1 Legal framework

1.1 Which legislative and regulatory provisions govern the insurance sector in your jurisdiction?

The insurance industry in Australia is governed by both regulating authorities and legislation.

From a legislative perspective, the Insurance Contracts Act 1984 (Cth) imposes statutory obligations on both insurers and insured parties, such as the duty to act in good faith, in addition to the Insurance Regulations 2002 (Cth). Further, the Insurance Act 1973 (Cth) aims to protect the interests of insured parties.

In addition, the General Insurance Code of Practice regulates standards that insurers which have adopted the code agree to implement. The code is enforced by the Code Governance Committee.

The following legislation relates to the supervision of the general insurance industry:

The following legislation relates to shareholdings, changes in control and transfers of business regarding general insurers, changes in directorship of general insurers and transfers of certain assets/liabilities:

1.2 Which bilateral and multilateral instruments on insurance have effect in your jurisdiction?

Various international and national bilateral and multilateral instruments concerning insurance have effect in the Australian jurisdiction.

One example of a bilateral agreement with a foreign sovereign state is the Agreement on Healthcare Insurance Between Australia and the Kingdom of Belgium 2010. Pursuant to this instrument, a person who has rights to a benefit arising under the health insurance legislation of one contracting party is entitled to immediate medical treatment in kind during a visit to the territory of the other contracting party. The instrument provides that the expense of treatment is borne by the contracting party administering the benefit. However, the treaty does provide for a system of administering refunds from the contracting party of which the recipient of the benefit is a national.

An example of bilateral agreements between national bodies is the National Disability Insurance Scheme (NDIS). The NDIS features bilateral agreements between the Commonwealth of Australia and the individual states and territories, with the exception of Western Australia. Pursuant to these bilateral agreements, funding spent by states and territories for disability services will now be redirected to the National Disability Insurance Agency (NDIA). The NDIA is then tasked with implementing the NDIS. The purpose of the NDIS is to establish a uniform scheme through which all Australians who acquire a permanent disability are provided with all reasonable and necessary supports required by them to live an ordinary life.

1.3 Which bodies are responsible for enforcing the applicable laws and regulations? What powers do they have?

Three main bodies regulate the insurance industry, as follows.

Australian Prudential Regulatory Authority (APRA): APRA is an independent statutory body that oversees:

  • authorised deposit-taking institutions (eg, banks, building societies and credit unions);
  • general insurers;
  • life insurers;
  • friendly societies;
  • private health insurers;
  • reinsurance companies; and
  • superannuation funds.

APRA is:

  • empowered to establish and enforce prudential standards and practices; and
  • mandated to ensure that financial promises made by regulated insurers are met within a stable, efficient and competitive financial system.

Australian Securities and Investment Commission (ASIC): ASIC is a statutory body tasked with:

  • maintaining, facilitating and improving the performance of the financial system and the entities that are active in it;
  • promoting confident and informed participation by investors and consumers in the financial system;
  • administering the law effectively and with minimal procedural requirements; and
  • taking action to enforce and give effect to the law.

ASIC is vested with broad powers to perform its functions. These include:

  • powers to register and license financial service providers;
  • regulatory powers, such as the ability to make rules to ensure market integrity; and
  • enforcement powers.

Australian Competition and Consumer Commission (ACCC): The ACCC promotes competition and fair trade in the marketplace to benefit consumers, businesses and the community. The ACCC is empowered to ensure that individuals and businesses comply with Australian competition, fair trading and consumer protection laws. The ACCC is established under the Competition and Consumer Act 2010 (Cth) and is vested with a wide array of powers under the legislation to fulfil its functions.

Other bodies include the Australian Financial Complaints Authority (AFCA) which handles complaints from insured parties regarding their insurer and/or insurance products. AFCA uses non-adversarial methods to attempt to resolve a dispute and/or make recommendations. Further, additional regulatory bodies exist for particular industries and types of insurance – for example, workers' compensation is regulated by state-based WorkCover bodies.

1.4 What is the regulators' general approach in regulating the insurance sector?

The insurance sector is highly regulated and the approach of each regulator will differ depending on its statutory remit.

APRA, for instance, identifies its remit as regulating financial entities in accordance with the prudential laws of the Commonwealth. This involves:

  • setting prudential standards for regulated insurers;
  • monitoring compliance with those laws and standards through supervision; and
  • intervening early to resolve issues.

APRA aims to proactively identify prudential risks and take action to prevent harm before it occurs. In this respect, APRA aims to promote the stability of the financial system.

APRA has identified that it is not tasked with ensuring a ‘safety at all costs' agenda. Establishing a zero-failure regime would limit the risk taking of financial institutions. APRA's objectives, therefore, require it to avoid unduly hindering the other desired objectives of the financial system – namely, efficiency, competition and contestability.

