News

The recent Federal Court decision in Australian Securities and Investments Commission v Lanterne Fund Services Pty Limited [2024] FCA 353 provides the elements that an effective monitoring & supervision program should contain. I have expanded these elements based on my experience in working with clients in the insurance industry. 𝙄𝙢𝙥𝙡𝙚𝙢𝙚𝙣𝙩𝙞𝙣𝙜 𝙖𝙣 𝙚𝙛𝙛𝙚𝙘𝙩𝙞𝙫𝙚 𝙈𝙤𝙣𝙞𝙩𝙤𝙧𝙞𝙣𝙜 & 𝙎𝙪𝙥𝙚𝙧𝙫𝙞𝙨𝙞𝙤𝙣 𝙥𝙧𝙤𝙜𝙧𝙖𝙢 A robust due diligence process of all representatives pre-appointment Agreements with new CARs (& employees) containing requirements & obligations Supervisory arrangements – comprising monthly attestations, self-audits & risk-based audits by the licensee, formal & informal meetings with comprehensive note-taking, robust reporting of incidents, breaches & complaints Risk management & compliance systems – must be formal, systematic & documented & cover the risks faced by the firm. Risk & Compliance manuals must be tailored & current. The licensee should provide clear guidance & instructions to its CARs & ARs about their obligations regarding compliance with the financial services laws Training – must be provided & cover financial services laws including AR obligations & the relevant industry Codes. Conducted during induction & annually thereafter Human resources – the licensee must have enough people to conduct the monitoring & supervision activities. This includes regular performance reviews of the representatives & consequence management Technological resources – an adequate IT infrastructure to keep abreast of issues such as IT security or cyber security The Licensee must have enough responsible managers who are qualified, skilled & experienced in general insurance with sufficient time to conduct their role effectively Governance should include a risk & compliance committee meeting quarterly & receiving data, information & insights to oversight the licensee & their representatives The Monitoring & Supervision program must include self-checking mechanisms so that your compliance arrangements continue to evolve with regulatory changes & business growth.   I can work with you to: 1. Conduct a compliance review of your current compliance arrangements identifying gaps and adopting a risk-based approach. My reviews adopt a top-down approach not a file-by-file audit approach; 2. Design a fit-for-purpose, tailored AR program for your business; 3. Provide training for your representatives.

In the wake of the recent public hearings and the release of transcripts, there’s been a surge of discussions, particularly among clients in Queensland. These conversations are honing in on several key areas highlighted during the hearings. One significant topic of interest is ‘claims handling including delays’. People are keen to delve into how insurers are managing claims, especially in terms of timeliness and efficiency. Another focal point is ‘the role of experts such as assessors & builders’. This aspect delves into the expertise involved in assessing claims and the impact it has on the overall process. Lastly, there’s a spotlight on ‘customers experiencing vulnerability’. The discussions are examining how insurers are addressing the needs of vulnerable customers and ensuring they receive fair treatment throughout the claims process. These discussions are driven by submissions and the line of questioning from the Committees during the hearings. As we continue to analyse and reflect on these topics, we aim to gain deeper insights into the dynamics of insurance practices and how they affect clients, particularly in Queensland.

