7. Improving oversight of insurers' practices
   1. Oversight arrangements for the insurance industry were outside the explicit terms of reference for the inquiry. However, it is important to note that giving effect to a number of the recommendations in this report and ensuring better outcomes for consumers will depend upon appropriate regulatory oversight and enforcement.
   2. A number of submissions to the inquiry and evidence received at hearings raised important regulatory issues and suggested important regulatory changes and strengthening. This chapter presents a brief overview of the regulatory landscape for the general insurance industry,[1] and summarises the evidence received on ways to improve transparency, accountability and compliance.
   3. Key issues raised in evidence to this inquiry included:

• enforcement challenges, with many witnesses questioning regulators’ ability to hold insurers to account for breaches of existing regulations and the General Insurance Code of Practice (the Code);
• options to support stronger enforcement, particularly through the Code; and
• the limitations of regulators’ current data-gathering and reporting regimes, and options for improvement.

Insurance industry oversight arrangements

Government regulators

7.4As was briefly identified in Chapter 3, the primary regulators with oversight of general insurance in Australia are the Australian Securities and Investments Commission (ASIC) and the Australian Prudential Regulation Authority (APRA). The Australian Competition and Consumer Commission (ACCC) also plays a limited role.

Australian Securities and Investments Commission

7.5As ASIC explains on its website:

The Australian Securities and Investments Commission (ASIC) is Australia’s financial markets conduct regulator. … ASIC regulates the conduct of Australian companies, financial markets, financial services organisations (including banks, life and general insurers and superannuation funds) and professionals who deal in and advise on investments, superannuation, insurance, deposit-taking and credit. ASIC is also responsible for authorisations to operate in industries it regulates.[2]

7.6Treasury told the inquiry that ASIC is ‘responsible for maintaining, facilitating and improving the performance of the financial system and entities within it’, including by managing the Australian financial services (AFS) licensing regime as well as ‘regulating and monitoring businesses and markets operating in Australia, and taking necessary action to enforce and give effect to the law.’[3]

7.7As identified throughout this report, insurers are AFS licensees. ASIC’s regulatory remit therefore extends to enforcing insurers’ obligations as licensees to provide insurance efficiently, honestly and fairly, handle complaints properly and uphold their obligations to policyholders.[4] For example, ASIC has recently published two reports focusing on insurer malpractice in relation to pricing promises and claims handling,[5] putting the industry on notice.

7.8ASIC is also responsible for general administration of the Insurance Contracts Act 1984. The Act confers broad powers on ASIC to perform this role, including ‘to do all things that are necessary or convenient to be done in connection with the administration of the relevant legislation’ (Part IA, section 11B) and to pursue civil and criminal proceedings against insurers and issue infringement notices (Part IXA). ASIC also has step-in powers under other legislation, including the Corporations Act 2001 and the Australian Securities and Investments Commission Act 2001. These include the ability to pursue civil or criminal proceedings in the courts for serious matters, as well as administrative and other enforcement action, including:

• restrictions on licensed activity
• director disqualification
• disciplinary action
• product intervention orders
• stop orders
• public warning notices
• infringement notices
• court enforceable undertakings.[6]
  9. The above powers are paired with a ‘Why not litigate?’ principle, adopted by ASIC in October 2018. As explained by the former ASIC Commissioner Sean Hughes:

Why Not Litigate? means that once:

• ASIC is satisfied breaches of the law are more likelyto have occurred than not and
• the facts of the case show pursuing the matter would be in the public interest,
• then we will actively ask ourselves: why not litigate this matter?[7]
  10. Following the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (the Hayne Royal Commission), many ASIC powers that can apply to regulation and enforcement regarding insurers were either introduced or strengthened.
  11. The Hayne Royal Commission made 76 recommendations in its final report across seven broad themes. However, potentially the most important recommendation in relation to ASIC’s ability to regulate the insurance industry is recommendation 1.15:

Recommendation 1.15 – Enforceable code provisions

The law should be amended to provide:

• that ASIC’s power to approve codes of conduct extends to codes relating to all APRA-regulated institutions and ACL [Australian credit licence] holders;
• that industry codes of conduct approved by ASIC may include ‘enforceable code provisions’, which are provisions in respect of which a contravention will constitute a breach of the law;
• that ASIC may take into consideration whether particular provisions of an industry code of conduct have been designated as ‘enforceable code provisions’ in determining whether to approve a code;
• for remedies, modelled on those now set out in Part VI of the Competition and Consumer Act, for breach of an ‘enforceable code provision’; and
• for the establishment and imposition of mandatory financial services industry codes.[8]
  12. Recommendation 1.16 also has potential implications for insurance, although it referred to the banking code of conduct developed by the Australian Banking Association (ABA) and registered with ASIC:

Recommendation 1.16 – 2019 Banking Code

In respect of the Banking Code that ASIC approved in 2018, the ABA and ASIC should take all necessary steps to have the provisions that govern the terms of the contract made or to be made between the bank and the customer or guarantor designated as ‘enforceable code provisions’.[9]

7.13As discussed later in this chapter, legislative reforms have since implemented recommendation 1.15, giving ASIC powers to enforce provisions of industry codes of conduct under certain circumstances.

7.14As noted, ASIC has powers to regulate insurers under the granting of AFS licences. This requires that insurers provide their services ‘efficiently, honestly and fairly’.[10] At the time of the Hayne Royal Commission, the handling and settlement of insurance claims was exempted from this requirement. Recommendation 4.8 provided that this exemption be removed:

The handling and settlement of insurance claims, or potential insurance claims, should no longer be excluded from the definition of ‘financial service’.[11]

7.15In its final report, the Hayne Royal Commission referred to a number of case studies which called into question the exemption. It concluded that:

There can be no basis in principle or in practice to say that obliging an insurer to handle claims efficiently, honestly and fairly is to impose on the individual insurer, or the industry more generally, a burden it should not bear.[12]

7.16This recommendation was reflected in changes to the Corporations Act 2001 legislated through the Financial Sector Reform (Hayne Royal Commission Response – Protecting Consumers (2020 Measures) Act 2020. The Explanatory Memorandum for the Bill clarified that the application of the licence conditions would capture ‘a broad range of activities, from an initial inquiry before an insurance claim is lodged to the formal lodgement, assessment and settlement of an insurance claim’.[13] The Financial Sector Reform Act amended the Corporations Act 2001 by adding section 761A, which gives ASIC considerable powers to regulate the provisions of claims handling, broadly defined.

7.17ASIC’s regulatory powers over insurers have expanded considerably since the Hayne Royal Commission. However, some have argued there hasn’t been sufficient time to judge the efficacy of the Hayne reforms. For example, ASIC has not yet had opportunity to exercise the new power to enforce provisions of industry-developed codes of conduct. The inquiry heard that this power is constrained by the need for industry agreement to any enforceable provisions, also heard that there are risks of unintended consequences. These issues are discussed below under ‘Improving enforcement’. In addition, ASIC has not yet tested its new powers to regulate claims handling.

7.18The Committee also heard arguments that ASIC’s oversight powers could be strengthened, especially in relation to its ability to gather relevant industry data to better identify breaches or areas for investigation.

7.19ASIC’s statutory information-gathering powers derived through the Insurance Contracts Act 1984 include the ability to require insurers to provide data and other documentation by giving notice in writing, including:

(a) written particulars of the organisational structure and administrative arrangements of the insurer…

(b) statistics relating to the nature and volume of the insurance business of the insurer…;

(c) copies of any training guides, work manuals or other materials of a similar nature used by an insurer in instructing its employees or any insurance intermediaries...[14]

7.20ASIC derives similar information-gathering powers from other sources of law, including the Corporations Act 2001.[15] Section 912C provides ASIC with the power to give written notices to financial services licensees to give to ASIC ‘specified information’[16] about the financial services provided by the licensee or its representatives[17] or the financial services business carried on by the licensee.[18] This power has been used to some effect. For example, it was used to obtain the data that underpinned ASIC’s August 2023 natural disaster claims handling review.[19] However, section 912C has a number of limitations, including:

• It does not provide for regular data provision. Most must be undertaken on an ad hoc basis.
• While the licensee must comply, it is not on a regular basis, but rather at the time specified ‘if that is a reasonable time’.[20] This adds a degree of uncertainty around when ASIC will be provided each batch of data, as ASIC may have to engage in negotiations over timing with each licensee. Any such clause raises the possibility that data provision will be delayed based on each organisation’s capacity to extract and analyse each data request, based on its own system design and staffing capacity.
  21. ASIC Commissioner Alan Kirkland explained to the Committee:

…we don't have, at ASIC, a standing power to require provision of data. We can issue individual notices, insurer by insurer. That is a more cumbersome process.’ … Other comparable regulators in other jurisdictions tend to have those powers, and it would certainly be of great assistance to us. But, in the immediateterm, where possible, we work with APRA to gather that data.[21]

Australian Prudential Regulation Authority

7.22As Australia’s prudential regulator, APRA’s primary remit is to manage risk in the financial system to ensure its overall stability and resilience. Its oversight of the general insurance industry therefore focuses on capital, governance and risk management. APRA oversight is also intended to protect the interests of insurance policyholders,[22] and in performing its role, APRA is required ‘to balance the objectives of financial safety and efficiency, competition, contestability and competitive neutrality’.[23]

7.23General insurers are required to provide data to APRA under the Financial Sector (Collection of Data) Act 2001 and the related reporting standard.[24] APRA thereby has considerable power to obtain financial and macroprudential data for insurance businesses in areas such as financial performance, investments, claims, solvency and capital adequacy, as well as key commercial performance metrics such as expense ratios to give visibility into industry trends.[25]

7.24APRA is empowered to use the data it collects to ‘assist other financial sector agencies, such as ASIC, to perform their functions or exercise their powers’, and it has formal data-sharing arrangements with ASIC.[26]

7.25APRA also publishes much of the data it collects. For example, it publishes quarterly general insurance performance statistics containing aggregate summaries of financial performance, investments and capital adequacy.

7.26Although ASIC relies on APRA for industry-level data on insurers, APRA’s data collection and reporting regime has limitations. For example, when asked if APRA collects data on the consumer experience, such as insurers’ comparative claims handling performance, APRA Executive Board Member Suzanne Smith told the Committee its data is not granular enough to provide transparency on this:

We don't currently collect at that granular level. We're collecting more at the aggregate level…about our ability to look at performance and profitability of different lines of business.[27]

7.27The FSCODA arrangements have a number of limitations. One is that certain information can only be publicly released with the explicit consent of the insurers. One consequence for this inquiry is that it was not possibly to obtain home and contents market share data by insurer for publication due to the timelines involved in obtaining consent. This type of information is routinely published for other parts of the financial services sector (for example, banks and superannuation funds). It is an important element of understanding market structure, such as competitive dynamics, market power and firm entry/exit. Current arrangements are highly restrictive.

7.28Possible improvements to data-gathering and reporting powers for both ASIC and APRA are discussed in this chapter under ‘Enhancing data collection and oversight’.

