Site search
'In the eye of the storm': insurance regulatory risk 2025
'In the eye of the storm': insurance regulatory risk 2025

Key trends in 2025

Regulatory enforcement action continues apace

Regulatory enforcement activity against insurers remains robust and continues to operate at the elevated 'new normal' we have observed since the FSRC. This extends across the data we have collected from ASIC, APRA and ACCC filings, as well as criminal referrals to the Commonwealth DPP.

Our analysis suggests that civil penalty proceedings remain regulators' preferred enforcement pathway. However, it is noteworthy that ASIC has resumed its use of infringement notices following a lengthy hiatus commencing in 2019, likely in response to criticism of the use of this enforcement tool by Commissioner Hayne in his FSRC Reports. This trend is consistent with an uptick in the use of infringement notices against other financial services providers, including superannuation trustees.

Relatedly, as of 11 December 2024, the Office of the Australian Information Commissioner (OAIC) is now empowered to issue infringement notices and recently brought its first successful civil penalty proceeding under the Privacy Act 1988 (Cth) resulting in a $5.8 million penalty. We expect to see OAIC enforcement featuring more prominently in our regulatory filings data moving forwards.

Ongoing reliance on a broad array of alleged contraventions 

By historical standards, regulators continue to pursue a broad array of alleged contraventions against insurers, although the narrowing in recent years suggests a more 'focused' approach. In particular, we observe new filings commonly taking one of two main forms:

False, misleading or unconscionable conduct allegations

This conventional type of claim typically involves alleged breaches of:

  • the false, misleading or deceptive conduct provisions (ss12DB and 12DF of the Australian Securities and Investments Commission Act 2001 (Cth); s1041H(1) of the Corporations Act 2001 (Cth)); and/or
  • the prohibitions against unconscionable conduct (s12CB of the ASIC Act; s21 of the Australian Consumer Law).

These allegations are a mainstay of historical ASIC enforcement activity, and more recently have been relied upon to allege the making of false or misleading representations in connection with pricing and discount promises to customers (which we address further below).

A key future area of focus for regulators in reliance on these provisions may be false or misleading claims by insurers regarding their commitment to environmental, social and governance (ESG) initiatives, otherwise known as 'greenwashing' or 'bluewashing'. While regulators continue to signpost their heightened scrutiny of these matters, this is yet to translate into a significant uptick in enforcement activity in the insurance sector.

 

Breaches of utmost good faith and AFS licensee obligations

This second type of proceeding involves alleged breaches by insurers of their normative obligations to policyholders to act:

  • efficiently, honestly and fairly, and otherwise to carry out their duties as Australian Financial Services licensees under s 912A of the Corporations Act; and
  • in accordance with their duty of utmost good faith under s13 of the Insurance Contracts Act 1984 (Cth).

Use of these causes of action in recent years has been particularly driven by ASIC's attention on alleged claims-handling failures, in which insurers' conduct has been said to have fallen short of 'commercial standards of decency and fairness'.

While Australian courts are yet to consider general conduct obligations in the context of the use of generative artificial intelligence and automated decision-making, we expect this to change over the coming years as AI adoption grows—given most of these laws impose principles-based and technology-neutral obligations that are capable of applying to the use of AI.

A focus on preventing consumer harm

As anticipated, consumer-facing insurance lines remain the focus of enforcement activity, with the latest data suggesting no new reported cases involving commercial or intermediated insurance products. Once again, a particularly heightened risk profile is associated with:

  • high-prevalence mainstream insurance lines (such as home, building and contents, health and motor vehicle insurance), including in the wake of natural disasters and extreme weather events, given ASIC's focus on their social impact and its expectation that insurers are able to 'rise to the occasion'; and
  • insurance products directed to vulnerable or at-risk segments of the population, including life and TPD, income protection, credit, trauma and funeral insurance.

This spread in focus areas is mirrored in AFCA's complaints data for the 2024-25 year, which we discuss below.

A levelling off of civil penalties

While the quantum of civil penalties resulting from enforcement action against insurers has levelled off to just below its peak in 2023, a clear upward trend remains present in the data.

Further, as demonstrated by this year's $35 million settlement between the ACCC and Bupa—the 2nd highest on record involving an insurer—in appropriate cases, the penalties imposed are (and are likely to remain) very steep. This reflects a general upward trajectory in penalty amounts that we continue to see across the financial services sector.

Civil penalties resulting from enforcement action