The Financial Services Royal Commission and other emerging issues relating to the general insurance industry from an ASIC perspective


Keynote address by ASIC Commissioner Sean Hughes at the Insurance Council of Australia Annual Forum 2019, Hilton Sydney, 27 February 2019


Thank you for inviting me to speak at your annual forum today. As Rob has just indicated, today is an important opportunity to discuss and reflect on the findings and recommendations of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry (or the ‘Financial Services Royal Commission’ as it is more commonly known). I would like to consider what these findings and recommendations mean for both the providers of insurance and your customers, with a focus on rebuilding trust.

Let me begin by acknowledging the traditional owners’ ongoing connection to and custodianship of the lands on which we meet today. I pay my respects to elders both past and present.

Most of today will be a discussion in one form or another on the Financial Services Royal Commission, and my address will be no exception in this regard. I will focus my remarks on three important aspects. Firstly, the Royal Commission and how we ended up here. Next, Government policy responses and the focus for ASIC in 2019 and beyond. And lastly, the implications for general insurers.

While the work that lies ahead may seem challenging, it is an effort that must be made. It is important to remember that these changes have one critical purpose – to rebuild community trust. And we all have a part to play.

Let me begin by introducing myself.

As Ali kindly noted, I have been appointed as an ASIC Commissioner for a five-year term. I have a very broad perspective having worked as an adviser to, a provider, user and a regulator of financial services. My focus at ASIC will be on your sector, as well as life insurance, credit, retail banking and payments. This very much fits with my long-standing interest and career in these sectors. As can be seen from my history, I have an association with your industry over many years and am keen to work with the industry to effect changes that are in the interests of the Australian community.

Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry

As you might expect, the Financial Services Royal Commission has had a significant impact on ASIC over the past year and will continue to do so into the future, in both responding to information requests and now preparing to implement recommendations. Over the course of the Royal Commission, ASIC produced more than 97,000 documents, responded to 142 requests for information, provided 12 witness statements with over 400 exhibits, and seven of our staff members gave evidence on 10 occasions. I am sure each of you has your own story to tell about the impact the Royal Commission has had on your organisations.

While the impact has indeed been substantial, it is important to remember that in Australia, Royal Commissions are reserved only for the highest of inquiries. Before considering the implication of the recommendations it is important to first remember the ‘why’, why did we have a Royal Commission in this area? In other words, what failed our community?

Poor consumer experience is the why and the what—and specifically, unjustly poor consumer experience. This is highlighted by the case studies presented to the Royal Commission and the many other stories featured in public reporting. Regardless of policy technicalities, these stories matter not just to individual policyholders, but to the reputation of the market as a whole, and in combination, led to the erosion of public trust and the failure by industry to meet community expectations.

The Financial Services Royal Commission has allowed the world to see the bad behaviour that we, as regulators, come across all too often in our everyday work. The public hearings held by the Royal Commission helped to bring this behaviour to life by highlighting the human impacts and personal costs of misconduct. To those critics who would say the case studies presented an unrepresentative vista of consumers’ and policyholders’ experiences, we would point out that there were (and are) many, many other stories which went untold in the time the Royal Commission had available to it.

The Royal Commission has made important recommendations about changes needed to Australia’s financial services regulatory framework to address this behaviour and I will speak more about this in a moment.

It is important to recognise that community expectations of insurance develop through the representations insurers make in disclosure documents, in advertising, and in vision and value statements.

These statements are widely used to let consumers know how a business—that is, your businesses—wants to be viewed and what a consumer can expect. See if you recognise any of these vision statements:

  • ‘We’ll be here when you need us. We’ll ease the burden if you ever need to claim, eliminate the stress and help you every step of the way.’
  • ‘We will be known for keeping our promises, and for our fair and ethical approach to doing business.’
  • ‘Our purpose—to make your world a safer place.’

These are the vision and value statements for some of the businesses you represent. These are the things that your CEOs and boards, managers and staff claim are core to your business.