Australian Competition and Consumer Commission

7.29The ACCC plays a ‘limited direct role’ in general insurance regulation, but has general competition law oversight across the economy. The ACCC has the power to run investigations of many types, but inquiries must generally be instigated by the Government.

7.30Under the Competition and Consumer Act 2010, the ACCC’s standing compulsory information-gathering powers are constrained by PartXII section155 to investigations of suspected contraventions of the law. More proactive inquiries and information gathering require authorisation by the Government, usually through a formal direction from the Treasurer to the ACCC under PartVIIA ‘Prices surveillance’ to undertake a specific inquiry or to monitor prices, costs and profits across an industry.[28]

7.31The ACCC has conducted inquiries into insurance issues on direction from the Australian Government.[29] For example, the ACCC was tasked to inquire into insurance affordability and availability in northern Australia (reporting in 2020) and has since been directed to monitor the impacts of the Government’s cyclone reinsurance pool on premiums and insurance availability.[30] However, it does not monitor or regulate insurance prices generally.[31]

Non-government entities with oversight roles

7.32The most important non-government entities with roles in insurance industry oversight are the Australian Financial Complaints Authority (AFCA) and General Insurance Code Governance Committee.

Australian Financial Complaints Authority

7.33As discussed in Chapter 6, AFCA is the main external dispute resolution avenue for serious customer complaints against insurers. AFCA is a ‘not-for-profit, non-government, industry-funded ombudsman service.’[32] However, ASIC has oversight over AFCA[33], and AFCA is required to notify ASIC and other regulators of serious contraventions of the law, and to identify, resolve and report on ‘systemic issues’.[34] Further detail is covered in Chapter 6.

General Insurance Code Governance Committee and Code reviews

7.34The General Insurance Code Governance Committee (CGC) is an arms-length, independent body created by the Insurance Council of Australia (ICA) to monitor and enforce insurers’ compliance with the Code. The Code is a self-regulatory mechanism created and administered by the ICA, but with oversight by the independent CGC. The CGC is currently chaired by Veronique Ingram, PSM, former Chief Executive and Inspector-General in Bankruptcy at the Australian Financial Security Authority.[35]

7.35In evidence to the inquiry, Treasury discussed the role of industry codes and in particular their interaction with legislation and other enforceable regulatory mechanisms. Industry codes provide:

…an opportunity for the industry to decide that collectively they're going to go above and beyond the law. The law sets the standard that they all have to meet, and then they can create a code that enables them to say, 'Okay, we're going to go further or beyond that'. It also enables an industry to set service standards or other types of standards that might not necessarily lend themselves to legislation but are nonetheless important to the way that insurers engage with customers or any financial services firm engages with their customers.[36]

7.36One of the tensions is the level of detail that is appropriate for legislation. At present, numerous specific timelines for claims handling are contained in the Code.[37] Treasury indicated that including some or all of these in a strictly enforceable manner in legislation could be complicated, ‘because then you’d need a whole series of carve-outs as to when it’s not appropriate’.[38] As noted above, another way in which claims handling provisions of the Code could be supplemented with more enforceable regulatory intervention would be via ASIC using its greater step-in rights since the removal of the exemption of claims handing under the Corporations Act 2001.

7.37The ICA introduced the Code in 1994 as a voluntary code setting out ‘the minimum standards of service and conduct that general insurers must meet in their dealings with customers’,[39] such as being open, fair and honest. The Code applies to all insurers who have adopted it (termed ‘subscribers’). An organisation may adopt the Code if they are a member of the ICA, a ‘general insurer’[40] or approved by the ICA.[41]

7.38The ICA says the Code is intended to be a positive influence across all aspects of the general insurance industry, encouraging higher standards for product disclosure, claims handling and investigations, relationships with people experiencing vulnerability, and meeting reporting obligations to the CGC and regulators. It also sets out the timeframes within which insurers should respond to claims, complaints and requests for information from policyholders.[42]

7.39The CGC’s responsibilities in relation to Code enforcement, sanctions and compliance are set out in Part 13 of the Code.[43] The CGC’s work involves:

• examining insurers’ practices;
• identifying current and emerging industry-wide problems;
• monitoring the effectiveness of customer remediation;
• recommending improvements to practices;
• applying sanctions to insurers when necessary; and
• consulting with stakeholders and the public on issues and keeping them informed.[44]
  40. The Code is subject to a regular three-year review cycle, with reviews to be conducted by an independent panel outside and independent of the ICA and CGC. In November 2023, the ICA announced that the 2020 version of the Code would be reviewed by ‘an eminent three-person panel with backgrounds in consumer advocacy, financial regulation and the insurance industry’, chaired by former APRA Deputy Chair Helen Rowell.[45]
  41. The review’s overarching principles were to: maintain and enhance consumer protections; modernise the Code; enhance customer experience, accessibility, effectiveness and efficiency; and provide customer value. The review panel consulted key stakeholders including the general insurance industry, ASIC, APRA, the CGC, AFCA and consumer representatives.[46]
  42. The review’s initial report was published in September 2024.[47] Its recommendations for strengthening the Code are noted in the context of evidence presented to this inquiry, discussed below.

Improving enforcement

Stakeholder concerns

7.43The Committee heard criticism that ASIC or AFCA enforcement actions under existing powers are far too weak.[48] Overwhelmingly, community members and consumer advocates who gave evidence wished to see stronger enforcement action against insurers. In the words of two frustrated consumers:

Insurance companies are not going to choose community-minded actions over profit-making actions. They are a business. The only way any change is going to be able to protect consumers is for the government to enforce that change. Otherwise, consumers will continue to have their lives destroyed.[49]

Enforcement of the General Insurance Code of Practice

Existing enforcement channels

7.44A common theme in evidence was limits to the enforceability of the Code. ASIC does not have a role enforcing or monitoring Code compliance, though AFCA considers the Code as part of its decision-making during external dispute resolution processes, as discussed in Chapter 6.

7.45AFCA told the Committee that ‘It is hard wired into our decision-making rules that in complaints we must have regard to industry codes’.[50] However, AFCA’s remit is limited to resolving individual customer complaints (for example through compensation), not regulatory enforcement. AFCA Chief Executive Officer Justin Untersteiner explained the distinction:

If an insurer, for instance, is a signatory to the general insurance code, we can hold them to account in our complaints [decisions] for that code. … What it's not is a regulatory action, remembering that the role we play is very much about a one-to-one…complaint with the consumer. The role ASIC is playing is about enforcement. So they're two very different roles… Where you've got enforceability of a code provision that sits within the code so ASIC can manage it, that's a different consequence to the enforceability that AFCA has, which is about compensation.[51]

7.46The issue of ASIC-enforceable code provisions is discussed further below.

7.47The Code also has some level of enforceability through the CGC. If a Code subscriber identifies a significant breach of the Code, it must report the breach to the CGC within 10business days. The CGC can require insurers to take corrective action related to breaches, but can also impose sanctions for ‘significant’ breaches, defined by reference to ‘the number and frequency of similar previous breaches’, the breach’s actual or potential financial impact on customers, and other matters.[52] Under Clause 174 of the Code, subscribers agree that:

The Code Governance Committee may impose additional sanctions for Significant Breaches of the Code, including requiring us to do any one or more of the following:

a. compensate an individual for any direct financial loss, or damage, we caused them arising from a Significant Breach;

b. publish the fact that we have committed a Significant Breach of the Code;

c. pay a community benefit payment for a Significant Breach up to a maximum of $100,000. The size of the community benefit payment must be in proportion to our gross written premium and number of customers.[53]

7.48For example, in June 2024 the CGC announced it had issued sanctions against Allianz following an investigation into claims related to the February 2022 NSW and southeast Queensland floods. The CGC found Allianz’s decisions to deny five claims were undermined by inconsistencies in the decision-making processes—specifically, failure to identify serious inconsistencies in hydrology reports, with adjacent properties insured under the same policy receiving opposite flood versus stormwater causation determinations. While the claims were eventually accepted, the CGC required Allianz to pay a $50,000 donation to a registered charity and publish details of the breach online.[54]

Current limitations to compliance and enforcement

7.49Throughout the inquiry, stakeholders raised concerns regarding Code clauses and the way insurers are approaching compliance (see Chapters 4 and 5). The Financial Rights Legal Centre said the general insurance sector is ‘falling short of community expectations and failing insurance customers’, particularly those experiencing vulnerability, and that the Code should be made more prescriptive.[55] It also called for ASIC to play a significant role driving improved practices, including Code compliance.[56] The Australian Consumers Insurance Lobby suggested insurers’ compliance or noncompliance with the Code depended on the culture of the organisation, and that ‘there is a need for insurers to do better’.[57]

7.50Many inquiry participants criticised the adequacy of existing enforcement channels. The Financial Rights Legal Centre reflected views heard from many other stakeholders in commenting that:

…breaches of the code go relatively unenforced. … I think codes are a valuable tool because AFCA can enforce them as good industry practice, which makes them very powerful, and they do set standards for the whole industry. But…codes have a chronic problem across financial services, where they are not very well followed and rarely result in consequences, and that is a reality of codes. The breaches are great, and the enforcement is minimal.[58]

7.51The Committee makes several recommendations elsewhere in this report to strengthen the Code, including:

• that the Code allow policyholders to request reviews of cash settlement amounts within 12 months where there is a change in the facts upon which the original determination was made (Chapter 4)
• that the Code increase regulatory oversight of scopes of work, as well as requiring insurers to provide hydrology and expert reports to policyholders where insurers have relied upon them to deny a claim (Chapter 4)
• that the Code require insurers to contact customers within 10 business days of the insurer becoming aware of a material change in the expected timeline of the claims process (Chapter 5)
• that the Code’s clauses on the appointment of experts be strengthened to reduce issues with poor-quality expert reports (Chapter 4)
• that the Code require insurers to provide temporary accommodation until a claim is closed (Chapter 4)
• that the Code require insurers use a ‘single point of contact’ claims management approach to the extent possible when responding to flood major events (Chapter5)
• that the Code require insurers to ensure that sum insured calculators are up to date (Chapter 5).
  52. The Committee has also made recommendations focused on improving the claims and dispute resolution experience, including through AFCA, as well as government funding arrangements (see Chapters 6 and 8).
  53. One pathway to improve the Code’s enforceability is for the ICA to register the Code with ASIC, as discussed below.

Registering the Code with ASIC

7.54The ICA has signalled that after completing the independent Code Review process and subsequent reforms, including considering the recommendations of this inquiry, it intends to seek to register the Code with ASIC.

7.55ASIC has powers under section 1101A of the Corporations Act 2001—and detailed in ASIC’s Regulatory Guide 183 Approval of financial services sector codes of conduct (RG 183)—to ‘approve’ voluntary industry codes in the financial services sector, on application by the code’s owner.[59]The approval of codes is optional, and historically has rarely been sought and granted.[60] However, where approval is sought and obtained, ASIC considers this ‘a signal to consumers that this is a code they can have confidence in’.[61]

7.56ASIC explained to the Committee that for a code to be approved, it must ‘do a lot more than simply restate the law’.[62] RG 183says registered codes must provide an enhanced level of consumer protection above and beyond legislation by meeting at least one of the following criteria:

(a) address specific industry issues and consumer problems not covered by legislation;

(b) elaborate on legislation to deliver additional benefits to consumers;

(c) and/or clarify what needs to be done from the perspective of a particular industry, practice or product to comply with legislation.[63]

7.57The first broad-based industry code to be approved by ASIC was the Australian Banking Association’s (ABA’s) Banking Code of Practice (the ‘Banking Code’), approved in 2018.[64] The ABA made significant changes to the Banking Code to meet ASIC’s approval criteria, and has continued to update it to address critical gaps flagged by stakeholders.

