RCD.0001.0015.0002 About

RCD.0001.0015.0002 • IC

29 January 2018

The Hon K.M. Hayne AC QC Royal Commissioner Royal Commission into Misconduct in the Bctnking, Superannuation and Financial Services Industry

Dear Commissioner

Thank you for your letters dated 15 December 2017 to Insurance Australta limited and CGU Insurance Limited. Enclosed with this letter are the responses to your questions. We have also set out below some information about Insurance Australia Group (IAG) and how we are regulated.

The financial services industry plays an important role in the lives of Australians. We understand the government, regulators and the broader community are concerned about culture and conduct in the financial services sector and hope that this Royal Commission will contribute towards an improvement in trust and confidence in the sector

About IAG

IAG is one of Australia's leading general insurance groups and conducts its business through some of Australia's best-known insurance brands including NRMA Insurance, CGU, SGIO, SGIC and RACV.

Through our brands, IAG businesses have been serving Australians and the Australian community for over 160 years. We believe we have a valuable role to play in our cust~mers ' lives, and in the broader community.

How we are rf!Qulated

General insurers within the meaning of the Insurance Act 1973, are subject to prudential supervision by the Australian Prudential Regulation Authority (APRA). They are authorised by APRA and must comply with APRA's prudential standards including:

• CPS 220 - Risk Management • CPS s -10 - Governance • CPS 520 - Fit and Proper

General insurers within fAG also hold an Australian FinanciaJ Services Ucenoe (AFSL). The Australian Securifies and Investments Commission (ASIC) regulates the conduct of the Australian entities in the IAG Group as corporations and in their provision of financial services.

Level 26, 388 George Stteet, Sydney NSW 2000 Insurance Australia Group Umited ABN 60 090 739 923 RCD.0001.0015.0003

IAG general insurers in Australia have also agreed to be bound by the General Insurance Code of Practice. The Code requires those who adopt it to provide services to their customers in an open, fair and honest way. The Code's standards apply to many aspects of a customer's relationship with their insurer including when buying insurance and what to expect when making a claim, timeframes for making a claim decision and processes for making complaints. The Insurance Council of Australia (ICA) began a review of the Code in 2017 and this remains ongoing.

Our approach to answering your questions

The enclosed responses also include an explanation of the approach we have adopted and the assumptions we have made in answering your questions. By necessity our response involves matters of judgement, particularly in relation to applicable community standards and expectations. We would welcome the opportunity to discuss with you how we have approached these judgements and to elaborate on the issues we have identified in our response.

Point of contact

Please contact me for any further requests for information or for any point requiring clarification.

Thank you for the opportunity to contribute to your Inquiry.

Yours sincerely

Chris Bertuch Group General Counsel & Company Secretary IAG

Page 2 of2 RCD.0001.0015.0004 1ag•

Insurance Australia Group Limited Response to Royal Commissioner's questions of 15 December 2017

1. Introduction

1.1 By letters dated 15 December 2017, Insurance Australia Limited (IAL) and CGU Insurance Limited (CGU) were invited to address a number of questions.

1.2 This response is provided by Insurance Australia Group Limited (IAGL), on behalf of IAL, CGU and the assoctated entitles listed in Annexure 1, including Insurance Manufacturers of Australia Pty Limited (IMA). IAGL is the parent entity of Insurance Australia Group (IAG), which compr,ises IAGL and its related bodies corporate (within the meaning of section 50 of the Corporations Act 2001 (Cth)).

1.3 By letter dated 15 December 2017, HBF Insurance f'>ty Ltd (HaF Insurance) was also invited to make an early written submission to the Commission addressing a number of questions. HBF Insurance was acquired by CGU in 2011 , and this response is also provided in answer to the invitation made to HBF Insurance in relation to the period from 2011 only.

2. Structure and content of this submission

Our approach in preparing this response Page 1

Question 1: Identified instances of misconduct Page 3

Question 2: Identified instances of conduct considered to have fallen Page 4 below community standards and expectations

Question 3: Further questions in relation to affirmative responses to Page 5 questions 1 and 2

Question 4~ RSE licensee specific questions relating to use of member Pa~e5 funds. Anhexure 1: List of entities on behalf of whom this submission is made Page8 Annexure 2: Identified instances of 'misconduct' (as defined) Page 12 Annexure 3; Non-compliance with the Code and privacy obligations Page 14 Annexure 4: Behaviour that may have fallen below community standards Page 28 and expectations Annexure 5: Glossary of terms Page 36

3. Out approach in preparing this response

3.1 Our objective is to be transparent about the approach we have adopted and the assumptions we have made in answering your questions.

3.2 This response is provided on behalf of IAL, CGU and their respective associated entities (within the meaning of section 50AAA of the Corporations Act 2001 (Cth)). A fisting of entities on behalf ofwhom this Response is made is contained in Annexure 1.

3.3 We have assumed that your inquiry is primarily, if not exclusively, concerned with the provision of financial services in Australi~ and for that reason we have limited our response to our business operations in Australia.

COMMERCIAL IN CONFIDENCE RCD.0001.0015.0005

3.4 We have focused our inquiries on our supply of financial services (including the fulfilment of customer claims). We have not addressed in our response any issues which:

(a) are not concerned with our supply of financial services;

(b) may arise in our relationships with our service providers.

3.5 We have also not addressed any issues associated with the two businesses we own that act (or did act) as scheme agents under the statutory workers' compensation schemes in New South Wales and Victoria. These entities are appointed to act as service providers to operate the scheme on behalf of the relevant statutory authority.

3.6 During the last 10 years, the size and composition of IAG in Australia has changed through the acquisition or divestment of entities and through corporate restructuring. In some cases, we initially acquired a partial interest in an entity and subsequently acquired the remaining interest so that it became a wholly owned entity. For example, in July 2010 there was a 50 percent acquisition of AHi and from July 2015 it was wholly owned. Therefore, in producing our response we have relied on the records and documentation provided on acquisition of the relevant entity. The footnotes to Part A of Annexure 1, identify those entities that were acquired during the relevant period, and provide a short description of the interest acquired.

3.7 In July 2017, the Federal Court approved the transfer of the insurance and reinsurance businesses of seven of our Australian licensed insurers into Insurance Australia Limited. Those entities are identified in Part A of Annexure 1. The transfer occurred via a scheme under the Insurance Act and was effective on and from 1 August 2017.

3.8 The seven transferring insurers have ceased writing insurance business. In September 2017, APRA revoked the licence of each of the transferring insurers and in December 2017 ASIC cancelled the AFSLs of the relevant transferring insurers.

4. Document Review

4.1 To answer your questions we conducted a review of our relevant corporate records for the period commencing 1 January 2008 with the advice and assistance of external lawyers and other advisors. We believe that reasonably thorough and diligent inquiries have been undertaken in the time available; however, it is possible that some matters may not have been identified in this review for the reasons set out below.

4.2 Generally our approach has been to review aggregated collections of data in various registers and other higher level management reporting systems. For example, we reviewed extracts of the voluntary notifications, breach investigations and some correspondence with regulatory agencies, but not the full files held by the risk and legal functions of IAG in relation to each individual matter.

4.3 In the time available we have relied on the completeness and accuracy of those higher level records, rather than examining all of the source material which underpins them and testing whether those aggregate summaries or reports are accurate or comprehensive.

4.4 Within the available time, we have not been able to retrieve and review all relevant data and records from archives. This has resulted in some gaps and deficiencies in the historical corporate records relied upon for the purposes of our review. In that context, the following categories of document were not considered for this review:

(a) many historical staff employment records due to limitations and delays with access to physical archives in the time available;

(b) records prior to 2011 relating to complaints and investigations. In April 2011, our multiple legacy systems and databases that were used to record customer complaints were decommissioned and archived, and a new complaints system was introduced. We were unable in the time available to review the retrieved archive extracts of the previous complaint recording systems;

Page 2 COMMERCIAL IN CONFIDENCE RCD.0001.0015.0006

(d) full notes and entries in relation to customer complaints and internal dispute resolution (IDR) outcomes (whereas extracts from the relevant databases were considered).

4.5 Our review of Court adjudicated outcomes over the last decade remains ongoing.

4.6 Where specific allegations relevant to the Terms of Reference have been made about our conduct or practices in individual complaints, disputes or Court proceedings, we have only noted the cause if it was established by a Court, other Tribunal or Ombudsman, or if it is possible to do so without breaching the terms of a confidential settlement or waiving privilege.

4.7 From time to time IAG receives customer complaints. We have neither reviewed nor analysed the circumstances of individual complaints. We generally expect that complaints which may be relevant to the Commission's inquiries will have progressed to the Financial Ombudsman Service Australia (FOS). Of the 1.17 million claims that IAG handled in FY2017 only approximately 2% of those claims were the subject of a customer complaint. The majority of those customer complaints were resolved through IAG's IDR processes. Only approximately 0.1 % of all claims handled by IAG in 2017 resulted in a complaint that was referred to FOS.

4.8 Where an external agency has overturned an internal decision on indemnity under a policy or an amount to be paid under a policy, this has only resulted in a disclosure if there has also been identified misconduct or a failure to meet community standards and expectations.

4.9 We have not included matters where they exhibit the following features unless there are other additional reasons for them to be disclosed:

(a) Complaints made to FOS that were determined in favour of an IAG entity, or where there was no breach of the General Insurance Code of Practice (Code) recorded against an IAG entity.

(b) Complaints still pending before FOS or the Code Governance Committee where an outcome is not yet known.

(c) Complaints made to the Office of the Australian Information Commissioner (OAIC) that were found in favour of an IAG entity, or where there was no breach of the Privacy Act 1988 (Cth) recorded against an IAG entity.

(d) Customers who have provided feedback or made allegations of a breach of privacy, where there is no evidence of an allegation being referred to the OAIC and no breach recorded against an IAG entity.

(e) Actions of employees which involved conduct which resulted in a financial loss or detriment to an IAG entity only (for example, employees applying discounts to policies of a friend or family member).