If these values were genuinely reflected throughout the business practices of your firms then there is reason to think that we would not be here today reflecting on recommendations of a Royal Commission into misconduct in the financial services sector.

To truly meet community expectations, these statements need to be more than an advertising by-line.  ASIC is acutely aware of this issue. We understand that corporate culture is complex and influenced by staff behaviour, business practices, leadership and corporate values. Clearly, it is not ASIC’s role to prescribe what a firm’s culture should look like. ASIC’s role is, however, to consider how inconsistencies in what firms say and what firms do may have led to poor conduct and poor consumer outcomes. And it has certainly contributed to the trust deficit which exists today.

In recent thematic reviews, we found that actual conduct is not matching value statements, policy documents or staff training. In a 2018 review of the compliance of 12 financial services groups with their breach reporting obligations, we found that potential breach investigations were not being given enough priority or resources, consumer remediation was regarded as a ‘distraction’, and ‘lessons learned’ exercises were not being undertaken.[1]

In another report in 2018 on the sale of direct life insurance, we contrasted firms’ descriptions of their values, objectives and desired consumer outcomes with the ‘observed sales culture’ through our own assessment of processes and practices and staff behaviour. We found disconnects between how the firms’ stated values were translated into concrete and measurable outcomes. Overall, we found that all firms could do far more to actively consider consumer outcomes and embed this value consistently in all their processes and procedures.[2]

I think we can all point to instances in our careers where adverse consumer feedback or complaints have been treated as of no more than “nuisance value” and just a cost of doing business. We need to move the dial from this being just a compliance tick-box exercise, to one where meeting consumer expectations is what we aspire to do, each and every day.

Community expectations about insurance

People take out insurance for peace of mind, to protect their homes, cars and families. The value of an insurance policy is in the promise—so that a consumer can feel confident and secure that they will be looked after when something goes wrong. However, we also understand that the community expects their insurer to be there when something actually does go wrong, and to be treated fairly and with dignity and respect.

Unfortunately, testimony in the Royal Commission provided a sobering snapshot of a serious disconnect between community expectations and consumer experiences.

This was seen in the case of a policyholder who made a claim on her house insurance after an intense hail storm in Broken Hill. At the time, the policyholder was a mother of three and expecting her fourth child. She worked extra shifts to save up for the $775 excess payment required under her policy. Because of lengthy delays and poor conduct by the builders her insurer appointed, she was forced to live in a caravan park to avoid the serious risk of lead poisoning at her home after the storm.

The community, rightly, want to know why this sort of thing happened and reassurance that it won’t happen again.

Recommendations from the Royal Commission

While the testimony at the Royal Commission was on many occasions very difficult to hear, the recommendations should not be a surprise to anyone here. Many of the 76 recommendations apply broadly across the financial services sector and there is a suite of insurance-specific recommendations. This is notable given that the Royal Commission started as a review of just the banking industry. However, the insurance industry has also been found wanting. As you are no doubt aware, 15 of the Royal Commission’s recommendations relate specifically to insurance, as do a number of the 11 referrals to ASIC.

I know you’ll be hearing from Deputy Chair Lonsdale of APRA later today. Importantly, for both ASIC and APRA, the Royal Commission endorsed the current ‘twin peaks’ model of financial regulation and recommended that it should be retained. That is, responsibility for conduct and disclosure regulation lies primarily with ASIC and responsibility for prudential regulation with APRA—with some subtle, though important, realignments.

ASIC also welcomes the Royal Commission recommendations on key reforms that we have been seeking for quite some time. These reforms include changes to breach reporting obligations, a directions power for ASIC and an extension of the proposed design and distribution obligations and product intervention power.

On the extension of unfair contract terms to insurance contracts, significantly, the Royal Commission has supported the main subject matter being cast narrowly as ‘the terms of the contract that describe what is being insured’.