7.58In the case of the general insurance industry, the decision to seek ASIC approval for the Code sits with the ICA. ASIC cannot compel registration of a code.

7.59ASIC’s approval of the revised Code is not guaranteed. It will be up to the ICA to demonstrate that the Code meets the criteria of RG 183, including the following:

• ‘Effective and independent code administration’
• ‘Enforceable against subscribers’
• ‘Compliance that is monitored and enforced’
• ‘Appropriate remedies and sanctions’[65]
  60. The ICA’s submission to the Code Review Panel said the process of reforming the Code to secure ASIC approval would uplift the Code’s enforceability, because ASIC would have to be satisfied by both the Code’s contents and the CGC’s role as the independent compliance and enforcement body.[66]
  61. Enforceability of a code is one of the threshold criteria for ASIC approval. ASIC must be satisfied code breaches can be dealt with in an effective and independent manner, and this evaluation must consider (among other things):
• whether the obligations of subscribers to the code are capable of being enforced;
• whether the applicant has effective administration systems for monitoring compliance with the code and making information obtained as a result of monitoring publicly available[67]
  62. As set out in RG 183, ASIC defines enforceability as follows:

• subscribers of the code must agree to be contractually bound by it, including any amendments made over time;
• there is an independent body or person that is responsible for administering and enforcing the code, including appropriate sanctions;
• the code provisions provide that consumers have access to appropriate internal and external dispute resolution schemes for code breaches resulting in direct financial loss; and
• there is a broad standing to complain about any other code breach to the independent body.[68]
  63. There is wide stakeholder support for the ICA’s proposal to register the Code with ASIC. The CGC told the Committee this process was ‘vital’ to ‘bolster confidence’ in both the Code and in the CGC’s independent oversight arrangements, and to enhance consumer protections and industry accountability.[69] The ACCC’s final report for the Northern Australia insurance inquiry in 2020 had previously recommended that the ICA seek approval for the Code.[70] This was also one of the recommendations of the Code Review Panel in its September 2024 initial report (though the panel recommended the ICA not seek designation of ASIC-enforceable code provisions, as discussed below).[71] AFCA said Code approval ‘gives a real signal’ that the industry is ‘standing behind and committing to’ that code.[72] Its submission to the Code Review Panel also said ASIC approval would show consumers the Code could be trusted.[73]
  64. The process of gaining ASIC approval for a code is demanding, and involves extensive consultation. Seeking approval is thus broadly considered evidence of an industry’s commitment to strengthening their code, and ASIC reflected that granting approval ‘gives a greater gravitas to the code itself’.[74] The CGC told the Committee having the Code approved would give an ‘added layer of rigour and confidence’ due to the stringent approval process:

ASIC will look at the stakeholder consultation process that informed the obligations within the code, how the ICA considered that stakeholder feedback and how it has been incorporated into the promise within the code. But ASIC's approval does not just look at the code itself; ASIC's approval will also consider the enforceability of the code, so the powers which the code governance committee has, and the independence of the monitoring and oversight. That gives greater clarity and confidence to the broader community that we have an effective code and an effective compliance monitor operating at arm's length from industry.[75]

7.65An additional advantage of registering a code with ASIC is that future amendments must also obtain ASIC approval, unless they are minor and purely technical.[76] Registering the Code with ASIC would thus help ensure any future changes strengthen consumer protections rather than watering them down.

7.66ASIC’s regulatory guidance also states that it monitors approved codes from ‘time to time’, including by reviewing:

• periodic reporting to ASIC by the compliance committee;
• information from consumer liaison work, consumer bodies and industry consultation;
• external dispute resolution schemes;
• compliance monitoring, surveillance work and other intelligence sources;
• evidence on the results of the required regular independent code reviews.[77]
  67. Additionally, an approved code can also be revoked if ASIC believes it no longer meets the criteria in RG 183.[78]
  68. The Committee acknowledges the recommendation of the Independent Review of the 2020 General Insurance Code of Practice (the Code Review) toreform the Code and register it with ASIC, and that the ICA intends to pursue this process. ASIC also told the inquiry that it expects to engage closely with the Code Review Panel if the ICA follows through on its intention to apply for Code approval.[79]
  69. The Code will need to be strengthened to meet ASIC’s thresholds. The CGC shared its views on some of the important elements of a strengthened code, for example:

The code must uphold the obligations for timeliness and communication; insurers must be able to meet these obligations to handle claims and provide communications to customers within time frames, especially during periods of heightened need and vulnerability for customers; and the code should remove the broad discretion for insurers to not report breaches of claims handling time frames in certain circumstances. Currently, an insurer does not have to report a breach if the insurer determines that its conduct and timeliness were reasonable in the circumstances, or an expert's report is delayed and the insurer determines that it did all that it could to obtain the report in time.[80]

7.70The initial report of the Code Review in September 2024 makes 101 recommendations to improve the Code across key areas such as financial hardship, customer vulnerability, temporary accommodation, claims handling, cash settlements, governance and compliance, as well as enforceability.[81] The panel’s recommendations include:

• defining financial hardship and vulnerability more broadly;
• requiring insurers to respect consumer communication preferences and adopt trauma-informed policies and training;
• improving consumer accessibility and understanding of expert reports; and
• making insurers commit to providing a single contact point.[82]
  71. The panel also recommended that insurers report to the CGC the number of claims that take longer than 12 months to resolve, and that the CGC should publish these numbers transparently by individual insurer.[83] The panel further recommended that the CGC publish insurer names in regular compliance and data reports.[84]
  72. Where an insurer has not made a decision on a claim within 12 months, the panel recommends that the Code require insurers to accept the claim—provided the delay is not due to the consumer, or other reasons beyond the insurer’s control.[85]
  73. At the time of writing, the ICA was yet to respond to these recommendations.

ASIC enforcement pathways

7.74As noted above, since the passage of the Financial Sector Reform (Hayne Royal Commission Response) Act 2020, ASIC has considerably expanded powers under the Corporations Act 2001 in relation to regulating claims handling by insurers. These powers could potentially be used in relation to matters where compliance with the Code is seen as problematic, such as failure to deal with claims in a ‘timely’ way as outlined in the Code.[86] Given that legislative implementation of these expanded powers was relatively recent, these powers have not yet been tested.

7.75Additional enforcement pathways include the designation of specific provisions of the Code as enforceable by ASIC, or including the Code in insurers’ contracts with policyholders.

Code registration and enforceability

7.76Code registration with ASIC opens additional enforcement pathways, as discussed in depth in the Code Review’s initial report.

7.77The Corporations Act 2001 and National Consumer Credit Protection Act 2009 were amended in 2020 in response to the Hayne Royal Commission to give ASIC power to designate ASIC-enforceable code provisions in approved codes of conduct, and to impose civil penalties.[87] As mentioned earlier in the chapter, under section 1101A of the Corporations Act 2001, ASIC can now designate enforceable provisions as part of the code approval process if ASIC considers that:

(a) the provision represents a commitment to a person by a subscriber to the code relating to transactions or dealings performed for, on behalf of or in relation to the person; and

(b) a breach of the provision is likely to result in significant and direct detriment to the person; and

(c) additional criteria prescribed by the regulations for the purposes of this paragraph (if any) are satisfied; and

(d) it is appropriate to identify the provision of the code as an enforceable code provision, having regard to the matters prescribed by the regulations for the purposes of this paragraph (if any).

7.78Pursuant to the legislation, a code provision can be identified as enforceable if:

• it represents a direct and specific commitment to customers (not a broad aspirational commitment to the public at large); and
• where breached, it causes significant and direct detriment to consumers—more than an inconvenience—and could include economic and non-economic loss that is direct and substantial.[88]
  79. Enforceable provisions should therefore generally be key provisions governing the terms of a contract between the entity and the consumer, such as cooling-off periods, information provision commitments, and fees and charges.[89]
  80. ASIC said that designating Code provisions as enforceable would expand enforcement options beyond those currently available:

Not only does that allow AFCA to make a determination in relation to that particular provision but also ASIC could take a case in relation to that provision. ASIC could do so anyway if it's deemed to be a breach of the current law. But enforceable code provisions provide us with a greater set of tools to hold insurers accountable.[90]

7.81ASIC explained that breaches of designated enforceable provisions could attract civil penalties or other administrative enforcement actions from ASIC, such as infringement notices. The maximum available civil penalty is 300 penalty units under the Hayne Royal Commission reforms.[91]

7.82Section 1101AD of the Corporations Act 2001 says ASIC may issue regulations to prescribe the criteria for designating a code provision as enforceable. However, ASIC’s RG 183 ‘Approval of financial services sector codes of conduct’ has not been updated since it was issued in 2013 (well before the Hayne Royal Commission), nor has a new guide been issued outlining ASIC’s approach to its new enforceable code provisions powers.

7.83The Hayne Royal Commission recommended that enforceable provisions be identified by industry code owners, as explained in a 2019 Treasury consultation paper; however, once approved by ASIC, designated provisions would become enforceable by statute.[92] The legislation requires that each enforceable code provision be agreed with the applicant.[93] As ASIC explained:

…we have to receive an application for code approval, and it's also up to the code owner to indicate to ASIC what provisions would be useful as enforceable code provisions.[94]

7.84A senior Treasury official elaborated:

It's with the consent of the code owner to put forward provisions that can be enforced by ASIC. The legislation did not say that it was the role of government or a regulator to identify or to initiate which of those provisions were enforceable.[95]

7.85Both the CGC and AFCA urged caution with respect to any enforceable provisions regime. The CGC told the Committee:

We need to proceed with caution… With increased enforceability from ASIC, we don't want to see a further pull-back from industry on its code commitments, pulling promises back to the base level required by law. That is the risk of the unintended consequence.[96]

7.86AFCA similarly warned:

…one of the risks that we've observed is where you have an enforceable code provision it can create a reluctance from the industry to want to include protections within the code that become enforceable… [that is,] that industry makes a deliberate decision…to reduce the standard within the code, because they are concerned about the enforceability of that.[97]

7.87The Financial Rights Legal Centre expressed similar concerns that codes of conduct developed by industry, but enforceable by external regulators, have ‘in-built incentives’ for industry to be cautious about which provisions they are willing to have designated as enforceable.[98]

7.88The Code Review also found that industry participants may be ‘discouraged from adopting robust consumer protections’ in the Code if provisions are enforced. It also noted that ASIC’s maximum civil penalty fine for enforceable code provision breaches would be $93,000—less than the current $100,000 the CGC can impose as a sanction.[99]