(f) Other conduct which may amount to "misconduct" from an employment perspective and does not include any conduct which caused financial loss or detriment to a Customer, for example allegations relating to discrimination or harassment, falsifying medical certificates and the taking of illegal substances.

4.10 If additional relevant matters come to our attention following our review of the data and records described in paragraphs 4.4(a) and (b) above, we will advise you accordingly.

4.11 Nothing in this submission is intended to waive our right to any privilege including our right to assert legal professional privilege in respect of any legal advice about the matters in question.

4.12 The responses provided at Annexures 2 to 4 are listed alphabetically by entity, and then in chronological order.

5. Question 1: Identified instances of misconduct

Page 3 COMMERCIAL IN CONFIDENCE RCD.0001.0015.0007

Yes. Annexures 2 and 3 constitute our response to this question.

Annexure 2 identifies events of general misconduct.

Annexure 3 identifies Code contraventions and privacy breaches, which also fall within the definition of 'Misconduct'. The Code breaches listed at Annexure 3 refer to the relevant Subsections of the Code. To assist, an explanation of each Subsection is provided at Annexure 5.

6. Question 2: Identified instances of conduct considered to have fallen below community standards and expectations

Yes. Annexure 4 constitutes our response to this section.

We have considered how we should assess whether any conduct, practice, behaviour or business activity has fallen below community standards and expectations for the purpose of answering your questions. There will no doubt be a range of subjective opinions on the content of these standards and expectations across our stakeholders (including our shareholders, our employees, our customers, our service providers, our regulators, our legislators and the general public) depending on the particular perspective of each one. These are matters on which reasonable minds may differ.

For present purposes we have assumed that for a consumer dealing with us as their insurer, the community expects that we will:

(a) conduct ourselves in an open, fair and honest manner;

(b) design our products and services to deliver fair value for money;

(d) meet our customers' claims in an honest, fair, transparent and timely manner; and

(e) admit where we make mistakes and remedy them in a fair and timely way.

We have attempted to apply this standard objectively to the past conduct we have examined for the purpose of responding to your request. However, it is inevitable that some stakeholders will hold subjective views which differ from our assessment.

A good example of this in general insurance is the issue of flood and stormwater coverage. We recognise that there are community concerns about:

(a) the affordability of coverage for customers with high exposure to the risk of flooding;

(b) customers' understanding of policy coverage definitions of flood versus storm water damage; and

We believe that by reference to the standards which have been articulated above, IAG generally meets legitimate community expectations in dealing with these flood/stormwater issues. However, you may receive submissions from other parties which express a different view in relation to these and other issues, such as underinsurance in bushfire claims and affordability of insurance in far north Queensland. In at least some cases this will be because the interests and expectations of individual customers are not always aligned and may even conflict; for example, a customer living on a hill will not wish to subsidise the flood premium of a customer living on the banks of a river.

At IAG we work closely with consumer advocates on our Consumer Advisory Board to canvass a wide range of issues that may concern our customers. Some of the feedback raised in that forum

Page 4 COMMERCIAL IN CONFIDENCE RCD.0001.0015.0008

concerns industry behaviour which may fail to meet community expectations (such as 'add on' insurance) but other feedback provides an opportunity for improvement of our products and services.

7. Question 3: Further questions in relation to affirmative responses to questions 1and2

Where relevant, these questions have been addressed in Annexures 2, 3 and 4.

Where we have identified a specific cause for an event (including culture and governance) this has been noted in our response, but it may not represent a complete explanation for the event. In our experience a range of different factors may contribute to causing a particular event. In the time available for this response we have attributed the cause most readily apparent on the face of our records but we have not investigated whether there may have been other contributing factors (material or otherwise). Nor have we had the time to conduct assessments or investigations of historic events to attribute causation where no cause is apparent on the face of our records.

Similarly, with respect to remediation and prevention, where we have identified on the face of our records that this has occurred, it has been noted in our response. However, it may be that responsive steps have been undertaken which were not apparent to us in the time available for this response.

8. Question 4: RSE licensee specific questions relating to use of member funds

IAG has relied on answers provided on behalf of the Trustee of the IAG & NRMA Superannuation Plan and has not independently investigated or verified those answers.

A subsidiary of IAL, Insurance Australia Group Services Pty Limited, is one of two principal participating employers in the IAG & NRMA Superannuation Plan (Plan), the other being National Road and Motorists' Association Limited which is not an associated entity of IAL. The Plan is a registrable superannuation entity. The Trustee of the Plan is IAG & NRMA Superannuation Pty Limited, which is an associated entity of IAL. The board of the Trustee is appointed in accordance with the equal representation rules under section 89(1 )(b) of the Superannuation Industry (Supervision) Act 1993 (SIS) and, other than in the limited circumstances permitted under SIS, the Trustee is not subject to direction from any IAL entity (section 58 of SIS).

Page 5 COMMERCIAL IN CONFIDENCE RCD.0001.0015.0009

In response to the information requested under this question, IAL sought information from the Trustee and, other than the costs centre information given in response to question 4(c), the following represents detail provided by the Trustee. The Trustee holds an RSE Licence granted by APRA under section 290 of SIS. The Trustee's business operations are confined to the management of the Plan and the provision of general advice to beneficiaries of the Plan under the Trustee's Australian Financial Services Licence #439233. The annual reporting period of the Plan and the Trustee is 1 July - 30 June. As an RSE licensee, IAG & NRMA Superannuation Pty Limited reports superannuation data to the Australian Prudential Regulation Authority (APRA) in accordance with applicable reporting standards.

The assets of the Plan are maintained and applied solely for the benefit of members and beneficiaries of the Plan. The Plan provides insured benefits for members through group life and group salary continuance policies issued to the Trustee by MLC Limited. The Trustee advised that premiums paid under these policies is the only use to which members' funds are applied other than in the investment and administration of the Plan and the payment of benefits. Prior to MLC Limited, the insurer was The Colonial Mutual Life Assurance Society Limited trading as Commlnsure (2005-2012). From 1 July 2007, annual insurance premiums paid from the Plan were:

Fin Year $ OOO's Insurer 2007 I 2008 2,644 Commlnsure 2008 I 2009 2,736 Commlnsure 2009 I 2010 2,110 Commlnsure 2010 I 2011 1,642 Commlnsure 2011I2012 2,957 Commlnsure I MLC 2012/2013 3,496 MLC 2013/2014 3,661 MLC 2014/2015 3,984 MLC 2015/2016 4,645 MLC 2016/2017 4,756 MLC

Insured benefits provided under the Plan are determined by the Trustee to be as relevant as possible to members, having regard for the member demographic and the type, cost and availability of benefits. Since 1 July 2013, member insurances have been managed by the Trustee under a framework developed in accordance with the requirements of Prudential Standard SPS 250 - Insurance in Superannuation. The Trustee's insurance strategy was developed in accordance with section 52(7) of SIS to provide insurance cover which, as far as is practicable, places members who, due to illness or injury are unable to work until retirement (or the member's beneficiaries in the event of the Member's death) in a similar financial position, in relation to superannuation benefits, to that which would have reasonably been expected had he/she continued to work until normal retirement. The group life and group salary continuance policies effected by the Trustee represent an appropriate balance between cost and benefit design to deliver an outcome in the best interests of Members.

Page 6 COMMERCIAL IN CONFIDENCE RCD.0001.0015.0010

From 1 April 2008, administration of the Plan was outsourced to Mercer (Australia) Pty Limited. Since that time, Insurance Australia Group Services Pty Limited also provides assistance to the Trustee in the management of the Plan under a Plan Management Services Agreement. In the relevant period prior to 1 April 2008, Insurance Australia Group Services Pty Limited administered the Plan. The administration services were provided by Insurance Australia Group Services Pty Limited under the following costs centres: Fin Year $'s Cost Centre 2007 I 2008 2,846,477 21 2008 I 2009 928,371 3399 2009 I 2010 1,760,087 3399 2010 I 2011 1,371,514 3399 2011I2012 1,436,667 3399 2012/2013 1,309,614 3399 2013/2014 1,461,324 3399 2014/2015 1,344,763 3399 2015/2016 1,448,669 3399 2016/2017 1,371,675 3399

Page 7 COMMERCIAL IN CONFIDENCE RCD.0001.0015.0011

ANNEXURE 1 I LIST OF ENTITIES

A. Included entities

1. INSURANCE AUSTRALIA GROUP LIMITED* 090 739 923

2. INSURANCE AUSTRALIA LIMITED#* 000 016 722

3. IAG & NRMA SUPERANNUATION PTY LIMITED#* 000 300 934

4. IAG AGENCIES PTY LTD# 147 749 139

5. NRMA PERSONAL LINES HOLDINGS PTY LIMITED 088 394 398

6. INSURANCE MANUFACTURERS OF AUSTRALIA PTY LIMITED#* 004 208 084

1 7. WFI INSURANCE LIMITED - 000 036 279

8. NATIONAL ADVISER SERVICES PTY LTD# 096 916 184

9. WESTCOURT GENERAL INSURANCE BROKERS PTY LTD# 009 401 772

10. HUNTER INSURANCE SERVICES PTY LTD 065 481 816

11 . NAS ARCO 2 PTY LTD 610 976 479

12. NAS ARCO 3 PTY LTD 618 998 100

13. ACCIDENT & HEAL TH INTERNATIONAL UNDERWRITING PTY LTD 2 # 053 335 952

14. STRATA UNIT UNDERWRITING AGENCY PTY LIMITED# 089 201 534

15. CGU INSURANCE LIMITED - 004 478 371

16. MUTUAL COMMUNITY GENERAL INSURANCE PROPRIETARY LIMITED - 007 895 543

17. SWANN INSURANCE (AUST) PTY LTD- 000 886 680

3 18. HBF INSURANCE PTY LTD - 009 268 277

19. IAL LIFE PTY LIMITED 137 509 936

20. WFI DORMANT PTY LTD 4 009 027 221

21. CGU-VACC INSURANCE LIMITED- 004 167 953

22. IAG RE AUSTRALIA LIMITED- 001 948 278

#Australian Financial Services Licensee *Australian - Authorised Insurer I APRA Regulated - The insurance/reinsurance business of this entity was transferred to Insurance Australia Limited on 1 August 2017. APRA revoked the entity's licence in September 2017 and its AFSL was cancelled in December 2017.

