News

‘Documentation helps you demonstrate whether or not you are complying with the general obligations.’ – ASIC RG 104.26 Insurers, underwriting agencies, TPAs, Lloyds coverholders, insurance brokers and claim service suppliers have a myriad of obligations to comply with. Compliance with your obligations, through your processes, procedures, systems and people are collectively known as your ‘compliance measures‘. Your compliance measures, together with your governance mechanisms, should work as an operating rhythm that manages your obligations in a systematic manner, incorporates changes, evolves as your business grows and responds to the external environment. The Risk & Compliance Manuals that I design and are tailored for my general insurance clients achieve this purpose, through the following: 1. Identifying the source of your obligations The source of your obligations are defined by: Who you are ? – an APRA regulated insurer holding an ASF Licence and who subscribes to the GI Code has different obligations to a NIBA insurance broker who is an authorised representative of a Licensee. Who do you act on behalf of? an underwriting agency or material service provider acting on behalf of an insurer or an insurance broker acting on behalf of a client? What do you do? – provide financial advice, issue general insurance products, provide a claims handling service or are a claims service supplier to an APRA regulated insurer How do you do it? – do you distribute direct or through brokers, do you sell through human interaction or automated processes, do you provide claims under your licence or through a TPA? Who are your clients? – retail or wholesale clients , consumer insurance contract or other insurance contracts. standard form contracts 2. Capture your obligations For my smaller-medium sized clients I capture obligations within their Risk & Compliace Manual, providing a single source document. Larger clients usually have a stand-alone obligations register. The manual or register should also include the source of the obligations (e.g., Section 912A(1)(a) Corporations Act or paragraph 21 GI Code of Practice), this enables the reader to deep-dive into the actual obligation when required. 3. Assign key controls This is the heart of ensuring your compliance measures are adequate. Key control(s) are assigned to each obligation, so that the obligation is managed within risk appetite. The focus of the Board, Senior Managers and Risk & Compliance Committee now shifts from the numerous obligations to a suite of more manageable key controls. 4. Test your key controls A key control that is not periodically tested is no control. Testing should incorporate (1) design effectiveness – is it fit for purpose? and (2) operational effectiveness – is it operating as intended? Gaps must be identified, reported and closed out in a timely manner. The gaps must be assessed for regulatory or Code breaches. You must have a control testing program. 5. Monitoring and reviewing your compliance measures Your compliance measures must be monitored on an ongoing basis. An effective risk & compliance operating rhythm generates data – incidents, complaints, control testing, file reviews, attestations, […]

In its preamble, The Insurance Contracts Act is, an Act to reform and modernise the law relating to certain contracts of insurance so that a fair balance is struck between the interests of insurers, insureds and other members of the public and so that the provisions included in such contracts, and the practices of insurers in relation to such contracts, operate fairly, and for related purposes The Act provides the foundation of insurance: the Utmost Good Faith, and for consumer insurance contracts ‘the insureds duty to take reasonable care not to make a misrepresentation.’ The powers that ASIC has under the insurance Contracts Act add significant weight to ASIC’s enforcement tool-kit and their already far-reaching enforcement powers under the ASIC Act & Corporations Act. ASIC responsible for general administration of Act The Insurance Contracts Act (Act) is one of several financial service laws referenced in section 912A(1) Corporations Act. AFS Licensees must: comply with the financial services laws (s912A(1)(c)); and take reasonable steps to ensure that its representatives comply with the financial services laws (s912A(1)(ca)) Powers of the ASIC (section 11B) ASIC’s powers are set out in Part IA of the Act. ASIC has the general administration of the Act (s11A) ASIC has power to do all things that are necessary or convenient to be done in connection with the administration of the Act and, without limiting the generality of that power, has power: (a) to promote the development of facilities for handling inquiries in relation to insurance matters; (b) to monitor complaints in relation to insurance matters (note that this is in addition to Corporations Act and enforceable paragraphs of RG 271); (c) to liaise generally with other persons or bodies having a responsibility to deal with inquiries, complaints and disputes concerning insurance matters (such as Code Governance Committee and AFCA); (d) to review documents (including documents promoting particular kinds of insurance cover) issued by insurers (such as PDS, TMD, key fact sheets etc) and given to ASIC in compliance with section 11C; (e) to review particulars, statistics and documents given to ASIC in compliance with section 11D; and (f) to monitor legal judgments, industry trends and the development of community expectations that are, or are likely to be, of relevance to the efficient operation of the Act; and (g) to promote the education of the insurance industry, the legal profession and consumers as to the objectives and requirements of the Act. Supervisory powers—ASIC may obtain insurance documents (section 11C) 1) ASIC may, for any purpose connected with the general administration of the Act , require an insurer within 30 days (following ASICs written notice) provide: (a) documents specified in the notice relating to insurance cover provided, or proposed to be provided, by the insurer; or (b) documents relating to insurance cover of a kind specified in the notice provided, or proposed to be provided, by the insurer. Non compliance without reasonable excuse is a strict liability offence. Supervisory powers—ASIC may review administrative arrangements (section 11D) ASIC may, require an insurer to give to ASIC, within 30 days of receipt of […]

