Challenge and change in the insurance industry: Three developments in prudential policy and legal requirements

14mins  21.01.2018 Kathryn Rigney
Why organisational culture, community trust and confidence and advances in technology are important for the Australian insurance industry and its regulators.

The insurance industry is embedded in today's society. It may be a grudge purchase, but most of us buy insurance to help us manage the financial risks we face; and arguably society could not operate as it does without the security insurance can provide.

The challenge for the insurance industry, and for regulators, is how insurance should adapt to meet the demands and challenges of today, and maybe even change the current, generally negative, perception of the industry.

The hot topics in prudential policy, which in turn inform legal and regulatory requirements, are:

  • organisational culture
  • community trust and confidence, and
  • the impact of technology.

Organisational culture

An organisation’s culture is hard to describe, and will change over time. No ethics or compliance program put in place by a regulator is powerful enough on its own to shape integrity. Good culture comes from within the individuals in firms, acting with integrity.

The Australian Securities and Investments Commission (ASIC) believes holding senior managers and key staff accountable is important for culture. Indeed, the key theme at ASIC's 2016 Annual Forum was 'Culture shock', with a focus on why culture matters.

The Australian Prudential Regulation Authority (APRA) has been looking at culture, or at least risk culture, in the insurance industry since 2015 and released an Information Paper summarising its findings in October 2016.

 

Culture matters to regulators because they see poor culture as both an indicator and driver of poor conduct, leading to poor outcomes for investors and consumers and erosion of trust and confidence in the financial services sector

 

A ‘good’ culture is more than just compliance with legal and regulatory requirements. There is no single type of 'good' culture, nor is it possible to write a universal rule that prescribes culture for every entity. Instead, regulators focus on governance and the responsibilities of senior management, how regulated entities manage risk and conflicts of interest and the structure of remuneration and incentives it creates.

ASIC are incorporating consideration of a firm’s culture into risk-based surveillance reviews of the entities they regulate, which includes everyone with an Australian Financial Services (AFS) licence. They are particularly focused on things like remuneration structures, conflicts of interest, complaints handling, treatment of whistleblowers, and timeliness of breach reporting to ASIC.

Corporate culture is not a new concept for regulators or the law. Since 2001, under the Criminal Code, a body corporate may be found guilty of an offence in certain circumstances where it is established that a corporate culture existed that directed, encouraged, tolerated or led to non-compliance with the relevant provision or that it failed to create and maintain a corporate culture that required compliance.

ASIC has asked for the corporate culture provisions under the Criminal Code to be extended to the obligations of financial service providers under the Corporations Act 2001 (Cth) (Corporations Act). Not just to the corporation, but also to individual responsible managers. ASIC have also suggested to Government that consideration be given to introducing civil penalties for individuals and companies where they enable a poor culture that leads to breaches of the law by employees.

In its 2016 Information Paper, APRA observed that the industry's approaches to understanding and managing risk culture are at a relatively early stage, and that many institutions are more focused on understanding their current risk culture than articulating what type of risk culture they aspire to. They also observed that larger institutions face additional challenges around the existence of sub-cultures or silos.

APRA also found that institutions consistently affirmed that their own risk culture was ‘good’ or ‘strong’, while at the same time acknowledging that risk culture was an issue within their industry – presumably only for everyone else. It is clear then, that there can be a disconnect between the ‘tone at the top’ and the ‘echo from the bottom’.

One of the areas APRA is focused on is remuneration structures and the incentives they provide for particular types of conduct. While not yet formal policy, APRA's chairman has said that once the new Banking Executive Accountability Regime (BEAR) framework is in place, it will consider whether some of the concepts have wider application to the extent they can add to community trust and confidence in the industries it regulates.

Community trust and confidence

Linked to the focus on culture is the issue of community trust and confidence. It is not enough simply to comply with legal and regulatory requirements. A successful business also needs a 'social licence to operate'. That is, it must maintain the trust of the community in which it operates.

Firm reputation and brand loyalty are vital to long-term business success. The insurance sector's social licence has been dented in recent years by issues relating to claims in life insurance and problems with add-on insurance products in general insurance.

 

The challenge for individual organisations and the sector as a whole is how to improve community trust and confidence. Advertising slogans are not enough. Social media will quickly find out if it is there is a demonstrated disconnect between the stated values of a company and its actions

 

Community trust and confidence in the industry is also important to the regulators. APRA has said that the issue of community trust and confidence was an important consideration behind their decision to establish a Prudential Inquiry into the Commonwealth Bank. ASIC's annual forum in March 2018 is devoted to the topic of 'maintaining trust'. The Terms of Reference for the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (established in December 2017) specifically require the Commission to inquire into whether any conduct, practices, behaviour or business activities by financial services entities (including insurers) fall below community standards and expectations.