A term requiring insureds to notify A&G of any changes to their home & contents was not unfair under the ASIC Act 1. The proceedings concern home/contents insurance which contained certain notification obligations on the part of the insureds. 2. The PDS contained a number of references that explained certain matters relevant to the notification obligations (see paras 4-11 of the judgment). 3. Relevantly, the PDS contained 11 examples of changes A&G wanted the insured to tell them about 4. The offending clause, which preceded the 11 examples stated, ‘you need to tell us if 𝗮𝗻𝘆𝘁𝗵𝗶𝗻𝗴 changes about your home & contents.’ This Notification Clause was the focus of ASIC’s claim 5. Evidence concerning the processes for applying for cover (p12-22) & claim assessment (p23-30) was led by A&G 6. The Crt considered relevant provisions of Unfair Contract Terms (ASIC Act) & Utmost Good Faith (ICA) 7. The Crt rejected the literal meaning of 𝗮𝗻𝘆𝘁𝗵𝗶𝗻𝗴. 8. The Crt accepted that the requirement in the Notification Clause was restricted to notify A&G “if anything changes” concerned the information already provided by the insured to A&G. (refer 2 & 3 above) 9. The Crt held that the duty of UGF operates to limit what A&G can do under the Notification Clause in response to an insured’s failure to notify it of the relevant changes. 10. The Crt determined, upon the proper construction of the Notification Clause, the contracts of insurance contained a term that: (a) the insured must notify A&G if, during the term of the policy, there was any change to the information about the insured’s home or contents that the insured had disclosed to A&G prior to entry into the contract; & (b) if the insured failed to notify A&G of such changes, it had the right to refuse to pay a claim, reduce the amount it paid, cancel the contract or not offer to renew the contract if & to the extent that it would be consistent with commercial standards of decency & fairness for A&G to do so 11. The Crt applied the 3 limb test for ‘unfair clauses’ & held a. s54 (ICA) operates to ensure that A&G’s powers to refuse or reduce claims would not cause a 𝙨𝙞𝙜𝙣𝙞𝙛𝙞𝙘𝙖𝙣𝙩 𝙞𝙢𝙗𝙖𝙡𝙖𝙣𝙘𝙚 in the rights & obligations of the parties arising under the contract b. 𝙋𝙧𝙤𝙩𝙚𝙘𝙩𝙞𝙣𝙜 𝙡𝙚𝙜𝙞𝙩𝙞𝙢𝙖𝙩𝙚 𝙞𝙣𝙩𝙚𝙧𝙚𝙨𝙩𝙨 of A&G – s54 & UGF constrains A&G to the extent that only a failure to notify a change in information that has prejudiced its interests is relevant c. The Crt accepted ASIC’s submission that the lack of clarity in the Notification Clause 𝙘𝙖𝙪𝙨𝙚𝙙 𝙙𝙚𝙩𝙧𝙞𝙢𝙚𝙣𝙩 to the insured 𝘾𝙤𝙣𝙘𝙡𝙪𝙨𝙞𝙤𝙣 The Crt found that as only 1 of the 3 criteria of an unfair term was met, ASIC failed to establish that the Notification Clause is unfair

As the industry continues to be under scrutiny, it’s timely to revisit the overarching obligations in the GI Code & Insurance Brokers Code of Practice. 𝙂𝙄 𝘾𝙤𝙙𝙚 𝙤𝙛 𝙋𝙧𝙖𝙘𝙩𝙞𝙘𝙚 Part 3 of the GI Code requires insurers & their distributors & claim service suppliers to be 𝘩𝘰𝘯𝘦𝘴𝘵, 𝘦𝘧𝘧𝘪𝘤𝘪𝘦𝘯𝘵, 𝘧𝘢𝘪𝘳, 𝘵𝘳𝘢𝘯𝘴𝘱𝘢𝘳𝘦𝘯𝘵 & 𝘵𝘪𝘮𝘦𝘭𝘺 𝘪𝘯 𝘥𝘦𝘢𝘭𝘪𝘯𝘨𝘴 𝘸𝘪𝘵𝘩 𝘤𝘶𝘴𝘵𝘰𝘮𝘦𝘳𝘴. Let’s unpack this: – the obligation extends to underwriting agencies & external insurance claim managers; – the obligation applies to both retail & wholesale insurance. – the obligation applies to all dealings including buying insurance, making a claim, dealing with customers experiencing vulnerability & complaints. – You may ask, how does Part 3 apply to claims for wholesale insurance when, for example ‘Part 8 Making a Claim’ (& Parts 5,6,7,9 & 11), does not apply to wholesale insurance? The individual requirements of Part 8 would not apply to wholesale insurance claims however the insurer & their claim service suppliers must continue to be ‘honest, fair etc..’ – it would be a reasonable interpretation of Part 3 to suggest that each component is a separate obligation. Therefore a failure to act timely (such as in claim delays) would be a breach of the Code. 𝙄𝙣𝙨𝙪𝙧𝙖𝙣𝙘𝙚 𝘽𝙧𝙤𝙠𝙚𝙧𝙨 𝘾𝙤𝙙𝙚 𝙤𝙛 𝙋𝙧𝙖𝙘𝙩𝙞𝙘𝙚 The Brokers Code, requires NIBA members to have 𝙥𝙧𝙤𝙛𝙚𝙨𝙨𝙞𝙤𝙣𝙖𝙡 𝙘𝙤𝙢𝙢𝙞𝙩𝙢𝙚𝙣𝙩, 𝙖𝙘𝙩 𝙚𝙩𝙝𝙞𝙘𝙖𝙡𝙡𝙮 & 𝙗𝙚 𝙩𝙧𝙖𝙣𝙨𝙥𝙖𝙧𝙚𝙣𝙩 & 𝙖𝙘𝙘𝙤𝙪𝙣𝙩𝙖𝙗𝙡𝙚. Due to Part 8.0, these obligations extend to the brokers employees, agents & authorised representatives. The Ethical behaviour commitment requires brokers, their staff & [authorised] representatives to act honestly & with integrity in all dealings with clients. 𝘼𝙁𝙎𝙇 𝙜𝙚𝙣𝙚𝙧𝙖𝙡 𝙤𝙗𝙡𝙞𝙜𝙖𝙩𝙞𝙤𝙣 𝙩𝙤 𝙥𝙧𝙤𝙫𝙞𝙙𝙚 𝙛𝙞𝙣𝙖𝙣𝙘𝙞𝙖𝙡 𝙨𝙚𝙧𝙫𝙞𝙘𝙚𝙨 𝙚𝙛𝙛𝙞𝙘𝙞𝙚𝙣𝙩𝙡𝙮, 𝙝𝙤𝙣𝙚𝙨𝙩𝙡𝙮 & 𝙛𝙖𝙞𝙧𝙡𝙮 The overarching obligations of the Codes complement the AFS Licence obligation to provide financial services efficiently, honestly & fairly, but with one important distinction. The AFSL obligation only applies to financial services (which of itself is still far-reaching) while the Code obligation apply to all dealings, including administrative or clerical processes. 𝙃𝙤𝙬 𝙩𝙤 𝙞𝙢𝙥𝙡𝙚𝙢𝙚𝙣𝙩 The Code overarching obligations should be viewed as a lens after specific controls are applied. For example, the obligation to update the customer every 20 business days about the progress of their claim may receive a tick, however the question then needs to be asked, where we ‘𝘩𝘰𝘯𝘦𝘴𝘵, 𝘦𝘧𝘧𝘪𝘤𝘪𝘦𝘯𝘵, 𝘧𝘢𝘪𝘳, 𝘵𝘳𝘢𝘯𝘴𝘱𝘢𝘳𝘦𝘯𝘵 & 𝘵𝘪𝘮𝘦𝘭𝘺’? It is possible to comply with individual Code paragraphs but still be in breach of the overarching Code obligations.

Compliance is only effective when you have all people engaged. This includes staff, authorised representatives, claim service suppliers & business partners. Thinking about compliance in terms of rules & regs is generally not exciting & certainly not engaging. This is one of the things I learnt very early in my compliance career. Not many people really care about the intricacies of section 912A(1) or Part 3 of the GI code or part 8 of the Brokers Code – personally, I love this stuff. Here’s a simple test. If you can’t answer the question ‘why should I care [about compliance]’? or you think the answer is ‘because we must’, then you need to change how you position & see compliance. The true purpose of compliance is to protect. The image below shows who we should protect & from what. Let me explain how compliance protects. Your compliance arrangements are the combination of your people, IT systems, manuals, policies, guidelines & processes. Think about this another way, your compliance arrangements are the controls that you have in place to manage your financial services & industry code obligations. These compliance arrangements provide a safe environment for your people to work within. By staying within these boundaries your compliance arrangements operate to protect your customers, business, partners & people from harm. As we know, mistakes happen; systems, people & processes fail. This is when your people become your early warning system. By identifying ‘something has happened that should not have happened’ at an early stage (aka an incident) your people can quickly identify when the perimeter of your compliance arrangements have been breached. This serves to minimise any harm & enables the control(s) to be quickly rectified. Thus securing the business, its customers & people. The importance of the concept of ‘compliance protects’ has never been more evident as the insurance industry moves into the era of