1 Acquired on 30 June 2014 by Insurance Australia Group Limited, as part of its acquisition of Wesfarmers' insurance underwriting businesses in Australia and New Zealand. 2 CGU Insurance Limited acquired 50% on 1 July 2010 (at which time it entered an agency agreement with Accident & Health International Underwriting Ply Limited). Acquired remaining 50% on 1 July 2015. 3 Acquired on 1 July 2011 by CGU Insurance Australia Limited. 4 Acquired on 30 June 2014 by Insurance Australia Group Limited, as part of its acquisition of Wesfarmers' insurance underwriting businesses in Australia and New Zealand.

COMMERCIAL IN CONFIDENCE Page 8 RCD.0001.0015.0012

B. Excluded entities The following entities are excluded from the response for the reasons identified in the table

Non-Australian registered entities not providing financial services in Australia

1 . BOHAI PROPERTY INSURANCE COMPANY LTD

2. IAG UK HOLDINGS LIMITED

3. AMGENERAL HOLDINGS BERHAD

4. AMGENERAL INSURANCE BERHAD

5. AAA ASSURANCE CORPORATION

6. THIEN LAN COMPANY

7. AN GIANG REAL EST ATE JSC

8. IAG RE SINGAPORE PTE LTD

9. ALBA GROUP PTE LTD

10. ALBA UNDERWRITING LIMITED

11 . AU NO 2 LIMITED

12. IAG INSURTECH INNOVATION HUB PTE LTD

13. SBI GENERAL INSURANCE CO LTD

14. IAG (ASIA) GENERAL PTE LTD

15. IAG RE LABAUN (L) BERHAD

16. NHCT LIMITED

17. NHCT HOLDING (THAILAND) COMPANY LIMITED

18. SAFETY INSURANCE PUBLIC COMPANY LIMITED

19. PERILS AG

20. PT ASURANSI PAROLAMAS

21. IAG (NZ) HOLDINGS LIMITED

22. NEW ZEALAND INSURANCE LIMITED

23. AMI INSURANCE LIMITED

24. IAG NEW ZEALAND LIMITED

25. FIRST RESCUE AND EMERGENCY (NZ) LIMITED

26. SUREPLAN NEW ZEALAND LIMITED

27. FIRST RESCUE LIMITED

28. LOYALTY NEW ZEALAND LIMITED

29. IAG (NZ) SHARE PLAN NOMINEE LIMITED

30. STATE INSURANCE LIMITED

COMMERCIAL IN CONFIDENCE Page 9 RCD.0001.0015.0013

31. DIRECT INSURANCE SERVICES LIMITED

32. NZI STAFF SUPERANNUATION FUND NOMINEES LIMITED

33. PHOTOSECURE (NZ) LIMITED

34. LUMLEY GENERAL INSURANCE (NZ) LIMITED

35. BELVES INVESTMENTS LIMITED

36. 151 INSURANCE LIMITED

37. IAG CCS LIMITED

38. DYNAMIQ LLC

Australian companies that do not provide financial services in Australia

39. INSURANCE AUSTRALIA GROUP SERVICES PTY LIMITED (ACN 008 435 201)

40. IAG INTERNATIONAL PTY LIMITED (ACN 084 509 982)

41. WORLD CLASS ACCIDENT REPAIRS (CHELTENHAM NORTH) PTY LTD (ACN 075 553 883)

42. LUMLEY TECHNOLOGY PTY LTD (ACN 002 870 902)

43. SITROF AUSTRALIA LIMITED (ACN 004 704 572)

44. HELICOPTER ASSET PROTECTION PTY LIMITED (ACN 621 016 528)

45. AMBIATA HOLDINGS PTY LTD (ACN 600 618 291)

46. AMBIATA PTY LTD (ACN 157 915 396)

47. IAG FINANCE (NEW ZEALAND) LIMITED (ACN 111 268 243)

48. DYANMIQ PTY LTD (ACN 115 069 335)

49. AHi ASSIST PTY. LIMITED (ACN 144 840 513)

50. DYNAMIQ PEOPLE PTY LTD (ACN 127 612 426)

51. DYNAMIQ STRATEGY PTY LTD (ACN 168 305191)

52. EMQ PTY LTD (ACN 109 537 608)

53. DYNAMIQ US PTY LTD (ACN 601 220 688)

54. THAILAND INSURANCE HOLDINGS PTY. LIMITED (ACN 162 050 240)

55. SAFETY THAILAND HOLDING PTY. LIMITED (ACN 162 0072 602)

56. EMPIRE EQUITY AUSTRALIA PTY LTD (ACN 136 726 228)

57. ASSUREME PTY LTD (ACN 607 611 441)

58. CGU INSURANCE AUSTRALIA LIMITED (ACN 004 478 960)

59. IAG GENERAL HOLDINGS PTY LIMITED (ACN 620 745 753)

60. WFI INSURANCE HOLDINGS PTY LTD (ACN 105 421 403)

61. LUMLEY INSURANCE GROUP LIMITED (ACN 004 222 566)

COMMERCIAL IN CONFIDENCE Page 10 RCD.0001.0015.0014

62. FIRST ASSISTANCE AUSTRALIA PTY LIMITED (ACN 165 845 189)

63. IAG VENTURES PTY. LIMITED (ACN 615 963 187)

64. ACN 137 507 110 PTY LIMITED (ACN 137 507 110)

65. IAG FOUNDATION PTY LIMITED (ACN 162171 093)

66. NAS ARCO 1 PTY LTD (ACN 608 001 609)

Workers compensation scheme agents (act as agents for statutory authority not IAG)

67. CGU WORKERS COMPENSATION (VIC) LIMITED (ACN 005 297 781)

68. CGU WORKERS COMPENSATION (NSW) LIMITED (ACN 003 181 002)

IAG holds 50% or less and entities not IAG 'associates' for the purposes of the response (not controlled by IAG)

69. NTI LIMITED (ACN 000 746 109)- IAG Agencies 50%

70. WESTERN GENERAL INSURANCE AGENCIES PTY. LTD. (ACN 112 832 121) - NAS 35%

71. JPI INSURANCE BROKERS PTY LTD (ACN 616152 517)- NAS 40%

72. INSURANCE BROKING SERVICES PTY LTD (ACN 607 611 441) - NAS 50%

73. PACIFIC INDEMNITY UNDERWRITING SOLUTIONS PTY LTD (ACN 007 078140)- IAG Agencies 25%

74. BCC TRANSACTIONS PTY LTD (ACN 609 528 761) - IAG Agencies 50%

75. NEWSURETY PTY LTD (ACN 163 415 610) - IAG Agencies 50%

76. BOND AND CREDIT COMPANY PTY LTD (ACN 609 018 840) - IAG Agencies 50%

77. BCC TRADE CREDIT PTY LTD (ACN 608 296 233) - IAG Agencies 50%

Excluded for other reasons

78. IAG ASSET MANAGEMENT LIMITED (ACN 054 552 046) Only provides asset management services, and that these are only provided to group entities including the super fund, as asset management services appear to us to fall outside the Terms of Reference

79. IAG SHARE PLAN NOMINEE PTY LIMITED (ACN 095 125 152) The trustee of IAG's employee and directors share plans. Only deals in IAG shares (acquired on market to fulfil allocations). Instructed that it is an exempt scheme (exempt from Corporations Act requirements)

COMMERCIAL IN CONFIDENCE Page 11 RCD.0001.0015.0015

ANNEXURE 2 I IDENTIFIED INSTANCES OF 'MISCONDUCT' (AS DEFINED)

Event Entity Conduct Remedial and prevention steps (and trading name where A summary of the nature, extent and effect of the conduct; if the conduct has been the subject A summary of steps taken to remediate, and where necessary prevent future occurrence of, the relevant) of any inquiry, investigation or proceeding. conduct; and any identified cause of conduct, and if it could be attributed to culture, governance or other practice of the entity or industry.

1 . Accident & Health International ASIC investigations were conducted into various entities involved with the Cash Store and its AHi ceased offering the CCI product from September 2013. Underwriting Pty Ltd conduct in selling CCI products in connection with 182,838 of the 268,903 credit contracts An independent external firm was appointed by CGU and AHi to review AHl's compliance and between August 2010 to March 2012. CGU Insurance Limited governance in distributing the CCI product. The CCI product was distributed via an underwriting agency agreement with Allianz (up until (CGU acquired 50 percent of AH/ In July 2015, CGU entered into an agreement with ASIC and no admissions basis where it agreed March 2011 ), and later through an underwriting agency agreement with CGU (from March on 1 July 2010, and it was wholly to: 2011 ). owned by 1 July 2015) (a) refund the total amounts paid by Customers, with interest, for all sales of the CCI product ASIC raised the following concerns with regard to the conduct of CGU and AHi and called into (which was later agreed to be made by way of a donation to charity as requisite customer issue the following statutory provisions: details were unable to be reproduced}; and (a) the obligation on CGU to provide financial services efficiently, honestly and fairly (b) review claims that were denied between August 2010 to March 2012. (s912A(1 ){a) of the Corporations Act); (b) the obligation on CGU to take reasonable steps to ensure that its representatives comply with the financial services laws (s912A(1 )(ca) of the Corporations Act): and (c) the duty of utmost good faith (Part 11 of the ICA). There were separate Federal Court proceedings brought by ASIC against other parties involved with the Cash Store, and multiple breaches of the National Credit Act were found (see Australian Securities and Investments Commission v Cash Store Pty Ltd (in liquidation) and Assistive Finance Australia Pty Ltd [2014] FCA 926). There were no proceedings brought against, nor were there any adverse findings made against CGU or AHi, nor were CGU or AHi found liable for any misconduct.

