Systemic systems failures: Lessons from recent fair dealing enforcement action

  • Publications and reports

    31 August 2023

Systemic systems failures: Lessons from recent fair dealing enforcement action Desktop Image Systemic systems failures: Lessons from recent fair dealing enforcement action Mobile Image

The regulatory focus on fair dealing has never been higher. Since June 2020, the FMA has brought seven proceedings in relation to breaches of the fair dealing provisions in Part 2 of the Financial Markets Conduct Act 2013 (FMCA). Of those, five relate to insurance products.

The FMA and the Courts are focused on deterrence. As Justice Muir noted in a recent case, the penalty “creates a strong incentive for financial institutions, and particularly large and well-resourced ones… to maintain adequate processes and systems”.

From these proceedings, there are two key takeaway points for insurers:

  • Invest sufficiently and regularly into your systems to ensure they are reliable and fit for purpose; and
  • Systems need to be regularly checked for issues, and any issues need to be appropriately escalated.

We explore these points in this article.

We have also commented on the importance of self-reporting issues and remediation in a previous article.

A summary of the recent fair dealing proceedings

Each of the insurance-related fair dealing proceedings commenced to date have involved insurers making representations to customers admitted to be false or misleading (in breach of section 22 of the FMCA).

In each case, the breach related to the insurer’s failure to have appropriate systems and processes in place that would ensure the representations it had made to its customers were correct rather than deliberate misrepresentation.

Examples involved systems failures in relation to:

  • not applying discounts or benefits correctly – including passbacks, multipolicy discounts and no claims bonuses;
  • cover cessation, duplication of cover and charging premiums after termination of policies; and
  • incorrect inflation adjustments specified by the companies’ policies.

Across a wide variety of types of insurance policies, the relevant representations were often made to customers through marketing material, invoices, or policy anniversary letters. In each case, as the insurer did not deliver on the statements made in these documents, or in relation to their policies, the FMA considered that the insurer made a false or misleading representation to customers.

Another feature of several of the cases is that they came to the attention of the FMA wholly or partly as a result of self-reporting, and steps were underway to remedy the systems issues. In many cases the insurers had already compensated the customers for the loss.

Out of the actions taken against insurance companies, the largest penalty imposed was $3.575 million (also the largest penalty secured by the FMA in an enforcement case to date). The three most recent alleged breaches are ongoing investigations, but the FMA is seeking declarations and pecuniary penalties for all three.

So it appears that the purpose of the FMA taking enforcement action was as indicated by Muir J’s quote above – to create a strong financial incentive to avoid aspirational marketing claims unless they are rigorously underpinned by reliable systems that would always deliver on them.

Learning 1: Invest sufficiently and regularly in your systems to ensure they are reliable and fit for purpose.

On 30 September 2022, Margot Gatland (FMA’s Head of Enforcement) said that “financial institutions will be held to account if they fail to sufficiently invest in systems, controls and processes that ensure all customers are treated fairly… Customers should be able to rely on the robustness of their insurer’s systems”.

Although the proceedings issued to date all related to systems errors, the kinds of errors involved were varied. Common systems errors included:

  • sales and fulfilment system errors;
  • integration of policy administration systems, including internally and as between intermediaries and the insurer;
  • policy administration systems not configured to deliver on a representation; and
  • manual data entry errors (by employees or intermediaries), which were not picked up.

Investment in systems should be a priority for each insurer. Insurers should be evaluating their systems to ensure that they are reliable, fit for purpose and can deliver on the promises made to customers. In particular, insurers should be considering whether each of the system deficiencies noted in the recent proceedings could also apply to its systems. Insurers should also consider how their systems interact with others – such as intermediaries.

Investment in systems is particularly important given the nature of the insurance product provided. The FMA considers that compliance with the fair dealing obligations is particularly important given the nature of insurance products and the increased likelihood for harm. In one judgment, it was noted that a special relationship exists as between an insurer and a policyholder, such that the policyholder should be entitled to expect clear and transparent communication. Further, in a number of the recent proceedings, the FMA claimed that errors in relation to the payment of claims or cessation of cover caused emotional harm as well as direct financial harm. This is particularly the case where the systems errors relate to health or life insurance products.

Learning 2: Systems need to be regularly checked for issues, and any issues need to be appropriately escalated

While the FMA acknowledges that systems errors may be unintentional, where a systems error has continued without identification or remediation, the FMA considers this to be a conduct issue.

If an insurer can demonstrate active reviews of its systems and processes, this may be considered a mitigating factor in the event of a breach. Further, while timely self-reporting may mitigate the level of penalty compared to what would be sought if the FMA detected the problem itself (e.g. as a result of customer complaints) it will not mean a significant penalty will not be considered appropriate. We discussed this further in our previous article.

In one of the proceedings, the scale of the error was not fully identified until after the FMA requested a more comprehensive investigation. In another, the FMA considered the insurer was slow to investigate the issue, despite pressure to do so from an intermediary.

Insurers need to consider whether their internal risk systems adequately allow for the identification and escalation of issues. In particular, insurer’s processes should prescribe regular system reviews, with reporting of any issues escalated through governance channels. Each system review needs to ensure that the system is both operationally effective and fit for purpose.

Taking a proactive approach is crucial: the longer it takes for an insurer to identify and escalate these errors, the greater the harm to customers and therefore the potential penalty which will be sought as an incentive to that financial institution and others to avoid similar conduct in the future.

Learning 3: Before making aspirational marketing claims, substantiate them. That means making sure that the systems and processes underlying them are capable of always delivering on what has been promised.

Part 2 of the FMCA is not only concerned with intentional or negligent misrepresentation. It also prohibits making representations which are unsubstantiated, irrespective of whether the representation in fact proves to false or misleading.

What that means is that rigorous verification needs to be undertaken at the time any claims are made in relation to products or services, that the claims not only can, but will be delivered. In the context of offering a benefit such as a discount or bonus, that will mean ensuring that the relevant systems will deliver the benefit.

Implementing these lessons is crucial ahead of the incoming CoFI regime

Ensuring systems are fit for purpose will become a regulatory requirement when the conduct regime comes in to forece on 31 March 2025. The FMCA (once amended by the Financial Markets (Conduct of Institutions) Amendment Act 2022) will require financial institutions to construct a fair conduct programme which sets out policies, processes, systems, and controls that are designed to ensure the financial institution’s compliance with the fair conduct principle (being, essentially, the duty to treat customers fairly).

Financial institutions will need to set out how their systems support fair treatment of customers. Financial institutions will also be required to take all reasonable steps to comply with their fair conduct programme.

We consider that, if a systems error occurs once the CoFI regime comes into force, that the FMA may take the view that:

  • the financial institution has not complied with the fair conduct principle; and
  • the financial institution has not taken all reasonable steps (including to review its systems regularly to ensure they deliver fair outcomes) to comply with its fair conduct programme.

When the new CoFI regime comes into force, the penalty for a breach of this nature may, in addition to any action brought by the FMA in relation to Part 2 of the FMCA, include the FMA suspending or cancelling its conduct licence.