According to ASIC's corporate plan 2017-18 [at page 6], good insurance providers looks like ones who:

  • act professionally, treat consumers fairly and prioritise consumers’ interests
  • develop and sell a range of products and services with features that align with consumers’ needs and deliver value for money
  • ensure consumers are fully compensated when poor conduct results in losses.

Put simply, ASIC is committed to holding insurers to account in the delivery of products that offer good value and have been designed with consumers' genuine needs in mind. In the past, ASIC focussed heavily on misleading advertising, the sale of inappropriate products and poor disclosure. It now also very much focusses on product design.

In December 2016, the Federal Government issued a proposals paper 'Design and distribution obligations and product intervention power', setting out a number of measures including new obligations for insurers relating to product design and distribution, giving ASIC a product intervention power. Draft legislation was released in December 2017.

The proposed new design and distribution obligations will apply to most 'retail' insurance products. The aim is to move from the current situation where consumers are left to determine if a policy is suitable based on disclosure documents to a situation where the onus is on the insurer to design policies that meet the needs of relevant consumers.

Insurers will need to determine the target market for their products, having regard for whether the product would generally meet the likely objectives, financial situations and needs of persons in that market. They will also be required to select appropriate distribution channels for the identified target market.

Finally, insurers will be expected to review their products with reasonable frequency to ensure the product and its distribution channels remain appropriate for the target market. Distributors will be required to put in place reasonable controls to ensure policies are distributed in accordance with the identified markets and comply with reasonable requests from the insurer for information required for periodical reviews. The proposed new product intervention power will enable ASIC to intervene where it identifies significant consumer detriment in relation to an insurance product or its features, the types of consumers who can access a product and the circumstances in which they can do so. Currently, ASIC has a limited ability to intervene unless there has been defective disclosure. The actions that ASIC could take range from imposing consumer warning and labelling changes to banning the product.

ASIC has made clear it will not wait for the proposals to become law before acting to address current problems in product design. Using its current powers, they are investigating the sale of inappropriate products, products customers do not understand and/or products that are not aligned with customers' risk appetite. 

ASIC has raised concerns regarding add-on insurance through car dealers and has obtained agreement from insurers for refunds totalling over $100 million for affected customers. Another area under review is the sale of funeral insurance products.

Trust in the insurance industry also depends on effective dispute resolution and ombudsmen schemes. The new Australian Financial Complaints Authority (AFCA) announced in May 2017 will replace the Financial Ombudsman Service, Superannuation Complaints Tribunal and the Credit Ombudsman, and is intended to take effect from 1 July 2018.

Access to AFCA will be limited to consumers and small businesses, but that does not necessarily mean the disputes it can take on are small. AFCA will be able to deal with insurance disputes of up to $1 million and award compensation of up to $500,000 per claim.

Looking to the horizon, and linked with the issue of trust, a potential regulatory change could see the removal of the insurance exemption from the unfair contract terms provisions of the Australian Securities and Investments Act 2001. These provisions mirror the unfair contract terms provisions in the Australian Consumer Law and apply to all other standard form contracts in the financial services sector.

Insurance contracts are currently excluded from the regime on the grounds that consumer protection is adequately provided under the Insurance Contracts Act, and in particular the duty of utmost good faith. Not surprisingly, the Insurance Council and the Financial Services Council support the status quo while consumer groups advocate for the removal of the exemption.

In its submissions to an inquiry into the general insurance industry by the Senate Economics Reference Committee earlier this year, ASIC expressed its support for the extension of the unfair contract terms provisions to insurance contracts, telling the committee "We think it would add to the regulatory regime in a beneficial way for consumers". [page 69]

The Committee came to the view that the exemption is unwarranted and creates a significant gap in consumer protections. In its August 2017 report 'Australia's general insurance industry: sapping consumers of the will to compare', the Committee recommended that the exemption be removed. The Government has accepted this recommendation and proposals for removing the exemption are anticipated in early 2018.

The impact of technology

We live in a rapidly changing, technology driven world that presents both opportunities and challenges.

One of the biggest challenges faced is cybersecurity and managing technology risk. In October 2016 APRA released the results of a survey of 37 regulated institutions. It showed respondents had experienced a range of cyber security incidents over the past twelve months and that threats with the potential to cause a material impact appeared to have been well managed through a combination of effective monitoring and response activities. Nonetheless, the challenge remains, and continues to grow in its complexities.

Technology has increased the data flow between consumers and insurers (and their representatives), enabling insurers to hold a lot of information about their customers. Insurers must therefore ensure customers feel confident their personal information is safe and will be used appropriately.

