisms into your systematic approach. Use the data that the systematic approach generates as a continuous improvement mechanism so that compliance continues to protect & adds value to your business. ๐๐๐ฃ๐๐ง๐๐ก ๐๐ฃ๐จ๐ช๐ง๐๐ฃ๐๐ ๐๐จ ๐๐ค๐ข๐ฅ๐ก๐๐ญ A systematic approach to compliance results in an ecosystem that continually evolves to respond to & manage the risks associated with business growth & regulatory change & increasing complexity. The regulatory landscape for general insurance is complex. However, a systematic approach to compliance enables this complexity to be understood & managed in a way that protects your business, people, customers & stakeholders.
๐ ๐ผ๐ป๐ถ๐๐ผ๐ฟ๐ถ๐ป๐ด & ๐ฆ๐๐ฝ๐ฒ๐ฟ๐๐ถ๐๐ถ๐ผ๐ป ๐ผ๐ณ ๐ฒ๐บ๐ฝ๐น๐ผ๐๐ฒ๐ฒ๐ ๐ฎ๐ป๐ฑ ๐๐๐๐ต๐ผ๐ฟ๐ถ๐๐ฒ๐ฑ ๐ฅ๐ฒ๐ฝ๐ฟ๐ฒ๐๐ฒ๐ป๐๐ฎ๐๐ถ๐๐ฒ๐
The recent Federal Court decision in Australian Securities and Investments Commission v Lanterne Fund Services Pty Limited [2024] FCA 353 provides the elements that an effective monitoring & supervision program should contain. I have expanded these elements based on my experience in working with clients in the insurance industry. ๐๐ข๐ฅ๐ก๐๐ข๐๐ฃ๐ฉ๐๐ฃ๐ ๐๐ฃ ๐๐๐๐๐๐ฉ๐๐ซ๐ ๐๐ค๐ฃ๐๐ฉ๐ค๐ง๐๐ฃ๐ & ๐๐ช๐ฅ๐๐ง๐ซ๐๐จ๐๐ค๐ฃ ๐ฅ๐ง๐ค๐๐ง๐๐ข A robust due diligence process of all representatives pre-appointment Agreements with new CARs (& employees) containing requirements & obligations Supervisory arrangements – comprising monthly attestations, self-audits & risk-based audits by the licensee, formal & informal meetings with comprehensive note-taking, robust reporting of incidents, breaches & complaints Risk management & compliance systems – must be formal, systematic & documented & cover the risks faced by the firm. Risk & Compliance manuals must be tailored & current. The licensee should provide clear guidance & instructions to its CARs & ARs about their obligations regarding compliance with the financial services laws Training – must be provided & cover financial services laws including AR obligations & the relevant industry Codes. Conducted during induction & annually thereafter Human resources – the licensee must have enough people to conduct the monitoring & supervision activities. This includes regular performance reviews of the representatives & consequence management Technological resources – an adequate IT infrastructure to keep abreast of issues such as IT security or cyber security The Licensee must have enough responsible managers who are qualified, skilled & experienced in general insurance with sufficient time to conduct their role effectively Governance should include a risk & compliance committee meeting quarterly & receiving data, information & insights to oversight the licensee & their representatives The Monitoring & Supervision program must include self-checking mechanisms so that your compliance arrangements continue to evolve with regulatory changes & business growth. I can work with you to: 1. Conduct a compliance review of your current compliance arrangements identifying gaps and adopting a risk-based approach. My reviews adopt a top-down approach not a file-by-file audit approach; 2. Design a fit-for-purpose, tailored AR program for your business; 3. Provide training for your representatives.
๐ฃ๐ฎ๐ฟ๐น๐ถ๐ฎ๐บ๐ฒ๐ป๐๐ฎ๐ฟ๐ ๐ถ๐ป๐๐๐ฟ๐ฎ๐ป๐ฐ๐ฒ ๐ณ๐น๐ผ๐ผ๐ฑ ๐ถ๐ป๐พ๐๐ถ๐ฟ๐ – ๐ถ๐ป๐๐ถ๐ด๐ต๐๐ ๐ณ๐ฟ๐ผ๐บ ๐๐ต๐ฒ ๐ฝ๐๐ฏ๐น๐ถ๐ฐ ๐ต๐ฒ๐ฎ๐ฟ๐ถ๐ป๐ด๐
In the wake of the recent public hearings and the release of transcripts, there’s been a surge of discussions, particularly among clients in Queensland. These conversations are honing in on several key areas highlighted during the hearings. One significant topic of interest is ‘claims handling including delays’. People are keen to delve into how insurers are managing claims, especially in terms of timeliness and efficiency. Another focal point is ‘the role of experts such as assessors & builders’. This aspect delves into the expertise involved in assessing claims and the impact it has on the overall process. Lastly, there’s a spotlight on ‘customers experiencing vulnerability’. The discussions are examining how insurers are addressing the needs of vulnerable customers and ensuring they receive fair treatment throughout the claims process. These discussions are driven by submissions and the line of questioning from the Committees during the hearings. As we continue to analyse and reflect on these topics, we aim to gain deeper insights into the dynamics of insurance practices and how they affect clients, particularly in Queensland.
