Last month I attended the AILA 2025 National Conference in Melbourne.
One of the highlights was the regulators panel featuring:
- Jane Magill Executive Director General Insurance & Banking, APRA
- Peter Soros Executive Director, Regulation & Supervision,
- ASIC David Locke CEO, AFCA
- Chair Alexandra Hordern General Manager, Regulatory & Consumer Policy, ICA (Insurance Council of Australia)
General insurance – areas of increased regulatory oversight
The following areas were identified as subject to regulatory oversight during 2026:
- it was noted the increased complaints for motor vehicle insurance, this will be a focus for ASIC
- claims handling is improving however areas such as cash settlements will be a focus
- risk culture including how this permeates throughout the organisation
- feedback on CPS 230 based on reviews of larger insurers
- the use of AI however both ASIC and APRA consider that the existing regulatory regime is sufficient to manage the risks and are continuing to observe this space. A human should be involved in any AI decision-making process. APRA will be undertaking a narrow review of larger entities to test that principle based Prudential Standards 220, 230 & 234 are adequate to manage the risk of AI
- the use of AI by complainants as part of the IDR and EDR was observed and is being considered by AFCA (and is consistent with what I’m being told by my clients)
- pricing; the expectation is for transparency, and insurers to recognise efforts by insureds to improve their own risk
- sustainability reporting requirements
The role of the regulator
David Locke provided the following view on the role of the regulator which I have produced below with David’s permission:
As a regulator your role is to clearly spell out where the red and yellow flags are on the beach and make it very easy for the public (and financial firms) to swim between the flags. There will always be some people who drift or accidentally swim just outside them and you blow your whistle and use the lightest regulatory tools necessary to get them to swim back in safe water. You then focus the majority of your compliance resources on the idiots jumping off the rocks at the end of the beach. You want to prosecute them to deter others from doing so, and in some cases want them permanently off the beach.
David’s analogy strongly resonates with my ‘Compliance protects what matters‘ theme. A company’s compliance arrangements can serve a similar purpose of keeping their people and other representatives swimming safely between the flags (that is: conducting general insurance business efficiently, honestly, fairly, transparently and timely) by adopting the following compliance operating rhythm:
- the documented compliance process and procedures, training and IT systems provides a safe place to conduct business protecting the business, its people, its customers and cliients and its business partners;
- the firm’s people acting as ‘an early warning system’ to quickly identify and raise incidents and complaints;
- an effective monitoring program; and
- a culture of wanting to do the right thing.
Disclaimer: Reproduction of statements made in this article by media outlets, whether in full or in part, is strictly prohibited without the written express consent of the author. The views, opinions, and positions expressed within this article are those solely of the author and Compliance Advocacy Solutions Pty Ltd and not the views of other individuals, companies or organisations they may be affiliated with. The author and Compliance Advocacy Solutions Pty Ltd make no representations as to accuracy, completeness, currency, suitability, or validity of any information in this article and will not be liable for any errors or omissions or any loss or damage arising from its use or reliance. This article is intended for educational and informational purposes only and should not be relied upon as professional legal advice.