As Tropical Cyclone Alfred approaches Queensland & Northern NSW, it is appropriate for general insurers, underwriting agencies, brokers, insurance claim managers and service suppliers to consider how the GI Code of Practce (Code) responds to Catastrophes. Firstly, for consumers the ICA has advised, where possible, to prepare, residents should: Clear their property and gutters from loose material that possibly cause injury or damage during extreme winds or heavy rain, including moving outdoor furniture and pool accessories Secure boats or vehicles and move their car under cover Place important documents and valuables in plastic bags or other waterproof containers and put in a safe place Check your emergency kit is ready and nearby Insurance disaster response specialists are on standby, and the Insurance Council is liaising with the State Government, Queensland Reconstruction Authority and the National Emergency Management Agency in preparation. Code overarching obligations Insurers & their Distributors and Service Suppliers will be honest, efficient, fair, transparent and timely in dealings with customers. This is the Code’s overarching obligation to consumers and continues during Catastrophes (paragraph 21) Fast-tracking urgent claims Where an event (for example, a natural disaster) caused an insured to be in urgent financial need of the benefits they are entitled to under the policy, insurers we will do either or both of the following: fast-track both the insurers assessment of the claim and the process followed to make a decision about the claim; pay an advance amount to help ease an urgent financial need — insurers will do this within 5 Business Days after demonstration of an urgent financial need. If the insured is not happy with the insurers response to a request about urgent financial need, then the insurer must tell the insured about their Complaints process. (paragraphs 64-66) Claims for total loss When an insured has suffered a total loss, the insurer and Service Suppliers will treat the claim with sensitivity. If the claim has been accepted for a total loss under a home building and home contents insurance policy and the insured is unable to provide proof of ownership for the relevant insured property because it was lost in or damaged by the insured event (and ownership is clear) insurers will not: require proof of ownership; or require a list of insured property that was lost or damaged. (paragraph 80) Responding to Catastrophes Insurers will respond to Catastrophes efficiently, professionally, practically and compassionately. Insurers will co-operate and work with the Insurance Council of Australia on industry coordination and communications under the Insurance Council of Australia’s industry Catastrophe coordination arrangements. If an insured has a property claim resulting from a Catastrophe and the insurer has finalised the claim within 1 month after the Catastrophe event causing the loss, the insured can request a review of the claim if they think that assessment of the loss was not complete or accurate, even though a release was signed. Insureds have up to 12 months from the date of finalisation of the claim to ask for a review of […]

AFS Licensees must have in place adequate arrangements for the management of conflicts of interest that may arise wholly, or partially, in relation to activities undertaken by the licensee or an employee, authorised representative or any other person acting on behalf of the licensee. (section 912A(1)(aa) Corporations Act. ASIC notes the underlying principles for this obligation (refer RG 181.13 and 181.14): Adequate conflicts management arrangements help minimise the potential adverse impact of conflicts of interest on clients. Conflicts management arrangements thereby help promote consumer protection and maintain market integrity. Without adequate conflicts management arrangements, licensees whose interests conflict with those of the client are more likely to take advantage of that client in a way that may harm that client and may diminish confidence in the licensee or the market. and Having adequate conflicts management arrangements should also help a licensee ensure that the quality of their financial services is not significantly compromised by conflicts of interest. The quality of a service is significantly compromised if the service is of materially lesser quality than the licensee would have been likely to provide if they were not subject to the relevant conflict of interest Examples of Conflicts of Interest in General Insurance Typical examples include: having a family or personal relationship with a client. Such as a family member holding an insurance policy with your company and making a claim on that policy and you are an underwriter/claims handler at that company or your partner works at an insurance broker with whom your company does business with; having an interest in a service supplier who provides services to your business; receiving confidential non-public information (as a broker or underwriter) about an insured who is an ASX listed company and using that information to trade on the stock exchange prior to any public disclosure by the ASX listed company or informing another person who subsequently trades (insider trading); brokers (when acting on behalf of an insured) receiving commissions, profit share or other monetary arrangements or non-monetary benefits from an insurer such as IT systems, training, marketing etc; Acting on behalf of an insured in a third-party claim where indemnity made be declined in full or in part or acting on behalf of 2 or more insureds in the same insurance claim; Brokers acting for 2 or more clients who are looking (or have) to enter into a contractual relationship; Underwriters or brokers with aggressive sales targets based on volumes without any counter-balancing metrics; receiving gifts, benefits, gratuities or entertainment from a provider; brokers or service suppliers having equity in an insurer or underwriting agency; and being a director on a board of a client. Retail or wholesale clients A licensee’s obligation to manage conflicts of interest does not depend on whether its clients are retail or wholesale. Licensees must have adequate arrangements to identify and manage all conflicts of interest (other that those that occur wholly outside a licensee’s financial services business), whether they relate to retail clients or wholesale clients. Licensees […]

