Beyond the numbers: Building insurance broking compliance

The results of the latest Annual Data Report from the Insurance Brokers Code Compliance Committee highlights a concerning trend around governance, breach detection and timely communication.

While recorded breaches and complaints rose by 19% and 14% respectively, more than 40% of brokers reported no breaches or complaints at all.

Does this reflect a culture under-reporting, or are the systems and processes for breach detection simply not up to scratch? Poor communication practices emerged as a key concern from the report findings.

Top brokers leading change

In 2024, 38% of all complaints were service-related, including delays in claims handling (15%) and general service delays (13%). Breaches related to remuneration disclosure also increased significantly in the past year, from just 42 in 2023 to 334 in 2024.

Tetiana George, CEO & Co-Founder of risk and compliance platform Curium, says IBCCC’s report paints a mixed picture.

“Compared to the previous report, fewer brokers are reporting anything at all, but those who do report are reporting more,” she says.

“This points to a widening gap – some brokers are embedding compliance and reporting into their culture, while others remain disengaged.”

Paul Muir, Managing Director, Compliance Advocacy Solutions, says the increase in reported Code breaches and complaints is consistent with his experience in working with general insurance brokers.

“When compliance is part of the culture of a broker and supported by training for staff and authorised representatives, as well mechanisms to facilitate reporting, it is common to see these types of increases,” he says.

“This should be viewed positively, as a culture of compliance will ensure that incidents, breaches and complaints are identified and raised promptly.

This leads to better client outcomes and business operational continuous improvement, and is evidence of adequate compliance measures.”

However, Muir acknowledges that 40% of brokers reported no breaches or complaints at all.

He says this finding is consistent with ASIC's recent report Reportable situations: Findings of ASIC’s review and how licensees can improve compliance with the regime, which found that over a three-month period, half of licensees in the review recorded fewer than five incidents in their incident registers.

Improvement too slow

Even allowing for different sectors, business models and compliance measures, the review found this to be very low and suggested “deficiencies in incident identification, which in turn affects breach identification”.

“One of the key reasons for low reporting is not having a clear definition of an incident and staff not knowing what they are looking for,” says Muir.

“ASIC provides a very good example of a simple definition of an incident that assists staff and authorised representatives to identify incidents: ‘An incident is an event that occurs where something has gone wrong.’”

Under-reporting of breaches and complaints can threaten the industry’s reputation and jeopardise client trust, especially when customers expect transparency.

“In Australia, most regulations are designed to protect customers,” says George. “They require brokers to be fair, honest and to act in their clients’ best interests. In that sense, compliance is not just a legal obligation, it’s a marker of good business practice.”

In New Zealand, the Financial Markets Authority (FMA) also emphasises professional conduct and disclosure, and the Financial Markets (Conduct of Institutions) Amendment Act 2022 (CoFI) is designed to protect consumers by putting them at the forefront of institutions’ decisions and actions.

Jane Brown, Head of Insurance at FMA, says the regulator has taken proceedings against a number of entities in recent years where a failure to treat customers fairly has resulted in customers being overcharged premiums or not getting what they should have received under their policy.

“CoFI, together with the wider Financial Markets legislation, provides us with a toolkit to regulate insurers to ensure that they have policies, processes, systems and controls in place to support fair treatment of consumers and to ensure that these failures don’t continue to occur,” she says.

“We expect that, over time, we will see a reduction in self-reports to the FMA and in remediations to consumers.”

However, Brown notes that financial institutions under the CoFI regime, and financial advice providers (which covers brokers) who have been licensed by the FMA since the Financial Services Legislation Amendment Act, must comply with a ‘notification of material changes’ standard condition.

This includes where an entity has contravened or is likely to contravene the legislation in a material way.

“Self-reporting remains an important requirement for the FMA to know about conduct that falls short of the mark, and which may need further enquiries or investigation,” she says.

“As the FMA has said publicly, delayed, incomplete self-reporting is considered to be an aggravating factor. And, earlier in 2025, the FMA’s CEO, Samantha Barrass, said that we will be looking at firms where there has been limited or no self-reporting in the past.”

Embedding a culture of compliance

Due to the complex nature of insurance and broking operations, Muir says it is “a false assumption” to accept that a broking business does not experience breaches or complaints.

“A mindset of professional scepticism should be adopted by management when the business states that they have nothing to report,” he says.

“Is it a case of genuinely no incidents, breaches or complaints have occurred, or did they occur and they were just not identified?”

Muir says brokers should use a combination of people and technology resources to embed compliance into everyday practices

“Compliance should be part of the customer experience – at each stage of the customer engagement, brokers are clear in what they need to say and do,” he says.

“This includes when to provide a Terms of Engagement, a Financial Services Guide and the Informed Consent for Insurance Commissions Notice”.

George says embedding compliance into everyday practice requires a change to the language of compliance.

“The language we use matters,” she says. “Expecting a broker to understand and identify more than 150 technical Australian financial services licence obligations is unrealistic.

"Even the term ‘breach’ can be alienating. Reframing it in plain language makes compliance more accessible and less intimidating.”

George also recommends “reinforcing the basics”.

“A complaint is defined as any expression of dissatisfaction — even if it isn’t directed at the broker. Repeating this definition consistently is crucial so that staff instinctively recognise and record complaints rather than dismissing them.”

Making the process easy

Reporting should also be made effortless, adds George. “Recording a complaint or incident should not take more than a minute,” she says.

“If processes are clunky, reporting rates will suffer. Technology and streamlined workflows can make compliance an everyday habit, not a burden.

“The reality is that it is statistically impossible for a broker dealing with retail clients to go through an entire year without a single complaint or incident,” says George.

“For many firms, under-reporting remains the norm. Until reporting becomes universal and honest, the industry will continue to face questions about whether it truly understands and manages its obligations under the Code.”

The early identification of incidents, breaches and complaints assists in minimising harm or detriment to clients and forms an important layer of compliance protection.

When it comes to shaping stronger governance frameworks, Muir suggests an “operating rhythm approach” to compliance.

“People are trained to be an 'early warning system' for the brokerage, constantly scanning the environment for 'things going wrong', complemented by the use of technology,” he says.

“Breach and complaint data is not only used for customer remediation and rectification but also as a source of continuous improvement and better client outcomes.

"This requires a feedback loop and considering 'what did we learn?' from each identified incident and complaint."

Muir adds that data must be analysed and trends and themes must be identified and reported to senior management and the board.

“This ensures both a top-down and bottom-up approach to compliance, resulting in enhanced business operations and better client experiences,” he says.