accountability. If something happens, under your watch, in your area of accountability there will be personal consequences – both financial & reputational. FAR & CPS 230 are examples of where accountability is heading & casting a wide net. This is why compliance protects. Robust compliance arrangements provide a mechanism & infrastructure to support & protect your business, your customers & you from harm & detriment. I will be exploring the theme of ‘compliance protects’ at my Compliance workshop in Brisbane on Thursday 21st March at Lightspace, Brisbane’s unique event venue and co-working warehouse. I will be providing you with the tools & insights to develop compliance arrangements that operate to support & protect the things that matter to you. Registration for the workshop is now open & can be accessed via the link below. See you in Brisbane Managing Compliance in the insurance industry

An Australian financial services licensee may appoint ‘authorised representatives’ to provide specified financial services on its behalf. Acting as an AR can be a cost effective way of operating a financial services business although most insurers require their MGAs & TPAs to hold their own AFSL. This is due to the risk that the AR presents to the insurer’s Licence. AR networks continue to be used within the Insurance Broking community however due diligence & compliance monitoring is being strengthened. There are regulatory requirements for appointing ARs & notifying ASIC. There are also rules & limitations in appointing sub-authorised representatives. Notification requirements also apply in respect of when an AR ceases to be authorised. These requirements should be captured in the Licensee’s compliance manual. In addition, the Licensee, if a subscriber to the GI Code or Insurance Brokers Code, will also have Code obligations in respect of the conduct of its ARs (GI Code see Parts 3-5 & Brokers Code see Part 8). Generally, the Licensee is responsible for the training, competency & conduct of its ARs & therefore should have a Monitoring & Supervision Program in place. This benefits & protects both the Licensees & Authorised Reps business. 𝑶𝒃𝒍𝒊𝒈𝒂𝒕𝒊𝒐𝒏𝒔 𝒐𝒇 𝒂𝒏 𝑨𝒖𝒕𝒉𝒐𝒓𝒊𝒔𝒆𝒅 𝑹𝒆𝒑𝒓𝒆𝒔𝒆𝒏𝒕𝒂𝒕𝒊𝒗𝒆 In addition to meeting the obligations of the Licensee, ARs have a number of independent obligations, including: Be appointed in writing as an Authorised Representative of the Licensee ; Not hold out that they have an AFS Licence. In this regard, the AR should include their AR number & disclose the relationship with the Licensee in all business documents & on their website; Provide disclosure documents (FSG, PDS) as required when the General Insurance Products are provided to Retail clients; Provide details of remuneration in an FSG; Keep records of insurance transactions; Comply with hawking prohibitions (retail clients) & misleading & deceptive conduct provisions; Ensure they act within the scope of authority given; & Comply with Product design & distribution requirements & TMD (when financial services are provided to retail clients). 𝘼𝙪𝙩𝙝𝙤𝙧𝙞𝙨𝙚𝙙 𝙍𝙚𝙥𝙧𝙚𝙨𝙚𝙣𝙩𝙖𝙩𝙞𝙫𝙚 𝙘𝙤𝙢𝙥𝙡𝙞𝙖𝙣𝙘𝙚 𝙢𝙚𝙖𝙨𝙪𝙧𝙚𝙨 It follows from the above, that the best practice is for the Authorised Representative to have its compliance measures captured in a Compliance Manual. The Manual should be tailored to the ARs business model & way of working & dovetail with the Licencee’s compliance requirements. Speak to me if you are an Authorised Representative requiring assistance with your compliance requirements or if you are an AFS licensee requiring assistance with your AR monitoring & supervision program.