2. Insurance Australia Limited In March 2017, a Customer received an unsolicited marketing email from ShareCover. The A representative from ShareCover contacted the Customer to provide an apology. t/as ShareCover Customer made a complaint to ShareCover, Scam Watch and ACMA. On 11 July 2017, ACMA wrote to IAL advising that the sending of the unsolicited email may amount to a breach of the Spam Act 2003 (Cth), as the marketing email may have been sent without the permission of the recipient. On review, IAL determined that the email had been sent to a number of recipients. ACMA suggested that IAL review its processes to ensure that it was compliant with the Spam Act 2003 (Cth) and that if it found that there were areas of its operations that were not compliant, these should be addressed immediately. ACMA did not undertake any further review and there were no admissions or formal findings made regarding a breach of the Spam Act 2003 (Cth) by IAL.

3. IAG Group Services Pty Limited An employee engaged in behaviour which included backdating two policies and amending the The relevant employee was dismissed on 12 February 2008. policy sum insured on two policies without Customer authorisation. Following an internal investigation, it was established that a total of four policies were amended.

4. IAG Group Services Pty Limited An employee set up Customer policies on dates that they had called, rather than on future The relevant employee was dismissed on 13 February 2009. dates as they had requested resulting in Customers paying for insurance that they had not requested.

5. IAG Group Services Pty Limited An employee processed policy sales without Customers' knowledge. The relevant employee was dismissed on 6 July 2012.

6. IAG Group Services Pty Limited An employee used a Customer's personal contact information for purposes unrelated to the The relevant employee was dismissed on 4 November 2014. business of offering insurance products and services.

COMMERCIAL IN CONFIDENCE Page 12 RCD.0001 .0015.0016

7. IAG Group Services Pty Limited An employee engaged in behaviour which included making a credit card transaction without The relevant employee was dismissed on 22 November 2014. the Customer's authorisation.

8. IAG Group Services Pty Limited An employee engaged in behaviour that was likely in breach of the Code by failing to read The relevant employee was dismissed on 19 January 2016. lodgement scripts to obtain permission from customer to lodge claims.

9. IAG Group Services Pty Limited An employee engaged in behaviour that was likely in breach of Customer privacy, was The relevant employee was dismissed on 30 January 2016. potentially dishonest and misleading, and which failed to meet compliance and underwriting criteria.

10. IAG Group Services Pty Limited An employee engaged in behaviour that was likely in breach of the Code Subsection 7 .8 by The relevant employee was dismissed on 7 April 2017. encouraging a Customer not to lodge a claim.

11. Insurance Manufacturers In mid-2015, IMA's investigations revealed that certain assessors and IMA employees had In response, IMA decided to review all claims work conducted by the two unlicensed repairers, that Australia Pty Limited engaged in fraudulent activity by referring claims-related repair work to two unlicensed is, irrespective of when such work was performed. This included an engagement, assessment and, t/as RACV repairers. in some cases, repair work conducted for approximately 335 claims. IMA determined that this activity affected 189 claims where the identified unlicensed repairers In terms of Customer remediation, 247 inspections were undertaken. The inspections identified 98 had conducted domestic building work. rectifications. Follow up letters were sent to 38 Customers and 39 new home owners who had declined an inspection, and 11 Customers who had not been able to be contacted. The relevant employees were dismissed. IMA sought to recover amounts paid to the unlicensed repairers and those involved were referred for prosecution. As at February 2016, process improvements had been implemented to address the risk of reoccurrence of the issue, including: (a) new operating structure with changes to the reporting line of assessors; (b) additional reporting with a focus on cancellations of builder allocations and payments made to non-partnered suppliers; and (c) new controls increasing the transparency and communication within the assessing team and encouraging a greater degree of constructive challenge.

12. WFI Insurance Limited On 7 December 2015, WFI entered into a voluntary undertaking with the ACCC under s878 of To address ACCC's concerns, LRW voluntarily undertook to take the following measures for a t/as Lumley Retail Warranty the Competition and Consumer Act 2010 (Cth) in response to concerns raised by the ACCC period of two years from 7 December 2015: about Customer Care Plan brochures, which had, since 2001 , offered extended warranties (WFI was acquired on 30 June revise the Customer Care Plan brochures to include information necessary to facilitate a underwritten by LRW for consumer products supplied by retailers. (a) 2014) comparison of the features of the Plan against the remedies available under the ACL; The ACCC was concerned that the brochures did not sufficiently identify the degree of overlap (b) provide compliance training to LRW and retail employees; and between the remedies available under the extended warranty Customer Care Plans purchased by Customers and those already available to consumers generally under the ACL. (c) design and work with retailers to i mplement~ program for monitoring and if necessary As a result, the ACCC considered that the brochures had the potential to mislead. improving retailers' practices of selling Customer Care Flans.

COMMERCIAL IN CONFIDENCE Page 13 RCD.0001.0015.0017

ANNEXURE 31 NON-COMPLIANCE WITH THE CODE AND PRIVACY OBLIGATIONS

Event Entity Conduct Remedial and prevention steps (and trading name where relevant) A summary of the nature, extent and effect of the conduct; if the conduct has been the A summary of steps taken to remediate, and where necessary prevent future occurrence of, the subject of any inquiry, investigation or proceeding. conduct; and any identified cause of conduct, and if it could be attributed to culture, governance or other practice of the entity or industry.

13. CGU Insurance Limited A Customer held a residential strata insurance policy with CGU. On 2 July 2012, the CGU confirmed to FOS on 20 February 2015 that it had in place rigorous claims management Customer lodged a claim for repairs due to a broken water pipe. On 26 October 2012, CGU processes for claims denials and escalation of complaints to IDR. Further, all relevant employees denied the claim on the basis that it was excluded under the policy. The Customer was undergo Code and complaints handling training and refresher training. unhappy with the rejection of the claim. The determination by FOS CGC on 23 February 2015 stated that they were satisfied that CGU's On 4 March 2013, the Customer made a complaint to FOS (Dispute 314985), who ultimately current procedures and ongoing training had rectified the identified breaches. made a determination in favour of CGU. However, FOS referred the complaint to FOS CGC who wrote to CGU on 19 January 2015 regarding CGU's delay in handling the claim and possible breaches of the 2012 Code Subsections 6.1.1, 6.2, 6.6 and 6.10 (CX1372). On 23 February 2015, FOS CGC determined that CGU's conduct with the Customer was in breach of the 2012 Code Subsections 6.1.1 and 6.10.

14. CGU Insurance Limited On 23 May 2014, a Customer made a claim for damage to their garage. They subsequently An internal review established that the employee misunderstood the nature of the Customer's requested that their complaint about claims handling be referred to IDR. There was a failure complaint and therefore referred the complaint to their manager, rather than to IDR. CGU stated by CGU to escalate this request. On 22 September 2015, FOS CGC wrote to CGU the error was due to the employee's misunderstanding and submitted to FOS CGC that there was investigating a possible breach of 2012 Code Subsection 6.1.1 (CX3176). no detriment to the Customer. On 4 November 2015, CGU conceded that there was a failure to escalate the Customer's IDR request in breach of 2012 Code Subsection 6.1.1. FOS CGC recorded the breach, was satisfied that there were no further breaches and closed the file. As the complaint centred around CGU's response time, the subject employee no longer worked for CGU, and a breach was recorded, no further action was taken by FOS CGC.

15. CGU Insurance Limited In August 2015, ASIC reviewed the conduct of the insurance industry in disclosing, and The complaint was resolved through an apology to the Customer and a refund of the premium subsequently direct debiting of payments for annual automatic renewals of car insurance collected for the automatic renewal. policies. While it was permissible for Customers' policies to be automatically renewed, In response to the ASIC review, CGU's new policy schedule and premium instalment advice was ASIC's view was that Customers were not always clearly informed that a policy would amended to include large bold textbox containing the statement, 'You have chosen to pay by automatically renew. instalment and unless you tell us otherwise we will continue to debit your nominated account. The outcome of the ASIC review was that six insurers, including CGU, agreed to better inform Details of your instalments are shown overleaf.' Customers about their car insurance practices to reduce the risk of Customers being caught by surprise with automatic renewals (ASIC 15-345MR). CGU had a complaint specifically on this issue referred to FOS in October 2015 (case number 416578) by a Customer who was concerned with the automatic renewal and direct debiting of their account on the anniversary of the policy.

16. CGU Insurance Limited On 22 December 2015, a financial hardship request was made by a CLC on behalf of a Third Upon receipt of the relevant documentation by CGU, the debt was waived and communicated to the Party. There was a delay in considering and responding to the request as a result of a failure Third Party. by an employee of the recovery agent to upload relevant correspondence to the management After an internal review, CGU determined that this was an isolated incident. system which would have triggered a request for referral of the complaint to CGU's IDR team. CGU provided the recovery agent concerned with feedback regarding the error made in order to On 2 May 2016, FSO CGC wrote to CGU regarding the delay in responding to the financial reduce the likelihood of reoccurrence. hardship request by a Third Party (CX3508). On 28 October 2016, FOS CGC determined that CGU had: (a) breached Code Subsection 10.3; (b) complied with Code Subsection 8.8; and

COMMERCIAL IN CONFIDENCE Page 14 RCD.0001.0015.0018

(c) since taken appropriate steps to facilitate compliance under Code Subsection 10.3. No further action was taken by FOS CGC.

