Closer scrutiny needed on code breach causes: IBCCC
The Insurance Brokers Code Compliance Committee (IBCCC) has questioned whether breaches are being adequately investigated for their causes as it again raises concern over the level of subscriber reporting.
The Annual Data Report says for the fifth year in a row subscribers attributed most breaches to people-related causes, but “insufficient training” was reported as the root cause of comparatively few breaches.
“This is perplexing. If staff and authorised representatives are receiving adequate training, we should not see so many breaches caused by people-related issues,” IBCCC Independent Chair Oscar Shub says.
“It leaves us wondering whether training is not good enough or whether subscribers are simply choosing ‘manual error’ or ‘process and procedure not followed’ as a default options rather than properly investigating and reporting the true root cause of a breach.”
The data also shows “a concerning lack of detail” about the actions some subscribers took to remediate breaches. In the case of 23% of breaches, subscribers used the category “other” to describe their short-term remedial action.
The detailed analysis of self-reported breaches and complaints from last year expands on data in the recent IBCCC annual report, which showed that 175 brokers reported no breaches and 152 reported no complaints.
More subscribers reported breaches compared with the previous year, but Mr Shub says the data remains worrying and prompts questions about the thoroughness of self-assessment. The IBCCC also wants brokers to look more closely at the root causes of breaches.
“We urge our subscribers to shift their focus from simply identifying the 'who' and 'what' of breaches to understanding 'why' they occur,” Mr Shub said. “This shift in perspective can lead to more effective preventive measures and ultimately better consumer outcomes.”
Last year there were 3405 reported breaches, down from 3570 the year before, with a financial impact of $3.2 million affecting 412,800 clients. Reported complaints rose to 2252 from 1742.
The increase in the number of clients impacted jumped from 20,503 in the previous year due to one “category A” subscriber, which describes a firm with more than 100 full-time equivalent staff, that reported 12 breaches impacting 383,500 clients.
The most frequently reported breaches in 2022 related to purchasing insurance, managing claims, and adherence to legal requirements, comprising just over 78% of all breaches.
For the 2022 Annual Compliance Statement, all subscribers that reported zero breaches and complaints were required to provide a brief description of their processes and procedures for monitoring code compliance, with a separate report to be published later this year.
Mr Shub says the findings from that are illuminating, and in some cases subscribers are misinterpreting obligations and failing to identify and report breaches and complaints.
National Insurance Brokers Association (NIBA) CEO Phil Kewin notes that the data from the report highlights the commitment of subscribers to the code and its principles.
“We are encouraged to see that while the number of subscribers reporting breaches increased by 17%, the overall number of recorded breaches reduced by 5%,” he said.
The latest data report covered a period when both the 2014 and 2022 codes were in effect, and NIBA says it’s expected the number of subscribers reporting breaches will rise due to the significantly clearer principles and guidance in the updated document.
“In addition, we are continuing to work with the IBCCC and our members to improve both the communication of the necessity to record breaches, as well as addressing some of the reporting mechanisms that are proving to be obstacles for expedient and efficient reporting,” Mr Kewin said.
The report is available here.