News

𝙒𝙝𝙤 𝙝𝙖𝙨 𝙩𝙤 𝙈𝙤𝙣𝙞𝙩𝙤𝙧? The obligation to monitor arises under financial service laws & industry Codes, these include: 1. Insurers have an obligation to monitor Distributors & Service Suppliers under the GI Code; 2. All AFS licensee’s have an obligation to monitor representatives (employees & ARs) under financial services laws. This obligation extends to referrers & distributors operating under ASIC instruments; 3. Insurance Brokers have an obligation to monitor AR’s & employees under the Insurance Brokers Code; 4. Claim Managers have an obligation to monitor service suppliers. 5. Agreements include a contractual obligation to monitor & be monitored. In addition FAR & CPS 230 creates additional monitoring obligations for APRA regulated insurers in respect of Insurance Key Functions (FAR) & Material Service Providers (CPS 230). 𝘿𝙚𝙫𝙚𝙡𝙤𝙥𝙞𝙣𝙜 & 𝙞𝙢𝙥𝙡𝙚𝙢𝙚𝙣𝙩𝙞𝙣𝙜 𝙖 𝙈𝙤𝙣𝙞𝙩𝙤𝙧𝙞𝙣𝙜 & 𝙎𝙪𝙥𝙚𝙧𝙫𝙞𝙨𝙞𝙤𝙣 𝙋𝙧𝙤𝙜𝙧𝙖𝙢 A single, tailored, fit for purpose Monitoring Program can meet all your requirements irrespective of the source – a single program is efficient, risk-based & enables an Enterprise view to manage risk & compliance requirements. 𝙀𝙨𝙨𝙚𝙣𝙩𝙞𝙖𝙡 𝙘𝙤𝙢𝙥𝙤𝙣𝙚𝙣𝙩𝙨 𝙤𝙛 𝙖 𝙈𝙤𝙣𝙞𝙩𝙤𝙧𝙞𝙣𝙜 & 𝙎𝙪𝙥𝙚𝙧𝙫𝙞𝙨𝙞𝙤𝙣 𝙋𝙧𝙤𝙜𝙧𝙖𝙢 1. Due diligence prior to engagement; 2. Agreements that capture obligations of the parties; 3. Onboarding (includes training & education) 4. Alignment to your Risk & Compliance framework 5. Ongoing Training (includes laws & Code, complaints, incidents & breaches) 6. Monitoring, including: a) file reviews b) call recording c) attestations d) control testing e) 3 lines of defence activities f) QA program g) external events incl regulator activity 7. Supervision, including: a) new starters without authority; b) delegated authority c) Standard Operating Procedures, systems & processes d) team meetings e) individual meetings f) hallway conversations 8. Using people as an ‘early warning system’ 9. Incident & breach management 10. Complaint management (IDR & EDR) 11. Data – what is it telling me? (complaints, incidents, Control testing etc) 12. Reporting

The purpose of compliance is to Protect Protect who? 𝘗𝘳𝘰𝘵𝘦𝘤𝘵𝘪𝘯𝘨 𝘤𝘶𝘴𝘵𝘰𝘮𝘦𝘳𝘴 & 𝘤𝘭𝘪𝘦𝘯𝘵𝘴, 𝘵𝘩𝘦 𝘣𝘶𝘴𝘪𝘯𝘦𝘴𝘴, 𝘪𝘵𝘴 𝘱𝘦𝘰𝘱𝘭𝘦 & 𝘱𝘢𝘳𝘵𝘯𝘦𝘳𝘴, 𝘴𝘵𝘢𝘬𝘦𝘩𝘰𝘭𝘥𝘦𝘳𝘴 & 𝘵𝘩𝘦 𝘤𝘰𝘮𝘮𝘶𝘯𝘪𝘵𝘺 Protect from what? 𝘩𝘢𝘳𝘮 𝘰𝘳 𝘥𝘦𝘵𝘳𝘪𝘮𝘦𝘯𝘵 – financial, reputational, loss of licence, lost management time, disqualification, systematic failures, industry mistrust, regulatory scrutiny, anxiety etc Compliance provides a safe environment to operate, providing [insurance] products & services to customers. It does not matter whether you are an APRA regulated insurer, an underwriting agency, an insurance broker, a Claims manager (TPA) or material service provider. A systematic approach to compliance is critical. 𝙃𝙤𝙬 𝙙𝙤𝙚𝙨 𝙘𝙤𝙢𝙥𝙡𝙞𝙖𝙣𝙘𝙚 𝙥𝙧𝙤𝙩𝙚𝙘𝙩? Think of a fortress, with inner & outer walls providing protection to those within. The 1st layer of protection is 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 𝗮𝗿𝗿𝗮𝗻𝗴𝗲𝗺𝗲𝗻𝘁𝘀 – policies, process, procedures , systems, trained & competent people that combined, form ‘a safe place to conduct business’ The 2nd layer is 𝙋𝙚𝙤𝙥𝙡𝙚 – employees, authorised reps, material service providers are ‘an early warning system’ reporting things that penetrate the 1st layer. Such as incidents, complaints, breaches, control breakdowns etc The 3rd layer of protection is your 𝙈𝙤𝙣𝙞𝙩𝙤𝙧𝙞𝙣𝙜 𝙋𝙧𝙤𝙜𝙧𝙖𝙢 – ‘providing assurance’ to board, management & stakeholders. The final layer of protection is 𝘾𝙪𝙡𝙩𝙪𝙧𝙚 – ‘a desire to do the right thing’, knowing what the right thing is, how to do the right thing & doing something when things go wrong – when no one is watching. 