17. CGU Insurance Limited On 20 May 2016, FOS made a determination in favour of the Customer following CGU's CGU completed an internal review of its complaints database system records and informed FOS denial of a claim on the basis of non-disclosure of the Customer's previous driving history CGC that there were no similar incidents identified or reported. under a motor vehicle policy (Dispute 400566). CGU committed to providing further training for the underwriter, internal investigator and the IDR FOS found that there was insufficient evidence to entitle CGU to rely on the relief provided case manager involved. under s28(3) of the ICA, and that the claim was incorrectly denied based on incorrect advice regarding the concepts of "been convicted" and of "offence" provided by the CGU underwriter. On 18 November 2016, FOS CGC wrote to CGU regarding a possible Code breach. CGU agreed that the employee had relied on erroneous advice given by the CGU underwriter (CX3827). On 11 December 2017, FOS CGC determined that CGU had complied with its obligations under Code Subsection 4.4 but had breached its obligations under Code Subsection 7.2. No further action was taken.

18. CGU Insurance Limited On 13 February 2017, FOS CGC wrote to CGU regarding a matter referred to it by FOS An internal review established that the Code breaches resulted from a combination of factors, (426095) following a complaint by a Customer about CGU's failure to properly assess their including the manner in which the claim was handled by the claims team generally. claim under their landlord policy (CX3881 ). The Customer alleged that: In response to further enquiries made by FOS CGC, CGU confirmed it undertook an audit of 30 of (a) CGU did not appoint appropriately qualified service suppliers to assess the property; the employee's calls from the period 1 July 2016 through to 30 September 2016. As that employee no longer worked at CGU at the time, no further action was taken with that particular person in (b) the first assessor's report provided on 9 November 2015 did not appropriately order to prevent a similar event from occurring. describe the damage; (c) the denial letter dated 19 October 2015 did not address a number of aspects of damage to the property; (d) it took four months for CGU to make a decision regarding the claim and there were delays in communication; and (e) CGU directed the second assessor to only look at certain damage, and the employee threatened to reverse certain aspects of the claim if the Customer did not accept the decision on the complaint. On 10 April 2017, CGU accepted that it had breached Code Subsections 7.16, 7.13, 7.19, 10.16 and 10.7, and identified that it had also breached Code Subsection 10.18. No further action was taken by FOS CGC.

19. Insurance Australia Limited On 18 September 2009, a Customer was involved in a motor vehicle accident which a Third On 15 August 2011, IAL responded to FOS that would not dispute the outcome of the FOS review, t/as NRMA Insurance Party alleged was caused by the Customer. On 11 May 2011, FOS investigated whether IAL however, re-emphasised that it was not systemic but an isolated incident and that the relevant erroneously considered the Customer's prior claims history in assessing the claim (Ref: 286; manager would monitor the issue closely to ensure ongoing compliance as part of regular audit Case Number 207277). The complaint centred around IAL's view that due to similar previous programs, and that appropriate measures had been put in place to ensure that there would be no incidents involving the Customer it would have been difficult to defend the allegation that the recurrence. Customer had not contributed to the motor vehicle accident. On 19 August 2011, FOS agreed that it was an isolated incident, and no further steps were taken. On 9 June 2011, IAL responded to FOS that it has conducted a review and its position was that the Customer's prior history did not impact the assessment of the claim, the claim was handled fairly and transparently and that no breach should be recorded. On 24 June 2011, FOS responded that it was not fair to review a Customer's claim history when assessing a new claim and recorded a breach of the 2010 Code Subsections 3.4.1 and 3.4.2.

20. Insurance Australia Limited On 9 February 2011, a Customer wrote to IAL requesting a partial refund of their premium IAL confirmed the following with FOS CGC: t/as NRMA Insurance paid over a period of 8.5 years after changing to a "cheaper" property insurance policy. On (a) after 17 February 2011, but prior to FOS raising this issue, IAL introduced standardised response letter templates which contain wording that could not be edited or removed to

COMMERCIAL IN CONFIDENCE Page 15 RCD.0001.0015.0019

17 February 2011, IAL wrote to the Customer concluding that no refund was available and ensure Customers are provided with the options available to them as part of IAL's IDR providing a contact number for FOS, and no other FOS details. process, information regarding the Customer's options for external review, including FOS, and timeframes in which the Customer may refer a matter to FOS: On 15 April 2011, the Customer made a complaint to FOS (Dispute 235453) and on 14 June 2011 an offer of a partial settlement was made by IAL to the Customer. (b) appropriate training was provided to all relevant employees within IAL upon the introduction of the new templates and the training was included in the complaints handling training FOS referred the complaint to FOS CGC who wrote to IAL on 19 December 2012 regarding provided for new employees; and FOS's contact details in the letter to the Customer, and a possible breach of the 2012 Code Subsections 6.1.1 and 6.9(c) (CX77). (c) IAL undertook a review of a number of recent responses to similar Customer complaints and found that there were no other instances of non-compliance. On 14 January 2013, IAL acknowledged that the absence of additional contact details for FOS in the letter did not comply with Code Subsection 6.1.2. On 19 September 2013, FOS CGC determined that IAL's failure to include more detailed information about how the Customer could contact FOS in the letter breached its obligations under the 2012 Code Subsection 6.1.2.

21. Insurance Australia Limited On 22 February 2013, a Customer was involved in a motor vehicle accident and lodged a IAL advised FOS CGC that the breach had occurred due to human error and that the t/as NRMA Insurance claim with IAL. IAL advised the Customer that the policy had been cancelled as a result of noncompliance has been rectified through: the premium not being paid. The Customer referred the matter to FOS on the basis that (a) discussions with senior management; NRMA did not provide them with estimate of the time it would need to make a decision on the claim. (b) a presentation of the correct process to team mangers; and On 31 May 2013, FOS wrote to IAL regarding its possible breach of the 2012 Code (c) referral of relevant employees to further on line and face to face training to reinforce relevant Subsections 3.2.1(c) and 3.2.3 (CX774). requirements of the Code. On 12 July 2013, IAL acknowledged that it had breached 2012 Code Subsection 3.2.1 (c). On 17 September 2013, FOS recorded a breach of 2012 Code Subsection 3.2.1 (c).

22. Insurance Australia Limited On 20 June 2013, the Customer lodged a claim with IAL regarding a motor vehicle accident. On 2 May 2016, IAL committed to FOS CGC to: t/as NRMA Insurance A number of interviews were conducted, by an external agency on behalf of IAL, with the (a) launch newly designed, scenario-based complaints training across all parts of the business Customer and the Customer's brother in relation to the accident and expert reports on the that interact with Customers; and accident were obtained. On 23 January 2014, IAL refused the claim on the basis that the claim was fraudulent. (b) conduct a quality assurance review of the contentious claims with an anticipated completion date of 30 June 2016. On or about 23 January 2014, the Customer made a complaint to FOS (Dispute 389487). On 4 August 2015, FOS made a determination in favour of the Customer. On 13 May 2016, IAL confirmed the following with FOS CGC: On 26 August 2015, the Customer made a complaint to FOS CGC. On 18 September 2015, (a) all employees concerned received feedback as part of their performance discussions with FOS CGC wrote to IAG regarding delays in IAL's handling of the claim, deficiencies in IAL's their direct managers throughout January 2016; expert report and IAL's reliance on certain information which gave rise to possible breaches (b) employees concerned completed a fraud awareness training module by 10 April 2016: of the 2012 Code Subsections 3.4.1, 3.2.5, 3.5.1, 3.5.2, 3.7.1, 3.7.4 and 3.7.5 (CX3251). a reminder communication that IAL's business guidelines refer to sourcing/instructing for FOS CGC recorded breaches against 2012 Code Subsections 3.5.1 and 3.5.2. (c) forensic reports was sent to all relevant claims and internal dispute resolution team leaders on 9 May 2016; and (d) IAL's standard business process regarding the sourcing of expert factual reports had since been reinforced via performance discussions conducted by managers, team discussions, reminder communications and fraud and Code training.

23. Insurance Australia Limited On 26 August 2013, a fire damaged a Customer's home and the Customer made a claim with FOS overturned the denial of indemnity on the claim. Three breaches of the Code were also t/as NRMA Insurance IAL, which was denied on 16 April 2014. During the assessment process, IAL sought a recorded. medical record on the Customer's son (who allegedly started the fire) which the Customer Through an internal review, IAL determined that the conduct which was the subject of the complaint alleged was in breach of the Code. was due to the actions of one employee. On 16 May 2014, a solicitor on behalf of the Customer made a complaint to FOS about the To prevent reoccurrence, the employee was spoken to about their divergence from IAG's usual denial of the claim. On 2 March 2015, the Customer made a complaint to FOS CGC after the business processes. IAL also committed to FOS that it would be delivering new complaint training claim was denied (CX3103).

COMMERCIAL IN CONFIDENCE Page 16 RCD.0001.0015.0020

On 31 July 2015, FOS, wrote to IAL regarding possible breaches of the 2012 Code material to all relevant employees in the coming months to ensure that the mandated letter content Subsections 3.5.1, 3.7.6, 3.7.7(b)-(c). would be consistently and accurately provided. On 26 August 2015, IAL responded to FOS. On 17 February 2016, FOS advised that breaches of 2012 Code Subsections 3.5.1, 3.5.5(b) and 6.1.1 were recorded and that given the remedial action taken by IAL, no further action would be take and the file closed.

24. Insurance Australia Limited On 4 June 2014, a Customer made a complaint to the OAIC regarding a breach of their The determination by the OAIC was for IAL to apologise to the Customer and pay $2,000 in t/as NRMA Insurance privacy in November 2013 when the Customer's spouse attended an NRMA office to enquire compensation in respect of non-economic loss. about compulsory third party and comprehensive motor insurance. The Customer says that OAIC also recommended that, and IAL did in 2016, review its employee training procedures in an employee accessed their records and discussed details of their insurance policies with the respect of its information handling policies, particularly dealing with enquiries made by family spouse, in the presence of their daughter. The information disclosed was not connected to members. any policy jointly insured with the spouse or daughter. The Customer alleged that the spouse and daughter were not asked for any form of proof of identification before the disclosure. The matter was not resolved through conciliation. IAL confirmed that it was likely the disclosure took place, but disputed the allegation that it did not take reasonable steps to verify the identity of the spouse. On 27 June 2016, the OAIC determined the matter pursuant to s52 of the Privacy Act 1988 (Cth) in the Customer's favour and found that IAL interfered with the Customer's privacy by disclosing their personal information to third parties in breach of NPP 2.1. Determination: 'IQ' and NRMA Insurance, Insurance Australia Limited [2016] AICmr 36 (27 June 2016).