APRA has mandated an insurer to undertake a risk remediation program & has increased its capital requirements in response to concerns about its risk governance. APRA’s decision follows a prudential review that identified significant weaknesses in the insurer’s risk governance, risk management & compliance practices. These included capability & capacity weaknesses in the risk function, ineffectiveness of the “three lines of defence” model, & weak risk reporting. The review also revealed unclear accountabilities and responsibilities across the business, & overall, an immature risk culture. Given the heightened prudential risk arising from the identified weaknesses, APRA has also imposed an additional $50 million capital requirement in the form of an operational risk charge. 𝙈𝙚𝙖𝙨𝙪𝙧𝙞𝙣𝙜 𝙘𝙤𝙢𝙥𝙡𝙞𝙖𝙣𝙘𝙚 𝙧𝙞𝙨𝙠 𝙢𝙖𝙩𝙪𝙧𝙞𝙩𝙮 There are many benefits in measuring compliance risk maturity: Identification of gaps & weaknesses in your compliance arrangements; A prioritised action plan to close out gaps by adopting a risk-based approach; Enables the allocation of resources (including human, technology & financial) to those areas of strategic, customer or regulatory importance; Provides transparent criteria to benchmark progress & facilitate board reporting; & Enables different maturity levels to be set as targets for each of the 4 components. 𝙃𝙤𝙬 𝙩𝙤 𝙘𝙤𝙣𝙙𝙪𝙘𝙩 𝙖𝙣 𝙖𝙣𝙖𝙡𝙮𝙨𝙞𝙨 𝙤𝙛 𝙘𝙤𝙢𝙥𝙡𝙞𝙖𝙣𝙘𝙚 𝙧𝙞𝙨𝙠 𝙢𝙖𝙩𝙪𝙧𝙞𝙩𝙮 (𝙞𝙣 𝙩𝙝𝙚 𝙞𝙣𝙨𝙪𝙧𝙖𝙣𝙘𝙚 𝙞𝙣𝙙𝙪𝙨𝙩𝙧𝙮) Step 1 – there are 4 components or categories that are assessed from a compliance risk perspective – (1) governance, (2) process & procedures, (3) people and (4) systems & reporting. A compliance review is conducted to determine the firm’s current state against each of these components; Step 2 – the current state is assessed as either ‘basic, evolving, established, advanced or optimised’. Pre-agreed criteria is used to describe each phase of maturity enabling a robust conversation to take place so that a realistic current state is determined. The current state is plotted on the matrix for each category; Step 3 – recognising the cost-benefit trade-off, the board sets the desired level of risk maturity to be achieved over a defined period for each component. For example, the Board may set a target that within 18 months: systems will be ‘Advanced’ while people will be ‘Optimised’. This enables a strategic allocation of resources & a plan that can be shared with key stakeholders; Step 4 – actions are developed, cost & approved to achieve the target level of risk maturity for each of the 4 components; Step 5 – Progress to plan is monitored & included in board reporting. Please contact me if you would like to explore the compliance reviews & risk maturity assessments I provide.

APRA Prudential Standard CPS 230 ‘Operational Risk Management’ comes into force July 2025. CPS 230 applies to APRA-regulated insurers (including both local insurers & Category C insurers) however there are indirect or downstream impacts on Underwriting Agencies, Claim Managers (Service Suppliers) & Insurance Brokers. These impacts arise in respect of insurers’ critical operations & material service providers. 𝙘𝙧𝙞𝙩𝙞𝙘𝙖𝙡 𝙤𝙥𝙚𝙧𝙖𝙩𝙞𝙤𝙣𝙨 An APRA-regulated entity must maintain its critical operations within tolerance levels through severe disruptions & manage the risks associated with the use of service providers (para 12 CPS 230). For an insurer, claims processing is a critical operation unless the insurer can justify otherwise. 𝙈𝙖𝙩𝙚𝙧𝙞𝙖𝙡 𝙨𝙚𝙧𝙫𝙞𝙘𝙚 𝙥𝙧𝙤𝙫𝙞𝙙𝙚𝙧𝙨 An APRA-regulated entity must, at a minimum, classify a provider of the following services as a material service provider, unless it can justify otherwise: for an insurer (general, life, private health): underwriting, claims management, insurance brokerage & reinsurance (p50) 𝘔𝘢𝘯𝘢𝘨𝘦𝘮𝘦𝘯𝘵 𝘰𝘧 𝘴𝘦𝘳𝘷𝘪𝘤𝘦 𝘱𝘳𝘰𝘷𝘪𝘥𝘦𝘳 𝘢𝘳𝘳𝘢𝘯𝘨𝘦𝘮𝘦𝘯𝘵𝘴 An APRA-regulated insurer must: Maintain a comprehensive service provider management policy (p47); Identify & maintain a register of its material service providers & manage the material risks associated with using these providers (p49) & submit the register to APRA on an annual basis; Before entering into or modifying a material arrangement undertake due diligence assessing the financial & non-financial risks (p53) Maintain a formal legally binding agreement covering the matters listed in p54 (a) – (g); Monitor the arrangement (p58); Meet the APRA notification requirements (p59); & Have the arrangements reviewed by its internal audit function (p60). 𝙎𝙤 𝙬𝙝𝙖𝙩 𝙙𝙤𝙚𝙨 𝙩𝙝𝙞𝙨 𝙢𝙚𝙖𝙣 𝙛𝙤𝙧 𝙢𝙖𝙩𝙚𝙧𝙞𝙖𝙡 𝙨𝙚𝙧𝙫𝙞𝙘𝙚 𝙥𝙧𝙤𝙫𝙞𝙙𝙚𝙧𝙨? Material service providers who are well prepared for the impacts of CPS 230 will achieve a competitive advantage in their partnering with insurers. Providers of material services must: Incorporate the requirements of CPS 230 into their risk & compliance arrangements including referencing APRA’s Prudential Practice Guide (CPG 230); Engage early with insurer(s) to understand the insurer(s) project plan in respect of timeframes & any unique requirements they have; & Arrange for a compliance review in early 2024 (due diligence) to fully understand the impact of the proposed changes to ensure a seamless transition to the new arrangements. Do not hesitate to contact me to assist in being prepared for the impacts of CPS 230 on your business.