๐ ๐๐๐๐ซ๐๐ฅ ๐๐จ๐ฎ๐ซ๐ญ ๐๐ข๐ง๐๐ฌ ๐๐ฎ๐ญ๐จ & ๐๐๐ง๐๐ซ๐๐ฅ ๐๐ง๐ฌ๐ฎ๐ซ๐๐ง๐๐ ๐๐จ๐ฆ๐ฉ๐๐ง๐ฒ ๐๐ข๐ ๐ง๐จ๐ญ ๐ข๐ง๐๐ฅ๐ฎ๐๐ ๐๐ง ๐ฎ๐ง๐๐๐ข๐ซ ๐๐จ๐ง๐ญ๐ซ๐๐๐ญ ๐ญ๐๐ซ๐ฆ ๐ข๐ง ๐ข๐ง๐ฌ๐ฎ๐ซ๐๐ง๐๐ ๐๐จ๐ง๐ญ๐ซ๐๐๐ญ๐ฌ
A term requiring insureds to notify A&G of any changes to their home & contents was not unfair under the ASIC Act 1. The proceedings concern home/contents insurance which contained certain notification obligations on the part of the insureds. 2. The PDS contained a number of references that explained certain matters relevant to the notification obligations (see paras 4-11 of the judgment). 3. Relevantly, the PDS contained 11 examples of changes A&G wanted the insured to tell them about 4. The offending clause, which preceded the 11 examples stated, ‘you need to tell us if ๐ฎ๐ป๐๐๐ต๐ถ๐ป๐ด changes about your home & contents.’ This Notification Clause was the focus of ASICโs claim 5. Evidence concerning the processes for applying for cover (p12-22) & claim assessment (p23-30) was led by A&G 6. The Crt considered relevant provisions of Unfair Contract Terms (ASIC Act) & Utmost Good Faith (ICA) 7. The Crt rejected the literal meaning of ๐ฎ๐ป๐๐๐ต๐ถ๐ป๐ด. 8. The Crt accepted that the requirement in the Notification Clause was restricted to notify A&G โif anything changesโ concerned the information already provided by the insured to A&G. (refer 2 & 3 above) 9. The Crt held that the duty of UGF operates to limit what A&G can do under the Notification Clause in response to an insuredโs failure to notify it of the relevant changes. 10. The Crt determined, upon the proper construction of the Notification Clause, the contracts of insurance contained a term that: (a) the insured must notify A&G if, during the term of the policy, there was any change to the information about the insuredโs home or contents that the insured had disclosed to A&G prior to entry into the contract; & (b) if the insured failed to notify A&G of such changes, it had the right to refuse to pay a claim, reduce the amount it paid, cancel the contract or not offer to renew the contract if & to the extent that it would be consistent with commercial standards of decency & fairness for A&G to do so 11. The Crt applied the 3 limb test for ‘unfair clauses’ & held a. s54 (ICA) operates to ensure that A&Gโs powers to refuse or reduce claims would not cause a ๐จ๐๐๐ฃ๐๐๐๐๐๐ฃ๐ฉ ๐๐ข๐๐๐ก๐๐ฃ๐๐ in the rights & obligations of the parties arising under the contract b. ๐๐ง๐ค๐ฉ๐๐๐ฉ๐๐ฃ๐ ๐ก๐๐๐๐ฉ๐๐ข๐๐ฉ๐ ๐๐ฃ๐ฉ๐๐ง๐๐จ๐ฉ๐จ of A&G – s54 & UGF constrains A&G to the extent that only a failure to notify a change in information that has prejudiced its interests is relevant c. The Crt accepted ASIC’s submission that the lack of clarity in the Notification Clause ๐๐๐ช๐จ๐๐ ๐๐๐ฉ๐ง๐๐ข๐๐ฃ๐ฉ to the insured ๐พ๐ค๐ฃ๐๐ก๐ช๐จ๐๐ค๐ฃ The Crt found that as only 1 of the 3 criteria of an unfair term was met, ASIC failed to establish that the Notification Clause is unfair