𝗧𝗵𝗲 𝟰 𝗣𝗶𝗹𝗹𝗮𝗿𝘀 𝗼𝗳 𝗖𝗼𝗺𝗽𝗹𝗶𝗮𝗻𝗰𝗲 It’s critical that the layers of protection are underpinned by a strong foundation. These are the ‘4 pillars of compliance’: 1. Governance & Frameworks 2. People & Culture 3. Procedures & Process 4. Systems & Reporting The 4 pillars of compliance, when combined, ensure a consistent, risk-based approach to compliance, with inherent oversight, monitoring & continuous improvement. The 4 pillars are used when: 1. Setting up & maintaining the compliance arrangements 2. Assessing the risk maturity of the arrangements 3. Managing regulatory change 4. Self-monitoring, highlighting potential areas of attention 𝙉𝙖𝙩𝙪𝙧𝙚, 𝙨𝙘𝙖𝙡𝙚 & 𝙘𝙤𝙢𝙥𝙡𝙚𝙭𝙞𝙩𝙮 A compliance framework, including the layers of protection & the 4 Pillars of compliance, is a conceptual, principle-based model that can be tailored to the nature, scale & complexity of any business operating within general insurance. The framework provides a compliance operating rhythm that is part of normal business operations with in-built early warning lights, self-monitoring, data-producing & continually evolving to meet consumer, regulatory & business standards & expectations.

AFS Licensee’s have several general obligations, these are set out in s912A(1) Corporations Act. Licensee’s must: 1. Provide their financial services (includes advice, dealing in general insurance products & claims handling) efficiently, honestly & fairly. Such as – acting without delay, responding to queries & claims – assessing claims & insurance applications in the least intrusive & onerous way – informing insured’s of processes & including fairness in those processes (eg procedural fairness for claim declines) – services tailored to customers experiencing vulnerability & – Code membership 2. adequately manage conflicts of interest. Disclosing conflicts, controlling conflicts & avoiding those conflicts that can’t be adequately managed (see RG 181) 3. comply with licence conditions. This may include a key persons requirement or the ability to use restricted broking terms. 4. comply with financial services laws. These include Corps Act Chap 7, ASIC Act Part 2 Div 2, Insurance contracts Act, Insurance Act & Privacy Act among others 5. Ensure representatives comply with financial service laws. This requires a monitoring program for employees, Authorised reps, claim servcie suppliers & material service providers. 6. Other than APRA regulated insurers, have adequate financial, people & IT resources to provide the financial services. Also refer RG 104 & RG 166. APRA insurers must comply with Prudential Standards 7. maintain the competence to provide the financial services. This entails having responsible managers with the requisite knowledge, skills & experience providing complete coverage of your financial services across the business (refer table 1 RG 105) 8. ensure that your representatives (see 5 above) are competent & adequately trained, including RG 146 when providing advice 9. Have a dispute resolution system complying with the enforceable paragraphs of RG 271, provide IDR data to ASIC & be a member of AFCA 10. other than APRA insurers have adequate risk management systems. APRA insurers must comply with CPS 220 & from July 2025 CPS 230 11. comply with Reg 7.6.04 which includes obligations to: – advise ASIC of material changes to financial position – adding/deleting Authorised reps – maintaining a training register – due diligence prior to appointing AR’s & including their AR number in documents – provdie a copy of AFSL/AR authorisations upon request – advise ASIC of change of control of licensee 𝑴𝒂𝒏𝒂𝒈𝒊𝒏𝒈 𝒐𝒃𝒍𝒊𝒈𝒂𝒕𝒊𝒐𝒏𝒔 An obligations register or table (contained within a risk & compliance manual) should be used to manage these & other regulatory (& Code) obligations Accountability & key controls are aligned to the obligations, enabling management within risk appetite. Control testing, monitoring, data validation & reporting complete the picture. Speak to me to explore obligations management further.