7.89The ICA’s submission to the Code Review also warned that enforceable provisions could contribute to confusion by creating a ‘two-tiered’ Code, which would potentially be more challenging for consumers to read and understand.[100]

7.90The Financial Rights Legal Centre acknowledged the ICA’s concerns—but said the consumer preference would be to enforce as much of the Code as possible:

The consumer position…has consistently been that as much of any code of practice that can be made enforceable, should be made enforceable. We understand that this may not be the position of the ICA, but picking and choosing a subset of provisions from those that are able to be made enforceable is difficult if not impossible or even appropriate for consumer representatives to do. The enforceable code regime should not require us to pick winners and losers.[101]

7.91The ICA also expressed concerns that post-Hayne regulatory arrangements for the enforcement of industry codes are still insufficiently developed. It noted that ASIC’s RG 183 (issued in 2013) has not been updated since the Hayne Royal Commission to set out in detail how ASIC will give effect to its new powers, and that it is unclear how ASIC enforcement would interact with the role and responsibilities of the CGC.[102]

7.92The Code Review did not recommend designating any Code provisions as enforceable. In its reasoning, the panel highlighted that enforceable provisions must be agreed by the applicant, and that no other industry code—including the Banking Code registered with ASIC in 2018—as yet includes enforceable provisions.[103]

7.93The Committee notes that recommendations by the 2021 independent review of the Banking Code to designate certain provisions as enforceable were rejected by the ABA at the time in favour of an undertaking to ‘work with ASIC to agree the best approach for identifying any enforceable Code provisions moving forward’.[104]

7.94Participants in this inquiry discussed alternative ASIC enforcement mechanisms. Some submitters said enforcement options available to ASIC under other legislative powers and its existing regulatory guides were insufficiently exercised, and suggested improvements to such mechanisms.[105] This is beyond the scope of this inquiry, but the issues have received detailed attention in the recent Senate inquiry into ASIC investigation and enforcement.[106] The Code Review also considered alternative pathways to enforcing the Code—particularly contractual mechanisms, which are discussed below.

Potential contractual enforceability

7.95An additional option to improve enforceability of the Code is for insurers to make their Code compliance obligations explicit in contracts with policyholders. This process is separate from a code being approved or enforced by ASIC.

7.96For example, banks who have signed up to the Banking Code are required to include a statement in their contracts affirming that the Banking Code applies. As contracts are legally enforceable documents, this exposes Banking Code provisions to legal enforcement under Australian contract law.[107] The Customer Owned Banking Association (COBA) also requires its code to be incorporated into members’ contracts.[108]

7.97AFCA observed that the General Insurance Code of Practice is not currently contractually enforceable by consumers against subscribing insurers in the same way as the Banking Code. AFCA told the inquiry that making a similar reform for general insurance would expand options for consumers to pursue legal remedies through the courts, not just external dispute resolution through AFCA.[109] The Code Review echoed these comments.[110]

7.98The Code Review also highlighted that including the Code in contracts would be an ‘effective method’ to persuade ASIC that Code obligations can be enforced. The Financial Rights Legal Centre also called for insurers to commit to making the Code a term of their contracts with consumers,[111] and said that if insurers decide against this, ASIC should not approve the Code.[112]

7.99Strengthening the data and depth of information reported to the CGC and regulators—and made available for public scrutiny—is another potentially powerful option to improve oversight of insurers’ conduct, as discussed below.

Enhancing data collection and oversight

Current data reporting and its limitations

7.100Current insurance oversight arrangements require extensive data to be collected, reported and published by different players. The arrangements are varied and complex. Insurers report different data to APRA, ASIC, AFCA, the CGC and the ICA under different arrangements. The ICA provides data to AFCA. APRA and AFCA share data with ASIC. ASIC shares data with the CGC, and vice versa. Data is also collected by the ACCC. Some of the available data is made public; much is not. The available data on the consumer experience—such as claims processing times and complaints—is particularly poor and inconsistent, and does not enable like-for-like performance comparisons between insurers.

7.101The ICA itself collects data from members about declared insurance events, and provides aggregate summaries of this data to members and other stakeholders. This data includes the number, value, locations and types of claims, and how long it takes insurers to close claims. Elements of this data are published online through the ICA’s Data Hub,[113] but only at the industry level and only for declared insurance events.[114]

7.102The Committee asked APRA whether it collects data on aspects of the consumer experience such as timeliness, complaints handling and dispute resolution. APRA advised it does not currently collect data ‘at that granular level’:

We currently source access to information like that through the ICA, who can give us some visibility, and through AFCA, who also are collecting information on claims and complaints... But at this point in time we don't collect it ourselves.[115]

7.103APRA noted, however, that it does have significant powers under legislation to collect additional data, and had plains for more granular data collection[116]—as discussed later in this chapter.

7.104ASIC has recently required insurers to report standardised internal dispute resolution data. ASIC informed the inquiry that data on the volume of complaints in internal dispute resolution and the escalation of complaints to AFCA was ‘currently unknown’ but would be available when ASIC publishes its first report.[117] Such data could provide insight into how insurers are recognising and dealing with complaints from policyholders, while data on the reasons for complaints could identify areas where insurers need to improve.

7.105In accordance with ASIC’s Regulatory Guide 267, AFCA must publicly report information about complaints it receives and closes against each participating insurer, including comparative complaints data. AFCA publishes the data it collects through its online ‘Datacube’ portal, which is updated every six months.[118] The Datacube allows consumers and other stakeholders to see the number of complaints against specific insurers, the rates at which those complaints had to be escalated to AFCA case management, and how many were resolved by either the insurer or AFCA.[119] AFCA told the inquiry that while it was pleased with current usage of the Datacube by consumers, academics and media, usage levels were constrained by low brand awareness of AFCA:

…AFCA is still only five years old. We're still relatively young…compared to, say, the Tax Office or the ACCC. We do work on brand awareness. What we know is that, although that's increasing, it's still relatively low. I think only about 34 per cent of the community are aware of AFCA. … That started off at 20. … If you don't know who AFCA is, you're probably not going to be jumping on our website and looking at our AFCA Datacube. So, although we're pleased with the access that we have to the [D]atacube and the people who access it, it doesn't mean that it's necessarily widely understood that it exists.[120]

7.106Another significant limitation is that the data only gives visibility into complaints that reach external dispute resolution. As noted by AFCA’s Chief Operating Officer, ‘we only see the tip of the iceberg.’[121]

7.107AFCA’s complaints data has other limitations. For example, AFCA advised that staff categorise complaints into types based on the level of detail provided by consumers when they first register a complaint, which varies greatly. AFCA also advised that ‘We do not have full records of payment outcomes for all complaints that were received by AFCA’, and that ‘we do not routinely capture outcome amounts where a complaint closes at Registration.’[122] It also said that ‘When complaints are closed by informal means such as negotiation or conciliation, the quantum of the outcome is not always known.’[123]

7.108AFCA also said its ability to compare consumer experiences between regional and urban areas was compromised by ‘the likelihood that consumers were lodging complaints away from the insured property/location’.[124] AFCA also said there are discrepancies between its data and the complaints data held by individual insurers, which is ‘more timely and comprehensive’.[125]

7.109However, even with the utmost transparency by insurers, most of the available data would be affected by additional inconsistencies. Insurers can and do provide highly granular data to oversight bodies on request, but the inconsistency of data definitions and collection processes across the industry make this data unsuitable for industry-wide analysis of performance issues. This inconsistency was highlighted and commented on in Chapter 6, but is elaborated on further below.

7.110For example, as part of this inquiry, the Committee requested granular data from insurers on issues including claims handling, dispute resolution and consumer outcomes. Most of this data has been published as supplementary submissions. The data was appreciated, and enhanced the Committee’s understanding of areas of concern. However, it did not allow the Committee to compare insurer performance in any meaningful and systematic way due to the extreme inconsistency in how insurers define key measurables—for example, what is a ‘complaint’—as well as what data they collect and how they report it. Regulators, AFCA and the CGC face the same challenge in attempting to scrutinise conduct across the industry.

7.111Similarly, the Deloitte report regarding insurer performance after the catastrophic 2022 floods—The New Benchmark for Catastrophe Preparedness in Australia—noted that the data available from insurers was not sufficient for it to quantify the impacts of external factors (such as a large number of catastrophes in one year) versus issues with insurers’ internal processes and operations.[126] Deloitte recommended that insurers ‘improve their ability to capture and leverage data and insights to understand the impact of internal and external factors on performance during catastrophes.’[127]

7.112In addition, much of the available data is highly aggregated. For example, although APRA collects data on insurance renewals, it advised this is limited to ‘overall stats…at the highest level’ with insufficient granularity to see trends in flood cover.[128] In turn, most of APRA’s data is prudentially focused financial data unrelated to consumer experience issues, such as APRA’s aggregate data looking at the ‘performance and profitability of different lines of business’.[129]

7.113Data available to the CGC also suffers from limitations—and the CGC is moreover constrained in what it can publish by the terms of its charter, as discussed later.

7.114Under current data reporting arrangements, it is therefore not feasible for regulators, the CGC, the public or consumer advocates to easily and meaningfully compare insurer performance on Code compliance or other measures of ethical conduct and customer satisfaction, with the exception of AFCA complaints rates by insurer as published in AFCA’s Datacube. This constraint is a major source of frustration for consumers and their advocates. As ARC Justice told the Committee:

…there's no way for consumers to know who are the insurance companies that don't comply with the code. Quite often we get people saying to us, 'Can you tell me which are the good ones and the bad ones?'[130]

7.115The Committee sought insurers’ views on proposals for more consistent data collection and public reporting by regulators about the consumer experience. Royal Automobile Club of Queensland Limited (RACQ) was asked how it would feel about the public reporting of data showing how long each insurer takes to settle claims on average, and to resolve disputes. RACQ Chief Executive Officer David Carter replied:

I'd welcome it. We've started sharing information in our For the greater good report… In that we are transparent about the things we do well and we're transparent about the areas we don't. We're transparent about customer complaints, satisfaction and all of those things. I think it's really important that consumers generally are able to understand what the experiences are like. Transparency is good. It shines a light on things and encourages participants in the industry to set themselves to do well in the things that matter. … I think the other one that's important is…[the] percentage of claims accepted.[131]

7.116The Managing Director of Allianz Australia also said, ‘We would be supportive of any of those metrics or reporting that continue to lead to better customer outcomes.’[132]

7.117APRA agreed with the value of collecting and publishing more granular performance data, including on the consumer experience, telling the Committee that ‘What gets measured gets managed.’[133]

7.118The Committee therefore considers improved data gathering and publication a critical mechanism to shine light on the extent of the issues facing policyholders. This would in turn support regulators, AFCA and the CGC to do their jobs more effectively, as well as empowering customers to ‘vote with their feet’, by taking their business to insurers that demonstrate the best customer satisfaction, operational and ethical track records.

7.119Among other proposals, the Committee heard evidence on ways to strengthen ASIC’s data gathering and reporting powers to address such limitations, as discussed below.