๐๐ก๐ ๐ฉ๐จ๐ฐ๐๐ซ & ๐๐๐ซ-๐ซ๐๐๐๐ก๐ข๐ง๐ ๐ข๐ฆ๐ฉ๐๐๐ญ ๐จ๐ ๐ญ๐ก๐ ๐ข๐ง๐ฌ๐ฎ๐ซ๐๐ง๐๐ ๐๐จ๐๐๐ฌ ๐จ๐ฏ๐๐ซ๐๐ซ๐๐ก๐ข๐ง๐ ๐จ๐๐ฅ๐ข๐ ๐๐ญ๐ข๐จ๐ง
As the industry continues to be under scrutiny, it’s timely to revisit the overarching obligations in the GI Code & Insurance Brokers Code of Practice. ๐๐ ๐พ๐ค๐๐ ๐ค๐ ๐๐ง๐๐๐ฉ๐๐๐ Part 3 of the GI Code requires insurers & their distributors & claim service suppliers to be ๐ฉ๐ฐ๐ฏ๐ฆ๐ด๐ต, ๐ฆ๐ง๐ง๐ช๐ค๐ช๐ฆ๐ฏ๐ต, ๐ง๐ข๐ช๐ณ, ๐ต๐ณ๐ข๐ฏ๐ด๐ฑ๐ข๐ณ๐ฆ๐ฏ๐ต & ๐ต๐ช๐ฎ๐ฆ๐ญ๐บ ๐ช๐ฏ ๐ฅ๐ฆ๐ข๐ญ๐ช๐ฏ๐จ๐ด ๐ธ๐ช๐ต๐ฉ ๐ค๐ถ๐ด๐ต๐ฐ๐ฎ๐ฆ๐ณ๐ด. Let’s unpack this: – the obligation extends to underwriting agencies & external insurance claim managers; – the obligation applies to both retail & wholesale insurance. – the obligation applies to all dealings including buying insurance, making a claim, dealing with customers experiencing vulnerability & complaints. – You may ask, how does Part 3 apply to claims for wholesale insurance when, for example ‘Part 8 Making a Claim’ (& Parts 5,6,7,9 & 11), does not apply to wholesale insurance? The individual requirements of Part 8 would not apply to wholesale insurance claims however the insurer & their claim service suppliers must continue to be ‘honest, fair etc..’ – it would be a reasonable interpretation of Part 3 to suggest that each component is a separate obligation. Therefore a failure to act timely (such as in claim delays) would be a breach of the Code. ๐๐ฃ๐จ๐ช๐ง๐๐ฃ๐๐ ๐ฝ๐ง๐ค๐ ๐๐ง๐จ ๐พ๐ค๐๐ ๐ค๐ ๐๐ง๐๐๐ฉ๐๐๐ The Brokers Code, requires NIBA members to have ๐ฅ๐ง๐ค๐๐๐จ๐จ๐๐ค๐ฃ๐๐ก ๐๐ค๐ข๐ข๐๐ฉ๐ข๐๐ฃ๐ฉ, ๐๐๐ฉ ๐๐ฉ๐๐๐๐๐ก๐ก๐ฎ & ๐๐ ๐ฉ๐ง๐๐ฃ๐จ๐ฅ๐๐ง๐๐ฃ๐ฉ & ๐๐๐๐ค๐ช๐ฃ๐ฉ๐๐๐ก๐. Due to Part 8.0, these obligations extend to the brokers employees, agents & authorised representatives. The Ethical behaviour commitment requires brokers, their staff & [authorised] representatives to act honestly & with integrity in all dealings with clients. ๐ผ๐๐๐ ๐๐๐ฃ๐๐ง๐๐ก ๐ค๐๐ก๐๐๐๐ฉ๐๐ค๐ฃ ๐ฉ๐ค ๐ฅ๐ง๐ค๐ซ๐๐๐ ๐๐๐ฃ๐๐ฃ๐๐๐๐ก ๐จ๐๐ง๐ซ๐๐๐๐จ ๐๐๐๐๐๐๐๐ฃ๐ฉ๐ก๐ฎ, ๐๐ค๐ฃ๐๐จ๐ฉ๐ก๐ฎ & ๐๐๐๐ง๐ก๐ฎ The overarching obligations of the Codes complement the AFS Licence obligation to provide financial services efficiently, honestly & fairly, but with one important distinction. The AFSL obligation only applies to financial services (which of itself is still far-reaching) while the Code obligation apply to all dealings, including administrative or clerical processes. ๐๐ค๐ฌ ๐ฉ๐ค ๐๐ข๐ฅ๐ก๐๐ข๐๐ฃ๐ฉ The Code overarching obligations should be viewed as a lens after specific controls are applied. For example, the obligation to update the customer every 20 business days about the progress of their claim may receive a tick, however the question then needs to be asked, where we ‘๐ฉ๐ฐ๐ฏ๐ฆ๐ด๐ต, ๐ฆ๐ง๐ง๐ช๐ค๐ช๐ฆ๐ฏ๐ต, ๐ง๐ข๐ช๐ณ, ๐ต๐ณ๐ข๐ฏ๐ด๐ฑ๐ข๐ณ๐ฆ๐ฏ๐ต & ๐ต๐ช๐ฎ๐ฆ๐ญ๐บ’? It is possible to comply with individual Code paragraphs but still be in breach of the overarching Code obligations.
๐ง๐ต๐ฒ ๐๐ฟ๐๐ฒ ๐ฝ๐๐ฟ๐ฝ๐ผ๐๐ฒ ๐ผ๐ณ ๐๐ผ๐บ๐ฝ๐น๐ถ๐ฎ๐ป๐ฐ๐ฒ – ๐ฝ๐ฟ๐ผ๐๐ฒ๐ฐ๐๐ถ๐ป๐ด