The key to embedding compliance in your General Insurance business is 𝒑𝒆𝒐𝒑𝒍𝒆. Leave the technical side of compliance to specialists such as myself & focus on your people. 1. 𝑻𝒉𝒆 𝒕𝒓𝒖𝒆 𝒑𝒖𝒓𝒑𝒐𝒔𝒆 𝒐𝒇 𝒄𝒐𝒎𝒑𝒍𝒊𝒂𝒏𝒄𝒆 𝒊𝒔 𝒕𝒐 𝒑𝒓𝒐𝒕𝒆𝒄𝒕 Don’t talk about laws or rules, not inspiring language. Talk about how compliance creates an environment that protects your customers, clients, people, the business, partners & other key stakeholders 2. 𝑪𝒐𝒏𝒏𝒆𝒄𝒕 𝒕𝒉𝒆 𝒉𝒆𝒂𝒓𝒕 𝒘𝒊𝒕𝒉 𝒕𝒉𝒆 𝒉𝒆𝒂𝒅 Everyone has someone like my elderly mum in ther lives. Mum lives by herself. She banks & buys insurance. Compliance is about protecting my mum & people we deeply care about. Involving the heart, brings about caring & caring brings actions 3. 𝑻𝒉𝒆 𝒑𝒐𝒘𝒆𝒓 𝒐𝒇 𝒔𝒕𝒐𝒓𝒚𝒕𝒆𝒍𝒍𝒊𝒏𝒈 A story about Paul’s mum is far more powerful than section 912(A)(1)(g)(ii). Use storytelling to sell the message of compliance. 4. 𝑬𝒗𝒆𝒓𝒚 𝒑𝒆𝒓𝒔𝒐𝒏 𝒉𝒂𝒔 𝒂 𝒑𝒂𝒓𝒕 𝒕𝒐 𝒑𝒍𝒂𝒚 Creating a compliance ecosystem needs everyone to actively play a part. From incident reporting to following the processes. We all have a role to play 5. 𝑬𝒎𝒃𝒓𝒂𝒄𝒆 𝒕𝒓𝒂𝒊𝒏𝒊𝒏𝒈 Train people on the why & how, & less on the technical. How compliance protects? How to identify incidents & complaints? Why should I care? 6. 𝑬𝒙𝒑𝒆𝒄𝒕 𝒕𝒉𝒊𝒏𝒈𝒔 𝒕𝒐 𝒈𝒐 𝒘𝒓𝒐𝒏𝒈 We are human & stuff happens that’s not supposed to. The role of compliance is to make it easy to identify, remediate & rectify when stuff goes wrong. It’s impractical from a business viewpoint to build a compliance system that 100% prevents things going wrong – unless you want to stop being human. 7. 𝑪𝒓𝒆𝒂𝒕𝒆 𝒂 𝒔𝒂𝒇𝒆 𝒆𝒏𝒗𝒊𝒓𝒐𝒏𝒎𝒆𝒏𝒕 If you want people to self-report & raise incidents & complaints promptly you need to create a safe environment for them to do so. 8. 𝑯𝒂𝒗𝒆 𝒂 𝒇𝒓𝒂𝒎𝒆𝒘𝒐𝒓𝒌 A framework provides a foundation to manage compliance in a systematic, risk-based approach. A fit-for-purpose framework supports & enables your people 9. 𝑫𝒐𝒏’𝒕 𝒃𝒆 𝒉𝒆𝒔𝒊𝒕𝒂𝒏𝒕 𝒕𝒐 𝒇𝒐𝒓𝒎𝒂𝒍𝒍𝒚 𝒓𝒆𝒑𝒐𝒓𝒕 𝒃𝒓𝒆𝒂𝒄𝒉𝒆𝒔 At a time of ‘naming & shaming’ don’t be hesitant when deciding whether to report a breach to ASIC or a Code Committee. Timely reporting is a feature of good compliance arrangements & being a responsible corporate citizen. 10. 𝑲𝒆𝒆𝒑 𝒄𝒐𝒎𝒑𝒍𝒊𝒂𝒏𝒄𝒆 𝒕𝒐𝒑 𝒐𝒇 𝒎𝒊𝒏𝒅 Compliance is not a set & forget exercise or annual activity. To truly embrace compliance as a way of working it must be top of mind. Do leaders walk the talk? Is compliance part of your regular team conversations? Can you access FAQs easily on your internet? Do you know the risks & controls in your area of the business? 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 𝐢𝐬 𝐚𝐛𝐨𝐮𝐭 𝐩𝐞𝐨𝐩𝐥𝐞 In summary, think less about rules, laws, clauses & sections & more about people.