Giving ASIC a standing power to collect insurer data

7.120ASIC told the inquiry that it finds data a ‘significant challenge’ in performing its oversight role.[134] ASIC can currently obtain data directly from insurers only by way of a written notice under section 912C of the Corporations Act 2001 or on a voluntary basis. It also obtains data from other regulators’ data streams, particularly APRA and AFCA.

7.121As noted earlier in this chapter, APRA and ASIC have formal data-sharing arrangements through which ASIC benefits from APRA’s broader information-gathering powers,[135] while AFCA is required to identify and report ‘systemic issues’. AFCA has made efforts to enhance its ability to perform this role well, implementing an internal improvements program focused on ‘proactive use of data-driven analytics to identify systemic issues, and the sharing of key insights with regulators and the financial services industry’.[136] However, AFCA’s data capabilities are still maturing.

7.122Meanwhile, the data ASIC periodically obtains from individual insurers on request is prone to the sorts of inconsistency issues outlined above. For example, ASIC told the inquiry that during its review into home insurance claims in 2023, although insurers voluntarily provided the data ASIC sought, different insurers had difficulty providing some data due to limitations of their systems or approaches to data collection.[137]

7.123ASIC advised that the power to gather consistent and clearly defined data from insurers on a recurring basis—rather than by request, and limited by whatever data insurers have on hand—would put it in a stronger position to report publicly on insurers’ performance and pursue enforcement.

7.124For example, consistent insurer data reported to ASIC quarterly, half-yearly or annually (as appropriate) could allow comparisons of how long it takes different insurers to resolve claims, and how they compare on rates of complaints and cash settlements. It would also help make transparent to ASIC which insurers or issue areas deserve closer investigation or consideration of enforcement actions. ASIC stated:

We would be in a much better position to detect what is happening, detect harm and be able to take swift enforcement action with our serious problems if we had the ability to require the provision of data and, indeed, to require that on an ongoing basis so we can monitor trends over time. Other comparable regulators in other jurisdictions tend to have those powers, and it would certainly be of great assistance to us.[138]

7.125For comparison, the United Kingdom’s Financial Conduct Authority (FCA) regularly collects and publishes data on insurance complaints and related measures. The FCA publishes complaints data every six months, also providing insurer-specific data that includes the total number of open, closed and upheld complaints. The FCA also publishes a general insurance value measures dataset, supported by the requirement for firms to report regularly to the FCA on acceptance rates, average payouts, and complaints as a percentage of claims.[139]

7.126Regular publication of similar data by ASIC at the insurer level would allow consumer groups and media organisations to conduct their own analysis, and potentially provide rankings or ratings of insurers.[140] APRA also discussed the potential of more granular and regular data to allow regulators to produce heat maps of insurer performance across a range of criteria, as APRA has done for superannuation providers’ investment returns and sustainability factors.[141] Such data would also enable all stakeholders, including regulators, to better observe industry trends over time, including changes in performance in the aftermath of catastrophes.

7.127The Committee’s view is that it would be particularly valuable for ASIC to have visibility into the number of insurance claims unresolved beyond 12 months. As discussed elsewhere in the report, such long delays have been immensely disruptive and are highly distressing to policyholders, and the Committee is concerned by the prevalence of such experiences in the aftermath of the 2022 floods.

7.128Recommendations elsewhere underline the Committee’s—and the broader community’s—expectation that insurers offering cover for natural peril should be able to deal with surges in cases after a disaster with both efficiency and fairness. This standard has not been met, but the paucity of industry-wide data on the problem has hampered regulators’ ability to hold insurers to account. It is imperative that ASIC be given access to the data it needs to identify insurers with a high rate of unacceptably long delays, and that insurers be required to satisfy ASIC they have credible strategies for resolving any significant backlog of unresolved claims.

7.129If insurers accept the Code Review’s recommendation that they be required to report similar data to the CGC (noted previously), harmonised reporting or data-sharing arrangements should be established between ASIC and the CGC to ensure both bodies have visibility and to avoid duplication. ASIC visibility into this data will be particularly important if insurers do not accept the Code Review’s related recommendation that they be required to accept in full any claims that remain unresolved after 12 months due to factors within their control (also noted previously).[142]

7.130However, this inquiry also heard that additional data requests from regulators could add to the administrative burden on the industry, and that any new data reporting requirements must be efficient. The Committee is aware of concerns about inefficiency and multiple reporting lines under existing arrangements, which could be compounded by new demands if implemented poorly. For example, the ICA has noted that its members are currently responding to many similar data requests from different agencies at the same time.[143] The ICA has also complained about ‘double handling’ in insurers’ obligations to report Code breaches to the CGC and ASIC.[144]

7.131To the extent that this report recommends that additional data be provided to ASIC, the Committee has focused on measures that, where possible, are already being collected by insurers and that meaningfully reflect consumer experiences and outcomes. This should materially improve transparency and the effectiveness of regulatory oversight with little if any additional red tape.

7.132In relation to more general data gathering approaches, ASIC said that where possible, it would seek to pursue additional data requests through APRA, consistent with the data-sharing arrangements described earlier in this chapter:

We always think about, if we need data, how do we do it in a way that gives us the best insights but also balances that with the impact on industry. That's why, if there is a way for us to do that jointly with APRA, for example, then we will do that to minimise the effort that's required by industry.[145]

Standardising data definitions

7.133The development of standard terms that insurers must use to capture key data and report it to regulators would enable more precise comparisons to be made. It would also help ensure insurers are capturing key data with comparable accuracy and to the same extent.

7.134The Deloitte report recommended that the ICA develop a ‘data dictionary’ to enhance industry-wide reporting, and that it investigate the feasibility of extending data capture to claim outcome measures such as closure rates and complaints.[146]

7.135ASIC told the Committee the lack of standard data definitions was a ‘key gap in the system’.[147] ASIC said that if given a standing power to require recurring data reporting by insurers, it would use this to drive more consistent data collection across the industry, including by developing standard definitions for all data to be reported to ASIC. ASIC outlined the potential benefits:

That would mean we'd be able to produce reports that would track trends over time and allow us to compare the performance of different insurers. It would also mean that, when there's a process like this, a committee such as this would be able to request data and get answers to the level, hopefully, that you're requiring in a consistent manner.[148]

7.136Standardisation would also enable insurer performance to be compared via the existing MoneySmart website or a similar platform. MoneySmart is an Australian Government website that provides consumer-focused financial tools, tips and guidance. It is administered by ASIC.[149] MoneySmart’s life insurance claims comparison tool enables consumers to compare life insurers based on metrics drawn from APRA data, including claim acceptance rates, average claim times, disputes per 100,000 lives insured, and the policy cancellation rate.[150] The Financial Rights Legal Centre, CHOICE, Consumer Action Law Centre and Westjustice called for this to be replicated for the home and contents insurance market, and suggested that ASIC and APRA be resourced to collect and publish data on claims timeframes, outcomes and disputes.[151]

7.137The Committee notes that ASIC and APRA are already taking steps to enhance insurance data collection as part of the Insurance Data Transformation (IDT) project. In October 2023, ASIC and APRA released two joint discussion papers on proposals to enhance data collection for the life and general insurance industries, to enable regulators, policymakers and insurers to better assess industry-wide risks.[152] APRA and ASIC highlighted that this project was in response to the fact that both agencies ‘regularly experience’ insight gaps where the data is either ‘inflexible or insufficient’ to identify key issues and risks.[153]

7.138Home insurance will be one of the first products in scope for more in-depth data collection under the IDT project. It was selected as a priority in order to support ASIC and APRA’s regulatory focus on insurance availability and affordability, claims issues, and the impact of catastrophes on consumers (among other objectives).[154]

7.139APRA and ASIC have released a draft data dictionary for consultation, and say they are working closely with industry to ensure the proposed data collection is practical and fit for purpose.[155] The dictionary includes draft definitions of terms such as claim status (including internal and external dispute resolution identifiers), claim outcomes (including ex-gratia payments and reasons for declining a claim) and whether or not a policyholder has flood coverage.[156]

7.140APRA and ASIC are considering timing options for the new data collection and reporting cycle, including quarterly, half-yearly or annual data collection. They have advised that the frequency may vary between different types of data, such as half-yearly for policy and claims information, but quarterly for financial data.[157]

7.141ASIC says it intends to use the new data collected from insurers to analyse consumer outcomes following catastrophes, to identify areas of concern and to assess whether:

• products are designed to meet consumer needs and respond to availability and affordability issues;
• products are sold fairly and appropriately and are meeting consumers’ expectations; and
• claims are handled fairly and reasonably.[158]
  142. APRA noted the expanded data collection would potentially include data relating to the consumer experience, and to enable cross-insurer comparisons, but warned that this would take time:

Our intention is to expand our data collections to be more granular. I say that quite easily, but it's not necessarily an easy fix that happens overnight, because it does actually involve us working with industry to scope the depth and nature of those collections and consult with industry. It also involves significant changes to systems and collections, both at the APRA level and at the industry level.[159]

7.143ASIC likewise submitted that it is clear from its own recent research and from the Deloitte report that insurers will ‘need to do a lot of work to be ready for enhanced data collection’.[160] The ICA has noted that the proposed new data collection includes data points not currently collected by ICA members, and will require a ‘significant uplift’ to insurers’ existing systems, processes and governance frameworks.[161] However, the ICA also said that:

Members…note the significant value of the benefits of a central agency collecting data. We acknowledge that richer data insights will strengthen [APRA and ASIC’s] supervision of the general insurance industry and provide the opportunity to streamline the efforts of the industry who currently respond to similar requests for data from multiple agencies at any time.[162]

7.144For example, the ACCC currently collects insurance data that, in the view of the ICA, is likely to overlap with the proposed IDT data collection. The ICA therefore strongly recommended harmonising data definitions across all collections to reduce duplication and the need to rework data to meet different reporting requirements.[163]

7.145The insurance industry also provides data to the CGC.

Code Governance Committee data and reporting arrangements

7.146The CGC performs an important role in data-gathering, particularly around Code breaches. It is empowered by its charter to collect and analyse data about insurers’ compliance with the Code,[164] and the Code itself stipulates that insurers will cooperate with the CGC in its reviews of Code compliance and investigations of suspected breaches.[165]

7.147The CGC’s information sources include data collected annually from subscribed insurers, external dispute resolution data from AFCA and consumer groups, and notifications from insurers regarding breaches. The CGC noted that ‘in large part, insurers do take these obligations seriously’, evidenced by the number of breach reports it receives from insurers themselves.[166]

7.148The CGC publishes breach data annually in aggregated format, including the most frequently breached Code provisions, along with recommendations and guidance for subscribed insurers to improve compliance. The CGC also provides statistics on breaches per 10,000 policies sold, but uses aliases to de-identify the insurers.[167]

7.149The inquiry heard evidence on potential improvements to these arrangements.