Brokers generally place business with Insurers and Lloyds underwriters authorised under the Insurance Act (sections 12 and 93 respectively). This includes a foreign general insurer who is authorised under section 12 of the Act. The purpose of being APRA authorised to carry on insurance business in Australia is to protect our local market and policyholders. There are inherent protections in the Insurance Act and through the Prudential Standards issued by APRA. This protection flows through to an Underwriting Agency or Lloyds Coverholder who act on behalf of an APRA regulated insurer (including Lloyds underwriters). Additional consumer protection arises under financial service laws. When can an Insurance Broker place business with an Unauthorised Foreign Insurer (UFI)? Our laws recognise that the Australian market relies on the global insurance market to adequately meet the needs and requirements of Australian businesses, hence there is a mechanism available to use an UFI (or DOFI) in certain circumstances. Section 3A of the Insurance Act and the Insurance Regulations 2024 provide 4 exemptions: High-value clients; Insurance for atypical (or unusual) risks; Insurance required by foreign law; and Risks that cannot be reasonably placed in the Australian market. High-value clients A person is a high‑value insured at a time (the test time) in a financial year if: (a) the average of the person’s Australian operating revenue for the 3 previous financial years is at least $200 million; or (b) the average of the person’s gross Australian assets for the 3 previous financial years is at least $200 million; or (c) the average of the person’s number of Australian employees for the 3 previous financial years is at least 500. Insurance for atypical (or unusual) risks This exemption applies to a contract of insurance if each risk insured under the contract is a risk of any of the following: (a) loss or liability arising from the hazardous properties (including radioactive, toxic or explosive properties) of nuclear fuel, nuclear material or nuclear waste; (b) loss or liability arising from the hazardous properties of biological material or biological waste; (c) loss or liability arising from war or warlike activities (within the meaning of theInsurance Contracts Regulations 2017); (d) loss or liability arising from a terrorist act (within the meaning of section 100.1 of theCriminal Code); (e) liability arising from health‑care related research; (f) loss of, or liability arising from the operation of, a space object (within the meaning of theSpace (Launches and Returns) Act 2018); (g) liability arising from the ownership or operation of an aircraft (but not loss of the aircraft or its cargo); (h) liability and expenses arising from a person owning, chartering, managing, operating or being in possession of a vessel other than a pleasure craft (within the meaning of subsection 9A(2) of theInsurance Contracts Act 1984); (i) loss or liability arising from equine mortality or fertility and related risks. However this does not apply to Equestrian packages (as defined in the Reg); (j) loss or liability incidental to a loss or liability mentioned in paragraphs (a) to (i). Insurance required by foreign law If a law of a foreign country requires that the […]