25. Insurance Australia Limited On 8 October 2014, the OAIC opened an investigation into a privacy complaint (C16062). The determination by OAIC was for IAL to: t/as NRMA Insurance The Customer held a home building insurance policy with IAL jointly with another individual (a) issue an apology to the Customer; (Ms X). The complaint related to the content of the COi for that policy, which contained details of all of the Customer's other assets insured with IAL, not all of which were jointly (b) remove from COis issued to the Customer and any joint policy holder, information about the insured with Ms X. Customer's assets that are not directly related to the issued policy; and Determination: IR and NRMA Insurance, Insurance Australia Limited [2016] AICmr 37 (27 (c) pay the Customer $3,000 for non-economic loss caused by the interference with their June 2016). complainant's privacy. In terms of future prevention, IAL amended the content of its COi template to minimise the risk of inappropriately disclosing personal information.

26. Insurance Australia Limited On 27 November 2014, a Customer lodged a claim with IAL in relation to hail damage to their IAL conducted an internal review and on 21 June 2016 advised FOS CGC that: t/as NRMA Insurance motor vehicle. IAL accepted the claim and repaired the vehicle, however the Customer (a) no technical fault (for example, a system or technology error) was found to have caused the noticed a flaw in the repairs and the vehicle was left in the repair shop for three more days. issue, and regular bug testing of the system occurs, which would assist in notifying of any On 1 July 2015, the Customer contacted IAL claiming reimbursement for the hire car cost of faults in the future; and the additional 3 days. (b) education would continue with IAL employee so that they were aware of obligations under On 24 August 2014, the Customer lodged a dispute with FOS (Dispute 415228) as no the Code moving forward. response was provided to them. The complaint by the Customer was resolved through the payment of the $400 and the apology. On 20 October 2015, IAL contacted the Customer and apologised for the delay and sent an offer of $400 to settle the complaint, which was accepted by the Customer. FOS closed its file and referred the matter to FOS CGC. On 18 May 2016, FOS CGC wrote to IAL for possible breach of the 2012 Code Subsections 3.2.4 and/or 3.5.1 (CX3500). On 21 June 2016, IAL acknowledged a breach of Code Subsection 3.2.4, however denied breaching 2012 Code Subsection 3.5.1. On 24 June 2016, FOS CGC determined that IAL's conduct with regards to the delay in responding to the Customer was in breach of Code Subsection 3.2.4 only.

COMMERCIAL IN CONFIDENCE Page 17 RCD.0001.0015.0021

27. Insurance Australia Limited On 10 April 2015, IAL denied a Customer's claim under a landlord insurance policy for storm As a preventative measure, IAL ceased using "OPUS" and "CIS" systems to manage home claims t/as NRMA Insurance damage on the basis of an external report, which found that the majority of the damage was and all new home claims were to be recorded in the "Claims Centre" system with functionality to not caused by the storm. IAL offered to settle the claim but the Customer rejected the offer alert the claims department when a document was attached to a claim file (in response to the on the basis of a quote from an independent repairer for a significantly higher amount than determination references to the Customer providing their own report which was not referred to by IAL had offered. On 13 May 2015, the Customer denied IAL's request to reinspect the IAL in its initial responses). The ability for activities to be created in the "Claims Centre" was also property. IAL then sent a final decision letter confirming its previous position. enabled to ensure claims would be actioned in a timely manner and prevent reoccurrence. On 18 May 2015, the Customer lodged a dispute with FOS (Dispute 400444). On 2 February 2016, FOS issued a determination in favour of the Customer and found that IAL had incorrectly denied the claim and considerable delays had occurred in the handling the claim. In making its determination, FOS referred to IAL's position that it had not received the further report from the Customer's own building specialist when providing its Notice of Response on 10 July 2015. In the course of considering the matter FOS found on review of the file notes that IAL had closed the file on 16 June 2015, and it was unclear why. A further note of 23 July 2015 referred to IAL waiting for the Customer's own building assessment. FOS referred the complaint to FOS CGC who wrote to IAL on 23 May 2016 (CX3528). IAL provided a response to FOS CGC on 21 June 2016. IAL acknowledged to FOS CGC that it had failed to comply with the 2012 Code Subsection 3.5.1 due to incorrectly denying the claim and not proactively following up on a report from IAL's assessor. Given the unique circumstances of the matter and IAL's remedial action, on 4 July 2016, FOS CGC informed IAL that no further action would be taken but recorded a breach and closed the file.

28. Insurance Australia Limited On 11 June 2015, a Third Party was at fault in a motor vehicle accident with a Customer. IAL To remedy the conduct and prevent a recurrence, IAL committed to FOS CGC to: t/as NRMA Insurance initiated debt collection activity against the Third Party. (a) provide refresher training to its employees on the Code obligations; and On 13 August 2015, the Third Party made a complaint to FOS (Dispute 410033) saying that (b) refine the wording of its decision letter templates to ensure future correspondence was IAL failed to respond to a financial hardship request and that IAL progressed debt collection clearer in terms of the decisions that had been made by IAL. activity against them, when they were disputing liability, in breach of the Code. On 11 December 2015, FOS found in favour of IAL, however, FOS referred the complaint to FOS CGC which wrote to IAL on 15 March 2016 (CX3467). On 24 September 2016, FOS CGC determined that IAL's conduct with regards to the debt collection activity was in breach of Code Subsections 8.12 and 10.4. In response to further enquiry from FOS CGC, on 24 October 2016 IAL accepted that the words in its 7 October 2015 letter to the Third Party, namely " ... at which point we will continue to seek recoveries from you for the damages ... ", did not clearly stipulate that recovery action was on hold at that time pending finalisation of the FOS dispute (which resulted in the breach of Code Subsection 8.12).

29. Insurance Australia Limited On 21 April 2015, there was a major storm which caused widespread damage, and resulted IAL admitted that there were delays in completing the repairs to the Customer's property. IAL t/as NRMA Insurance in IAL receiving over 50,000 claims. On 9 July 2015, a Customer lodged a dispute with FOS waived the Customer's excess of $1,500 and offered the sum of $2,000 as compensation. IAL (Dispute 406176) complaining about delays in repairing their property damage resulting from acknowledged that given the volume of work following the major storm, the builders were also the storm. subject to delays. IAL held training sessions with external repairers, where their obligations to IAL and Customers were explained in attempts to minimise delays and other issues. On 15 October 2015, FOS closed its file following an agreement that was reached between the Customer and IAL at conciliation. However, on 13 November 2015, FOS re-opened its In response to an enquiry from FOS CGC regarding monitoring compliance with the Code during a file after the Customer informed FOS that IAL failed to comply with the agreement reached at catastrophe from a repair perspective, IAL responded on 27 June 2017 clarifying its 24 November conciliation. On 20 November 2015, IAL confirmed there were delays in completing repairs 2016 response to FOS CGC and provided an outline of the repair process, including that repairers and offered $2,000 in compensation. The Customer accepted IAL's offer on 26 May 2016 have access to the online claims system and are to meet service level agreements of contact with a and, consequently, FOS closed its file. Customer every 7 days. IAL explained that if a repairer has not contacted the Customer every 7 days, a "flag" was recorded against the repairer and if the behaviour continued, a repairer was put On 5 September 2016, FOS CGC requested information relating to the complaint that there on an action plan. was a delay by IAL's builders in completing repairs to the property (CX3771 ).

COMMERCIAL IN CONFIDENCE Page 18 RCD.0001.0015.0022

On 27 September 2016, IAL provided a response acknowledging that it had not complied with Code Subsections 6.2 and 7.2. On 13 July 2017, FOS CGC determined that IAL's conduct in delaying the repairs of the Customer's property was in breach of Code Subsection 6.2 (for delays by IAL's builders) and Code Subsection 7.2 (for delays by employees). FOS CGC stated they would take no further action and closed the file.

30. Insurance Australia Limited On 28 November 2015, a Third Party was at fault in a motor vehicle accident with a IAL emailed the Customer a revised settlement offer and on 23 August 2016, IAL and the Customer t/as NRMA Insurance Customer. On 10 May 2016, IAL initiated debt collection activity against the Third Party using settled the dispute. a recovery agent. The Third Party disputed their liability and made an offer to settle. The IAL identified that the breaches occurred due to an oversight by the recovery agent's operator who debt recovery agent made a counter offer which was rejected by the Third Party. failed to follow their standard financial hardship processes. On 15 July 2016, the Third Party made a complaint to FOS CGC (CX3695). The Third Party IAL advised FOS CGC that the following remedial steps had been taken: said that IAL did not provide them with information about its complaints process as required by the Code and did not comply with the Code in dealing with their application for financial (a) contact had been made with the manager at the recovery agent to provide feedback to their hardship assistance. operator who was responsible for the errors; On 1 August 2016, FOS CGC raised the matter with IAL and requested information regarding (b) IAL continued to conduct with monthly audits of the recovery agent's files to ensure that the the status of the requests made by the Third Party. On 3 August 2016, IAL provided the claims were managed to the standards set out in the applicable service level agreements; Third Party with a revised settlement offer. On 23 August 2016, the dispute was settled when IAL and the Third Party reached an agreement on a repayment amount and a monthly (c) the recovery agent had a quality review team who conducted monthly audits and provided payment plan. direct feedback to operators; and (d) the recovery agent was to notify IAL on a monthly basis of any claims where a debtor had On 10 February 2017, FOS CGC determined that IAL had breached Code Subsections 8.12, expressed that they are in need of financial hardship assistance. The claims were to be 8.4 and 8.11 and had complied with Code Subsection 8.6. These findings were made on the basis that IAL and the recovery agent did not provide the required information about IAL's monitored by IAL to ensure that the recovery agent complied with the Code. complaints process, and that the recovery agent failed to inform the Third Party of the financial hardship process and inform IAL that the Third Party had requested financial hardship assistance.