Financial services laws are designed to protect consumers. The 1st layer of protection is the need to hold an AFS Licence. Unless you are an AR of a Licensee or can rely upon an exemption you need to hold an AFS Licence to provide general insurance financial services: 𝙇𝙞𝙘𝙚𝙣𝙘𝙚 𝙖𝙪𝙩𝙝𝙤𝙧𝙞𝙨𝙖𝙩𝙞𝙤𝙣𝙨 The 3 authorisations relevant for GI are: 1 Providing financial product advice, this may be restricted to general product advice; 2. Dealing in general insurance products by: Issue, apply for, acquire, vary or dispose of; and/or Apply for, acquire, vary, or dispose of on behalf of another. 3. Provide a claims handling & settling service. to Retail &/or Wholesale clients. 𝙒𝙝𝙖𝙩 𝙖𝙪𝙩𝙝𝙤𝙧𝙞𝙨𝙖𝙩𝙞𝙤𝙣 𝙙𝙤 𝙮𝙤𝙪 𝙣𝙚𝙚𝙙? APRA-regulated insurers – although authorised by APRA to carry on insurance business in Australia, insurers require an AFS Licence when providing financial services unless relying upon the Wholesale client exception. Insurers generally need all 3 authorisations although dealing is limited to the issuing authority & the claims authorisation does not include representing a person making a claim. Underwriting Agencies – depending on their binder/agency agreement will generally require the same authorisations as insurers. If the MGA places the business in the open market (ie not under a binder) they will require the dealing authorisation ‘on behalf of another’. Insurance brokers – require financial product advice & dealing on behalf of another authorisation only. Brokers can rely on the claims exemption provided they arranged the contract of insurance or are acting under a letter of appointment. Brokers also require the Licence condition permitting them to use the restricted terms associated with insurance broking. TPAs – will require the same claim authorisations as insurers, as the TPA acts on behalf of insurers as an ‘Insurance claims Manager’. Claimant Intermediaries act on behalf of insureds & will require a Claims authorisation limited to making a recommendation; assisting & representing a person making a claim. Claim Service Suppliers & insurance fulfilment providers, acting on behalf of insurers, generally do not require a licence as they can rely on exemptions. In these cases it’s necessary to examine the authority they have from insurers/MGA. 𝙒𝙝𝙖𝙩 𝙝𝙖𝙥𝙥𝙚𝙣𝙨 𝙞𝙛 𝙮𝙤𝙪 𝙥𝙧𝙤𝙫𝙞𝙙𝙚 𝙛𝙞𝙣𝙖𝙣𝙘𝙞𝙖𝙡 𝙨𝙚𝙧𝙫𝙞𝙘𝙚𝙨 𝙬𝙞𝙩𝙝𝙤𝙪𝙩 𝙖 𝙇𝙞𝙘𝙚𝙣𝙘𝙚? It is an offence to provide financial services without a licence (or acting as an AR or relying on an exemption). It is also an offence to hold out that you hold an AFS Licence if you do not. Ensuring that you hold the correct AFS Licence authorisations & conditions is critical when providing (or intending to provide) financial services in Australia.