Legacy systems sinking insurers, APRA warns

Australia’s already battered by the Hayne Royal Commission, Australia’s $30 billion a year insurance sector is bracing for more pain after the nation’s financial guardian singled out continued dependency on ageing infrastructure, software and designs as a roadblock to reform.

With once untouchable giants like AMP and Suncorp now struggling to get their tech estates aligned to stricter enforcement regimes that target so-called ‘junk’ policies and coverage, the Australian Prudential Regulatory Authority has revealed it will now be sticking its nose into systems that allow misbehaviour and rip-offs.

In a conspicuous sharpening of its tone to industry, APRA’s corporate plan released late last week reveals the regulator is deeply fed-up with systems sweating at insurers, many of which are being decoupled from banks after scandals, with life insurers’ systems now in the cross-hairs.

“The life insurance market is characterised by long-standing issues regarding legacy products and systems; mis-selling products to consumers through direct marketing channels as highlighted by the Royal Commission; and (more recently) increasing underinsurance due to reforms impacting the advisor sales channel and insurance in superannuation,” APRA warned in its latest corporate plan.

“The industry is grappling with instances of poor product design and unsustainable risk product offerings that threaten affordability,” APRA said.

Banks had bought into the insurance sector in the hope of bolstering their returns from customers by essentially creating a one-stop shop that traversed mortgages, investment products, life and general insurance.

While the returns for banks initially looked good, the often green-screen nature of frequently COBOL-based systems like ratings, policy accounts and underwriting engines made them a lower priority for deeper remediation.

A major issue in the proliferation of junk and defective policies is that old technology systems used by some insurers as well as some superannuation funds (which also sell life, disability and income protection cover) relied on a series of fixes fudges to make products work and were difficult to fit automatic oversight functions to.

The problem was exacerbated by some providers being prepared to allow the status quo to remain because, in many cases, upgrades would have revealed serious governance deficiencies that had built up over time, like auto-selling income protection to people who were unemployed.

APRA’s corporate plan indicates the regulator will at least in part be seeking to automate its supervision and surveillance of insurers to target persistent problems, especially around bad behaviour and governance.

Under the action point to “sharpen prudential supervision,” APRA lists “refreshing supervisory tools and approaches, which includes targeted use of regulatory technology, to transform supervision of [governance, culture, remuneration and accountability]".

Insurers have told iTnews the expectation there is that APRA is seeking to build systems that can far more quickly probe insurers’ tech stacks to determine where systemic or governance lie.

That capability is also likely to span across APRA’s wider tech-risk supervisory role where it regulates risks associated with cyber resilience, offshoring and outsourcing in terms of financial risk.

“Institutions are outsourcing critical functions and activities to external parties that vary in levels of sophistication and potentially exist outside of the regulatory perimeter,” APRA noted.

“New types of entities are seeking to enter the financial services sector (e.g. fintechs, tech giants), providing new competitive challenges to incumbent entities.

"The ‘Open Banking’ reforms and the Consumer Data Right have the potential to significantly alter the competitive landscape, but bring additional technology, security and privacy challenges,” the regulator said.