31. Insurance Australia Limited On 14 January 2011, FOS informed IAL and IMA that it would be reviewing a possible In its response to FOS, IMA confirmed that it had commenced updating all of its relevant PDSs and systemic issue for the failure to provide information in PDSs explaining how the premium was anticipated implementation in November 2011, with an effective date of January 2012 for new Insurance Manufacturers of calculated (cases 260890 and 230930). business and renewals. Australia Pty Limited This review followed FOSs determinations in case numbers 212334 (dated 1 December IAL confirmed that its proposed COi changes would be made to progressively cover renewal and 2010) and 212044 (undated), where it was decided in each case that the Customers were new business policies from January 2012 until the next PDS change. Changes to the PDS were entitled to a refund of the additional premium charged as a result of a previous claim. FOS proposed to commence in January 2012 and be included with every new business policy. recorded a breach of 2010 Code Subsection 2.1.4 in each case and given the small class of affected Customers, together with the genuine efforts to reach an outcome satisfactory to FOS, FOS was of the firm view that the remedial action undertaken and the resolution of the matter were both appropriate and acceptable. In response to the possible systemic issue review by FOS, the responses of IMA and IAL were similar in substance. Both IMA and IAL agreed to identify a class of Customers that had raised complaints on disclosure of an incident rating and the resulting premium increase, that is, Customers who may have been impacted from the practice the subject of the review. In total, there were 260 complaints identified. On 30 March 2012, FOS determined that in response to the "definite systemic issue", having regard to the complexity and time taken to investigate, the appropriate charging level was Level One and a systemic issue levy of $3,000 was to be included in the following month's funding. The matters were finalised subject to both IMA and IAL undertaking to review any new complaints relating to the same issue on a case by case basis and providing a refund on the same basis as the cases above.

COMMERCIAL IN CONFIDENCE Page 19 RCD.0001.0015.0023

32. Insurance Manufacturers of On 27 May 2013, a Customer lodged a claim for damage caused in a motor vehicle accident IMA advised FOS CGC that: Australia Pty Limited that occurred on 24 May 2013. IMA denied the Customer's claim on the grounds that it was (a) as a remedial step, in each case where it believes a claim might be fraudulent, it would t/as RACV fraudulent. In June 2015, the Customer lodged a dispute with FOS (Dispute 403506). approach that concern on its merits; and On 7 July 2015, IMA reviewed the claim and provided a supplementary decision letter to the (b) it would only take family or living arrangements into account if they were relevant to its Customer stating that it was not satisfied that an insured event occurred. concerns that there may be fraud and there is an appropriate level of evidence to support On 10 December 2015, FOS issued a determination in favour of the Customer on the basis that relevance. that IMA was unable to establish fraud and the matter was referred to FOS CGC. On 18 July 2016, FOS CGC wrote to IMA regarding the way that it had handled the Customer's claim and complaint about the decision to reject the claim (CX3532). IMA acknowledged breaches of the 2012 Code Subsections 3.5.1 and 6.2. On 19 April 2017, FOS CGC recorded breaches of the 2012 Code Subsections 3.5.1 and 6.2.

33. Insurance Manufacturers of On 22 January 2014, a Customer was involved in a motor vehicle accident. On 10 June IMA acknowledged that the financial hardship assistance was not reviewed in a timely manner and Australia Pty Limited 2014, IMA requested recovery of the debt of $10,092.57. The Customer made an attributed this to misfiling of correspondence from the CLC. t/as RACV arrangement with IMA to pay $15.00 per month. IMA confirmed that, in response to this matter, it had changed the way it filed and allocated On 13 May 2015 and 3 June 2015, a CLC wrote to IMA on the Customer's behalf, requesting incoming mail, as well as changing how recovery claims were managed. that the debt be waived on the basis of the Customer's financial situation. IMA did not Following this incident, IMA reviewed other files within the Sydney office. The review involved 80 respond, and on 21 July 2015, the CLC requested the matter be referred to IDR. randomly selected files which had been closed between April 2015 to November 2015. The only On 29 October 2015, FOS CGC wrote to IMA regarding an investigation into potential other instance of correspondence being misfiled identified was the matter of CX3381 (Entry 37). breaches of the Code (CX3289). The CLC alleged that IMA failed to provide an assessment IMA also conducted a search of incidents and complaints in the incident notification system, of whether or not the Customer was entitled to financial hardship assistance and failed to "Compliance Mailbox", and the complaints management system, "Customer Experience Database", refer the matter to IDR. and no incidents or complaints relating to the same misfiling issue were found. As a result of these investigations, IMA was of the view that this was not a systemic issue. On 6 January 2016, IMA provided a response to FOS CGC. On 8 March 2016, FOS CGC notified IMA that, based on IMA's response, it did not consider that IMA had complied with the IMA confirmed that it regularly monitored its recovery employees' compliance with the Code and 2012 Code and the Code and requested further information. standard business processes, which involved monthly coaching and development sessions and a review of random samples of closed files to ensure employees have adhered to the Code and to On 30 November 2016, FOS CGC found that IMA complied with Subsection 8.8 but had IMA's standard business practices. Furthermore, IMA confirmed that it audited a random sample of breached Code Subsections 8.6 and 8.12. 20 debt collection files each month to ensure compliance and any issues were discussed in one-to FOS CGC found that correspondence from the CLC had been overlooked by IMA. FOS CGC one coaching with the employees as well as team meetings. Similarly, breaches of process and/or noted that IMA had acknowledged the breaches and taken appropriate remedial action to timeframes identified in the file audit were recorded in the Compliance Mailbox. address them (which included waiving the debt once it became aware that correspondence on behalf of the Customer had remained in a work queue and not been allocated for determination). FOS CGC considered the investigation had been finalised that the file was closed.

34. Insurance Manufacturers of On 20 July 2014, a Third Party was at fault for a motor vehicle accident involving three other The cause of the issue was the actions of the recovery agent and its failure to communicate a Australia Pty Limited vehicles, two of which were owned by Customers of IMA. Both of the Customers of IMA decision. IMA provided feedback to the agent's senior manager who agreed to arrange further t/as RACV lodged claims in July 2014. IMA referred the debts for each claim to two different recovery training to prevent recurrences. agents. IMA confirmed in its response to FOS CGC on 15 December 2016, that: On 3 July 2015, the Third Party was found not guilty of the traffic infringement which was (a) it conducted an audit of 20 files per month for each recovery agent and confirmed that this alleged to have given rise to the incident and the Court dismissed the case against the Third issue had not been identified in any other audit for the previous 12 months; and Party for lack of evidence. (b) in late December 2015, IMA provided feedback to all of its recovery agents to reiterate its On 14 August 2015, a law firm wrote to the Third Party, on behalf of IMA and on instructions expectations and the requirements of the Code. from one of the recovery agents, requesting payment of one of the debts. On 26 August 2015, a CLC acting for the Third Party, responded to the lawyers enclosing copies of the Court extract and stating that the Third Party was experiencing financial hardship. This was subsequently communicated to the debt recovery agent, which made a request for the debt to

COMMERCIAL IN CONFIDENCE Page 20 RCD.0001.0015.0024

be waived. On 21 October 2015, the recovery agent closed its file in light of the Third Party's financial situation but did not convey this decision to the Third Party's representatives. On 7 December 2015, a dispute was lodged with FOS on behalf of the Third Party (422323). On 22 December 2015, IMA emailed its final decision on both claims to the CLC maintaining the Third Party was liable for both debts but offering to cease recovery action against the Third Party on the basis that they would bear their own repair costs and they would not seek any further claim for loss or compensation. This offer was rejected. On 8 April 2016, FOS issued a determination in favour of IMA on the basis that the Third Party had not established that IMA's Customer driver was at fault. IMA later agreed with the Third Party on a reduced amount to pay. On 16 November 2016, following a referral from FOS, FOS CGC wrote to IMA regarding a failure to inform the Third Party of their right to request financial hardship consideration in breach of the Code (CX3693). On 15 December 2016, IMA conceded that it had not complied with Code Subsection 8.7 because the recovery agent had not notified the Third Party or their representatives of the decision to cease recovery action and close the file. On 30 June 2017, FOS CGC requested further information in relation to IMA's processes and its compliance with Code Subsections 8.4, 8.6, 8.8(d) and 8.11. On 18 December 2017, FOS CGC confirmed that it was satisfied with the appropriate remedial action and no further action was required. The file was closed.

35. Insurance Manufacturers of On 6 October 2014, FOS CGC wrote to IMA regarding the handling of a claim under a home In its response of 18 June 2015, IMA identified that there were administrative errors which led to the Australia Pty Limited contents policy for damage caused by blocked pipes. FOS CGC referred aspects of the Customer being provided with an extract of the builder's report instead of the full copy. The t/as RACV complaint to FOS causing FOS CGC to place its investigation on hold (CX2621 ). relevant employee was counselled and provided with refresher training. The complaint related to the Customer not being provided with a full copy of the builder's report and IMA failing to take into account the Customer's submissions when making its final decision on the claim. While the Customer entered into a settlement agreement with IMA, they alleged that it was under duress. On 13 May 2015, FOS CGC advised that FOS had issued a determination in Dispute 37 4938. On 25 June 2015, FOS CGC determined that IMA had breached 2012 Code Subsections 3.5.5 and 6.1.1. However, after further emails with IMA, FOS CGC reversed the finding of a breach of 2012 Code Subsection 3.5.5.

