By Johann Spies, Partner and Andrew Mulligan, Associate

As we kickstart into a new year, the regulatory priorities for the Australian insurance industry continue to evolve in the face of a dynamic, and often unpredictable, economic and political landscape. Consumer protection and organisational resilience remain at the forefront of the regulators’ agenda. With new legislative reforms coming into effect in the near future, the insurance sector will need to adapt quickly and ensure that processes are implemented early to remain compliant.

The Australian insurance industry has undergone considerable change in recent years, with natural disasters growing in frequency and intensity and the everchanging economic and political environment continuing to test consumer and organisational resilience. Against this backdrop, the Australian regulators will be focusing on ensuring consumer protection and good organisational frameworks in 2024.

In announcing its enforcement priorities for 2024, the Australian Securities and Investments Commission (‘ASIC’) has outlined a number of consumer-focused protections against the backdrop of heightened vulnerability as a result of increasing inflation and rising interest rates. Key among them is the strategic priority on Product Distribution and Design. ASIC has indicated it will continue to use enforcement action to reduce the risk of harm to consumers of financial, investment, credit and credit-like products caused by poor product design, distribution and marketing.

Across 2022-2023, ASIC initiated four Court proceedings against entities for non-compliance with the Design and Distribution Obligations (‘DDO’). These claims ranged from failing to prepare a target market determination (‘TMD’) as required before distributing financial products to consumers, distributing products to consumers outside the TMD, failing to review the TMD when becoming aware of circumstances which indicate the TMD is not appropriate, and others. Given ASIC’s stated intention of pursuing litigated outcomes for non-compliance with DDO, issuers and distributors of financial products (including insurance products) need to ensure that they have the appropriate compliance frameworks in place and that they have internal processes to regularly review and update their policies.

Another key enforcement priority in 2024 is Insurance Claims Handling. Since 1 January 2022, claims handling and settling services have been regulated as a financial service in Australia. Given the relative novelty of this regulatory focus, ASIC has stated it will conduct thematic reviews aimed at poor claims handling practices, with a focus on delays, poor communication, and record keeping, and inappropriate use of wear and tear exclusions, as well as pricing issues and claims handling misconduct. On 17 August 2023, ASIC released Report 768  following its review of  218,256 home insurance claims lodged between 1 January and 31 March 2022. Most claims reviewed were a result of severe weather events, including the February–March 2022 floods in Queensland and New South Wales

Among its findings, the Report noted that poor communication was a constant source of consumer dissatisfaction, and that insurers should ensure that its services and claims handling practices are tailored to meet the needs of consumers at their most vulnerable during times of hardship. In November 2022, ASIC issued a letter to all general insurance companies setting out its expectations that general insurers “be prepared, proactive, transparent, consumer-centric, and responsive in meeting their claims handling obligations”. We expect ASIC’s scrutiny on the insurance claims handling industry to increase over 2024 (including through the use of enforcement and litigatory action), and insurers should be aware that ASIC will likely continue to test their systems to ensure they are meeting the regulator’s expectations.

Recent years have also seen a proliferation of cyber and technology related risks, putting organisational resilience and reputation in the spotlight. Cyber attacks and data leaks have become all too commonplace in today’s technology-driven world and the insurance industry is not immune to the challenges it presents. In this context, the Australian Prudential Regulation Authority (‘APRA’) has outlined in its 2023-24 Corporate Plan that Operational Resilience is a key focus. To deliver on this outcome, APRA has finalised its new Prudential Standard CPS 230. CPS 230 is aimed at ensuring insurers and other APRA-regulated entities can better manage operational risk from business disruptions and is due to commence on 1 July 2025 (unless the entity has pre-existing contractual arrangements in place with a service provider, in which case CPS 230 will apply in relation to those arrangements from the earlier of the next renewal date of the agreement or 1 July 2026).

CPS 230 contains extensive obligations on APRA-regulated entities and requires them to:

(a) effectively manage its operational risks, and set and maintain appropriate standards for conduct and compliance;
(b)maintain its critical operations within tolerance levels through severe disruptions; and
(c) manage the risks associated with the use of service providers.

For example, all insurers (including general, life and private health) are generally required to classify their claims processing services as ‘critical operations’ and must establish minimum tolerance levels during periods of business disruption. This includes the maximum period of time the entity would tolerate a disruption to the operation, the maximum extent of data loss the entity would accept as a result of a disruption, and minimum service levels the entity would maintain while operating under alternative arrangements during a disruption.

It is clear by the extent of these new obligations that operational resilience during business disruptions remains a key focus of APRA moving forward. APRA has stated publicly that it expects regulated entities “to be proactive in preparing for implementation” ahead of a July 2025 start. As such, insurers need to be using 2024 to implement, monitor and test their systems and processes to ensure they are robust and are compliant with the new regulatory framework.

ASIC, APRA and the Australian Competition and Consumer Commission (‘ACCC’) have also variously indicated that their monitoring of Greenwashing and associated climate related disclosures and marketing remain a continued priority this year and going forward. ASIC has publicly revealed that its planned actions for the coming year include:

(d) undertaking targeted surveillance and oversight of sustainability-related disclosure and governance practices across regulated entities; and
(e) extending the focus of its continued enforcement action against misconduct to poor governance, in addition to misleading marketing and other greenwashing practices (for example, misleading or deceptive representations about sustainability, environmental or climate change credentials).

In line with APRA’s focus on operational resilience, APRA has also noted that it intends to review the effectiveness of Prudential Practice Guide CPG 229 Climate Change Financial Risks “with a focus on key issues such as embedding climate risk considerations clearly in risk management frameworks”. For this purpose, APRA has noted that it intends to seek voluntary responses to the next Climate Risk Self-Assessment survey in 2024. The focus on climate related disclosures and risks by Australian regulators is continuing to gain momentum and insurance industry participants will need to ensure they are prepared for a greater level of scrutiny. Insurers should implement appropriate risk management systems and ensure there is always a reasonable basis for making sustainability-related claims about their operations all the way through their supply chains.

Given that the regulators’ various priorities above are in addition to the implementation of a host of regulatory regimes, including preparation for the implementation of the Financial Accountability Regime due to commence for insurers in March 2025 and the remuneration regime set out in CPS 511, we expect that 2024 will be another busy year for compliance and legal teams in the insurance industry.