Open scrollable table of contents

Print PDF

Part 3 of the Motor Accident Guidelines: Business plans

Business plans

Requirements of the business plan

3.1 Under Division 9.2, section 9.18 of the Act, each insurer must prepare and deliver to the Authority a Motor Accident Business Plan (business plan) as soon as practicable after it is requested to do so by the Authority.

3.2 Insurers are to prepare and deliver to the Authority a business plan within the timeframe provided by the conditions of their license. Insurers are also to prepare and deliver a revised business plan before implementing any significant change to the conduct of their third-party insurance business (including but not limited to strategy in respect of claims handling, pricing or product distribution).

3.3 If the insurer operates more than one third-party insurance business (for example, the insurer issues third-party policies under multiple brands), then the insurer must prepare and deliver a business plan covering all of the third-party insurance businesses and any business associated with third-party policies of the insurer either in a single business plan (highlighting where the practices of the businesses/brands differ from one another) or separate business plans for each. For co-labelling or white labelling arrangements, the Insurer’s business plan must include where any operations are different from the arrangements otherwise outlined in the business plan.

3.4 A business plan prepared by a licensed insurer under section 9.18 must include a complete description of the manner in which the third-party insurance business is to be conducted (including but not limited to claims-handling, management, expenses and systems). This includes:

(a) details of the structure and operations of the third-party insurance business and any plans for change within the next 12 months in line with Schedule 3A below

(b) a demonstration of how the insurer’s conduct, culture and appetite for risk meets the needs of customers, the objects of the Act and the Authority’s Customer Service Conduct Principles, in line with Schedule 3B below

(c) a letter from the board of directors of the insurer to the Authority (whether signed by the directors, or on behalf of the directors by an officer authorised to sign on their behalf) confirming present and continuing compliance with Australian Prudential Regulation Authority’s (APRA) Prudential Standard CPS 232 or, if replaced, with the APRA prudential standard addressing business continuity management by authorised general insurers, including the development and maintenance of a business continuity plan.

3.5 The Authority may require further details by notice in writing in order to clarify the business plan.

3.6 Insurers must, on request from the Authority, submit copies of their customer communication templates, including third-party certificates and customer information packs.

3.7 When requested by the Authority, insurers must submit scripts, training manuals and other supporting tools used by sales staff for review and approval. Each insurer must, on request from the Authority, provide other documents related to third-party policies.

3.8 Insurers must amend any document submitted to the Authority if required to do so by the Authority.

Schedule 3A: Operational requirements for insurers

3.9 An insurer’s business plan must include the matters enumerated below relating to the structure and operations of the business, and detail how these comply with the Act and align with its objects.

3.10 A detailed plan of the insurer’s business structure, operations and relevant key performance indicators (and intended changes in the next 12 months), including:

(a) focus areas for the next 12 months and how progress is monitored and evaluated

(b) premiums and policy

(c) pricing strategy and distribution, including third-party agreements

(d) claims and injury management (claims segmentation models, caseloads, claims management strategies, outsourcing and third-party agreements)

(e)  fraud deterrence and prevention under section 6.39 of the Act

(f) internal review and disputes (structure and approach to continuous improvement)

(g) supply chain management including panel arrangements and oversight of non-panel providers (cost, performance and conduct)

(h) use of in-house specialist resources (for example, legal or fraud specialists)

(i) systems management

(j) data quality framework

(k) engagement of staff and customers that aligns with the requirements in Schedule 3B.

(l) An insurer’s business plan must include a summary of the systems and processes in place to support injured people with psychological symptoms or injury. The insurer must demonstrate that it has systems and processes in place to ensure that claims are managed by a case manager, or the case manager is supported by specialist staff, with the skills, knowledge and experience to manage claims involving psychological symptoms or injury.

3.11 A detailed plan covering the insurer’s business structure and operations regarding offshore arrangements.

Schedule 3B: Culture requirements for insurers

3.12 An insurer’s business plan must include the matters enumerated below relating to the alignment of institutional culture with the objects of the Act.