2 Insurance contracts

2.1 What are the main types of insurance available in your jurisdiction?

The main forms of general insurance are as follows:

  • Home and contents insurance: This covers financial losses associated with damage or loss of real property or possessions.
  • Motor vehicle insurance: There are four types of motor vehicle insurance:
    • Compulsory third party is mandatory in all states and territories, and provides compensation for bodily injuries caused by vehicles. It does not provide cover for any damage to the vehicle.
    • Comprehensive insurance can cover damage to vehicles, theft of vehicles, collision, malicious damage and weather damage. Depending on the policy, it can also cover damage caused to other vehicles.
    • Fire and theft only is limited to fire damage to, and theft of, vehicles.
    • Third-party property provides cover only for vehicles damaged by the policyholder's vehicle. It does not provide cover for the policyholder's own vehicle.
  • Business insurance: This provides cover for a business's premises and contents against loss, damage or theft. Business insurance is typically divided into the following types of protection:
    • material damage for loss of physical assets; and
    • financial loss due to business interruption.
  • Mortgage loss insurance/lender's mortgage insurance/mortgage protection insurance: This is an insurance policy which compensates lenders or investors for loss due to the default of a mortgage loan.
  • Workers' compensation insurance: This is a compulsory statutory form of insurance for all employers in every state and provides protection to workers if they suffer a work-related injury or disease.
  • Travel insurance: This provides cover for financial losses caused by a wide range of events that may affect a trip, whether these occur before, during or at times after the trip.

Many other general insurance products are provided in the industry, including aircraft, defamation and consumer law, among others.

Outside of general insurance sit other forms of insurance, such as health and life insurance.

2.2 Are all insurance contracts regulated? What terms do they typically include?

Under the Insurance Act 1973, it is an offence to conduct an insurance business in Australia without the proper authority. A business that intends to provide insurance must first obtain a licence from the Australian Prudential Regulatory Authority.

An insurance policy is a legal contract between an insurance company and a customer. This document imposes strict obligations on both parties. Central to any insurance contract is the insuring agreement, which typically includes the following terms:

  • the risks covered by the policy.
  • conditions – the requirements imposed on the insured, which usually include the payment of a premium or the reporting of a loss;
  • limitations, which specify the limits of the policy – for example, the maximum amount that the insurance company will pay; and
  • exclusions – that is, what is not covered by the insurance policy.

2.3 What are the formal and documentary requirements for conclusion of an insurance contract?

An insurance policy is a contract between the insurer and the insured. Therefore, an insurance contract must satisfy the four conditions of contract law to be legally binding, as follows:

  • intention to create legal relations;
  • offer;
  • acceptance; and
  • consideration.

Furthermore, pursuant to the Corporations Act 2001 (Cth), an insurer must provide a product disclosure statement (PDS) to the insured prior to the conclusion of an insurance contract. A PDS must include all terms and conditions of the insurance product. The PDS will contain items such as:

  • insured events;
  • claim limits;
  • exclusions;
  • discounts;
  • benefits; and
  • information on how the claim process works.

2.4 What are the procedural requirements for conclusion of an insurance contract?

As stated in question 2.3, a formal contract must be established.

Furthermore, a PDS must be provided prior to entering into the formal contract.

2.5 What are the respective obligations and liabilities of insurer and insured, both on concluding an insurance contract and during its term? What are the consequences of any breach?

There are numerous obligations and potential liabilities in place for both the insurer and the insured. Perhaps most notably is the mutual duty to act in good faith. This duty requires a party possessing the requisite knowledge to disclose material and relevant facts to the other party to the contract, so that the other party can make an accurate assessment of what it is undertaking.

The duty of good faith is now an implied statutory term inserted into every general insurance contract in Australia under Section 13 of the Insurance Contracts Act 1984. Section 13 requires both the insurer and the insured to act towards each other, in respect of any matter arising under or in relation to the contract, with the utmost good faith.

The duty to act in utmost good faith spans from the pre-contractual stage (duty of disclosure) to the post-contractual stage (the handling of claims).

The insurer has the following obligations:

  • It must ask only for personal information that is relevant to the application;
  • Applicants and insureds can access the information that the insurer has relied on in assessing their applications and can correct this information if it is wrong;
  • The insurer must conduct its sales processes in a fair, honest and transparent manner; and
  • The insurer must provide a PDS.

The insured has the following obligations:

  • a duty of disclosure (under the Insurance Contracts Act 1984); and
  • a duty to maintain policy payments.

3 Making a claim

3.1 What are the formal and documentary requirements for making a claim?

In making a claim, it is important to have a thorough understanding of the relevant insurance policy and claim coverage. This is outlined in the mandatory PDS.

Upon making a claim, it is important that the insured provides proof of its financial loss. This can include:

  • proof of ownership of claimed items;
  • police or medical reports; and
  • receipts or invoices.

