Financial Services Royal Commission
The insurance industry’s focus is squarely on the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry. Evidence of significant breaches of regulation and the intense media scrutiny of witnesses have led many commentators and some members of Parliament previously opposed to the Commission to publicly declare their support for it. The Turnbull Government faces renewed criticism for its objections to the Commission and its delay in approving it; bringing the issues of corporate culture and conduct risk to the forefront of political debate, and to the top of boardroom agendas.
The first round of hearings in March focused principally on consumer credit products such as mortgages, vehicle finance and credit cards. In doing so, evidence touched on associated insurance products, including consumer credit insurance, with some criticisms being raised about the manner in which products are sold, and the value of those products to consumers. A second round of hearings focusing on the financial planning and wealth management industry recently commenced on 16 April 2018. It is expected that the Commission will focus specifically on the insurance industry in a further block of hearings over the coming months.
The Commission is having an immediate impact on the market, with class action litigation already being investigated against a number of entities called to give evidence, and a strong expectation that numerous further class actions will arise before the Commission concludes. Further, in the face of strong criticism, the Government has announced an increase in fines and penalties against companies, directors and officers who engage in misconduct, with fines up to 10 per cent of annual turnover and prison terms of up to 10 years being imposed.
There is little doubt that the Commission will play a significant role in the insurance landscape over the coming 12 months and beyond.
Cyber insurance market continues to grow
The cyber insurance market has continued its strong growth, driven not only by a growing awareness of the risk of cyber breaches, but also the introduction of mandatory data breach notification laws and the attention given to the issue by the corporate regulator, ASIC.
As of 22 February 2018, most corporations are required to notify both the Privacy Commissioner and affected individuals where there has been an unauthorised access, disclosure of loss of personal information, and the organisation considers that it is likely that the affected individuals will suffer “serious harm”. In the first two months since the laws were implemented, 63 notifications had been made, a significant increase from the number of notifications made under the voluntary disclosure regime previously in place. Penalties for significant data breaches can be up to $2.1 million.
ASIC has turned its attention to cyber resilience over the last few years, and recently has made it very clear that it has high expectations of directors in the proper management of cyber risks. The need for cyber insurance as part of a broader risk management framework is now better understood by most corporates; while the increasing likelihood of claims against directors and officers arising from cyber risk management failures has not been lost on the D&O market.