The Royal Commission has also recommended that the exemption for insurance claims handling and settlement be removed.

ASIC welcomes these recommendations. Not only do they align with the changes we have called for, they also ensure insurance policies better meet expectations of consumers and the community generally. 

It is pleasing to see that the ICA has already given public support to the aims of the Royal Commission recommendations. We look forward to working with the ICA to implement these important reforms. We think it is critical for us to work constructively with the industry as these reforms are introduced to help ensure their successful implementation. This should help reduce friction for your businesses and provide certainty to your customers.

Government policy response

The Government has committed to implementing the Royal Commission recommendations. Part of this work will include the introduction of design and distribution obligations and will give ASIC product intervention powers over these products.

The Government also proposed that ASIC take on additional responsibility for executive accountability within financial institutions and a bigger role in conduct regulation in superannuation and insurance. These will be important new responsibilities.

We look forward to working with the Government on these significant policy initiatives.

Focus for ASIC in 2019

In 2019, ASIC will have a greater focus on court-based outcomes to provide strong public denunciation and punishment of wrongdoing. We will start by asking ‘why not litigate?’ While we recognise that in some cases other regulatory actions may be a better targeted and appropriate response —and we certainly cannot litigate all the breaches and reports of misconduct we receive—general and specific deterrence require the sanction of a court.

We will also ensure we continue to work closely with our fellow regulator, APRA. As with our joint work in gathering data on life insurance claims, you should be confident that we are aware of the importance of ‘one-touch’ regulation. When we are preparing our data requests, we look at data already collected and use definitions already developed. We know this is important for you and it is also far more efficient for us. APRA Member Summerhayes and I are both committed to ensuring that we work collaboratively in discharging the twin peaks regulators’ approach to the insurance sector, while recognising we each have unique responsibilities and approaches.

ASIC has always been keen to encourage a more holistic regulatory approach to supervision, aligned to the global context, and ASIC’s focus on hosting and participating in supervisory colleges continues to be useful in this endeavour.  These supervisory colleges are applicable broadly across financial service providers and allow the opportunity for regulators to gather to discuss entity-specific financial and non-financial risks, and for both the entity and the regulators to consider the firm’s entire risk profile.  This promotes a better overall understanding of the interdependencies and key pressure points, and more efficient identification of weaknesses that require redress.    

Close and continuous monitoring

ASIC’s Close and Continuous Monitoring supervisory approach (or CCM) began in October 2018.

CCM involves ASIC teams spending time onsite in our five largest financial services institutions to engage with the firms on specific aspects of their non-financial risk management, compliance culture and engagement with ASIC.  

We are seeking to influence the way these large institutions identify, evaluate and respond to compliance risks and breaches. Over time, we expect to see behavioural change in these areas, leading to better customer outcomes. Of course, if we come across breaches during our supervisory visits, we will refer them to appropriate areas within ASIC.

We are taking a thematic approach to CCM.

The initial focus has been on breach reporting, after the release of our report on this issue in 2018.[3] I’ll say more about that work in a minute. We will look more closely at how these institutions discharge their breach reporting obligations. We expect that our reporting back to the senior management and Boards of these entities following these reviews will also provide important insights about the risk management and the culture of each institution.  

Other on-site supervisory work that ASIC is engaging in covers internal dispute resolution processes in these institutions. Commencing in November 2018, a specialist ASIC team is conducting onsite monitoring of the internal dispute resolution functions at NAB, CBA, Westpac and ANZ, as well as AMP.  The ASIC team is reviewing and assessing these firms’ internal dispute resolution arrangements, including processes, practices, resourcing, communications, governance and reporting as well as systems capabilities. As the first step in the financial dispute resolution system, internal dispute resolution has a vitally important role in Australia’s consumer protection framework.

Breach reporting

More broadly on breach reporting, in the first half of the 2018–19 financial year, we have seen an increase of over 75% in breach reports made to ASIC compared to the same period the previous year. For the whole of the 2018 financial year, we saw an increase of over 30% in breach reports compared to the 2017 financial year.