3.13 A definition of the insurer’s target institutional culture.

3.14 A detailed plan of the steps to be taken to maintain or, if necessary, create an institutional culture understood by insurer senior managers and employees that:

(a) meets the objects of the Act

(b) meets the Authority’s Customer Service Conduct Principles below:

  • be easy to engage and efficient
  • act fairly, with empathy and respect
  • resolve customer concerns quickly, respect customers’ time and be proactive
  • have systems in place to identify and address customer concerns
  • be accountable for actions and honest in interactions with customers.

3.15 A detailed plan of the steps to be taken to embed, monitor and (where appropriate) effect changes to the insurer’s institutional culture as it relates to each of the matters outlined in the above clause. This must include a strategy to report performance in these areas when requested by the Authority.

3.16 Details of:

(a) arrangements for conducting an annual employee engagement survey

(b) processes for assessing the results of employee engagement surveys.

3.17 Details of the:

(a) mechanisms established for personnel to elevate and report concerns about practices within the insurer, even when not making any specific allegation of wrongdoing

(b) processes for assessing such reports and identifying and addressing any unsatisfactory practices.

3.18 Details of:

(a) how the key performance indicators outlined in clause 3.10 (above) applying to personnel engaged in the insurer’s third-party insurance business demonstrate alignment with the target institutional culture

(b) the processes for assessment of personnel against those key performance indicators and the effectiveness of those key performance indicators to influence desired behaviours.

3.19 Details of the processes for:

(a) annual independent assessment of the insurer’s institutional culture as it relates to the matters enumerated in clause 3.14 (above)

(b) development of action items arising out of this assessment

(c) implementation of these action items.

3.20 An explanation of the organisational structures to monitor the effectiveness of, and ensure accountability for, the arrangements, mechanisms, processes and performance metrics enumerated in clauses 3.16 to 3.18 (above). This must include a strategy to report performance in these areas when requested by the Authority.

3.21 An explanation of the governance structures by which the board of directors of the insurer will form a view of the risk culture in the institution and the extent to which that culture supports the ability of the institution to operate consistently within its risk appetite, identifies any desirable changes to the risk culture and ensures the institution takes steps to address those changes.

Complaints

3.22 A complaint is an expression of dissatisfaction made to the insurer or its agent related to its products or services, or the complaints-handling process itself, where a response or resolution is explicitly or implicitly requested.  Insurers must keep a record of all complaints they or any of their agents receive in a complaints register and provide a summary report to the Authority every six months. This report is due within 30 business days of the end of the 30 June and 31 December reporting periods. It should be formatted as set out by the Authority and include a complaints trend analysis of the risks and issues.

3.23 All complaints made to the insurer or its agents in relation to a third-party policy or claim must be handled in a fair, transparent and timely manner.

3.24 A robust complaints-handling process provides the complainant with confidence that they are heard, their feedback is taken seriously, and insurers are accountable for their actions. The insurer must have a documented internal complaint and review procedure, the terms of which must be set out in the insurer’s business plan.

3.25 Information about how to make a complaint and the complaints-handling procedures must be readily available and accessible to all stakeholders.

3.26 Complaints-handling procedures must refer to the rights of the customer to escalate a complaint to the Authority if they are dissatisfied with the insurer’s response to their complaint.

3.27 The insurer must acknowledge all complaints in writing within 5 business days of their receipt. The acknowledgement must include:

(a) if the insurer can resolve the complaint to the satisfaction of the complainant within 5 business days from the receipt of the complaint – the insurer’s written decision resolving the complaint

(b) if the insurer cannot resolve a complaint to the satisfaction of the complainant within 5 business days from the receipt of the complaint – a copy of the insurer’s complaints procedure and the contact details of the representative(s) of the insurer handling the complaint.

3.28 If the insurer cannot resolve the complaint to the satisfaction of the complainant within 5 business days, the insurer must resolve the complaint within 20 business days from the date of receipt and notify the complainant in writing of:

(a) the insurer’s decision and the reasons for that decision

(b) the opportunity to have the complaint considered by a more senior representative of the insurer who is independent of the original decision-maker

(c) information on the availability and the contact details of external complaint or dispute resolution handling bodies (including the Authority) in the event that the complainant is dissatisfied with the insurer’s decision or procedures.