The obligation (also refer RG 105) If you are an AFS licensee, you must maintain the competence to provide the financial services covered by your AFS licence: see s912A(1)(e) of the Corporations Act. ASIC refers to this obligation as the ‘organisational competence obligation’. This is because this obligation requires you to be competent at the organisational level. You need to nominate responsible managers who: are directly responsible for significant day-to-day decisions about the ongoing provision of your financial services; together, have appropriate knowledge and skills for all of your financial services and products; & individually, meet one of the five options for demonstrating appropriate knowledge and skills (Table 1 RG 105). If you breach or are likely to breach the organisational competence obligation, you may need to notify ASIC of that breach: see s912DAA. Nominating responsible managers The people you nominate as responsible managers must have direct responsibility for significant day-to-day decisions about your financial services. In context of general insurance; together, your responsible managers must have the skills & knowledge in: providing financial product advice or general advice only; and/or dealing in a general insurance product, including (a) issuing [typically insurers or underwriting agencies] or (b) on behalf of another person [typically insurance brokers]; and/or claims handling and settling services (a) by an insurer or acting on behalf of the insurer [typically underwriting agencies or insurance claim managers] or (b) on behalf of the insured [claimant intermediaries]. The number of people you need to nominate as responsible managers will depend on the nature, scale and complexity of your business. However, ASIC expects that you will nominate at least two responsible managers. If you are heavily dependent on the competence of one or two responsible managers (e.g. in a small organisation with one or two principals), ASIC will generally impose a ‘key person’ condition on your AFS licence Tips to assist in meeting your personal obligations As a responsible manager you need to stay across the business operations. I provide the following practical advice to my clients: all responsible managers should work together as a team, regularly meeting to exchange views and observations and share concerns receive regular risk & compliance dashboard reporting – complaints, incidents & breaches, QA & audit outcomes, control breakdowns, breach remediation & rectification updates, control testing outcomes, risk profiles & training completion keep across industry issues such as AFCA complaints & regulatory and Code reviews engage with the internal risk and compliance committee, CRO, directors , management & extrenal auditors be curious – ask questions look behind the data, what is it telling you? A lack of data is not healthy the effectiveness of your compliance arrangements and monitoring program to meet licence, regulatory and Code obligations the adequacy of your incident & breach reporting and dispute resolution systems. Notifying ASIC of changes to your responsible managers You must advise ASIC within 30 business days of adding or removing a responsible manager. You need to complete the relevant sections of Form FS20 and lodge it […]

It can be difficult for insurers, underwriting agencies, insurance brokers and other distributors to consistently meet compliance obligations to customers especially when processes are not automated. A simple way to think about compliance obligations is to align them to the customer journey. This can be reduced to a 1 page ready-reckoner for all sales staff, account executives, business development managers & authorised representatives. Pre-appointment or pre-purchase During this stage of the customer journey the customer is considering their insurance needs and may engage an insurance broker or shop around online Insurance brokers, who are NIBA members and subscribe to the Insurance Brokers Code of practice, must provide a Terms of engagement to a prospective client who agrees to engage the broker. Underwriting Agencies or Insurers selling direct must not engage in misleading or deceptive conduct, whether through their website, advertising or otherwise & comply with the hawking prohibitions in respect of retail clients. These obligations also apply to Insurance Brokers Referrers ofAgencies, Insurers or Brokers can only ‘refer’ the client to the financial service provider and must disclose any payment for the referral. All licensees & ARs must be efficient, honest & fair when providing their financial services. Insurers and their distributors, under the GI Code, must be honest, efficient, fair, transparent & timely in all dealings with the customer. NIBA Insurance Brokes must act honestly and with integrity in all dealings with clients under the Insurance Brokers Code. All staff must be trained and competent to provide the financial services. Purchasing general insurance products Before providing the financial services, a licensee or authorised representative must provide a FSG , if the services are to be provided to a Retail cleint. Having said that, its best practice to provide a FSG to all clients. Before providing any financial product advice, a general advice warning must be provided to a retail client if providing general advice and brokers providing personal advice must be aware of the modified best interest duty for general insurance & provide a Statement of advice for sickness & accident insurance. In addition for retail product distribution, insurers and Agency’s must ensure that a TMD is available, usually on their website, and the direct sales process is aligned to the TMD. Brokers must ensure they distribute the insurance products in accordance with the TMD. The sales process Where relevant, the deferred sales-model for add-on insurance must be complied with where an insurance product is sold or offered for sale at the time of purchasing a primary product and an insurance product exemption does not apply. At the start of the sales process the underwriting agency or insurer must determine whether the general insurance product is a consumer insurance contract, if so, the insured’s duty to take reasonable care not to make a misrepresentation applies otherwise the duty of disclosureapplies. Brokers should note to take care when commencing renewal activities to clarify with the agency or insurer whether the product is being treated as a consumer insurance contract (in […]