If the insurance company needs more detailed information before deciding, it will inform the insured what information it needs within 10 business days of receiving a claim.

Pursuant to the General Insurance Code of Practice, insurers must inform insured persons of the outcome of their application within 10 business days of receipt of all relevant information and completion of all enquiries. The insurance company may decide to appoint a loss assessor, loss adjuster or investigator to obtain more information. If so, the insurance company will provide an estimate of how long it will take to decide the claim. If the claim is complex, the insurance company can negotiate a different timeframe for settling the claim.

3.2 What are the procedural requirements for making a claim?

The procedural requirements for making a claim can differ depending on:

  • the type of insurance claimed;
  • the applicable legislative framework; and
  • the internal policies and procedures of the insurance company.

As a rule, the first step is to contact your insurance company as soon as practical after the event happens. This is especially important if the loss:

  • is serious;
  • is the result of theft; or
  • is the result of a serious accident.

3.3 On what grounds can the claim be denied? How can the insured challenge the denial of claim?

The primary grounds for denial of claim are:

  • non-disclosure;
  • operation of a condition or exclusion clause;
  • fraud; and
  • policy cancellation.

Any denial of claim must be in writing. In the event that the insured wishes to challenge the denial of claim, there are several courses of action that it can take.

It is recommended that the insured first lodge its complaint in writing to the insurer's internal dispute resolution department, detailing the reasons why it believes the claim has been improperly refused. If the issue is not resolved, the insured should then lodge a complaint with the General Insurance Division of the Australian Financial Complaints Authority (AFCA). If lodgement with AFCA results in an unsatisfactory result, the insured can then take the matter to court.

AFCA generally has a claim threshold of A$1 million. If the insured's claim exceeds this, it will have to either reduce its claim to be permitted to lodge its complaint with AFCA or take the claim directly to court.

3.4 How can third parties make a claim?

Third parties are generally required to make a claim against the responsible party as opposed to against the responsible party's insurer.

To lodge a claim, the third party must first demonstrate that the damages caused were a result of the incident in question. He or she may need to prove negligence on the part of the insured (although negligence need not be proved in car accidents or employee claims).

Further, the third party will often be required to demonstrate that the compensation sought will restore him or her to the position that he or she would have been prior to the incident. It is also important to note that the insurer is responsible for claim settlement only to the extent of the policyholder's legal responsibility.

4 Form and structure of insurers

4.1 What types of insurance companies are typically found in your jurisdiction?

The Australian insurance market can be divided into roughly three types of insurance:

  • life insurance;
  • general insurance; and
  • health insurance.

Many companies offer insurance in Australia, but they are mostly underwritten by a limited number of insurers. These companies only sell the insurance products of other companies under their brand and are often better described as insurance retailers or insurance distributors. These companies are generally not exposed to the insurance risks, but will instead receive a commission on the sale of insurance products. A small number of underwriters provide insurance and carry the risk of the products.

Various government schemes or government insurers are also present in the market. These include:

  • compulsory third-party motor vehicle insurance;
  • workers' compensation;
  • disability cover; and
  • health cover in some states.

4.2 How are these insurance companies typically structured and funded?

Insurers are typically shareholder owned, but there are also various mutual companies. A shareholder-owned company is a corporation owned by its shareholders, and its objective is to generate profit for them. This must be balanced against the interests of policyholders.

A mutual company is a corporation owned exclusively by the policyholders, who are contractual creditors with a right to vote on the board of directors. Generally, mutual companies are managed and assets are held for the benefit and protection of the policyholders and their beneficiaries. In Australia, health insurers are predominantly mutual companies.

Ownership of insurers is governed by the Financial Sector (Shareholdings) Act 1998. The legislation limits the interests of an individual shareholder or group of associated shareholders in an insurer to 15% of the insurer's voting shares. A higher percentage limit may be approved by the treasurer on national interest grounds

4.3 Are there any restrictions on foreign ownership of insurance companies?

A foreign-incorporated applicant may seek to establish a locally incorporated subsidiary to carry on insurance business in Australia. Alternatively, a foreign-incorporated insurer may seek authority to operate in Australia through a branch. There are no restrictions on the number, size or mix of operations of foreign-owned subsidiaries or foreign insurers operating in the Australian market.

Foreign-owned subsidiaries and foreign insurers are subject to similar legislative and prudential requirements to Australian-owned and incorporated insurers. The prime responsibility for oversight of the Australian operations of a foreign insurer rests with its local management and head office. While a foreign insurer's home regulators will play a role in supervising the insurer, to protect the interests of Australian policyholders, a foreign insurer must have its local operations subject to the Australian Prudential Regulatory Authority's prudential supervision.

