Posted: 13 May 2022 10 min. read

Cracking the Codes

Lessons to leverage in implementing the Codes of Practice and enhancing Code compliance across financial services

Regulation of the Australian financial services industry is multi-faceted, with competing obligations and requirements across legislation, regulation, and the industry Codes of Practice. In the wake of the shifting culture across the industry over the past few years, and the need to embed a customer-centric approach, the Codes of Practice have become increasingly important in improving service standards and supporting positive customer outcomes. 

While the Banking Code of Practice (‘BCoP’), the General Insurance Code of Practice (‘GICoP’), and the Life Insurance Code of Practice (‘LICoP') (collectively ‘the Codes’) are established elements of the financial services regulations, changing regulatory expectations and recent changes to enforceability have placed a spotlight on subscribers’ Code compliance. 

The Codes aim to serve the common purpose of supporting better customer outcomes, as demonstrated by the below focus area, they are however at different points in their implementation and operationalisation by subscribers, and enforceability by the regulator.

This blog explores some of the challenges faced to date by subscribers of the Codes, and insights and learnings for firms to consider in enhancing Code compliance across the industry. 

What are the challenges and lessons learnt?

A shift in attitude toward the Codes

The Banking Code of Compliance Committee (‘BCCC’), which oversees the implementation of BCoP, identified that subscribers should consider going beyond minimum compliance, as the key to the successful implementation of the Code is the attitudes of the subscriber firm and its leadership teams.1

Lesson: Subscribers should seize the opportunity presented by committing to the Codes to assess and further build out their proactive compliance culture and set the right tone from the top. The insurance industry should be considering the same for GICoP and LICoP compliance. 

Leaders across financial services should make conscious efforts to set expectations of the business beyond minimal compliance. This will likely facilitate ongoing compliance through achieving better customer outcomes.

Align operations to obligations

Subscribers are more likely to struggle to meet the requirements of the Codes if the approach to compliance with the Codes is not integrated into the day-to-day operations and the Code provisions are not inter-connected to similar regulatory requirements. 

Lesson: Subscribers should take a holistic view of existing obligations by understanding the interplay/overlap between the Code requirements and other existing regulatory requirements . Additionally, subscribers should aim to align all obligations across legislation, regulation and the Codes (particularly where enforceable) to strengthen their compliance frameworks. For example, subscribers should aim to understand and align overlapping obligations that sit across the Codes, the legislation and regulation regarding complaints management and Internal Dispute Resolution (‘IDR’). In doing so, subscribers should note the enforceable nature of specific provisions in the IDR Regulatory Guide 271 (‘RG 271’).

Breach reporting (including ‘significant breaches’2)

Recent reports conducted by the governing bodies of the Codes identified issues with the way subscribers identify, report and rectify breaches, including subscribers:

  • rely too heavily on customer complaints, queries, or feedback to identify breaches;3
  • are not adequately reporting significant breaches to ASIC based on the numbers that have been reported within the insurance sectors;4 and
  • lack adequate systems, processes and controls, and oversight to prevent breaches caused by ‘human error’, and that there is over-reliance on ‘training’ as a means for remediation and corrective action.

Lesson: Subscribers should consider investing in technology, reviewing and uplifting processes and systems, and reviewing organisational capability and roles to enable and support the effective identification, reporting and prevention of Code breaches, as well as implementing better governance over breach identification and root-cause analysis. Taking a holistic approach on this front will enable better compliance monitoring and enhance the ability to identify a potential breach.

What to turn your mind to?

Based on the current regulatory ecosystem, coupled with the erosion of trust between customers and the financial services industry following the Financial Services Royal Commission, it is imperative that firms consider the importance of the Codes, and how they can adopt and embed the Code obligations into existing and future operations. Below we have outlined below some key focus areas and activities for firms to consider:

1. Final Report Independent Review of the Banking Code of Practice November 2021
2. Significant Breach as outlined in General Insurance Code of Practice 5 October 2021, Part 16: Definitions
3. BCCC Report: Banks’ compliance with the Banking Code of Practice – Jan to June 2021, page 9
4. Living the Code: Embedding Code obligations in compliance frameworks, page 5; Monitoring Compliance with the Life Insurance Code of Practice 2020-21 Retrospective, page 4

Contact us

Rosalyn Teskey

Rosalyn Teskey

Partner, Audit & Assurance

Rosalyn is a partner in Deloitte's Melbourne office in the Governance, Regulation and Conduct practice. She specialises in supporting firms to design and assess frameworks to treat customers fairly, including the development of conduct, product governance, sales practices and complaints handling frameworks. Rosalyn co-leads our Accountability practice and leads Deloitte’s Design and Distribution and product governance offering.

Bhrajna Kalaiya

Bhrajna Kalaiya

Director, Audit & Assurance

Bhrajna is a Director in Deloitte’s Governance, Regulation and Conduct practice. She has a focus on insurance and has extensive experience in supporting insurers on engagements relating to regulatory change and conduct. This includes design of frameworks, reviews and implementation relating to product design and governance, sales practices, claims handling and complaints.

Lingwei Low

Lingwei Low

Director, Audit & Assurance

Lingwei is a Director in the Governance, Regulation and Conduct team in Melbourne. She supports clients across the financial services sector in regulatory change activity to enable compliance through process, controls and capability uplift. She has supported a number of financial institutions in implementing the recently enhanced breach reporting regime, including in the design and implementation of new incident management frameworks.

More about our authors

Kavir Kalian

Kavir Kalian

Senior Manager, Audit & Assurance

Kavir is a Senior Manager in Deloitte’s Governance, Regulation and Conduct Practice. He specialises in supporting banking, insurance, superannuation and wealth management clients navigate through regulatory change, with a focus on designing and implementing conduct frameworks.

Ivan Yudistira

Ivan Yudistira

Manager, Audit & Assurance

Ivan is a Manager in the Governance, Regulation and Conduct team in Melbourne. He specialises in supporting clients across the banking sector navigate through regulatory change activity to enable compliance through process, controls and capability uplift.