I was talking to my ‘coffee guy’ at my local cafe this morning (he is also a small business owner) about how well my compliance business is travelling and he commented, ‘it’s because you love what you do.’ As I was walking back home, sipping my coffee (pure bliss), I reflected on his comment and how it aligned to my compliance mantra; the purpose of compliance is to ‘protect what matters’. Protecting what matters Compliance is about placing ‘what matters’ at the heart of everything we do & building layers of protection around that heart. What matters? Our customers & clients, our people, our business, our business partners & stakeholders and the wider community. The pillars of compliance provide the foundation for the layers of protection, the 4 pillars of compliance are: Governance & frameworks People & culture Procedures & process Systems & reporting each of these 4 pillars work together to provide robust compliance arrangements. Protecting what matters, is designed on a fortress of layers of protection: Compliance arrangements People Monitoring program Culture The Compliance model for General Insurance is represented diagramatically: The importance of people As you will observe from the Compliance Model, people are critical to the strength of the Compliance Model. People include employees, directors, authorised representatives, service suppliers & fulfillment providers. Anyone who is providing the financial services on your behalf. We need people to: identify and self-report incidents and complaints quickly; follow process and procedures (doing the right thing); meet their continual development training requirements; understand the obligations that apply to their business area; test the controls that manage the obligations applying to their area; genuinely care about protecting the business, customers, colleagues and partners; close out gaps identifed through reviews, monitring and audit activties; and generally be compliance-focused Simply, without people, the Compliance model collapses and harm & detriment results: complaints & breaches increase regulator scrutiny of the business intensifies business partners raise issues and concerns customers are impacted management time is lost focusing on customer remediation and rectification reputational & financial impacts are felt the risk of civil penalties naming & shaming the risk of banning & dsqualification the risk of product stop orders Simply, trust is eroded The test of ‘engaged people’ A simple test of whether your people are truly engaged in compliance is to look at your registers: incidents, breaches, complaints, conflicts, training etc . Are they well populated, indicating that people are engaged taking an active role in compliance, and compliance is part of what we do around here, or are they empty or contain a small number of entries? Do people actively attend compliance training? Do people actively close out issues ahead of time? Do people view compliance as an addition to their role or as part of their role? Do leaders talk about the importance of compliance in the same tone & passion as when they talk about their family and other things they love, care about & want to protect? Connecting the heart with the […]

Governance is a system that provides a framework for managing organisations. It identifies who can make decisions, who has the authority to act on behalf of the organisation and who is accountable for how an organisation and its people behave and perform. A simple illustration of good governance is the doctrine of the separation of powers. The doctrine of the separation of powers divides the institutions of government into three branches: legislative, executive and judicial: the legislature makes the laws; the executive puts the laws into operation; and the judiciary interprets the laws. Governance is about the time you dedicate to working ‘on’ your business, rather than ‘in’ it. This includes all the checks and balances you put in place to ensure your business runs smoothly, meets its objectives, stays out of trouble and protects the things that matter (your business, people, customers, business partners and other key stakeholders). The elements of Governance for General Insurance A system of good Governance comprises the following elements: A framework approach – frameworks provide a system of consistency of approach ensuring that an operating rhythm is created for risk & compliance. A framework ensures that the risk & compliance measures of a business evolve as the business grows & adapts to internal & external change. Roles and responsibilities – clarity and accountability of who does what is important – ‘doing, monitoring and oversight’ require seperate & independent people, boards or committees with a specific focus and purpose (documented through position descriptions and charters). Examples of roles & responsibilities in insurance include directors, officers, responsible persons (FAR), responsible managers (AFSL) and fit & proper people (AFSL). Aligned to roles and responsibilities is delegated authority, the 3 lines of defence model & reporting lines. Delegated authorities – the key to DA is the source of ultimate authority. Typically this will be the Board, SOOA (for foreign insurers) or business owner(s). Authority provides a mechanism to manage decision-making. Authorities (underwriting, claims, financial, strategy etc) are linked to experience, skills and knowledge therefore ensuring decisions are being made by the appropriate people. The key to delegated authority is that you can’t give (authority) what you don’t have. 3 lines of defence model – conceptually, the 3 lines of defence model continues to be the fundamental cornerstone of good governance across general insurance. The 1st line, typically business operations, manages risk & compliance, the 2nd line provides frameworks, oversight, monitoring and advice while the 3rd line is Internal Audit. Significantly APRA Prudential Standards create the role of the Auditor with reporting obligations to the Board and seperate & disctinct obligations to APRA ensuring a degree of independence. The key to the 3 lines of defence model is based on the the doctrine of the separation of powers – each line is seperate to and with a degree of independence from the other lines. Reporting lines – it’s critical that organisation structures and reporting lines enable unfettered ability to perform work and discharge responsibilities. For example, 2nd line risk […]