The General Insurance Code Governance Committee has released a guide to identifying and handling significant breaches after two subscribers were penalised in the past eight months.

Last month, an unnamed insurer was sanctioned the maximum $100,000 over failures in the handling of customer claims and complaints, and last June Allianz copped a $50,000 penalty over its response to a claim from a policyholder in regional Australia.

The committee says it produced the guide after its inquiries revealed a common failing among subscribers.

“These findings point to a failure by subscribers to understand and interpret the definition of a ‘significant breach’ as set out in the code and to an unwillingness or unpreparedness to review breaches and their root causes for evidence of systemic failings and major problems,” the guide says.

“Subscribers should be rigorous and timely in their identification and reporting of significant breaches to the [committee], and should have a clear understanding of the root cause of significant breaches.

“This is to ensure that the need for remediation actions can be properly assessed and to help prevent similar breaches from reoccurring.”

Part 16 of the code lists five factors that define a significant breach, including duration of the breach, extent of the issue, and actual or potential financial loss caused.

“In assessing whether a breach is significant, you must consider each of these five factors,” the guide says. “A breach may be significant even if only one of the factors applies, or where there is a combination of factors.

“Similarly, a significant breach does not need to impact multiple consumers. A breach which impacts a single consumer should likely be considered a significant breach if it would otherwise be significant by reference to these five factors.”

See the guide here.