Compliance is only effective when you have all people engaged. This includes staff, authorised representatives, claim service suppliers & business partners. Thinking about compliance in terms of rules & regs is generally not exciting & certainly not engaging. This is one of the things I learnt very early in my compliance career. Not many people really care about the intricacies of section 912A(1) or Part 3 of the GI code or part 8 of the Brokers Code – personally, I love this stuff. Here’s a simple test. If you can’t answer the question ‘why should I care [about compliance]’? or you think the answer is ‘because we must’, then you need to change how you position & see compliance. The true purpose of compliance is to protect. The image below shows who we should protect & from what. Let me explain how compliance protects. Your compliance arrangements are the combination of your people, IT systems, manuals, policies, guidelines & processes. Think about this another way, your compliance arrangements are the controls that you have in place to manage your financial services & industry code obligations. These compliance arrangements provide a safe environment for your people to work within. By staying within these boundaries your compliance arrangements operate to protect your customers, business, partners & people from harm. As we know, mistakes happen; systems, people & processes fail. This is when your people become your early warning system. By identifying ‘something has happened that should not have happened’ at an early stage (aka an incident) your people can quickly identify when the perimeter of your compliance arrangements have been breached. This serves to minimise any harm & enables the control(s) to be quickly rectified. Thus securing the business, its customers & people. The importance of the concept of ‘compliance protects’ has never been more evident as the insurance industry moves into the era of accountability. If something happens, under your watch, in your area of accountability there will be personal consequences – both financial & reputational. FAR & CPS 230 are examples of where accountability is heading & casting a wide net. This is why compliance protects. Robust compliance arrangements provide a mechanism & infrastructure to support & protect your business, your customers & you from harm & detriment. I will be exploring the theme of ‘compliance protects’ at my Compliance workshop in Brisbane on Thursday 21st March at Lightspace, Brisbane’s unique event venue and co-working warehouse. I will be providing you with the tools & insights to develop compliance arrangements that operate to support & protect the things that matter to you. Registration for the workshop is now open & can be accessed via the link below. See you in Brisbane Managing Compliance in the insurance industry
๐๐ก๐๐ญ ๐๐จ๐๐ฌ ๐ข๐ญ ๐ฆ๐๐๐ง ๐ญ๐จ ๐๐ ๐๐ง ๐๐ฎ๐ญ๐ก๐จ๐ซ๐ข๐ฌ๐๐ ๐๐๐ฉ๐ซ๐๐ฌ๐๐ง๐ญ๐๐ญ๐ข๐ฏ๐, ๐๐ซ๐จ๐ฆ ๐ ๐๐จ๐ฆ๐ฉ๐ฅ๐ข๐๐ง๐๐ ๐ฉ๐๐ซ๐ฌ๐ฉ๐๐๐ญ๐ข๐ฏ๐?
