Requirements of the business plan
3.1 Under Division 9.2, section 9.18 of the Act, each insurer must prepare and deliver to the Authority a Motor Accident Business Plan (business plan) as soon as practicable after it is requested to do so by the Authority.
3.2 Insurers are to prepare and deliver to the Authority a business plan on, or not more than 30 days after, each anniversary of the grant of their licence. Insurers are also to prepare and deliver a revised business plan before implementing any significant change to the conduct of their third-party insurance business (including but not limited to strategy in respect of claims handling, pricing or product distribution).
3.3 If the insurer operates more than one third-party insurance business (for example, the insurer issues third-party policies under multiple brands), then the insurer must prepare and deliver a business plan covering all of the third-party insurance businesses and any business associated with third-party policies of the insurer either in a single business plan (highlighting where the practices of the businesses/brands differ from one another) or separate business plans for each.
3.4 A business plan prepared by a licensed insurer under section 9.18 must include:
(a) a complete description of the manner in which the third-party business is to be conducted (including but not limited to claims handling, management, expenses and systems). The description must:
- include the structure and operating methods for each distribution channel and any plans for change within the next 12 months
- demonstrate how the insurer’s conduct, culture and appetite for risk in the business satisfies the principles and objectives of insurance, benefits and support under the Act and in these Guidelines. Culture and appetite for risk is not limited to Schedule 3A
(b) a letter from the board of directors of the insurer to the Authority (whether signed by the directors, or on behalf of the directors by an officer authorised to sign on their behalf) confirming present and continuing compliance with Australian Prudential Regulation Authority’s (APRA) Prudential Standard CPS 232 or, if replaced, with the APRA prudential standard addressing business continuity management by authorised general insurers, including the development and maintenance of a business continuity plan.
3.5 The Authority may require further details by notice in writing in order to clarify the business plan.
3.6 Insurers must notify the Authority of any breach of these Guidelines.
3.7 Insurers must, on request from the Authority, submit copies of their customer communication templates, including third-party certificates and customer information packs.
3.8 When requested by the Authority, insurers must submit scripts, training manuals and other supporting tools used by sales staff for review and approval. Each insurer must, on request from the Authority, provide other documents related to third-party policies.
3.9 Insurers must amend any document submitted to the Authority if required to do so by the Authority.
Schedule 3A: Culture requirements for insurers
3.10 An insurer’s business plan must include the matters enumerated in this section relating to the alignment of institutional culture with the objects of the Act.
3.11 A definition of the insurer’s target institutional culture.
3.12 A detailed plan of the steps to be taken:
(a) to maintain or, if necessary, create an institutional culture directed to:
- openness and transparency in dealings with the Authority
- openness in the exchange of views, challenge and debate internally in relation to matters of management, regulatory compliance, claims handling and customer service
- adaptability to changing regulatory, commercial and policyholder demands
- prioritisation of customer service and outcomes, including the early resolution of motor accident claims and the quick, cost-effective and just resolution of disputes
- appropriate and balanced incentive structures, remuneration and performance metrics
- the understanding by the insurer’s senior managers, and the insurer’s employees generally, of the insurer’s values and how they are applied in practice
(b) to embed, monitor and (where appropriate) effect changes to the insurer’s institutional culture as it relates to each of the matters outlined in the above clause.
3.13 Details of:
(a) arrangements for conducting an annual employee engagement survey
(b) processes for assessing the results of employee engagement surveys.
3.14 Details of the:
(a) mechanisms established for personnel to elevate and report concerns about practices within the insurer, even when not making any specific allegation of wrongdoing
(b) processes for assessing such reports and identifying and addressing any unsatisfactory practices.
3.15 Details of:
(a) key performance indicators that apply to personnel engaged in the insurer’s third-party insurance business (including claims handling, management, expenses and systems)
(b) the processes for assessment of personnel against those key performance indicators and the effectiveness of those key performance indicators to influence desired behaviours.
3.16 Details of the processes for:
(a) annual independent assessment of the insurer’s institutional culture as it relates to the matters enumerated in clause 3.12 (above)
(b) development of action items arising out of this assessment
(c) implementation of these action items.
3.17 An explanation of the organisational structures to monitor the effectiveness of, and ensure accountability for, the arrangements, mechanisms, processes and performance metrics enumerated in clauses 3.13 to 3.16 (above).
3.18 An explanation of the governance structures by which the board of directors of the insurer will form a view of the risk culture in the institution and the extent to which that culture supports the ability of the institution to operate consistently within its risk appetite, identifies any desirable changes to the risk culture and ensures the institution takes steps to address those changes.
3.19 A complaint is an expression of dissatisfaction made to the insurer or its agent related to its products or services, or the complaints-handling process itself, where a formal response or resolution is explicitly or implicitly requested.
3.20 All complaints made to the insurer or its agents in relation to a third-party policy or claim must be handled in a fair, transparent and timely manner.
3.21 A robust complaints-handling process provides the complainant with confidence that they are heard, their feedback is taken seriously, and insurers are accountable for their actions. The insurer must have a documented internal complaint and review procedure, the terms of which must be set out in the insurer’s business plan.