𝟐𝟎𝟐𝟒 𝐫𝐞𝐠𝐮𝐥𝐚𝐭𝐨𝐫𝐲 𝐜𝐡𝐚𝐧𝐠𝐞 & 𝐨𝐭𝐡𝐞𝐫 𝐝𝐞𝐯𝐞𝐥𝐨𝐩𝐦𝐞𝐧𝐭𝐬 𝐢𝐧 𝐆𝐞𝐧𝐞𝐫𝐚𝐥 𝐈𝐧𝐬𝐮𝐫𝐚𝐧𝐜𝐞 We are almost at the mid-point of the year & already we have seen a plethora of changes, consultations & reviews impacting the General Insurance industry. Compliance never sleeps in General Insurance. 𝑪𝒐𝒏𝒔𝒖𝒍𝒕𝒂𝒕𝒊𝒐𝒏𝒔, 𝒓𝒆𝒗𝒊𝒆𝒘𝒔, 𝒄𝒐𝒖𝒓𝒕 𝒄𝒂𝒔𝒆𝒔, 𝒈𝒖𝒊𝒅𝒂𝒏𝒄𝒆 & 𝒐𝒕𝒉𝒆𝒓 𝒄𝒉𝒂𝒏𝒈𝒆𝒔 11 June – Treasury – feedback on draft legislation (financial advice reform) which include requiring general insurance brokers to obtain commission consent from retail clients if personal advice has been or is likely to be provided. Closes July 8 May – 3 person-panel independent review of the GI Code of Practice – The Terms of Reference set out the review’s overarching principle of maintaining & enhancing consumer protections, along with Code modernisation, enhancement of customer experience, accessibility, effectiveness & efficiency, & providing customer value. Consultation closed, report due mid-year 28 May – ASIC to launch new Professional Registers search (for licences) late June 20 May – IBCCC publish guidance note ‘Supporting vulnerable clients’ as guidance for section 10.0 Insurance Brokers Code of Practice 16 May – Senate – Select Committee on the Impact of Climate Risk on Insurance Premiums & Availability established. The Committee has been established to inquire & report on the unaffordability & unavailability of insurance in some regions due to climate-driven disasters & the underlying causes & impacts of increases in insurance premiums. The committee is to present a final report by 19 November 2024. Submissions close 2 July 2024. 22 March – Federal Crt – In finding Auto & General did not include an unfair contract term in its PDS, determined that Utmost Good faith, Section 54 & construction of the PDS, must be taken into account when considering whether a term of the insurance contract is unfair. 7 March – Treasury – consultation on standardising definitions & standard cover for insurance terms – fire, storm, stormwater & rainwater run-off. Consultation closed 4th April 6 March – ASIC – letter to insurers to improve claims handling practices Feb – House of Reps – Parliament inquiry into insurers’ responses to 2022 major floods claims. Report due Sept 2024 Also, FAR commencing March 2025 – RG 279 issued 14 March 2024 CPS 230 commencing July 2025

𝗖𝗹𝗮𝗶𝗺 𝗺𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗮𝗿𝗿𝗮𝗻𝗴𝗲𝗺𝗲𝗻𝘁𝘀 – 𝗚𝗲𝗻𝗲𝗿𝗮𝗹 𝗜𝗻𝘀𝘂𝗿𝗮𝗻𝗰𝗲 Following on from my previous post on Distribution arrangements, I thought I would cover off the typical general insurance claim arrangements. 𝙁𝙞𝙣𝙖𝙣𝙘𝙞𝙖𝙡 𝙨𝙚𝙧𝙫𝙞𝙘𝙚𝙨 & 𝙡𝙞𝙘𝙚𝙣𝙨𝙞𝙣𝙜 Claims handling & settling services (CHSS) has been a financal service since 1 Jan 2022. CHSS covers the activities as defined under section 766G Corporations Act. The need to hold an AFS licence is determined by s 911A(2)(ek). You need to hold an AFSL for CHSS if you are: the insurer under the insurance product or an underwriting agency with authority from the insurer to provide CHSS; an insurance fulfilment provider but only where you have authority to reject all or part of a claim; an insurance claims manager aka TPA (acting for an insurer) but only where this is a primary part of your business. For example, if assessing or investigations is the primary part of your business, you don’t need an AFSL (Reg 7.1.04CB); an insurance broker, but only if they have authority from an insurer to provide the CHSS. Brokers acting on behalf of insured’s can rely on the exemption & not hold an AFSL; a claimaint intermediary, that is a person providing CHSS on behalf of an insured for a prescribed product other than insurance brokers, accountants, vets, travel agents, financial advisers & counsellors, property managers, estate management & public trustees. An exemption applies for CHSS where the issuer of the general insurance product is Lloyd’s underwriters or an UFI. A licensee may appoint others as an Authorised Rep to provide CHSS. 