An Australian financial services licensee may appoint โauthorised representativesโ to provide specified financial services on its behalf. Acting as an AR can be a cost effective way of operating a financial services business although most insurers require their MGAs & TPAs to hold their own AFSL. This is due to the risk that the AR presents to the insurer’s Licence. AR networks continue to be used within the Insurance Broking community however due diligence & compliance monitoring is being strengthened. There are regulatory requirements for appointing ARs & notifying ASIC. There are also rules & limitations in appointing sub-authorised representatives. Notification requirements also apply in respect of when an AR ceases to be authorised. These requirements should be captured in the Licenseeโs compliance manual. In addition, the Licensee, if a subscriber to the GI Code or Insurance Brokers Code, will also have Code obligations in respect of the conduct of its ARs (GI Code see Parts 3-5 & Brokers Code see Part 8). Generally, the Licensee is responsible for the training, competency & conduct of its ARs & therefore should have a Monitoring & Supervision Program in place. This benefits & protects both the Licensees & Authorised Reps business. ๐ถ๐๐๐๐๐๐๐๐๐๐ ๐๐ ๐๐ ๐จ๐๐๐๐๐๐๐๐๐ ๐น๐๐๐๐๐๐๐๐๐๐๐๐๐ In addition to meeting the obligations of the Licensee, ARs have a number of independent obligations, including: Be appointed in writing as an Authorised Representative of the Licensee ; Not hold out that they have an AFS Licence. In this regard, the AR should include their AR number & disclose the relationship with the Licensee in all business documents & on their website; Provide disclosure documents (FSG, PDS) as required when the General Insurance Products are provided to Retail clients; Provide details of remuneration in an FSG; Keep records of insurance transactions; Comply with hawking prohibitions (retail clients) & misleading & deceptive conduct provisions; Ensure they act within the scope of authority given; & Comply with Product design & distribution requirements & TMD (when financial services are provided to retail clients). ๐ผ๐ช๐ฉ๐๐ค๐ง๐๐จ๐๐ ๐๐๐ฅ๐ง๐๐จ๐๐ฃ๐ฉ๐๐ฉ๐๐ซ๐ ๐๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ ๐ข๐๐๐จ๐ช๐ง๐๐จ It follows from the above, that the best practice is for the Authorised Representative to have its compliance measures captured in a Compliance Manual. The Manual should be tailored to the ARs business model & way of working & dovetail with the Licenceeโs compliance requirements. Speak to me if you are an Authorised Representative requiring assistance with your compliance requirements or if you are an AFS licensee requiring assistance with your AR monitoring & supervision program.
๐๐ฎ๐ป ๐๐ผ๐ ๐บ๐ฒ๐ฎ๐๐๐ฟ๐ฒ ๐๐ต๐ฒ ๐ฐ๐ผ๐บ๐ฝ๐น๐ถ๐ฎ๐ป๐ฐ๐ฒ ๐ฟ๐ถ๐๐ธ ๐บ๐ฎ๐๐๐ฟ๐ถ๐๐ ๐ผ๐ณ ๐๐ผ๐๐ฟ ๐ผ๐ฟ๐ด๐ฎ๐ป๐ถ๐๐ฎ๐๐ถ๐ผ๐ป?