5 Authorisation

5.1 What authorisations are required to provide insurance services in your jurisdiction? What activities do they cover?

Under the Insurance Act 1973, it is an offence to conduct an insurance business in Australia without the proper authority. A business that intends to provide insurance must first obtain a licence from the Australian Prudential Regulatory Authority (APRA).

Depending on the type of insurance business sought to be undertaken, the terms of the licence will differ.

An Australian financial services licence must also be obtained from the Australian Securities and Investment Commission (ASIC) in order to conduct insurance business in Australia.

5.2 What requirements must be satisfied to obtain authorisation?

The APRA Guidelines on Authorisation of General Insurers provide minimum requirements that a general insurer must meet for authorisation under the Insurance Act 1973, which include the following:

  • To protect policyholders' interests, APRA will authorise only those applicants which have the capacity and commitment to conduct insurance business on a continuing basis with integrity, prudence and professional skill.
  • APRA expects all applicants to be able to comply with all prudential requirements, as set out in the act and prudential standards, from the commencement of insurance business in Australia and continuously thereafter. Prospective applicants should familiarise themselves with these requirements and be able to demonstrate to APRA adequate compliance process and systems.
  • As examples, additional requirements of the kind referred to in above may include:
    • conditions which limit the range of business the insurer may conduct;
    • adjustments to the insurer's capital adequacy, risk management or governance requirements; or
    • a requirement that a foreign insurer operate through a locally incorporated company, rather than a branch.

5.3 What is the procedure for obtaining authorisation? How long does this typically take?

To sell insurance in Australia, an organisation needs a licence from APRA. The process for obtaining a licence from APRA is divided into three broad stages, as follows:

  • Pre-lodging of an application with APRA:
    • Decide on the business name that you wish to register with APRA (note that there are guidelines on the choice of name).
    • Apply for any other necessary licences. It is likely that you will need to be licenced by ASIC. You may also need to seek authorisation or to register with other regulators, such as the Reserve Bank of Australia and AUSTRAC. You should allow time for their assessment processes.
    • Develop a business plan to lodge with APRA and get feedback. A business plan should include, among other things, how prudential requirements concerning risk management are complied with.
  • Lodging of the application:
    • Once ready to submit the application, contact APRA to advise it of the intended timeframe for submission.
    • Submit the application to APRA along with all necessary documentation through a secure portal.
    • Pay the application fee.
  • Assessment of the application:
    • The assessment process is extremely involved and will require ongoing communication with APRA.
    • APRA will assess whether, among other things, the organisation has the requisite skill and experience and can comply with applicable prudential standards.

The length of time to complete the assessment varies depending on several factors, including:

  • the industry;
  • the type of licence being applied for; and
  • the quality of the documentation provided.

Generally, assessment will take at least 12 months from receipt of the application; but entities should plan to have sufficient resources to support a longer licensing timeframe.

6 Regulatory capital and liquidity

6.1 What minimum capital requirements apply to insurance companies in your jurisdiction?

Capital is a measure of the financial cushion available to an institution to absorb any unexpected losses that it experiences in running its business. For an insurer, this might be an unexpectedly high volume of claims in the wake of a natural disaster, for example. Maintaining and managing capital effectively is thus is an important function of a regulated entity.

The Australian Prudential Regulatory Authority (APRA), as prudential regulator, sets the minimum level of required capital for insurers to ensure a high degree of safety. Prudential Standard GPS 110, Capital Adequacy, requires a general insurer or Level 2 insurance group, among other things, to:

  • have an internal capital adequacy assessment process;
  • maintain required levels of capital; and
  • determine its prescribed capital amount having regard to a range of risk factors that may adversely impact its ability to meet its obligations. These factors include:
    • insurance risk;
    • insurance concentration risk;
    • asset risk;
    • asset concentration risk; and
    • operational risk.

Under GPS 110, the required level of capital for regulatory purposes is referred to as the Prudential Capital Requirement (PCR). The PCR for a regulated institution is determined either by:

  • applying the standard method set out in the prudential standard;
  • using an internal model developed by the regulated institution to reflect the circumstances of its business; or
  • using:
    • a combination of the methods specified in either of the bullet points above; and
    • any supervisory adjustment determined by APRA under the prudential standard.

APRA will generally not consider applications where the start-up capital is less than the minimum required in Prudential Standard GPS 110 Capital Adequacy, or is likely to fall below this level in the future. For most insurers, this is subject to a minimum of A$5 million, which will require an adequate buffer. For certain captive insurers, a minimum of A$2 million applies.

6.2 What liquidity requirements apply to insurance companies in your jurisdiction?

APRA requires an insurer to have sufficient liquidity to meet all cash outflow commitments to policyholders (and other creditors) as and when they fall due. The nature of insurance activities means that the timing and amount of cash outflows are uncertain. This uncertainty may affect the ability of an insurer to meet its obligations to policyholders or may require insurers to incur additional costs through, for example, raising additional funds at a premium on the market or the sale of assets.