𝙂𝙄 𝘾𝙤𝙙𝙚 𝙤𝙛 𝙋𝙧𝙖𝙘𝙩𝙞𝙘𝙚 There are obligations for CHSS under the Code. It is necessary to examine the definitions in Part 16 of the Code to determine how the Code applies to your business. Service Supplier – means an Investigator, Loss Assessor or Loss Adjuster, Collection Agent, who is not an employee of the insurer but is contracted to manage claims on behalf of an insurer (including a broker) & any of their approved sub-contractors. Investigator, Loss Assessor or Loss Adjuster, Collection Agent are all defined terms in Part 16. External Expert means a company, entity, or a person who is not an Employee or a Service Supplier & is contracted solely to provide an expert opinion about the likely cause of loss or damage. 𝟮 𝗽𝗮𝗿𝘁 𝗽𝗿𝗼𝗰𝗲𝘀𝘀 It follows from the above, in order to determine your obligations under financial services laws & the Code, you need to understand: 1. Your requirement to hold an AFS Licence; & 2. The category you fall within under the GI Code This starts with the questions (in context of CHSS): what CHSS do you do? how do you do the CHSS? who do you do the CHSS on behalf of?

Distribution Arrangements Compliance with requirements for 3rd party GI distribution arrangements is critical for Brokers, underwriting agencies & insurers. It is an offence to distribute general insurance products if you are not: an ASF licensee; an AR of a licensee; acting under an ASIC instrument; or relying upon an exemption. 𝙍𝙚𝙛𝙚𝙧𝙧𝙖𝙡 𝙖𝙧𝙧𝙖𝙣𝙜𝙚𝙢𝙚𝙣𝙩𝙨 This arrangement allows a broker or MGA to access the referrer’s customer database & offer them insurance products/service. Typically the referrer is a non-financial service business. A referrer does not provide financial services (& is not required to hold a licence or be appointed as an AR) provided: they only inform their customers that another person (A) provides insurance products or services; provide the contact details of (A); & disclose to their client if they are being paid a referral fee by (A). It is critical that the referrer does no more than referring. The more involved in the insurance transaction, the more likely they are to provide a financial service. 𝘼𝙪𝙩𝙝𝙤𝙧𝙞𝙨𝙚𝙙 𝙧𝙚𝙥𝙧𝙚𝙨𝙚𝙣𝙩𝙖𝙩𝙞𝙫𝙚𝙨 An AR arrangement enables firm B to provide financial services under firm A’s AFS Licence. An AR may be authorised to provide all or part of the Licensee’s financial services. The licensee is responsible for ensuring the AR complies with financial service laws & its licence conditions however, the AR also has independent obligations. Generally, AR’s must be notified to ASIC within 30 business days of appointment. There are also a number of other formalities that are required. 𝘼𝙎𝙄𝘾 𝙙𝙞𝙨𝙩𝙧𝙞𝙗𝙪𝙩𝙞𝙤𝙣 𝙞𝙣𝙨𝙩𝙧𝙪𝙢𝙚𝙣𝙩 Under this instrument, a person may distribute insurance products on behalf of the licensee, subject to: the distributor not being an AR of the Licensee; provides details of the licensee’s IDR; discloses the relationship & remuneration received; & does not provide financial product advice. 𝗔𝗦𝗜𝗖 𝗚𝗿𝗼𝘂𝗽 𝗣𝘂𝗿𝗰𝗵𝗮𝘀𝗶𝗻𝗴 𝗕𝗼𝗱𝘆 𝗶𝗻𝘀𝘁𝗿𝘂𝗺𝗲𝗻𝘁 Under this instrument, typically a person is provided with a master insurance policy & extends cover to its clients as a named individual for payment of a premium. The GPB: must not be carrying on financial services as its primary business, the arrangement is ‘incidental’ to its primary business; & must not make a profit from the arrangement. They can only cover their reasonable expenses in administering the arrangement. 𝗠𝗼𝗻𝗶𝘁𝗼𝗿𝗶𝗻𝗴 & 𝗦𝘂𝗽𝗲𝗿𝘃𝗶𝘀𝗶𝗼𝗻 A licensee has obligations to monitor all these arrangements & should adopt a systematic approach.