APRA has mandated an insurerย to undertake a risk remediation program & has increased its capital requirements in response to concerns about its risk governance. APRAโs decision follows a prudential review that identified significant weaknesses in the insurer’s risk governance, risk management & compliance practices. These included capability & capacity weaknesses in the risk function, ineffectiveness of the โthree lines of defenceโ model, & weak risk reporting. The review also revealed unclear accountabilities and responsibilities across the business, & overall, an immature risk culture. Given the heightened prudential risk arising from the identified weaknesses, APRA has also imposed an additional $50 million capital requirement in the form of an operational risk charge. ๐๐๐๐จ๐ช๐ง๐๐ฃ๐ ๐๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ ๐ง๐๐จ๐ ๐ข๐๐ฉ๐ช๐ง๐๐ฉ๐ฎ There are many benefits in measuring compliance risk maturity: Identification of gaps & weaknesses in your compliance arrangements; A prioritised action plan to close out gaps by adopting a risk-based approach; Enables the allocation of resources (including human, technology & financial) to those areas of strategic, customer or regulatory importance; Provides transparent criteria to benchmark progress & facilitate board reporting; & Enables different maturity levels to be set as targets for each of the 4 components. ๐๐ค๐ฌ ๐ฉ๐ค ๐๐ค๐ฃ๐๐ช๐๐ฉ ๐๐ฃ ๐๐ฃ๐๐ก๐ฎ๐จ๐๐จ ๐ค๐ ๐๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ ๐ง๐๐จ๐ ๐ข๐๐ฉ๐ช๐ง๐๐ฉ๐ฎ (๐๐ฃ ๐ฉ๐๐ ๐๐ฃ๐จ๐ช๐ง๐๐ฃ๐๐ ๐๐ฃ๐๐ช๐จ๐ฉ๐ง๐ฎ) Step 1 –ย there are 4 components or categories that are assessed from a compliance risk perspective – (1) governance, (2) process & procedures, (3) people and (4) systems & reporting. A compliance review is conducted to determine the firm’s current state against each of these components; Step 2 –ย the current state is assessed as either ‘basic, evolving, established, advanced or optimised’. Pre-agreed criteria is used to describe each phase of maturity enabling a robust conversation to take place so that a realistic current state is determined. The current state is plotted on the matrix for each category; Step 3 –ย recognising the cost-benefit trade-off, the board sets the desired level of risk maturity to be achieved over a defined period for each component. For example, the Board may set a target that within 18 months: systems will be ‘Advanced’ while people will be ‘Optimised’. This enables a strategic allocation of resources & a plan that can be shared with key stakeholders; Step 4 –ย actions are developed, cost & approved to achieve the target level of risk maturity for each of the 4 components; Step 5 –ย Progress to plan is monitored & included in board reporting. Please contact me if you would like to explore the compliance reviews & risk maturity assessments I provide.
๐๐ฟ๐ฒ ๐๐ผ๐ ๐ฎ๐ป ๐จ๐ป๐ฑ๐ฒ๐ฟ๐๐ฟ๐ถ๐๐ถ๐ป๐ด ๐๐ด๐ฒ๐ป๐ฐ๐, ๐๐น๐ฎ๐ถ๐บ ๐ฆ๐ฒ๐ฟ๐๐ถ๐ฐ๐ฒ ๐ฆ๐๐ฝ๐ฝ๐น๐ถ๐ฒ๐ฟ ๐ผ๐ฟ ๐๐ป๐๐๐ฟ๐ฎ๐ป๐ฐ๐ฒ ๐๐ฟ๐ผ๐ธ๐ฒ๐ฟ? ๐๐ฟ๐ฒ ๐๐ผ๐ ๐ฝ๐ฟ๐ฒ๐ฝ๐ฎ๐ฟ๐ฒ๐ฑ ๐ณ๐ผ๐ฟ ๐๐ฃ๐ฆ ๐ฎ๐ฏ๐ฌ?
APRA Prudential Standard CPS 230 ‘Operational Risk Management’ comes into force July 2025. CPS 230 applies to APRA-regulated insurers (including both local insurers & Category C insurers) however there are indirect or downstream impacts on Underwriting Agencies, Claim Managers (Service Suppliers) & Insurance Brokers. These impacts arise in respect of insurers’ critical operations & material service providers. ๐๐ง๐๐ฉ๐๐๐๐ก ๐ค๐ฅ๐๐ง๐๐ฉ๐๐ค๐ฃ๐จ An APRA-regulated entity must maintain its critical operations within tolerance levels through severe disruptions & manage the risks associated with the use of service providers (para 12 CPS 230). For an insurer, claims processing is a critical operation unless the insurer can justify otherwise. ๐๐๐ฉ๐๐ง๐๐๐ก ๐จ๐๐ง๐ซ๐๐๐ ๐ฅ๐ง๐ค๐ซ๐๐๐๐ง๐จ An APRA-regulated entity must, at a minimum, classify a provider of the following services as a material service provider, unless it can justify otherwise: for an insurer (general, life, private health): underwriting, claims management, insurance brokerage & reinsurance (p50) ๐๐ข๐ฏ๐ข๐จ๐ฆ๐ฎ๐ฆ๐ฏ๐ต ๐ฐ๐ง ๐ด๐ฆ๐ณ๐ท๐ช๐ค๐ฆ ๐ฑ๐ณ๐ฐ๐ท๐ช๐ฅ๐ฆ๐ณ ๐ข๐ณ๐ณ๐ข๐ฏ๐จ๐ฆ๐ฎ๐ฆ๐ฏ๐ต๐ด An APRA-regulated insurer must: Maintain a comprehensive service provider management policy (p47); Identify & maintain