This is likely to be due to the focus of the Royal Commission and increased awareness of ASIC’s expectations around compliance with this significant duty.

Breach reporting is a fundamental financial services obligation. It helps the regulator to engage with conduct issues and has a consumer care element. Breach reports are also an important source of information for ASIC about risks and potentially unlawful conduct in the financial services sector.  Failure, or simply delay, in breach reporting, undermines our ability to take timely and appropriate action. Delays in identifying breaches also increase the risk of consumer loss or detriment.

It is important that firms comply with their breach reporting obligation in the interests of protecting consumers now and into the future. We think licensees should focus on:

  • improving their ability and speed in identifying and investigating breaches;
  • maintaining a culture which prioritises consumer remediation and breach reporting; and
  • using any incidents identified to prevent similar incidents in the future.

Corporate Governance Taskforce

As part of the broad range of on-site supervisory work that ASIC is now doing, we have increased our focus on the corporate governance practices of large listed entities and established a Corporate Governance Taskforce.

The Taskforce is conducting a review of a selection of ASX 100 entities to closely observe governance practices across a spectrum of large listed companies. Entities under review come from a range of sectors (both non-financial services as well as financial services). 

The Taskforce initially has two key areas of focus:

  • firstly, the role of the board and officers in the oversight (and in the case of officers, the management) of non-financial risk; and
  • secondly, the role that conduct plays in decisions about the granting and vesting of variable remuneration for executives.

The purpose of the Taskforce’s review is to:

  • identify and report on our observations of governance practices, both good and bad, in large listed entities; and
  • inform the market about ASIC’s views and recommendations for improving governance practices.

We will publish a report in the third quarter of 2019 to highlight practices that require improvement as well as those which represent good practice. 

So, why are we doing this?  While many firms promote their governance policies and frameworks, very little is disclosed about a firm’s actual governance practices or how it makes decisions about, for example, vesting of variable remuneration. We strongly believe that providing some transparency about actual practices as well as ASIC’s recommendations on how those practices could be improved will help to lift governance standards.

Consumer credit insurance

Moving now to work which is more specific to your sector, we are continuing to focus on inappropriate sales of consumer credit insurance (or CCI). In our view, the responsibility to ensure that CCI is not sold inappropriately is shared by both the sellers of the insurance, and the insurers themselves.  

The Financial Services Royal Commission heard from a consumer who was sold CCI by a bank in 2014 when applying for a credit card. This was despite her specifically questioning her ability to claim on the insurance as she was not employed at the time.  She told the Royal Commission:

‘They were telling me it’s good for me, it will benefit me, it will help me in the long run if anything happened to me…. I explained … I wasn’t working… she said if I stopped working that … it would help cover any sort of costs that I couldn’t afford…. And when I told her I wasn’t working she said I can still claim on it.’[4]

This is a sale of CCI that should not have taken place. The consumer was not eligible to claim on the cover from the outset, and as later testimony revealed, she was not able to afford the cover.

This is a sale of CCI that very likely would not have taken place if the recommendations from our report in 2011 on mis-selling of CCI had been adopted.[5] We made a specific recommendation in our report —that the main exclusions applying to CCI must be clearly explained.

However, even without this guidance, surely it fits within a firm’s values and governance to only sell policies to a consumer who is eligible to claim on the policy?

Disappointingly, our current work on the sale of CCI has highlighted that our recommendations in 2011 were not universally adopted and, following that work, there continued to be widespread mis-selling of CCI. We are working with lenders and insurers on appropriate remediation—now expected to be tens of millions of dollars paid to 100s of 1000s consumers. That’s tens of millions of dollars of other people’s money that is only now being returned to them. It should come as no surprise that we are also considering our regulatory options and indeed ASIC’s Chair James Shipton has stated publicly that we have already started an investigation in one of these cases.