7.150One potential improvement is requiring insurers to report relevant data to the CGC at the brand level rather than group or underwriter level. For its most recent report, the CGC requested information from insurers on policies, claims, complaints and breaches segmented by insurance brands. The CGC said it was ‘disappointing’ that some insurers, including large insurers, were unable to provide this information in full. The CGC signalled that it would be seeking to further investigate propriety brands and distributor brands for future Code compliance reporting.[168] Additionally, the CGC noted that while it currently looks at breach data by calendar year, options for reporting by catastrophe or other events were of future interest.[169]

7.151Naming and shaming insurers in CGC annual reports was also raised as another key mechanism to improve transparency and accountability around Code breaches.

7.152The Committee heard that the CGC’s charter restricts its ability to name insurers in annual data reports; it can only name an insurer that has breached the Code if it imposes a naming sanction (that is, only for the most serious breaches).[170] The CGC suggested to the Committee that the CGC charter be reformed to allow the CGC to also name individual insurers in its annual reports on compliance.[171] For comparison, the ABA has accepted ‘in principle’ a recommendation that banks be named in its regular half-yearly compliance reporting,[172] although this reform does not appear to have been implemented to date.[173] As noted previously in this chapter, the Code Review has also recommended that the CGC be authorised to publish insurers’ names in its reports.[174]

Committee comment

7.153As outlined in this chapter, oversight of the general insurance industry is still evolving. Following numerous pressure points in the history of financial services provision in the Australian market, the maturity of oversight and regulatory arrangements has progressed in reactive periods of improvement. However, the shortcomings of insurers’ responses to the 2022 major floods identified in this report, as well as across all reviews conducted since that time, make clear that there is room for oversight improvement, especially in the realm of data capture and reporting consistency.

7.154The Committee believes that consistent definitions and outcome measures for data, paired with higher-quality, more consistent, and accessible datasets, will play a key role in enabling better understanding of the issues facing policyholders and insurer performance by regulators, AFCA, the CGC and the public.

7.155Customers cannot realistically choose to move to more ethical or capable insurers when there is no good way to identify the best and worst performers, or see how their performance has been assessed by regulators or oversight bodies.

7.156Regulators are hampered in their ability to identify, investigate and prosecute systemic misconduct when the data is poorly suited to system-wide analysis, or making comparisons between insurers.

7.157This dampens insurer incentives to improve on both fronts. Collecting and publishing more consistent and better data on the consumer experience across insurers will drive greater accountability for misconduct and poor performance through both regulatory and market mechanisms.

7.158The Committee considers enhancing ASIC’s powers to collect and report consistent performance data across insurers to be a key requirement.

7.159The Committee considers key outcome measures for the consumer experience to include consistent communication metrics and data regarding the satisfaction of customers, claims processing, the identification of vulnerable consumers, rates of internal and external dispute resolution, the success of insurers at AFCA, claims acceptance and closure rates, and breaches of the Code. As identified throughout this chapter and report, this data is currently not collected consistently, nor is it reported in a universal manner or format.

7.160The Committee considers the General Insurance Code of Practice an important industry self-regulation mechanism that should continue to be strengthened and upheld by industry. The Code is a living document that should seek to address issues facing consumers and provide more than aspirational promises to policyholders.

7.161The Committee has made recommendations throughout this report that focus on areas of the Code that should be improved or strengthened. The Committee acknowledges that the Code is currently under independent review and that this inquiry will inform phase 2 of that review. The Committee welcomes the findings and recommendations of the September 2024 initial report of the Code Review. The Committee believes the panel’s recommendations should inform greater efforts by industry to improve the Code.

7.162The Committee agrees with the Code Review’s recommendation that Code subscribers should be required to incorporate the Code into their contracts.

7.163Once the Code has been strengthened, including by the above enhancement to contractual enforceability, the ICA should seek ASIC’s approval for the Code, consistent with its expressed intention. Discussions between the ICA and ASIC should include consideration of the possible designation of enforceable provisions of the Code in the future, dependent on industry consultation, the outcomes of the final stage of the Code Review, and any further recommendations and reforms by government.

7.164Further, the Committee considers the CGC to be crucial in upholding standards of enforceability and accountability. It should continue its good work to encourage integrity across the industry.

7.165The Committee recommends that the Insurance Council of Australia seek to have the General Insurance Code of Practice approved by the Australian Securities and Investments Commission after implementing any recommendations of the Independent Review of the 2020 General Insurance Code of Practice.

7.166The Committee recommends that the General Insurance Code of Practice be incorporated as a contractually enforceable clause in insurance Product Disclosure Statements (as is the Banking Code of Practice).

7.167The Committee recommends that the General Insurance Code Governance Committee publish aggregate data on code breaches by clause, individual insurer, and brand.

7.168The Committee recommends that the Australian Securities and Investments Commission (ASIC) appropriately use powers that it has as a result of the removal of the exemption of claims handling of insurance products under the Corporations Act 2001. The Committee notes that ASIC has only recently been granted such powers and they are as yet untested.

7.169The Committee recommends that the Australian Securities and Investments Commission and the General Insurance Code Governance Committee share data so that it is possible to evaluate breaches of the General Insurance Code of Practice in the context of an insurers’ overall claims profile.

7.170The Committee recommends that the Australian Securities and Investments Commission develop and define key outcomes measures for the consumer experience, including:

• Communication (outcome measures)

• Overall customer satisfaction, such as a customer satisfaction score
• Consumer comprehension of communications (random sample)

• Claims processing

• Average time taken to respond to a customer after first making an enquiry or initiating a claim

• Vulnerable customers

• Proportion of customers identified as vulnerable (BAU, quarterly)
• Proportion of customers identified as vulnerable (designated events, monthly)

• Internal dispute resolution

• Proportion of total cases that involved internal dispute resolution
• Average time taken to resolve internal dispute cases

• External dispute resolution

• Proportion of total cases that were referred to the Australian Financial Complaints Authority
• Success rate at the Australian Financial Complaints Authority

• Cash settlements

• Proportion of resolved cases that are final cash settlements

• Claims acceptance rates

• Percentage of claims accepted
• Percentage of claims closed (at key points in time, for example 6months, 12 months, 18 months)

• General Insurance Code of Practice Compliance

• Breaches of the General Insurance Code of Practice per thousand claims by clause, insurer, and brand.

7.171The Committee recommends that legislation provide the Australian Securities and Investments Commission with sufficient data-gathering powers to obtain the information required to monitor and report on the metrics recommended in Recommendation 51.

7.172The Committee recommends the Australian Securities and Investments Commission consider seeking data from insurers on their performance based on the metrics recommended in Recommendation 51:

• Quarterly, for business-as-usual operations
• Monthly, for each declared event.

7.173The Committee recommends the Australian Securities and Investments Commission publish quarterly insurer and brand level data on their performance on the metrics recommended in Recommendation 51.

7.174The Committee recommends that the Australian Securities and Investments Commission’s MoneySmart life insurance claims comparison tool be extended to general insurance.

7.175The Committee recommends that for each declared event, insurers be required to report the number of unresolved cases after 12 months to the Australian Securities and Investments Commission and the overarching strategy for resolving these cases. This report should include the total number of outstanding claims and the most common reasons for the delay.

7.176The Committee recommends that the General Insurance Code of Practice (the Code) be reformed to implement Recommendation 63 of the Independent Review of the 2020 General Insurance Code of Practice, that is: where the insurer has not made a decision on a claim within 12 months, and the delay is not due to the consumer or other reasons beyond the control of the insurer, the Code should require the claim to be accepted.

The Committee further recommends that Australian Securities and Investments Commission consider using its powers in relation to claims management to enforce this obligation.

• This would not be triggered where a claim has been lodged with the Australian Financial Complaints Authority.
• This would be triggered where internal dispute resolution has commenced but is not resolved. If the insurer has not made a decision by 12 months, the claim must be paid.

7.177The Committee recommends that insurers report case management key performance indicators to the Australian Securities and Investments Commission.

7.178The Committee recommends that insurers recognise standard third-party authorisation forms and that this obligation be reflected in staff training.

7.179The Committee recommends that, if a policy renewal falls due when there is long delay in claim handling or the completion of the project, the insurer should:

• be required to offer a reduced form of cover, with an appropriately lower premium
• this cover should include public liability cover and sufficient cover for the building in its damaged state (noting that some consumers are being sent standard premium renewals, which amounts to excessive cover).

7.180The Committee recommends that insurers be required to ensure that people paying premiums monthly do not pay more.

Footnotes

[1]See further: Department of the Treasury, Submission 69.

[2]ASIC, ‘The ASIC – APRA relationship’, asic.gov.au/about-asic/what-we-do/our-role/other-regulators-and-organisations/the-asic-apra-relationship/, viewed 6 September 2024.

[3]Department of the Treasury, Submission 69, p. 3.

[4]Department of the Treasury, Submission 69, pp. 3-4; ASIC, Regulatory Guide 104 - AFS licensing: Meeting the general obligations, June 2022; Corporations Act 2001, s. 912A(1)(a).

[5]ASIC, Navigating the storm: ASIC’s review of home insurance claims, 16 August 2023, and ASIC, When the price is not right: making good on insurance pricing promises, 23 June 2023.

[6]ASIC, ‘ASIC’s approach to enforcement’, asic.gov.au/about-asic/asic-investigations-and-enforcement/asic-s-approach-to-enforcement/, viewed 8 September 2024.

[7]ASIC, ‘ASIC’s approach to enforcement after the Royal Commission’, 2 September 2019, https://asic.gov.au/about-asic/news-centre/speeches/asic-s-approach-to-enforcement-after-the-royal-commission/, viewed 7 September 2024.

[8]Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report: Volume 1, February 2019, p. 24.

[9]Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report: Volume 1, February 2019, p. 24.

[10]Corporations Act 2001, s. 912A(1)(a).

[11]Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report: Volume 1, February 2019, p. 33.

[12]Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, Final Report: Volume 1, February 2019, p. 309.

[13]Financial Sector Reform (Hayne Royal Commission Response – Protecting Consumers (2020 Measures)) Bill 2020, Explanatory Memorandum, p. 133.

[14]Insurance Contracts Act 1984, Part IA, s. 11D.

[15]ASIC, ‘Information Sheet 145 - ASIC’s compulsory information-gathering powers’, asic.gov.au/about-asic/asic-investigations-and-enforcement/asic-s-compulsory-information-gathering-powers/, viewed 8 September 2024.

[16]Corporations Act 2001 s. 912C(1)

[17]Corporations Act 2001 s. 912C(1)(a)

[18]Corporations Act 2001 s. 912C(1)(b)

[19]ASIC, Navigating the storm: ASIC’s review of home insurance claims, Report 768, August 2023.

[20]Corporations Act 2001 s. 912C(3)(a)

[21]Mr Alan Kirkland, Commissioner, ASIC Committee Hansard, 2February 2024, pp. 2–3.

[22]Mrs Suzanne Smith, Executive Board Member, APRA, Committee Hansard, 2February 2024, p. 18.

[23]ASIC, ‘The ASIC – APRA relationship’, asic.gov.au/about-asic/what-we-do/our-role/other-regulators-and-organisations/the-asic-apra-relationship/, viewed 6 September 2024.

[24]APRA, ‘Reporting requirements for general insurance’, www.apra.gov.au/reporting-requirements-for-general-insurance, viewed 5 September 2024.