Typically, in relation to liquidity, the risk management framework will include:

  • consideration of the level of mismatch between expected asset and liability cash flows under normal and stressed operating conditions;
  • the liquidity and realisability of assets;
  • commitments to meet insurance and other liabilities;
  • the uncertainty of incidence, timing and magnitude of insurance liabilities;
  • the level of liquid assets that must be held by the insurer; and
  • other sources of funding, including reinsurance, borrowing capacity, lines of credit and the availability of intra-group funding.

7 Supervision of insurance groups

7.1 What requirements apply with regard to the supervision of insurance groups in your jurisdiction?

The Australian Prudential Regulatory Authority (APRA) is responsible for the supervision of insurance groups in Australia. Prudential standards set out mandatory requirements of the regulatory framework relating to insurance groups, which are supported by various prudential practice guides.

APRA seeks to align its prudential standards and practices with the International Association of Insurance Supervisors' Common Framework for the Supervision of Internationally Active Insurance Groups. The framework establishes supervisory standards and guidance focusing on effective group-wide supervision of internationally active insurance groups, and forms part of the Insurance Core Principles.

8 Reporting, governance and risk management

8.1 What key disclosure requirements apply to insurance companies in your jurisdiction?

General insurers must make disclosures to the Australian Prudential Regulatory Authority (APRA) regarding matters ranging from capital to risk management.

The Australian Securities and Investment Commission (ASIC) also plays an important function in ensuring that insurance companies make proper disclosure to consumers. It is a legal requirement for insurers to provide a product disclosure statement (PDS) for every financial service product they offer.

ASIC sets the regulatory standards for PDSs, to ensure that they are clear, accurate and comprehensive. A PDS informs the consumer of all aspects of the insurance policy being purchased. These include, but are not limited to:

  • the risks covered by the policy – that is, what events will entitle the policyholder to a pay-out;
  • conditions – that is, the requirements imposed on the insured, which will usually include the payment of a premium or reporting of a loss;
  • limitations, which specify the limits of the policy – for example, the maximum amount that the insurer will pay; and
  • exclusions – that is, what is not covered by the insurance policy.

ASIC does not represent individuals who have disputes against insurers. However, ASIC does take action against insurers that fail to provide PDSs or make misleading representations to consumers.

8.2 What key reporting requirements apply to insurance companies in your jurisdiction?

Under the Financial Sector Collection of Data Act 2001 and its reporting standard, insurers must provide data to APRA. APRA publishes the reporting standards with which regulated insurers must abide.

For general insurance, APRA's prudential reporting standards are broadly grouped into five categories, as follows:

  • Capital: APRA requires that regulated insurers maintain adequate capital to meet their obligations;
  • Financial statements: These reporting standards set out the requirements for the provision of information to APRA relating to a general insurer's statement of financial position;
  • Governance: These reporting standards set out reporting requirements for board composition and management structures;
  • Risk management: Insurers must have systems for identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating material risks; and
  • Other requirements.

Furthermore, under the Corporations Law, insurers must maintain records which accurately record their financial transactions, and which facilitate the preparation of financial statements and the audit of those financial statements.

8.3 What key governance requirements apply to insurance companies in your jurisdiction?

Key governance requirements are set out in Prudential Standard CPS 510, applicable to locally incorporated APRA regulated institutions. These include the following:

  • Specific requirements apply with respect to board size and composition;
  • The chairperson of the board of directors must be an independent director;
  • The board must have a policy on board renewal and procedures for assessing board performance;
  • A board remuneration committee must be established and the institution must have a remuneration policy that aligns remuneration and risk management; and
  • A board audit committee and a board risk committee must be established.

Groups must have in place governance arrangements appropriate to the nature and scale of the group's operations, with standards to be applied throughout the group, including in relation to institutions that are not APRA-regulated.

8.4 What key risk management requirements apply to insurance companies in your jurisdiction?

Prudential Standard CPS 220 Risk Management requires APRA-regulated institutions to have systems for identifying, measuring, evaluating, monitoring, reporting and controlling or mitigating material risks that may affect their ability to meet their obligations to depositors and policyholders.

This prudential standard holds the board of an insurer ultimately responsible for having a risk management framework that is appropriate to the institution, having regard to its size and complexity.

The key requirements of this prudential standard are that APRA-regulated institutions must:

  • maintain a risk management framework that is appropriate to the nature of the institution;
  • maintain a board-approved risk appetite statement;
  • maintain a board approved risk management strategy;
  • maintain a board-approved business plan that sets out the approach for implementation of the strategic objectives of the institution or group;
  • maintain adequate resources to ensure compliance with this prudential standard; and
  • notify APRA when it becomes aware of a significant breach of the risk management framework.