We are also looking at the value to consumers of this type of insurance product.

In our review in 2011, ASIC identified a high number of denied claims and cancelled CCI policies. In our 2018 review, we have looked closely at the claims ratio of CCI sold with credit cards, personal loans and home loans. We found the average claims ratio is just 18 cents in the dollar, and for CCI sold with credit cards it is just 10 cents in the dollar. We question the value of a product with such a low claims ratio and whether it offers true peace of mind.

We also worked with the banking industry to introduce a deferred sales period in the industry code for CCI sold with credit cards and personal loans. We look forward to working with stakeholders on the Government’s proposal to mandate a deferred sales model for all add-on insurance products.

We will be saying more about our work on CCI later this year in a public report.

Fraud investigation practices

We are continuing our work on reviewing how insurers investigate claims that are suspected of being fraudulent. Of course, we acknowledge that it is not in the community’s interest for insurers to pay fraudulent claims, and that insurers need to have a process to validate the circumstances of claims. However, there is a balance between following the necessary processes to identify fraud and ensuring legitimate claims are paid swiftly.

Our work in this area has brought together relevant stakeholders in a workshop to develop appropriate standards, a review of insurer policies and procedures and gathering data on the number of comprehensive motor vehicle claims investigated and the outcome of these claims. The data we have collected indicates that over 70% of claims being investigated are in fact found to be valid and then paid. In contrast, only a very small fraction of investigated claims, a little over 4%, are declined due to fraud. We consider these figures reveal a very high ‘false positive’ rate for suspected fraudulent claims.

Our data also indicates that almost 15% of investigated claims are withdrawn, with a withdrawal rate of 45% for investigated claims that take more than 360 days to be resolved. We expect firms should ensure that the investigation process does not wear consumers down to the point of abandoning legitimate claims.

To better understand the impact on consumers of such a high ‘false positive’ rate, we are doing some targeted consumer research. This research is not yet complete, but I would like to share with you one of the consumer stories that has already emerged.

Brian (not his real name), an experienced management professional, was accused of fraud by his insurer of over 30 years and told that his policies would be cancelled. The ‘fraud’ related to hail damage on one of his cars. The insurer and their ‘expert’ took the view that most of the damage was made by a tool as the scratches were not consistent with hail. The insurer just did not believe Brian’s explanation that before he travelled overseas for three weeks, he put a car cover on his newest car and the damage was caused by the car cover being hit by hail. His other two cars that were damaged in the same hail storm did not have car covers and were repaired by the same insurer without incident.

At his own considerable expense, Brian hired a lawyer and his own forensic expert to prove his explanation and his claim was eventually honoured and his policies reinstated. Brian was never offered a face-to-face meeting with the insurer and says he felt like a criminal. The stress of this investigation, the accusations that he was lying, and the considerable effort required to defend his claim had a huge impact on his life. Not surprisingly, Brian is now moving to a new insurer and telling everyone he knows how he was treated. While I will not name the insurer involved, Brian certainly will.

Overwhelmingly, consumers in our research say that they were just not believed. There must be a better way to validate a claim. Insurers should have investigation processes that are fair and reasonable and do not rely on consumers seeking robust and expensive legal representation or being so worn down by the process that they abandon their claim.

We have worked closely with the ICA on the draft provisions relating to investigations in the revised General Insurance Code of Practice. We welcome these provisions as a first step and will continue to engage with the ICA as our work develops to ensure standards are appropriate.  A report on the findings of our work in this space will be issued this year.

General Insurance Code of Practice

On the review of the Code more broadly, ASIC has provided comment and feedback as part of the ICA’s stakeholder engagement. Several of our recommendations have been adopted in the draft Code.  We note the recommendation from the Royal Commission for Codes to include ‘enforceable provisions’. We will be working with Government and industry to implement this recommendation.

In the meantime, we encourage the ICA to continue the work on the current review and implement the proposed update Code. 