Fraud

3.29 An Insurer’s business plan must include a summary of the processes they have in place to prevent, detect and respond to fraud as detailed below.

3.30 At all stages of the claims management and premium determination process, the insurer should have systems and processes in place to:

(a) prevent fraud - proactively putting into place measures and controls designed to help reduce the risk of fraud from occurring at the outset

(b) detect fraud - designing and implementing controls to uncover instances of fraud or potential fraudulent behaviour

(c) respond to fraud – taking action to mitigate the impact of fraudulent activity.

Information and data integrity

3.31 Information and data integrity is critical to the scheme and to demonstrating insurer performance. Accurate, up-to-date and complete information promotes the credibility and accountability of the scheme and those operating within it.

3.32 At the direction of the Authority, an insurer must provide timely, accurate and complete information, including but not limited to:

(a) insurer claims manuals, policies and procedure documents, including updates as they occur

(b) policyholder and claimant information packs

(c) standard letter templates

(d) self-audit results, including quality assurance reporting

(e) complaints received by the insurer about its handling of matters

(f) policyholder and claimant survey results

(g) training plans and logs, and/or data breaches that affect the privacy of a policyholder, claimant or their family.

3.33 An insurer must:

(a) code the claimant’s injuries by using appropriately trained coders applying the most recent Abbreviated Injury Scale (AIS) Revision (or as otherwise prescribed by the Authority) and claims in accordance with the Authority’s Motor Accident Insurance Regulation Injury Coding Standards and agreed timeframes

(b) provide up-to-date, accurate and complete data to the Universal Claims Database (UCD), in accordance with the Act and the Universal Policy Database (UPD) and the UCD Claims Data Manual, as amended from time to time, or as otherwise required by the Authority

(c) inform the Authority of any data quality issues as soon as the insurer becomes aware

(d) maintain consistency between information on the claim file and data submitted to the UCD and record any changes in accordance with the UCD Claims Data manual, as amended.

3.34 If the Authority becomes aware of any data quality issues, the Authority may request the insurer to resubmit the data and provide information on data quality controls.

3.35 Insurers must correct any errors that are notified through the UCD according to the timeframes for each of the following categories defined in the UCD Claims Data manual:

(a) Tier 0 validation checks for corrupted or wrongly formatted data - next business day

(b) Tier 1 validation checks for data essential to scheme performance measures - 10 business days

(c) Tier 2 and Tier 3 validation checks for all other data - 20 business days.

3.36 Insurers must comply with any Authority requirements for data exchange and centralised claim notification. Insurers must participate in online claims submission as determined by the Authority.

3.37 Insurers must retain digital claims files information and data for a minimum of:

(a) 30 years after the date the claim was made, or

(b) 30 years after the claimant turns 18 years of age, whichever is later.

3.38 Where an insurer notifies customers, claimants, service providers and/or the Australian Information Commissioner of a Notifiable Data Breach (in accordance with the Privacy Act 1988 (Cth)), the insurer must, at the same time, also notify the Authority. The notification to the Authority must:

(a) confirm that the insurer has fully complied with the law in terms of the notification

(b) confirm that the insurer has investigated, or is investigating, where and why the breach occurred

(c) set out what steps are being taken or have been taken to remedy the breach and future breaches

(d) set out what has been, or is being, suggested to rebuild trust with the affected claimants, customers and/or other stakeholders in terms of the handling of their personal and health information.

Self-assessment

3.39 An insurer must undertake self-assessment of its compliance with the Act and Guidelines in its management practices annually or more frequently as directed by the Authority. The self-assessment must comply with the requirements set out in SIRA’s Self-Assessment Tool.

3.40 An insurer must provide an annual self-assessment report to the Authority. This report must include the insurer’s assessment of its compliance with the Act and statutory instruments made under the Act (including these Guidelines), and details of all instances of its failure to comply (non-compliance) with legislative, guideline and Customer Service Conduct Principle requirements.

3.41 The Authority may conduct a review of an insurer’s self-assessment at any time by auditing the insurer’s files.

Back to top