9 Senior management

9.1 What requirements apply with regard to the management structure of insurance companies in your jurisdiction?

An insurer must satisfy the requirements set out in Prudential Standard CPS 510 Governance regarding the composition and functioning of its board. The directors and senior management must also satisfy the Australian Prudential Regulatory Authority (APRA) that they are fit and proper, in accordance with Prudential Standard CPS 520 Fit and Proper.

APRA may consult other regulators regarding the suitability of personnel for the proposed insurer. Where required by any relevant regulators, applicants will be expected to provide APRA with the authority to seek details in this regard.

CPS 520 specifies certain criteria for board composition, which include the following:

  • The board of a locally incorporated APRA-regulated institution must have a minimum of five directors;
  • The board must also always have a majority of independent directors;
  • A majority of directors present and eligible to vote at all board meetings must be non-executive directors;
  • The chairperson of the board must be an independent director of the APRA- regulated institution;
  • The chairperson must be available to meet with APRA on request; and
  • For a foreign-owned, locally incorporated APRA-regulated institution, at least two of the directors must be ordinarily resident in Australia, at least one of whom must also be independent.

9.2 How are directors and senior executives appointed and removed? What selection criteria apply in this regard?

According to Prudential Standard CPS 510 Governance, APRA-regulated institutions must have in place a formal policy on board appointment and removal.

This policy must provide details on how the board intends to renew itself to ensure that it remains open to new ideas and independent thinking, while retaining adequate expertise.

The board renewal policy must give attention to whether directors have served for a period that could be perceived to materially interfere with their ability to act in the best interests of the institution. The policy must also specify the process for appointing and removing directors, including the factors which determine whether an existing director will be reappointed.

9.3 What are the legal duties of directors and senior executives of insurance companies?

APRA's prudential framework holds insurance companies to a high standard in terms of governance and prudent management. Boards play a critical role in ensuring that the prudential standards set by APRA are met. The basic role of the board in meeting APRA's prudential requirements is no different from that of a board in meeting other legal obligations.

The board of an APRA-regulated institution must be able to satisfy itself that the institution and its management have effective processes and procedures in place to meet APRA's prudential requirements. It is also important that the board satisfies itself that any breaches of the requirements will be promptly identified and reported to it, and to APRA, as appropriate.

The prudential standards will sometimes set down particular responsibilities for the board. This means that the board is expected to be ultimately and finally accountable, and to remain in a position to be able to justify the actions and decisions of the institution in relation to these matters. By way of example, it is the responsibility of the board to approve and maintain a risk management strategy under Prudential Standard CPS 220 Risk Management.

9.4 How is executive compensation regulated in your jurisdiction?

Prudential Standard CPS 510 Governance, published by APRA, specifies regulatory standards for executive compensation in the general insurance, life insurance and private health insurance industries.

According to this prudential standard, an APRA-regulated institution must maintain a documented remuneration policy for the institution. The remuneration policy must outline the remuneration objectives and the structure of remuneration arrangements in the organisation.

Furthermore, unless otherwise approved by APRA, a locally incorporated APRA-regulated entity must have a board remuneration committee. The board remuneration committee must, among other things:

  • conduct regular reviews of, and make recommendations to the board on, the remuneration policy;
  • make annual recommendations to the board on the remuneration of the chief executive officer; and
  • meet with APRA on the request to discuss the remuneration policies of the institution.

10 Change of control and transfers of insurance companies

10.1 How are the assets and liabilities of insurance companies typically transferred in your jurisdiction?

Insurers that transfer or amalgamate insurance business are subject to procedural requirements set out in the Insurance Act 1973 and Prudential Standard GPS 410. Any transfer or amalgamation is also subject to the Insurance Acquisitions and Takeovers Act 1991, which requires compulsory notification where a proposed transfer amounts to 15% or more of the transferring insurer's premiums or outstanding claims liabilities.

The transfer or amalgamation of an insurance business may be undertaken in response to a direction from the Australian Prudential Regulatory Authority (APRA). In other cases, the transfer or amalgamation of an insurance business can occur only under a scheme confirmed by the Federal Court. Prudential Standard GPS 410 sets out specific requirements in relation to documentation, notification, public inspection and applications to the court.

An application to the Federal Court for confirmation of a scheme cannot be made unless, among other things, a summary of the scheme, approved by APRA (the approved summary), has been given to every affected policyholder.