This review of the Code has provided an important opportunity for the industry to address genuine concerns and strengthen industry standards to meet consumer expectations and it would be a shame to defer the enactment of a revised Code which benefits both consumers and the industry.

Codes must be living documents that reflect community expectations and evolve over time to address feedback on how they are operating in practice. This makes periodic reviews and amendments essential to maintain the Code’s relevance and credibility. To truly meet community expectations, code subscribers also need to be accountable and seen to be accountable. Breaches of the code must be sanctioned, and this should be done in an open and transparent manner. This sends a message that, as an industry, you are committed to recognising failings and fixing them.  

As Commissioner Hayne stated:

‘Industry codes are expressed as promises made by industry participants. If industry codes are to be more than public relations puffs, the promises made must be made seriously. If they are made seriously (and those bound by the codes say that they are), the promises that are set out in the code, and are intended to govern the particular relations between the provider and the acquirer of a financial product or financial service, must be kept. This must entail that the promises can be enforced by those to whom the promises are made.’[6]

The Code can be an important part of rebuilding trust with the community.

Implications for general insurers

Before trust can be truly rebuilt, the deficit needs to be acknowledged.

We encourage the insurance industry to make the changes now to improve consumer outcomes and not wait for legislative changes to drive a minimalist legal compliance approach.

Make the changes to disclosure documents now so they actually work for consumers. Look again at the ICA’s own research findings in this area to see what could succeed. Test some ideas and come and talk to ASIC if there are regtech solutions that can help you implement solutions.

Be clear, to the public and your staff, about who your products are intended for and who they do not suit. If you know that one of your products does not cover particular groups of people, say this.

Make sure you know how your products are being sold and through which channels. Be careful to match the distribution of your products with who you intend the product to suit.

Reduce the risk of your products being mis-sold by getting rid of misaligned incentives. Think about this issue broadly. Sales incentives, volume bonuses, retention payments and even balanced scorecards can all contribute to poor consumer outcomes.  

Undertake regular reviews of your products’ claim ratios and other value metrics. While these factors may not indicate everything about how a product is performing, they can provide a general guide of the product’s value to consumers and raise areas for further investigation.

Keep consumer outcomes in mind at all times by asking:

  • Does this product offer real value?
  • Will the intended consumer benefit from this product?
  • How straightforward is a successful claim?

We encourage you as an industry to aim high. And when you think you’ve got there, aim higher still. Aim to exceed, rather than meet community expectations. Be proactive in addressing known issues and identifying new ones. Look at withdrawn claims and make sure you understand what is happening. Look at the complaints your customers make and understand what is driving these. Be prepared to have the difficult conversation with policyholders, to learn from your mistakes and their experiences. Ask yourselves the hard questions about whether, or how, your products or sales practices need to change.

We need to look to the future. None of us can stand back and wait for another Inquiry or Royal Commission for answers to issues which we can resolve for ourselves. ASIC stands ready to work with the Parliament, the Government, APRA and other regulators to implement the reform agenda. Beyond that, ASIC looks forward to working with enhanced powers and resourcing, its strengthened enforcement culture and the full range of other regulatory tools available to it, to strive for a fair, strong and efficient financial system for all Australians.

We look to the insurance sector to join us in delivering such a system for your policyholders and customers. This isn’t just a nice to have, it’s a must have – not only for the success of your business, but for the reputation of Australia’s financial markets.

[1] Report 594 Review of selected financial services groups’ compliance with the breach reporting obligation (REP 594).

[2] Report 587 The sale of direct life insurance (REP 587).

[3] See REP 594.

[4] Financial Services Royal Commission, Transcript of proceedings, 19 March 2018, p. 495.

[5] Report 256 Consumer credit insurance: A review of sales practices by authorised deposit taking institutions (REP 256).

[6] Financial Services Royal Commission, Final report, February 2018, p. 12.

Media enquiries: Contact ASIC Media Unit