3.22 Information about how to make a complaint and the complaints-handling procedures must be readily available and accessible to all stakeholders.
3.23 Complaints-handling procedures must refer to the rights of the customer to escalate a complaint to the Authority if they are dissatisfied with the insurer’s response to their complaint.
3.24 The insurer must acknowledge all complaints in writing within 5 business days of their receipt. The acknowledgement must include:
(a) if the insurer can resolve the complaint to the satisfaction of the complainant within 5 business days from the receipt of the complaint – the insurer’s written decision resolving the complaint
(b) if the insurer cannot resolve a complaint to the satisfaction of the complainant within 5 business days from the receipt of the complaint – a copy of the insurer’s complaints procedure and the contact details of the representative(s) of the insurer handling the complaint.
3.25 If the insurer cannot resolve the complaint to the satisfaction of the complainant within 5 business days, the insurer must resolve the complaint within 20 business days from the date of receipt and notify the complainant in writing of:
(a) the insurer’s decision and the reasons for that decision
(b) the opportunity to have the complaint considered by a more senior representative of the insurer who is independent of the original decision-maker
(c) information on the availability and the contact details of external complaint or dispute resolution handling bodies (including the Authority) in the event that the complainant is dissatisfied with the insurer’s decision or procedures.
3.26 Insurers must keep a record of all complaints they or any of their agents receive in a complaints register and provide a summary report to the Authority every six months. This report is due within 30 business days of the end of the 30 June and 31 December reporting periods. It should be formatted as set out by the Authority and include a complaints trend analysis of the risks and potential issues.
Information and data integrity
3.27 Information and data integrity is critical to the scheme and to demonstrating insurer performance. Accurate, up-to-date and complete information promotes the credibility and accountability of the scheme and those operating within it.
3.28 At the direction of the Authority, an insurer must provide timely, accurate and complete information, including but not limited to:
(a) insurer claims manuals, policies and procedure documents, including updates as they occur
(b) policyholder and claimant information packs
(c) standard letter templates
(d) self-audit results, including quality assurance reporting
(e) complaints received by the insurer about its handling of matters
(f) policyholder and claimant survey results
(g) training plans and logs, and/or data breaches that affect the privacy of a policyholder, claimant or their family.
3.29 An insurer must:
(a) code the claimant’s injuries by using appropriately trained coders applying the Abbreviated Injury Scale (AIS) 2005 Revision (or as otherwise prescribed by the Authority) and claims in accordance with the Authority’s Motor Accident Insurance Regulation Injury Coding Guidelines and agreed timeframes
(b) provide up-to-date, accurate and complete claims data to the Motor Accidents Claims Register, in accordance with the Act and the claims register coding manual, as amended, or as otherwise required by the Authority
(c) inform the Authority of any data quality issues as soon as the insurer becomes aware
(d) maintain consistency between information on the claim file and data submitted to the claims register and record any changes in accordance with the claims register coding manual, as amended.
3.30 If the Authority becomes aware of any data quality issues, the Authority may request the insurer to resubmit the data and provide information on data quality controls.
3.31 Insurers must comply with any Authority requirements for data exchange and centralised claim notification. Insurers must participate in online claims submission as determined by the Authority.
3.32 Insurers must retain digital claims files information and data for a minimum of:
(a) 30 years after the date the claim was made, or
(b) 30 years after the claimant turns 18 years of age, whichever is later.
3.33 Where an insurer notifies customers, claimants, service providers and/or the Australian Information Commissioner of a Notifiable Data Breach (in accordance with the Privacy Act 1988), the insurer must, at the same time, also notify the Authority. The notification to the Authority must:
(a) confirm that the insurer has fully complied with the law in terms of the notification
(b) confirm that the insurer has investigated, or is investigating, where and why the breach occurred
(c) set out what steps are being taken or have been taken to remedy the breach and future breaches
(d) set out what has been, or is being, suggested to rebuild trust with the affected claimants, customers and/or other stakeholders in terms of the handling of their personal and health information.
3.34 An insurer must undertake self-assessment of its compliance with the Act and Guidelines in its claims management practices annually or more frequently as directed by the Authority, using SIRA’s Self-Assessment Tool.
3.35 An insurer must provide a self-assessment report to the Authority. This report must include the insurer’s assessment of its compliance and any failure to comply (non-compliance) with legislative, guideline and case management practice requirements.
3.36 Where an insurer identifies one or more instances of non-compliance, the insurer’s self-assessment report must:
(a) set out the nature of non-compliance and if and how it has affected claimants and their entitlements under the Act
(b) advise if the same non-compliance has occurred before
(c) explain the action the insurer has taken to investigate the extent of the non-compliance
(d) explain the action the insurer has or is taking to remedy the non-compliance
(e) explain the insurer’s monitoring/auditing strategy to avoid any ongoing or similar future non-compliance
(f) set out the timeframes to resolve the non-compliance.
3.37 The insurer must confirm in writing to the Authority when the non-compliance has been resolved.
3.38 The Authority may conduct a review of an insurer’s self-assessment at any time by auditing the insurer’s files.