[25]APRA, Supplementary Submission 56.1, p. 1.

[26]ASIC, ‘The ASIC – APRA relationship’, asic.gov.au/about-asic/what-we-do/our-role/other-regulators-and-organisations/the-asic-apra-relationship/, viewed 6 September 2024.

[27]Mrs Suzanne Smith, Executive Board Member, APRA, Committee Hansard, 2February 2024, p. 23.

[28]For example: Hon Dr Jim Chalmers MP, Treasurer, ‘Competition and Consumer (Price Inquiry—Supermarkets) Direction 2024’, 1 February 2024; Hon Dr Jim Chalmers MP, Treasurer, ‘Competition and Consumer (Price Monitoring—Petroleum Fuels) Direction 2022’, 14 December 2022; Hon Josh Frydenburg MP, Treasurer, ‘Competition and Consumer (Price Inquiry—Digital Platforms) Direction 2020’, 10February 2020.

[29]Ms Sarah Proudfoot, Acting Chief Executive Officer and Executive General Manager, Infrastructure Division, ACCC, Committee Hansard, 22 March 2024, p. 11.

[30]See: ACCC ‘Insurance monitoring’, www.accc.gov.au/by-industry/insurance/insurance-monitoring, viewed 5 September 2024; and ACCC, ‘Northern Australia insurance inquiry 2017-20’, www.accc.gov.au/inquiries-and-consultations/finalised-inquiries/northern-australia-insurance-inquiry-2017-20, viewed 5 September 2024.

[31]Department of the Treasury, Submission 69, p. 4.

[32]AFCA, ‘Funding’, www.afca.org.au/about-afca/corporate-information/funding, viewed 8 September 2024.

[33]ASIC, RG 267 - Oversight of the Australian Financial Complaints Authority, 2 September 2021.

[34]AFCA, Submission 1, p. 7.

[35]General Insurance Code Governance Committee, ‘The Committee’, insurancecode.org.au/about/about-the-code-governance-committee/, viewed 6 September 2024.

[36]Mr Danial Gaudry, Director, Insurance Unit, Department of the Treasury, Committee Hansard, 15 March 2024, p. 23.

[37]For example, clauses 64, 68, 70–74, 76–78, 82, 121–122, 146–147, 150–151, 161, 198, 202 and 204 of the Code. See ICA, General Insurance Code of Practice, 5 October 2021, pp. 27–29, 35, 38, 41, 48–49.

[38]Mr Danial Gaudry, Director, Insurance Unit, Department of the Treasury, Committee Hansard, 15 March 2024, p. 23.

[39]ICA, ‘Independent Review of the 2020 General Insurance Code of Practice’, Media Release, 14 November 2023.

[40]A body corporate authorised under section 12 of the Insurance Act 1973 to carry on insurance business in Australia—APRA, Glossary, www.apra.gov.au/sites/default/files/Glossary-IGIS.pdf, viewed 6 September.

[41]ICA, General Insurance Code of Practice, 5 October 2021, p. 11.

[42]Insurance Council of Australia, What is the General Insurance Code of Practice?, insurancecouncil.com.au/cop/, viewed 28 August 2024.

[43]ICA, General Insurance Code of Practice, 5 October 2021, pp. 43-44.

[44]General Insurance Code Governance Committee, Submission 5, p. 1.

[45]ICA, ‘Independent Review of the 2020 General Insurance Code of Practice’, Media Release, 14 November 2023. The other panellists were consumer expert Gerard Brody and insurance industry expert Paul Muir.

[46]Independent Code of Practice Review, ‘Independent Review of the 2020 General Insurance Code of Practice’, www.codeofpracticereview.com.au, viewed 4 September 2024.

[47]IndependentReview of the 2020 General Insurance Code of Practice, Initial Report, September 2024.

[48]For example: Mr Roscoe Howell, Submission 55.4 and Submission 55.5; Sharon and Karl Roes, Submission 77; Name Withheld, Submission 96. See also: Mr Ken Olsson, Private capacity, Committee Hansard, Caboolture, 9 April 2024, p. 18.

[49]Sharon and Karl Roes, Submission 77, p. 53.

[50]Ms Sarah Edmondson, Executive General Manager, Regulatory, Policy and Research, AFCA Committee Hansard, 21 February 2024, p. 33.

[51]Mr Justin Untersteiner, Chief Operating Officer, AFCA, Committee Hansard, 21 February 2024, p. 33.

[52]General Insurance Code Governance Committee, Operational Guidance: Imposing sanctions under the 2020 General Insurance Code of Practice, December 2021, https://insurancecode.org.au/resources/operational-guidance-imposing-sanctions-under-the-2020-general-insurance-code-of-practice/, p. 4.

[53]ICA, General Insurance Code of Practice, 5 October 2021 p. 44.

[54]General Insurance Code Governance Committee, ‘Allianz Australia Insurance Limited sanctioned for non-compliance’, Media Release, 7 June 2024.

[55]Financial Rights Legal Centre, Supplementary Submission 27.3, p. [8].

[56]Financial Legal Rights Centre, Supplementary Submission 27.2, p. 2.

[57]Mr Tyrone Shandiman, Chairperson, Australian Consumers Insurance Lobby, Committee Hansard, 1 February 2024, p. 29.

[58]Mrs Julia Davis, Senior Policy and Communications Officer, Financial Rights Legal Centre, Committee Hansard, 31 January 2024, p. 6. Similar views were shared by ARC Justice—see Committee Hansard, 1 February 2024, pp. 43–44.

[59]ASIC, RG Guide 183 – Approval of financial services sector codes of conduct, March 2013, p. 4.

[60]Department of the Treasury, Enforceability of financial services industry codes – Consultation Paper, 2019, p. 11.

[61]ASIC, RG 183 – Approval of financial services sector codes of conduct, March 2013, p. 4.

[62]Mr Alan Kirkland, Commissioner, ASIC, Committee Hansard, 2 February 2024, p. 4.

[63]ASIC, RG 183 – Approval of financial services sector codes of conduct, March 2013, p. 5.

[64]ASIC, ‘ASIC approves the Banking Code of Practice’, Media Release, 31 July 2018.

[65]ASIC, RG 183 – Approval of financial services sector codes of conduct, March 2013, p. 6.

[66]Insurance Council of Australia, Independent Review Initial Consultation Paper, https://insurancecouncil.com.au/resource/independent-review-initial-consultation-paper/, 7 June 2024, p. 36.

[67]Explanatory Memorandum, Financial Sector Reform (Hayne Royal Commission Response) Bill 2020 and Corporations (Fees) Amendment (Hayne Royal Commission Response) Bill 2020, November 2020, p. 20.

[68]ASIC, RG 183 – Approval of financial services sector codes of conduct, March 2013, p. 9.

[69]Mrs Prue Monument, General Manager, Code Compliance and Monitoring; and Chief Executive Officer, Banking Code Compliance Committee, (on behalf of General Insurance Code Governance Committee), AFCA, Committee Hansard, 23 February 2024, p. 2.

[70]ACCC, Northern Australia Insurance Inquiry, Final Report, November 2020, p. xxvii.

[71]Independent Review of the 2020 General Insurance Code of Practice, Initial Report, September 2024, pp. 61-62.

[72]Ms Sarah Edmondson, Executive General Manager, Regulatory, Policy and Research, AFCA, Committee Hansard, 21 February 2024, pp. 33-34.

[73]AFCA, Submission to the Independent Review of the 2020 General Insurance Code of Practice (GI Code), June 2024, p. 2.

[74]Mr Nathan Bourne, Senior Executive Leader, Credit, Banking and General Insurance, ASIC, Committee Hansard, 2 February 2024, p. 4.

[75]Mrs Prue Monument, General Manager, Code Compliance and Monitoring; and Chief Executive Officer, Banking Code Compliance Committee (on behalf of General Insurance Code Governance Committee), AFCA, Committee Hansard, 23 February 2024, p. 3.

[76]ASIC, RG 183 – Approval of financial services sector codes of conduct, March 2013, pp. 27-28.

[77]ASIC, RG 183 – Approval of financial services sector codes of conduct, March 2013, p. 28.

[78]ASIC, RG 183 – Approval of financial services sector codes of conduct, March 2013, p. 29.

[79]Mr Alan Kirkland, Commissioner, ASIC, Committee Hansard, 2 February 2024, p. 4.

[80]Mrs Prue Monument, General Manager, Code Compliance and Monitoring; and Chief Executive Officer, Banking Code Compliance Committee (on behalf of General Insurance Code Governance Committee), AFCA, Committee Hansard, 23 February 2024, p. 1.

[81]Independent Review of the 2020 General Insurance Code of Practice, Initial Report, September 2024, pp. 63-68.

[82]Independent Review of the 2020 General Insurance Code of Practice, Initial Report, September 2024, pp. 63-68.

[83]Independent Review of the 2020 General Insurance Code of Practice, Initial Report, September 2024, pp. 63-68.

[84]Independent Review of the 2020 General Insurance Code of Practice, Initial Report, September 2024, pp. 63-68.

[85]Independent Review of the 2020 General Insurance Code of Practice, Initial Report, September 2024, pp. 63-68.

[86]See ASIC, INFO 253 – Claims handling and settling: How to comply with your AFS licence obligations, May 2021, p. 14.

[87]Explanatory Memorandum, Financial Sector Reform (Hayne Royal Commission Response) Bill 2020 and Corporations (Fees) Amendment (Hayne Royal Commission Response) Bill 2020, November 2020, p. 5.

[88]Corporations Act 2001, s. 1101A(2) and 1101A(3)(b).

[89]Department of the Treasury, Submission 69, p. 11.

[90]Mr Nathan Bourne, Senior Executive Leader, Credit, Banking and General Insurance, ASIC, Committee Hansard, 2 February 2024, pp. 4-5.

[91]Corporations Act 2001, s. 1101AC. See also: ASIC, Supplementary Submission 35.1, p. 2; Explanatory Memorandum, Financial Sector Reform (Hayne Royal Commission Response) Bill 2020 and Corporations (Fees) Amendment (Hayne Royal Commission Response) Bill 2020, November 2020, p. 26.

[92]Department of the Treasury, Enforceability of financial services industry codes: Taking action on recommendation 1.15 of the Banking, Superannuation and Financial Services RoyalCommission, Consultation Paper, March 2019, p. 7.

[93]Corporations Act 2001, s. 1101A, paragraph (3). See also the Explanatory Memorandum, Financial Sector Reform (Hayne Royal Commission Response) Bill 2020 and Corporations (Fees) Amendment (Hayne Royal Commission Response) Bill 2020, November 2020, p. 19.

[94]Mr Nathan Bourne, Senior Executive Leader, Credit, Banking and General Insurance, ASIC, Committee Hansard, 2 February 2024, pp. 4-5.

[95]Mr Robb Preston, Assistant Secretary, Banking, Insurance and Credit Branch, Department of the Treasury, Committee Hansard, 15 March 2024, p. 23.