This is a reputational requirement, but also a legal one under the Privacy Act 1988 (Cth) and the Australian Privacy Principles. From February 2018 organisations will be required:

  • to carry out a reasonable and expeditious assessment if they have reasonable grounds to suspect that there may have been an eligible data breach (and to take reasonable steps to complete that assessment within 30 days); and
  • to make the prescribed notifications to the Office of the Australian Information Commissioner (OAIC), and if practicable, to affected individuals) as soon as they are aware that there are reasonable grounds to believe that there has been an eligible data breach.

As well as developing or updating their data breach response plan, organisations must understand the flows of personal information in their business, including how that information is stored and secured.

Technology is being harnessed by regulators to assist them in their discharging their responsibilities. In particular:

  • to identify and assess potential misconduct and to manage risks to financial stability, and
  • to act as a key driver of positive culture.

 

While creating significant challenges, technology also creates opportunities to develop insurance products and services that better align with what consumers need, or at least what they want. 

 

For example, AXA recently announced a new flight delay insurance product, Fizzy, a smart contract that stores and processes payouts using blockchain. Payments will be made automatically once a flight is delayed for more than 2 hours.

However, opportunities such as Fizzy are hampered by the challenge of legacy systems, processes and products.

This does not simply mean old computer systems, but also the challenge of adapting a system that has developed over centuries to the modern world. Imagine an insurance industry with no legacy products, starting from scratch. Would the products and distribution channels look different? Not just for consumers but also for businesses?

For example, there are numerous types of liability policies on the market, and it is often assumed in the insurance industry that they neatly mesh with each other so one type of risk is covered under a particular policy and not another, and separate policies do not overlap. This is a distinction that many businesses struggle to understand, which explains the popularity of package policies. It is also based on an assumption that the courts have made clear will not always apply.

In Chubb Insurance Company of Australia Ltd v Robinson (2016) 239 FCR 300, Chubb submitted that an exclusion clause in a directors and officers liability insurance policy in respect of professional services should be interpreted consistently with the insuring clauses in professional indemnity insurance policies. Its argument was that the professional indemnity carve out was intended to fit neatly with the commonly understood scope of cover usually provided in professional indemnity policies.

The Full Federal Court rejected this approach. The plurality stated, 'We do not agree that, in every case, the scope of an exclusion in respect of professional services in a D&O policy must correspond with the scope of cover provided by the commonly used insuring clause in policies which provide professional indemnity cover. That is far too general a statement…' [at 124]

In that case the two policies were issued by different insurers and the Full Court did suggest that if Reed had taken out a professional indemnity policy with Chubb, the terms of that particular cover may have been of some assistance in the construction of the professional services exclusion clause in the D&O policy. [at 122]

These legacy issues are likely to be less of a challenge for new entrants to the market, and the regulators are looking at ways to facilitate new FINTECH services.

APRA have said they are reviewing their licencing framework to see how it can be improved to accommodate both new entrants and existing companies wishing to offer new products and services to insurers.

ASIC has established an Innovation Hub to help startup businesses navigate the regulatory system and a regulatory sandbox to enable eligible businesses to test new products or services without a licence. Potentially eligible products include general insurance for personal property and home contents with a maximum of $50,000 insured.

The challenge for the insurance industry, and regulators remains. How will insurance products and services adapt to meet the demands and challenges of today's society and most importantly, how will they do so with integrity.

Tags

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYW1laWQiOiJiNzE2YjdjNy1jN2E2LTRjNWMtOTc1NS03YTQ3ZmJlMTQ2MTEiLCJyb2xlIjoiQXBpVXNlciIsIm5iZiI6MTczOTM3ODQ4OSwiZXhwIjoxNzM5Mzc5Njg5LCJpYXQiOjE3MzkzNzg0ODksImlzcyI6Imh0dHBzOi8vd3d3Lm1pbnRlcmVsbGlzb24uY29tL2FydGljbGVzL2NoYWxsZW5nZS1hbmQtY2hhbmdlLWluLXRoZS1pbnN1cmFuY2UtaW5kdXN0cnkiLCJhdWQiOiJodHRwczovL3d3dy5taW50ZXJlbGxpc29uLmNvbS9hcnRpY2xlcy9jaGFsbGVuZ2UtYW5kLWNoYW5nZS1pbi10aGUtaW5zdXJhbmNlLWluZHVzdHJ5In0.9vekEAfUZrF1K8vU1S4nr4CrLig-1hS0jFqihI0vtZk
https://www.minterellison.com/articles/challenge-and-change-in-the-insurance-industry

Point of View: insights into key issues and challenges facing business today.

In this series of interviews with MinterEllison partners we hear their perspective on key areas of interest to our clients and the business community.