Royal Commission Response: Enforceable codes

From
Charmian Holmes

Charmian Holmes

This note discusses the Hayne Royal Commission recommendations 4.9 and 4.10 that the law should be amended:

  • to provide for enforceable provisions of industry codes

  • for the establishment and imposition of mandatory industry codes

  • to empower the Code Governance Committee to impose sanctions for breaches of the Code.

With respect to GI, Hayne recommended that the Insurance Council of Australia and ASIC should take all necessary steps by 30 June 2021 to have the provisions of the COP that govern the terms of the contract made or to be made between the insurer and the policyholder designated as ‘enforceable code provisions’. More on enforceable provisions later.

Hayne recommended that customers should be able to seek remedies for enforceable code breaches by electing to go through EDR (AFCA) or the courts. Such breaches could also amount to a contravention of AFSL licencing conditions (by failing to comply with applicable laws).

What is an Industry Code of Practice?

Industry codes of practice (COP) aim to establish and deliver certain standards of practice and norms of conduct. They are key instruments for self-regulation. At the very least they set out the minimum standards to promote better consumer outcomes – at their highest, they can show industry leadership above and beyond what is required by law.

Financial services industries can apply to ASIC to approve a code, but historically have not done so. Of the 12 current codes in the financial services sector only two – Banking and Financial Planning Association’s Professional Practice – have been approved by ASIC.

The GI Code

The first GI COP was launched in 1994. It was one of the first codes of this nature in Australia. Members of the ICA offering products covered by the code must subscribe to it. Any other industry participants may also subscribe; on its website, the ICA encourages all general insurers to adopt the code. There are currently about 180 subscribers including many brokers and underwriting agencies as well as insurers.

The GI Code has been reviewed six times, most recently in 2017, with the final report published by the ICA in June 2018. The report contained recommendations that the next version of the COP ‘introduce new layers to the existing Code in the form of standards and guidance. This is necessary to reflect the need for industry self-regulation to commit, at times, to more than just minimum standards and create momentum for leadership in certain areas.’ So, in areas such as family violence, mental health, disclosure and add-on insurance, the report recommended that these be best addressed through best practice, non-mandatory guidance notes.

The final report was written prior to the Royal Commission, which meant that any changes needed to be postponed until after Hayne handed down his recommendations. It now means that the ICA will need to go back to the revised draft that was published last year, consult with its members and come up with:

  1. Revised COP provisions, particularly in light of other legislative and regulatory changes that have either recently been instituted, in train or impending.
  2. A position as to which provisions of the new COP it considers to be enforceable i.e. those that govern or are intended to govern the terms of the insurance contract made or to be made.

The industry, through the ICA, will then need to seek ASIC’s approval of the COP, including as to which provisions should be enforceable. ICA can consider whether to adopt an interim update now to take advantage of the substantial work already done.

Hayne recommended this process be given until June 2021 for all three insurance codes (Life, GI and Super), noting they are all at various stages of revision. Interestingly, he observed that the insurance codes ‘are not at the same stage of maturity (or particular specificity) as the 2019 Banking Code.’

What does the GI Code cover?

The General Insurance COP was developed after consultation with consumer groups, businesses and the insurance industry, and allows insurers to voluntarily commit to standards of conduct beyond ordinary legislative requirements. In general, the Code requires insurers to be “open, honest and fair” in their dealings with customers, and prescribes more detailed obligations around various areas of the insurance customer experience.

The main areas covered by the GI Code are the sales process, claims management, financial hardship requests and complaints handling.

The Code also establishes an oversight body known as the Code Governance Committee (the ‘CGC’), responsible for monitoring and enforcing code provisions.

Should the Code be mandatory?

If a code is mandatory you must subscribe to it in order to be in the industry. This should be simple to implement.

ASIC currently mandates that you have to belong to an approved EDR service (for retail) as a condition of having an AFSL. This could easily be extended to mandating that subscribing to an approved industry code is also a condition of having an AFSL.

Just making subscription to the Code mandatory should have no implications for those that already subscribe, whether a member of the ICA or another industry participant. It will also facilitate a more level playing field between subscribers and non-subscribers.

Should parts of the Code be enforceable?

The recommendation is that some (but not necessarily all) of the provisions of the Code should be enforceable by consumers. This means that subscribers must implement the decisions of AFCA (or the courts) or face immediate sanctions.

The RC said that enforceable provisions of the Code should include those that govern the terms of the contract made or to be made between the insurer and the policyholder. We think that making good decisions about which terms are made ‘enforceable’ is one of the keys to a successful implementation.

What we think ASIC will want

ASIC already has powers to approve industry codes, including voluntary codes. For this to occur, ASIC has previously advised that such codes must have an independent body that is empowered to administer and enforce the Code, including appropriate sanctions. ASIC has also stated that consumers must have access to IDR / EDR (for breaches resulting in direct financial loss) and the ability to complain to the independent body about any other code breach.

We think that ASIC will also want the following prior to approving any industry code:

  • Prior stakeholder consultation including consumer groups
  • Adequate provisions for dispute resolution, remedies and sanctions – this could potentially extend from the current ‘breach of promise’ provisions into areas such as misleading and deceptive conduct
  • Most importantly, we think that provisions regarding code governance, compliance, monitoring and sanctions will need to be comprehensively addressed and strengthened.

Treasury Paper

Treasury has released a consultation paper on the enforceability of financial services industry codes. Submissions closed on 12 April 2019. The paper gives helpful background on industry codes including several that are administered by the ACCC and are of a different nature to those in financial services.

Finity’s view

We think that overall the GI Code of Practice has been an effective industry initiative over the last 25 years. In the current environment we think that making it mandatory and making it (selectively) enforceable is a good direction to take.

In responding to the Royal Commission it is our view that a desirable approach is to use the Code as a focal point for change. The advantages of this approach are:

  • It remains in the self-regulatory space, even though it is not completely industry-controlled
  • Maximises opportunities for stakeholder input and allows for a more nuanced implementation of Hayne’s recommendations, making it more fit for purpose
  • Avoids overlaying a different regime of conduct regulation on top of an existing one
  • Leaves ASIC as an escalation and enforcement player rather than a day-to-day supervisor
  • Building on something that has been reasonably successful rather than creating something new.

The Fold’s view

Licensees are required to report any ‘significant’ breaches of financial services laws to ASIC. If certain provisions of industry codes apply as law, then logically breaches of those provisions will also be reportable.

Whether a breach is significant is determined on a case-by-case basis, however Licensees who consistently breach the enforceable provisions of the GI Code of Practice will be sanctioned by ASIC under the Corporations Act. The penalty regime has not yet been determined, but currently a range of civil and criminal penalties and enforcement powers apply under the Corporations Act.

It is clear Licensees will require much more stringent oversight of Code compliance to be alerted where they or their service providers breach the Code to prevent systemic failures and to manage their Licence conditions.

By Raj Kanhai and Charmian Holmes

You must be logged in to post or view comments.