[96]Mrs Prue Monument, General Manager, Code Compliance and Monitoring, and Chief Executive Officer, Banking Code Compliance Committee (on behalf of General Insurance Code Governance Committee), AFCA, Committee Hansard, 23 February 2024, p. 3.

[97]Mr Justin Untersteiner, Chief Operating Officer, AFCA, Committee Hansard, 21 February 2024, p. 33.

[98]Financial Rights Legal Centre, Supplementary Submission 27.3, p. [131].

[99]Independent Review of the 2020 General Insurance Code of Practice, Initial Report, September 2024, p. 62.

[100]ICA, Independent Review Initial Consultation Paper, 7 June 2024, p. 36.

[101]Financial Rights Legal Centre, Supplementary Submission 27.3, p. [131].

[102]ICA, Independent Review Initial Consultation Paper, 7 June 2024, p. 36.

[103]Independent Review of the 2020 General Insurance Code of Practice, Initial Report, September 2024, p. 62.

[104]Australian Banking Association, ABA response to recommendations of the 2021 Independent Review of the Banking Code of Practice Final Report, February 2023, p. 2.

[105]For example: Financial Rights Legal Centre, Submission 27.3, pp. [59–60], 103; Name Withheld, Submission96; Mr Roscoe Howell, Submission 55.5.

[106]See the Senate Standing Committee on Economics, Inquiry into Australian Securities and Investments Commission investigation and enforcement, Report, July 2024.

[107]Australian Banking Association, ‘New Banking Code of Practice will be compulsory, binding and enforceable’, Media Release, 26 March 2018, www.ausbanking.org.au/new-banking-code-of-practice-will-be-compulsory-binding-and-enforceable/.

[108]Customer Owned Banking Association, Code of Practice 2022, p. 3.

[109]AFCA, Supplementary Submission 1.2, pp. 5-6. See also: AFCA, Submission to the Independent Review of the 2020 General Insurance Code of Practice (GI Code), June 2024, p. 24.

[110]Independent Review of the 2020 General Insurance Code of Practice, Initial Report, September 2024, p. 62.

[111]Financial Rights Legal Centre, Supplementary Submission 27.2, p. 3.

[112]Financial Rights Legal Centre, Supplementary Submission 27.2, p. 3.

[113]ICA, ‘Data hub’, insurancecouncil.com.au/industry-members/data-hub/, viewed 5 September 2024.

[114]ICA, Submission 11, p. [6].

[115]Mrs Suzanne Smith, Executive Board Member, APRA, Committee Hansard, 2 February 2024, p. 24.

[116]Mrs Suzanne Smith, Executive Board Member, APRA Committee Hansard, 2 February 2024, pp. 23-24.

[117]AFCA, Submission 1, p. 36.

[118]AFCA, ‘About the AFCA Datacube’, data.afca.org.au/about-afca/, viewed 25 August 2024.

[119]Ms Edmondson, Committee Hansard, 21 February 2024, p. 38; AFCA Datacube, Compare the firms, data.afca.org.au/compare-the-firms, viewed 8 September 2024.

[120]Mr Justin Untersteiner, Chief Operating Officer, AFCA, Committee Hansard, 21 February 2024, p. 38.

[121]Mr Justin Untersteiner, Chief Operating Officer, AFCA, Committee Hansard, 21 February 2024, p. 41.

[122]AFCA, Submission 1, p. 16.

[123]AFCA, Supplementary Submission 1.1, p. 5. See also the discussion with Mr Justin Untersteiner, Chief Operating Officer, AFCA, Committee Hansard, 21 February 2024, p. 32.

[124]AFCA, Supplementary Submission 1.1, p. 5.

[125]ACFA, Submission 1, p. 10.

[126]Deloitte The new benchmark for catastrophe preparedness in Australia,October 2023 p. 94.

[127]Deloitte The new benchmark for catastrophe preparedness in Australia, October 2023, p. 120.

[128]Mrs Suzanne Smith, Executive Board Member, APRA, Committee Hansard, 2February 2024, p. 22.

[129]Mrs Suzanne Smith, Executive Board Member, APRA, Committee Hansard, 2February 2024, p. 23.

[130]Dr Prue Bagley, Community Engagement Officer, ARC Justice, Committee Hansard, 1 February 2024, p. 44.

[131]Mr David Carter, Managing Director and Group Chief Executive Officer, Royal Automobile Club of Queensland Limited, Committee Hansard, 9 February 2024, p. 9.

[132]Mr Richard Feledy, Managing Director, Allianz Australia Insurance Ltd, Committee Hansard, 9 February 2024, p. 27.

[133]Mrs Suzanne Smith, Executive Board Member, APRA, Committee Hansard, 2February 2024, p. 24.

[134]Mr Alan Kirkland, Commissioner, ASIC, Committee Hansard, 2 February 2024, p. 2.

[135]Mr Alan Kirkland, Commissioner, ASIC, Committee Hansard, pp. 2–3.

[136]AFCA, AFCA’s Systemic Issues function, https://www.afca.org.au/annual-review-systemic-issues, viewed 7 September 2024.

[137]Mr Alan Kirkland, Commissioner, ASIC, Committee Hansard, 2 February 2024, p. 6.

[138]Mr Alan Kirkland, Commissioner, ASIC, Committee Hansard, 2 February 2024, p. 2.

[139]Financial Complaints Authority, ‘Firm specific complaints data’, www.fca.org.uk/data/complaints-data/firm-level; and Financial Complaints Authority, ‘General insurance value measures data 2023’, www.fca.org.uk/data/general-insurance-value-measures-data-2023,.

[140]Mr Alan Kirkland, Commissioner, ASIC, Committee Hansard, 2 February 2024, p. 13.

[141]Mrs Suzanne Smith, Executive Board Member, APRA, Committee Hansard, 2February 2024, p. 24.

[142]Independent Review of the 2020 General Insurance Code of Practice, Initial Report, September 2024, recommendations 63 and 64.

[143]ICA, ‘General Insurance Discussion Paper – Insurance Data Transformation’, insurancecouncil.com.au/wp-content/uploads/2023/12/231221_ICA-Submission-to-APRA-Insurance-Data-Transformation.pdf, p. 1.

[144]ICA, Independent Review Initial Consultation Paper, 7 June 2024, p. 36.

[145]Mr Alan Kirkland, Commissioner, ASIC, Committee Hansard, 2 February 2024, p. 4.

[146]Deloitte The new benchmark for catastrophe preparedness in Australia,October 2023, p. 40.

[147]Mr Alan Kirkland, Commissioner, ASIC, Committee Hansard, 2 February 2024, pp. 6-7.

[148]Mr Alan Kirkland, Commissioner, ASIC, Committee Hansard, 2 February 2024, pp. 6-7.

[149]MoneySmart, www.moneysmart.gov.au, viewed 29 August.

[150]APRA, ‘Life insurance claims comparison tool’, moneysmart.gov.au/how-life-insurance-works/life-insurance-claims-comparison-tool, viewed 25 August 2024.

[151]Financial Rights Legal Centre, CHOICE, Consumer Action Law Centre and Westjustice, Submission 27, p. 24.

[152]APRA, ‘General and life insurance data transformation’, www.apra.gov.au/general-and-life-insurance-data-transformation, viewed 26 August 2024.

[153]APRA and ASIC, ‘General Insurance Discussion Paper – Insurance Data Transformation’, www.apra.gov.au/general-insurance-discussion-paper-insurance-data-transformation, viewed 3 September 2024.

[154]APRA and ASIC, ‘General Insurance Discussion Paper – Insurance Data Transformation’, www.apra.gov.au/general-insurance-discussion-paper-insurance-data-transformation, viewed 3 September 2024, section 3.2.

[155]APRA and ASIC, ‘Appendix – General Insurance Discussion Paper Insurance Data Transformation’, https://www.apra.gov.au/appendices.

[156]APRA and ASIC, ‘Appendix – General Insurance Discussion Paper Insurance Data Transformation’, www.apra.gov.au/appendices.

[157]APRA and ASIC, ‘General Insurance Discussion Paper – Insurance Data Transformation’, www.apra.gov.au/general-insurance-discussion-paper-insurance-data-transformation, viewed 3 September 2024, section 3.4.

[158]APRA and ASIC, ‘General Insurance Discussion Paper – Insurance Data Transformation’, www.apra.gov.au/general-insurance-discussion-paper-insurance-data-transformation, viewed 3 September 2024, section 2.2

[159]Mrs Suzanne Smith, Executive Board Member, Australian Prudential Regulation Authority, Committee Hansard, 2 February 2024, p. 24.

[160]ASIC, Submission 35, p.14.

[161]ICA, ‘General Insurance Discussion Paper – Insurance Data Transformation’, https://insurancecouncil.com.au/wp-content/uploads/2023/12/231221_ICA-Submission-to-APRA-Insurance-Data-Transformation.pdf, p. 1.

[162]ICA, ‘General Insurance Discussion Paper – Insurance Data Transformation’, insurancecouncil.com.au/wp-content/uploads/2023/12/231221_ICA-Submission-to-APRA-Insurance-Data-Transformation.pdf, p. 1.

[163]ICA, ‘General Insurance Discussion Paper – Insurance Data Transformation’, insurancecouncil.com.au/wp-content/uploads/2023/12/231221_ICA-Submission-to-APRA-Insurance-Data-Transformation.pdf, p.3.

[164]General Insurance Code Governance Committee, Committee Charter, https://insurancecode.org.au/resources/committee-charter-effective-from-1-july-2021/, p. 9.

[165]ICA, General Insurance Code of Practice, 5 October 2021, p. 44.

[166]Mrs Prue Monument, General Manager, Code Compliance and Monitoring; and Chief Executive Officer, Banking Code Compliance Committee (on behalf of General Insurance Code Governance Committee), AFCA, Committee Hansard, 23 February 2024, p. 13.

[167]General Insurance Code Governance Committee, General Insurance Industry Data and Compliance Report 2022-23, pp. 29-30.

[168]General Insurance Code Governance Committee, General Insurance Industry Data and Compliance Report 2022-23, p. 17.

[169]Mrs Prue Monument, General Manager, Code Compliance and Monitoring; and Chief Executive Officer, Banking Code Compliance Committee (on behalf of General Insurance Code Governance Committee), AFCA, Committee Hansard, 23 February 2024, p. 6.

[170]General Insurance Code Governance Committee, Submission 5, p. 8.

[171]Mrs Prue Monument, General Manager, Code Compliance and Monitoring; and Chief Executive Officer, Banking Code Compliance Committee (on behalf of General Insurance Code Governance Committee), AFCA, Committee Hansard, 23 February 2024, p. 2.

[172]ABA, ‘ABA Response to BCCC Banking Code Review’, www.ausbanking.org.au/report/aba-response-to-bccc-banking-code-review/, 21 October 2022, p. [1].

[173]The latest available compliance report continues to use aliases to de-identify the major banks when reporting Banking Code breach numbers. See: Banking Code Compliance Committee, Compliance with the Banking Code of PracticeJuly to December 2023, 14 June 2024, p. 6.

[174]Independent Review of the 2020 General Insurance Code of Practice, Initial Report, September 2024, pp. 63-68.