Skip to main content

Cracking the Codes

Lessons to leverage in implementing the Codes of Practice and enhancing Code compliance across financial services

Regulation of the Australian financial services industry is multi-faceted, with competing obligations and requirements across legislation, regulation, and the industry Codes of Practice. In the wake of the shifting culture across the industry over the past few years, and the need to embed a customer-centric approach, the Codes of Practice have become increasingly important in improving service standards and supporting positive customer outcomes. 

While the Banking Code of Practice (‘BCoP’), the General Insurance Code of Practice (‘GICoP’), and the Life Insurance Code of Practice (‘LICoP') (collectively ‘the Codes’) are established elements of the financial services regulations, changing regulatory expectations and recent changes to enforceability have placed a spotlight on subscribers’ Code compliance. 

The Codes aim to serve the common purpose of supporting better customer outcomes, as demonstrated by the below focus area, they are however at different points in their implementation and operationalisation by subscribers, and enforceability by the regulator.

This blog explores some of the challenges faced to date by subscribers of the Codes, and insights and learnings for firms to consider in enhancing Code compliance across the industry.

A shift in attitude toward the Codes

The Banking Code of Compliance Committee (‘BCCC’), which oversees the implementation of BCoP, identified that subscribers should consider going beyond minimum compliance, as the key to the successful implementation of the Code is the attitudes of the subscriber firm and its leadership teams1

Lesson: Subscribers should seize the opportunity presented by committing to the Codes to assess and further build out their proactive compliance culture and set the right tone from the top. The insurance industry should be considering the same for GICoP and LICoP compliance. 

Leaders across financial services should make conscious efforts to set expectations of the business beyond minimal compliance. This will likely facilitate ongoing compliance through achieving better customer outcomes.

Align operations to obligations

Subscribers are more likely to struggle to meet the requirements of the Codes if the approach to compliance with the Codes is not integrated into the day-to-day operations and the Code provisions are not inter-connected to similar regulatory requirements. 

Lesson: Subscribers should take a holistic view of existing obligations by understanding the interplay/overlap between the Code requirements and other existing regulatory requirements . Additionally, subscribers should aim to align all obligations across legislation, regulation and the Codes (particularly where enforceable) to strengthen their compliance frameworks. For example, subscribers should aim to understand and align overlapping obligations that sit across the Codes, the legislation and regulation regarding complaints management and Internal Dispute Resolution (‘IDR’). In doing so, subscribers should note the enforceable nature of specific provisions in the IDR Regulatory Guide 271 (‘RG 271’).

Breach reporting (including ‘significant breaches’2)

Recent reports conducted by the governing bodies of the Codes identified issues with the way subscribers identify, report and rectify breaches, including subscribers:

  • rely too heavily on customer complaints, queries, or feedback to identify breaches3;
  • are not adequately reporting significant breaches to ASIC based on the numbers that have been reported within the insurance sectors4;and
  • lack adequate systems, processes and controls, and oversight to prevent breaches caused by ‘human error’, and that there is over-reliance on ‘training’ as a means for remediation and corrective action.

Lesson: Subscribers should consider investing in technology, reviewing and uplifting processes and systems, and reviewing organisational capability and roles to enable and support the effective identification, reporting and prevention of Code breaches, as well as implementing better governance over breach identification and root-cause analysis. Taking a holistic approach on this front will enable better compliance monitoring and enhance the ability to identify a potential breach.

Based on the current regulatory ecosystem, coupled with the erosion of trust between customers and the financial services industry following the Financial Services Royal Commission, it is imperative that firms consider the importance of the Codes, and how they can adopt and embed the Code obligations into existing and future operations. Below we have outlined below some key focus areas and activities for firms to consider:


1. Final Report Independent Review of the Banking Code of Practice November 2021

2. Significant Breach as outlined in General Insurance Code of Practice 5 October 2021, Part 16: Definitions

3. BCCC Report: Bank's compliance with the Banking Code of Practice–Jan to June 2021,page 9

4. Living the Code: Embedding Code obligations in compliance frameworks, page5; Monitoring Compliance with the Life Insurance Code of Practice 2020-21 Retrospective, page 4