The General Insurance Code, a paradigm shift – from process to conduct
The final report of the Insurance Council of Australia (ICA) ‘’Review of the General Insurance Code of Practice’’ (Code) issued in June 2018 continues the shift from a focus upon legal obligations and rules to an emphasis upon insurers behaviours and conduct in meeting customer needs and expectations.
Peter Kell, (Deputy Chair, ASIC) articulated this new approach at the ICA Annual Forum in Sydney in March 2018
The current climate serves to emphasise that it has never been more important to put the consumer at the heart of everything that you do as a business. Further, the days of narrowly focusing on the minimal requirements needed to meet the ‘black letter of the law’ are over.
This theme has been embraced with enthusiasm by Commissioner Hayne in the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. It’s now all about behaviours and conduct rather than how an organisation internally meets its legal obligations and licence requirements.
An Australian financial services (AFS) licensee can take into account the ‘nature, scale and complexity’ of its business in determining how it will meet its AFS licence obligations (refer ASIC Regulatory Guide 104.18). This enables licensees a degree of subjectivity when developing compliance systems and procedures to complement their strategic objectives. However, the changing shift in landscape with an increasing external focus upon meeting customer needs and expectations now begs the question ‘whose subjectivity?’
I envisage that compliance with the Code will be viewed through a consumer lens by the Code Governance Committee (CGC), ASIC and others resulting in a much higher threshold for insurers to achieve with consequent impact upon its 3 lines of defence model and risk management systems.
What are the ICA recommendations to the Code that will provide impetus to the shift from process to conduct?
Review of the General Insurance Code of Practice
The ICA has taken into account detailed submissions and discussions with industry, consumer groups, Code Governance Committee (CGC), FOS and ASIC and identified a number of priority areas, reflected in 30 recommendations which will be the cornerstone for amendments to the Code.
The future direction of the GI Code
The Core Commitments
The recommendations introduce a key industry commitment in the Code ‘’creating an ethical corporate culture through best practice conduct and customer service’’. (my emphasis)
The core commitment is an important recommendation as it will provide a base for interpreting all sections of the Code. ‘’Ethical’’ is a moral principle enabling the CGC and others to delve below internal rules, procedures and practices and examine the actual conduct of the insurer in how and why these rules, procedures and practices came into being. That is, decision making rather than documents may be the subject of scrutiny where there is an alleged breach of the Code. The importance of the core commitment can be more fully understood when read in conjunction with ICA recommendation 26 requiring the Code to ‘clarify that anyone can report alleged breaches (of the Code) to the CGC at any time.’ ‘Anyone’ would include consumer advocate groups and legal advisors to insured’s and third parties and, I would imagine, competitors.
New layers of the Code
In addition to the core commitment, the ICA’s recommendations will introduce new layers to the Code in the form of standards and guidance which further highlights the focus upon behaviour and conduct. The layers of the Code can be grouped as follows:
Principle-based – for example ‘consumers experiencing vulnerability’ will be included as a new principles-based section of the Code.
Procedure-based – the Code currently includes a number of time-based obligations especially when responding to claims and complaints. These procedural requirements will remain unchanged.
Best practice guidance – will be provided on the topics of family violence, mental health, disclosure and the sale of add-on insurance.
Standards – mandatory standards will be introduced to the Code for the use of investigators.
The layering approach to the Code has been explained by the ICA as ‘necessary to reflect the need for industry self-regulation to commit, at times, to more than just minimum standards and create momentum for leadership.’
This sounds reasonable in theory. However, with the recommended enhanced monitoring, enforcement and sanctions power of the CGC, and approval of the Code by ASIC, it is more likely in practice that customer, community and regulatory expectations will be the main driver of new standards of behaviour and conduct rather than industry self-regulation.
Powers of the Code Governance Committee
The CGC is still a relatively new Committee finding its way through Code annual reporting and own motion enquiries. The ICA recommendations 26-28, result from discussions with CGC and ASIC. Hence, they are strong indicators of future practice.
Significantly, I believe the consequence of recommendation 26, ‘that the principles of honesty, fairness, efficiency, transparency and timeliness apply to all sections of the Code’ (my emphasis), will enable the CGC to explore decision-making, behaviours and conduct of insurers rather than relying solely upon objective data when determining whether an insurer has breached its Code obligations.
A systemic breach of the Code is likely to require a lower threshold of conduct than say a significant breach of Chapter 7 of the Corporations Act, a significant breach of Chapter 7 requires reporting to ASIC. Given that ICA recommendation 27 is to obtain ASIC approval of the Code, it is likely that the enhanced powers of CGC together with the CGC’s Code reporting obligations to ASIC will provide back-door access for ASIC using the Code as an early warning system of potential insurer misconduct and customer detriment. This is a positive for the industry and customers however will require a different approach in how insurers currently manage their legal and code obligations through the 3 lines of defence model and risk management systems.
A behavioural led compliance approach
The usual approach to compliance management is to start with the obligation, develop controls that demonstrate successful compliance with the obligation (with associated reporting) and regularly test the controls from an efficacy and efficiency perspective. This is a sound approach for rules, processes and procedures where the desired outcome can be measured in black and white terms. The role of 1st line business is to implement and manage the control environment, 2nd line to oversight and supervise through reporting and control testing outcomes with 3rd line providing an independent view to the board.
However, behaviour and conduct can’t be measured in absolute terms. Therefore, an obligations-based approach for the revised Code is unlikely to achieve the level of customer confidence or regulatory expectation required. The key is to start with the desired conduct in mind, viewed from the perspective of the customer and regulator. As such, the compliance module of an insurer’s risk management system should record the desired behaviour/conduct with controls aligned to that conduct. Controls as a result become health-check indicators with the role of the 2nd line compliance professional to keep a finger on the pulse (of the ‘ethical corporate culture’) and drill down to investigate further where the conduct is not aligning with the ethical corporate culture desired by the board and organisation.
The new GI Code – an opportunity to build consumer trust
The ICA advocates that a strong Code provides confidence to consumers and trust in the industry. It is difficult to disagree with this position. However, in order to fully grasp the opportunity that the Code presents in the changing environment of customer needs and expectations it will be necessary for insurers to adopt a different approach to implementing and monitoring Code compliance.
Insurers must resist the temptation to adopt an obligation based, process driven approach to compliance with the revised Code. An ethical corporate culture can only be achieved through a compliance approach centered upon behaviours and conduct that produces products and services that meet the needs and expectations of customers, the community and regulators. This must be the focus for managing Code compliance going forward.
Compliance Advocacy Solutions can assist you with your compliance needs, please contact us on 0419 695 473 or by email firstname.lastname@example.org