10.2 What requirements must be met in the event of a change of control?

An insurer to which an insurance business is transferred, or with whose insurance business any part of the business of another insurer is amalgamated, must provide APRA with various documents in accordance with Prudential Standard GPS 410. These documents must be provided within 30 days of completion of the transfer or amalgamation, and include:

  • a statement of the nature and terms of the transfer or amalgamation;
  • certified copies of:
    • the scheme, actuarial report and agreement/deed on which the scheme is founded;
    • the agreement pursuant to which the transfer amalgamation is effected;
    • the court order confirming the scheme; and
    • a statement of the assets and liabilities of each insurer associated with the transfer or amalgamation; and
  • a statutory declaration by a director:
    • setting out each payment made and reasonable estimate of each payment to be made; and
    • confirming that he or she reasonably believes that no other payment has been made, or will be made, by, or with the knowledge of, a party to the transfer or amalgamation.

11 Consumer protection

11.1 What requirements must insurance companies comply with to protect consumers in your jurisdiction?

Pursuant to the Corporations Act 2001 (Cth), an insurer must provide a product disclosure statement (PDS) to the insured. A PDS must include all the terms and conditions contained within the insurance product. A PDS will contain items such as:

  • insured events;
  • claim limits;
  • exclusions;
  • discounts;
  • benefits; and
  • information on how the claim process works.

The purpose of a PDS is to ensure that key information is provided to consumers to help them make an informed decision about purchasing an insurance product. The Australian Securities and Investment Commission (ASIC) serves the regulatory function of acting against entities that fail to provide PDSs or that make misleading representations to consumers.

11.2 What other measures has the state implemented to protect consumers in the insurance sector?

A variety of legislative protections and prudential standards regulate the disclosure requirements and risk management strategies applicable to insurers. The regulatory framework enforced by the Australian Prudential Regulatory Authority (APRA), ASIC and the Australian Competition and Consumer Commission are, in part, designed to ensure that insurers act in the interests of consumers. By way of example, APRA's capital adequacy requirements under Prudential Standard GPS 110 are designed to ensure that insurers maintain and manage a capital base that ensures they can meet their obligations to policyholders.

12 Data security and cybersecurity

12.1 What is the applicable data protection regime in your jurisdiction and what specific implications does this have for insurance companies?

Data protection in Australia is primarily governed by the Privacy Act 1988 (Cth), which is the principal statute that seeks to promote the protection and handling of personal or private information. The Privacy Act encapsulates the obtaining, storage, use and disclosure of personal information for both government agencies and private businesses.

Within the Privacy Act, there are 13 Australian Privacy Principles (APPs), which apply to government agencies and private businesses with an annual turnover in excess of A$3 million. Data protection is also generally covered under the Corporations Act 2001 (Cth) and the Corporations Regulations 2001 (Cth).

12.2 What is the applicable cybersecurity regime in your jurisdiction and what specific implications does this have for insurance companies?

The Privacy Act primarily regulates the use, storage and disclosure of personal data in Australia. As summarised by the Office of the Australian Information Commissioner (OAIC), APP 11 – Security of Personal Information, the OAIC requires that an APP entity:

  • "must take active measures to ensure the security of personal information it holds, and to actively consider whether it is permitted to retain personal information";
  • "must take reasonable steps to protect the information from misuse, interference and loss, as well as unauthorised access, modification or disclosure"; and
  • "must take reasonable steps to destroy or de-identify the personal information it holds once the personal information is no longer needed for any purpose for which the personal information may be used or disclosed under the APPs. This requirement does not apply where the personal information is contained in a Commonwealth record or where the entity is required by law or a court/tribunal order to retain the personal information."

In case of a data breach or other unauthorised access, the Privacy Act requires that a mandatory notification of this breach be made. The notification of eligible breaches is set out at Part IIIC of the Privacy Act.

In addition to ensuring that the appropriate inclusion and exclusion provisions are properly outlined in their respective policies, insurance companies should have in place a well-established data protection and notification regime so as to ensure, to the best of their ability, that client personal information is not accessed or disclosed in an unauthorised manner.

13 Financial crime

13.1 What provisions govern money laundering and other forms of financial crime in your jurisdiction and what specific implications do these have for insurance companies?

The primary instruments that are relevant in relation to money laundering and other financial crime are as follows:

  • the Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) and the Anti-Money Laundering and Counter-Terrorism Financing Rules (Cth);
  • the Financial Transaction Reports Act 1988, which affects motor vehicle dealers that act as insurers or insurance intermediaries; and
  • relevant state and federal Crimes Acts.

Money laundering in the insurance industry typically occurs in the form of buying insurance and then submitting claims to retrieve the funds. In this way, illegitimate money is disguised as payments for premiums, which are converted into legitimate funds when a pay-out is made pursuant to a claim.

To protect against this type of money laundering, insurers should implement and enforce know-your-customer training and procedures aimed at improving insurer monitoring of suspicious activity.

14 Competition

14.1 What specific challenges or concerns does the insurance sector present from a competition perspective? Are there any pro-competition measures that are targeted specifically at insurance companies?

