Welcome & Introduction
Welcome! As people are still joining, there might be slight distractions. Let’s dive into today’s webinar. Thank you for joining us from various parts of Australia. This is part of the Curium webinar series, which we’ve hosted for over a year. These webinars have become popular and useful. Our goal is to keep them concise, to the point, and to provide answers to various questions. Today, we’ll discuss the regulatory lens, primarily focusing on ASIC but also touching upon other regulators. We’re joined by Yvonne Lam from the law firm, Gilchrist Connell. Our discussion will revolve around potential challenges your business may face and how to address them effectively.
- Updates in the regulatory landscape.
- Examples of typical reportable situations.
- Tips, tricks, and practical advice for regulatory compliance.
For those unfamiliar, I’m Tetiana, the CEO and co-founder of Curium. My experience spans various roles in management consulting and the insurance sector across multiple countries. Yvonne, I’ll pass the baton to you.
Yvonne Lam’s Introduction
Thank you, Tetiana. As mentioned, I’m a corporate insurance and regulatory lawyer at Gilchrist Connell. We’ve collaborated with Curium and its clients since their inception. Our focus has been on regulatory compliance issues, and today we’ll explore ASIC’s priorities for the insurance industry. A key theme is consumer protection. ASIC aims to reduce consumer harm from poor product design and distribution. They’re also actively reviewing and taking measures against financial products that may not serve consumers’ best interests.
Technology Risk & Regulatory Measures
Given the rise of digitization, ASIC is increasingly concerned about cybersecurity. They plan to conduct targeted surveillance to ensure cyber resilience. They’re also keeping an eye on potential threats and opportunities that come with AI and other emerging technologies. One of ASIC’s missions is to leverage data and technology to detect trends and potential harms faster.
ASIC is keen on taking enforcement actions, especially in areas like low-value insurance products. They’re focusing on ensuring products are fit for purpose and penalizing those who don’t adhere to these standards. Also, there’s an emphasis on protecting vulnerable customers, which remains a top priority for ASIC.
Industry bodies for both brokers and insurers have different focuses. However, all emphasize the importance of adhering to updated regulations and codes. It’s imperative for businesses to remain compliant and proactive, as the regulators are vigilant. Whether it’s the broker code or the insurer code, there’s a call for better reporting and adherence to set standards.
Incidents and Their Significance
It’s a fact that incidents will happen in any business. The key is to identify them early and understand their implications. Incidents could range from simple errors like sending emails to the wrong recipient to more complex issues like not providing accurate information on websites or not training staff adequately.
All factors need to be considered by the licensee. Even if only one significance factor applies, a breach can still be deemed significant. Sometimes, a combination of these factors heightens the significance.
When determining whether an incident is reportable to ASIC, businesses should ask the following:
- Did the incident affect multiple customers or just one?
- Has this kind of incident happened before? If yes, how frequently and when was the last occurrence?
- How was the prior incident addressed and has it been resolved?
- Can the business operate normally? Or has the incident severely impacted its service delivery, such as IT systems being down?
- How did the incident occur? Was it due to human error, requiring training, or was it a system error or something else?
- Is the incident a result of a single malfunction, or is it indicative of broader, systemic issues within the business?
Today, we’ll present three examples of situations reportable for ASIC’s consideration.
An insurance licensee charges an incorrect fee for Product X due to a system deficiency. Initially, it seems like an isolated case impacting few customers. However, two months later, a similar error occurs for Product Y. The recurrence might signify a significant breach, given the similarities in system issues for both products. If left unaddressed for a long time, costly customer remediation programs may be mandated.
A business division in an insurance company notices a potential system error that might have led to customers not receiving insurance renewal documents. Initial inquiries were made, and the matter was escalated for further investigation. However, the investigation took more than 30 days. Thus, the licensee is required to report this to ASIC. It’s essential for businesses to have a breach register, even if it’s not mandated by ASIC.
A potential policyholder applies for an insurance policy via a broker. The insurer requests further documentation from the prospective policyholder through the broker. However, the broker, being short-staffed over a holiday, fails to act. The resulting delay means the property is not insured in the required timeframe. ASIC considers this gross negligence, which must be reported within 30 days of identification.
To handle these situations, businesses need:
- Clarity on core obligations.
- Adequately trained staff.
- To understand the potential impact on customers, especially financially.
- Systems to monitor the first line of defense, or frontline staff.
- Regular review of timelines.
Lastly, penalties for breaches can lead to both criminal and civil ramifications. Therefore, it’s crucial for businesses to remain vigilant, ensuring compliance and addressing breaches promptly.