a register of its material service providers & manage the material risks associated with using these providers (p49) & submit the register to APRA on an annual basis; Before entering into or modifying a material arrangement undertake due diligence assessing the financial & non-financial risks (p53) Maintain a formal legally binding agreement covering the matters listed in p54 (a) – (g); Monitor the arrangement (p58); Meet the APRA notification requirements (p59); & Have the arrangements reviewed by its internal audit function (p60). ๐๐ค ๐ฌ๐๐๐ฉ ๐๐ค๐๐จ ๐ฉ๐๐๐จ ๐ข๐๐๐ฃ ๐๐ค๐ง ๐ข๐๐ฉ๐๐ง๐๐๐ก ๐จ๐๐ง๐ซ๐๐๐ ๐ฅ๐ง๐ค๐ซ๐๐๐๐ง๐จ? Material service providers who are well prepared for the impacts of CPS 230 will achieve a competitive advantage in their partnering with insurers. Providers of material services must: Incorporate the requirements of CPS 230 into their risk & compliance arrangements including referencing APRA’s Prudential Practice Guide (CPG 230); Engage early with insurer(s) to understand the insurer(s) project plan in respect of timeframes & any unique requirements they have; & Arrange for a compliance review in early 2024 (due diligence) to fully understand the impact of the proposed changes to ensure a seamless transition to the new arrangements. Do not hesitate to contact me to assist in being prepared for the impacts of CPS 230 on your business.
๐ ๐ฎ๐ป๐ฎ๐ด๐ถ๐ป๐ด ๐๐ผ๐บ๐ฝ๐น๐ถ๐ฎ๐ป๐ฐ๐ฒ ๐ฒ๐ณ๐ณ๐ฒ๐ฐ๐๐ถ๐๐ฒ๐น๐ & ๐ฒ๐ณ๐ณ๐ถ๐ฐ๐ถ๐ฒ๐ป๐๐น๐ – ๐ฑ๐ฒ๐๐ถ๐ด๐ป๐ฒ๐ฑ ๐๐ผ ๐ฝ๐ฟ๐ผ๐๐ฒ๐ฐ๐
A common issue I observe when reviewing risk & compliance frameworks is the absence of a logical flow. Risk & compliance should be managed in a systematic manner ensuring that nothing is missed & no gaps emerge. The purpose of compliance is to protect. Protect the business, its people, stakeholders & customers. To do this, all component parts must work in sync. ๐๐๐ ๐๐ค๐ข๐ฅ๐ค๐ฃ๐๐ฃ๐ฉ๐จ ๐ค๐ ๐ ๐จ๐ฎ๐จ๐ฉ๐๐ข๐๐ฉ๐๐ ๐๐ฅ๐ฅ๐ง๐ค๐๐๐ ๐ฉ๐ค ๐ง๐๐จ๐ & ๐๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ 1. What you do & how you do it. Within the insurance industry, the services & products you provide & on whose behalf, determine the need for you to be APRA authorised, AFS Licensed, Authorised Rep, Code subscriber, Distributor, Service Supplier etc. This in turn shapes your risk profile. Unpacking what you do & how you do it, is always the starting point in any risk & compliance framework. 2. Governance Roles & responsibilities: whose doing what, who provides oversight & the mechanics of ‘doing & oversight’, is the next step & creates an environment within which business can be safely conducted & layers of protection. 3. Risk management Understanding your risks & managing those risks [in 6 simple steps] within the boundaries of the firm’s risk appetite provides an internal mechanism for decision-making. 4. Licence management For AFS Licensees, I call out licence management as a separate component. Your Licence, is, after all, your ticket to play [including any Authorised Reps]. 5. Material obligations. AFS Licence, APRA authorisation, Code & AFCA membership, Binder & Authorised Rep Agreements, Distribution & Claim service supplier arrangements all create obligations. These obligations must be identified. You can’t manage what you don’t know. Depending on the size of the firm, I include the key control(s) within the obligations section. I find its best to have a single source of truth [manual] rather than multiple referenced documents. 6. Obligations management This sets in place a systematic approach to managing the obligations including the sources of new/amended obligations & how these are incorporated into the framework. 7. Control testing A control that is not tested (design & operational) is no control. 8. Monitoring & supervision This extends to staff & AR’s & forms another layer of protection. The M&S needs to be independent, fit-for-purpose & risk-based. 9. Reporting Data from risk & compliance registers, control testing, monitoring & supervision provides an indication of the health of the compliance system. 10. Incident & breach management Things do go wrong. The quicker they are identified the less harm caused. ๐๐๐จ๐ & ๐๐ค๐ข๐ฅ๐ก๐๐๐ฃ๐๐ ๐๐จ๐จ๐๐จ๐ฉ๐๐ฃ๐๐ Contact me to understand how a systematic approach to risk & compliance protects your business, people & customers.