In a submission to the Productivity Commission in September 2017, the Australian Prudential Regulatory Authority (APRA) identified that concentration within the general insurance industry has steadily increased in the previous 10 years. This is predominantly due to acquisitions. As of June 2017, 55% of gross written premiums belonged to five insurers. In a similar vein, the life insurance industry is highly concentrated, with the five largest life insurers accounting for 80% of gross industry assets as of June 2017.

APRA recognises that its mission is to promote the stability of the financial system by ensuring the prudent management of regulated institutions in each industry. Where a financial system is strong and stable, this promotes a competitive financial sector.

Several new initiatives have been undertaken by APRA to promote competition without compromising the stability of the financial system – for example, in the licensing of new entrants. It is recognised that the licensing process may represent a regulatory barrier to entry for some small and innovative firms. APRA has thus sought to develop licensing practices that are more accommodating to applicants with non-traditional business models.

15 Restructuring and insolvency

15.1 What provisions govern insolvency in your jurisdiction and what specific implications do these have for insurance companies?

Chapter 5 of the Corporations Act 2001 (Cth) and Part VB of the Insurance Act 1973 include provisions governing the insolvency of corporations and insurers respectively.

The Australian Prudential Regulatory Authority (APRA) may apply to the Federal Court pursuant to the Insurance Act for an order that a general insurer be wound up after having undertaken an investigation. A winding-up order may be made if the Federal Court is satisfied that this is in the interests of the insurer's policyholders.

Pursuant to Section 62ZU of the Insurance Act, APRA may also choose to apply for a winding-up order under the Corporations Act 2001 (eg, under Section 459P or 462 of that act).

Section 181 of the Life Insurance Act 1995 provides that APRA may apply for an order for the winding up of a life insurance company. APRA may do so if, having regard to the conclusions it has reached as a result of an investigation of the life insurance company, it is satisfied that it is necessary or proper that the application be made. The court may make an order following an application from APRA if the court is satisfied that it is in the interests of the owners of policies issued by the company that such an order be made.

16 Trends and predictions

16.1 How would you describe the current insurance landscape and prevailing trends in your jurisdiction? Are any new developments anticipated in the next 12 months, including any proposed legislative reforms?

The insurance landscape is set to change within the next 12 months with the implementation of the Financial Sector Reform (Hayne Royal Commission Response) Act 2020 on 10 December 2020. A key change imported into the Insurance Contracts Act 1984 (Cth) is the change to an insured's duty to disclose, as follows:

  • An insured's duty of disclosure is now replaced with a new duty to take reasonable care not to make a misrepresentation when a consumer insurance contract is entered into. This applies to contracts of insurance that are not consumer contracts.
  • A ‘consumer insurance contract' is an insurance contract if the policy is obtained wholly or predominantly for personal, domestic or household purposes of the insured. It includes general insurance contracts and life insurance contracts.
  • In determining whether an insured has fulfilled this new duty, regard must be had to all relevant circumstances of the case. The Insurance Contracts Act specifies the range of matters to be considered in determining whether this duty has been fulfilled.
  • This will affect the insured, as it imposes a positive duty to avoid misrepresentation. Further, it will change the way in which insurers collect information to ensure that accurate information is received prior to the sale of the policy.

17 Tips and traps

17.1 What are your top tips for insurance companies operating in your jurisdiction and what potential sticking points would you highlight?

The Hayne Royal Commission into Misconduct in the Banking, Superannuation and Financial Services is set to change insurance law in 2021 and 2022. It is important that insurance companies keep an eye out on these legislative changes, to ensure that their operations remain compliant.

One such change which came into effect on 5 April 2021 is an amendment to Section 15 of the Insurance Contracts Act 1984 (Cth) which allows for the laws governing unfair contract terms to extend to insurance contracts. Under Section 12BG of the Australian Securities and Investment Commission Act, an insurance contract term will be deemed to be unfair where:

  • it would cause a significant imbalance in the parties' rights and obligations arising under the contract;
  • it is not reasonably necessary to protect the legitimate interests of the party that would benefit from the term; and
  • it would cause detriment (financial or otherwise) to a consumer if it were to be applied or relied on.

Ultimately, a court will determine whether a contract term is unfair; however, in general, the following are potentially unfair terms:

  • terms that allow the insurer to elect to make a payment in lieu of making repairs calculated at the cost that the insurer would incur in making the repairs, as opposed to the cost incurred by the insured in making the repairs;
  • terms that allow the insurer to unilaterally vary a term or condition in unspecified ways, without giving the insured a reasonable opportunity to exit the contract without penalty, rather than accepting variation; and
  • terms featuring outdated, restrictive or inaccurate medical definitions.

Considering these changes, insurers will need to review and potentially change product cover wordings.

The implementation of unfair contract terms is one of several changes proposed by the Hayne Royal Commission and insurance companies should familiarise themselves with other changes on the horizon.

Co-Authored by:

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.