๐ฃ๐ฟ๐ผ๐๐ถ๐ฑ๐ถ๐ป๐ด ๐ณ๐ถ๐ป๐ฎ๐ป๐ฐ๐ถ๐ฎ๐น ๐๐ฒ๐ฟ๐๐ถ๐ฐ๐ฒ๐ – ๐๐ฒ๐ป๐ฒ๐ฟ๐ฎ๐น ๐๐ป๐๐๐ฟ๐ฎ๐ป๐ฐ๐ฒ ๐ฎ๐๐๐ต๐ผ๐ฟ๐ถ๐๐ฎ๐๐ถ๐ผ๐ป๐
Financial services laws are designed to protect consumers. The 1st layer of protection is the need to hold an AFS Licence. Unless you are an AR of a Licensee or can rely upon an exemption you need to hold an AFS Licence to provide general insurance financial services: ๐๐๐๐๐ฃ๐๐ ๐๐ช๐ฉ๐๐ค๐ง๐๐จ๐๐ฉ๐๐ค๐ฃ๐จ The 3 authorisations relevant for GI are: 1 Providing financial product advice, this may be restricted to general product advice; 2. Dealing in general insurance products by: Issue, apply for, acquire, vary or dispose of; and/or Apply for, acquire, vary, or dispose of on behalf of another. 3. Provide a claims handling & settling service. to Retail &/or Wholesale clients. ๐๐๐๐ฉ ๐๐ช๐ฉ๐๐ค๐ง๐๐จ๐๐ฉ๐๐ค๐ฃ ๐๐ค ๐ฎ๐ค๐ช ๐ฃ๐๐๐? APRA-regulated insurers – although authorised by APRA to carry on insurance business in Australia, insurersย require an AFS Licence when providing financial services unless relying upon the Wholesale client exception. Insurers generally need all 3 authorisations although dealing is limited to the issuing authority & the claims authorisation does not include representing a person making a claim. Underwriting Agencies – depending on their binder/agency agreement will generally require the same authorisations as insurers. If the MGA places the business in the open market (ie not under a binder) they will require the dealing authorisation ‘on behalf of another’. Insurance brokers – require financial product advice & dealing on behalf of another authorisation only. Brokers can rely on the claims exemption provided they arranged the contract of insurance or are acting under a letter of appointment. Brokers also require the Licence condition permitting them to use the restricted terms associated with insurance broking. TPAs – will require the same claim authorisations as insurers, as the TPA acts on behalf of insurers as an ‘Insurance claims Manager’. Claimant Intermediaries act on behalf of insureds & will require a Claims authorisation limited to making a recommendation; assisting & representing a person making a claim. Claim Service Suppliers & insurance fulfilment providers, acting on behalf of insurers, generally do not require a licence as they can rely on exemptions. In these cases it’s necessary to examine the authority they have from insurers/MGA. ๐๐๐๐ฉ ๐๐๐ฅ๐ฅ๐๐ฃ๐จ ๐๐ ๐ฎ๐ค๐ช ๐ฅ๐ง๐ค๐ซ๐๐๐ ๐๐๐ฃ๐๐ฃ๐๐๐๐ก ๐จ๐๐ง๐ซ๐๐๐๐จ ๐ฌ๐๐ฉ๐๐ค๐ช๐ฉ ๐ ๐๐๐๐๐ฃ๐๐? It is an offence to provide financial services without a licence (or acting as an AR or relying on an exemption). It is also an offence to hold out that you hold an AFS Licence if you do not. Ensuring that you hold the correct AFS Licence authorisations & conditions is critical when providing (or intending to provide) financial services in Australia.