36. Insurance Manufacturers of On 14 October 2014, a Customer lodged a claim under their home and contents policy with In January 2016, in response to the FOS Dispute, IMA conducted a national training session with all Australia Pty Limited IMA for damage to their property as a result of a fire. On 4 March 2016, the Customer lodged of its preferred repairers outlining their obligations. A recording register was also opened so that all t/as RACV a complaint with FOS because of the delay in their claim being resolved. employees could enter any concerns that have been bought to their attention from a Customer or that they themselves have identified. On 13 May 2016, FOS found in favour of the Customer stating that there were issues regarding poor service to the Customer and closed the matter (Dispute 392511 ). On 27 June On 10 March 2016, IMA advised FOS CGC that the cause of the breach was a result of an 2016, the Customer advised FOS that they had not received payment in accordance with the employee error and remedial action included the employee being provided with additional training. determination. The matter was subsequently referred to FOS CGC. On 5 July 2016, FOS CGC wrote to IMA regarding its possible breach of the Code regarding delay and communication to the Customer (CX3397). IMA conceded breaches of the 2012 Code Subsections 3.7.1 and 3.5.1. On 19 April 2017, FOS CGC recorded breaches of the 2012 Code Subsections 3.5.1, 3.7 .1, 6.1.1 and 6.5.

37. Insurance Manufacturers of On 7 February 2015, a Third Party was driving an uninsured motor vehicle when they were The matter was resolved on 4 February 2016 when IMA agreed to waive the debt. Australia Pty Limited involved in an accident with a Customer. On 28 April 2015, IMA notified the Third Party that t/as RACV they were at fault for the accident and requested payment for repairs to the Customer's

COMMERCIAL IN CONFIDENCE Page 21 RCD.0001.0015.0025

vehicle. On 5 May 2015, the Third Party contacted IMA and requested that the debt be IMA stated that the cause of the issue was a delay in the handling of the financial hardship request waived on the grounds of financial hardship. and complaint. This was because the matter was misfiled and was not referred to the appropriate party by the recovery agent's consultant. IMA utilised the services of a recovery agent in assessing the financial hardship application. On 6 May 2015, the recovery agent notified the Third Party that their request was denied and Following an internal review, IMA concluded that these breaches occurred because: what steps needed to be taken to re-apply for a waiver. (a) the recovery agent did not identify the correct insurer it was acting for when corresponding On 8 December 2015, FOS CGC wrote to IMA regarding a complaint from the Third Party with the CLC; who said that they had requested I MA waive a debt on the basis of financial hardship which (b) the recovery agent (acting for IMA) did not comply with the Code when dealing with a was denied (CX3381 ). It was alleged that IMA failed to comply with Code Subsection 8.8 in represented Customer; its pursuit of the debt and that the recovery agent failed to refer the matter to I DR and did not provide details of the complaints process. (c) the recovery agent (acting for IMA) did not notify the Third Party of its assessment of their entitlement to financial hardship assistance as soon as reasonably practicable; On 6 October 2016, FOS CGC determined that there was a breach of Code Subsections 8.6, 8.10, 8.12 and 10.4, and also Code Subsections 6.2, 6.7 and 8.8. (d) the recovery agent (acting for IMA) had not provided its services in compliance with Code Subsection 10.4 because it had not acknowledged the CLC's correspondence of 24 June On 23 November 2016, FOS CGC communicated these findings and acknowledged a 2015 until they sent further correspondence raising a complaint on 30 July 2015; specific concern about the type of information that the recovery agent had taken into account when assessing the Third Party's request for financial hardship assistance. On 20 July 2017, (e) the recovery agent (acting for IMA) had not notified the CLC of IMA's complaint process FOS CGC confirmed the matter was finalised. when it was unable to reach agreement for the debt repayment; and IMA had not responded to the CLC's complaint in a timely manner because it took 88 days to respond to the complaint.

38. Insurance Manufacturers of On 14 April 2015, a Third Party was at fault for a motor vehicle accident with a Customer. Debt collection activity was put on hold while the matter was internally reviewed. An update was Australia Pty Limited IMA, through a recovery agent, initiated debt collection activity against the Third Party. The then provided to the Third Party on their financial hardship request. IMA explained that the breach t/as RACV Third Party engaged a CLC to act on its behalf. of Subsection 8.6 was due to a recovery agent's team manager having an excessive workload and that it was an isolated instance. The Third Party said that it requested IMA consider a financial hardship application, but received no update, which prompted a referral to FOS CGC. IMA committed to FOS CGC to take the following actions: On 1 December 2015, FOS CGC wrote to IMA regarding a possible breach of the Code for its (a) the recovery agent to recruit more employees and appoint another team manager to assist failure to respond (CX3388). with financial hardship matters; On 1 April 2016, FOS CGC determined a breach of Subsection 8.6 of the Code, however IAG (b) the recovery agent employees to receive refresher Code training; advised FOS CGC that this determination had been based on incorrect information (IMA (c) the recovery agent to generate a weekly report to monitor the status of financial hardship provided a response to another complaint using this number). FOS CGC required IMA to files, and to provide that report to IMA to review; and provide a further response. In later correspondence IMA acknowledged breaches of Subsections 8.4 and 8.6 of the Code. IMA's technical claims team to set reminder activities to review each claim on a monthly basis. On 27 May 2016, FOS CGC determined that IMA's conduct with regards to the financial hardship request had failed to comply with Code Subsections 8.4 and 8.6 and no further action was taken.

39. Insurance Manufacturers of On 11 July 2015, a motor vehicle accident occurred between a Third Party and a Customer. The Third Party's financial position was reviewed by IMA and on 8 January 2016 IMA agreed to Australia Pty Limited IMA commenced debt collection activity against the responsible Third Party. On 1 September waive the debt in full on the basis of the Third Party's financial hardship. t/as RACV 2015, the Third Party, through their legal representatives, made a request for financial The breaches of Code Subsections 8.6 and 8.12 were attributed to human error by IMA. IMA hardship consideration to IMA, but did not receive a response this request. explained that an employee failed to acknowledge the CLC's correspondence of 1 September On 5 January 2016, FOS CGC wrote to IMA regarding the debt collection activity being taken 2015, which set in motion a series of events that led to breaches of the Code. against a Third Party and IMA's failure to respond to a financial hardship request (CX3425). The employees involved received one-on-one feedback and counselling on their errors and On 30 November 2016, FOS CGC notified IMA that the outcome of their investigation was deviation from standard business practice. In addition, the senior consultant for the team held a that IMA complied with Code Subsection 8.8 but breached Code Subsections 8.6 and 8.12. refresher education session on the financial hardship requirements of the Code and on IMA's FOS CGC noted that IMA had acknowledged the breaches and taken appropriate remedial standard business processes for the management of financial hardship assistance requests. This action to address them. was followed up with a written communication to the team on 15 April 2016. On 2 May 2016, IAG launched its newly designed, scenario-based complaints training across all parts of the business that interact with Customers. This training refreshed obligations under Code Chapter 10 and ASIC Regulatory Guide 165. All recoveries employees were enrolled in this

COMMERCIAL IN CONFIDENCE Page 22 RCD.0001.0015.0026

training, including the two employees involved in this matter, and were required to complete this training by 17 June 2016.

40. Insurance Manufacturers of On 14 August 2015, IMA denied a Customer's claim under their comprehensive motor vehicle IMA conceded that, on the basis of erroneous legal advice it had received, it had relied on irrelevant Australia Pty Limited policy because the Customer was unable to establish that an insured event had occurred information in its responses to the Customer and to FOS. IMA confirmed that as part of its t/as RACV (that is, that damage to their vehicle was caused by theft). The Customer disputed IMA's restructure (including that of its IDR department) it was reviewing the roles of external legal decision and, on 24 September 2015, IMA issued a final decision letter continuing to deny the providers and auditing the advice provided by them. claim. IMA stated that it was also completing an audit of claims where advice from an external legal The Customer and their legal representatives requested IMA provide copies of a number of provider was noted. documents, including two expert reports. IMA declined to provide these reports on the basis that IMA requested and paid for them. The Customer's legal representatives raised concerns that IMA had breached Code Section 14 by refusing to provide information it had relied on to deny the claim. On 9 December 2015, the Customer's legal representatives lodged a dispute with FOS (Dispute 422759), disputing IMA's denial of the claim. On 18 August 2016, FOS issued a determination in the Customer's favour. The FOS dispute was closed when the Customer accepted the determination. The matters were referred to FOS CGC. On 19 December 2016, IMA provided a response to FOS CGC in which it initially conceded a breach of Code Subsection 7 .19. However, on 2 March 2017, IMA retracted this concession for internal reasons. On 9 May 2017, FOS CGC found that IMA had complied with Code Subsection 7.19 but had breached Subsections 14.2 and 14.5 by denying access to the expert reports. In relation to Code Subsection 7.3, IMA confirmed that it breached the Code when it used information about the Customer's financial position after the claim to show that the Customer had financial motive to commit fraud and stated that the Customer had referred to their vehicle as a 'lemon'. FOS CGC also had concerns that IMA did not handle the Customer's claim in accordance with Code Subsection 7.2 and referred to other determinations by FOS and FOS CGC (see Entry 32) which raised concerns about the quality and relevancy of the evidence on IMA relied to make out fraud.

41. National Adviser Services Pty Ltd In May 2013, an audit of a NAS Authorised Representative revealed that invoices provided by The Authorised Representative was reported ASIC and their status as an Authorised that Authorised Representative to Customers were issued by an entity that was not Representative was revoked. NAS also contacted the relevant Customers about the about the authorised by NAS. Further, the Customers were being directed to make cheques payable issue. to, or to deposit funds into an account in the name of, the unauthorised entity. An external fraud investigation was undertaken during which an individual was said to have made admissions regarding the behaviour. On 20 May 2013, a voluntary notification was made to ASIC.

42. National Adviser Services Pty Ltd In May 2014, NAS were notified that an Authorised Representative of NAS signed a Letter of NAS revoked the individual's status as an Authorised Representative. Authority on a Customer's behalf. NAS systems indicate that policies were renewed the following year confirming that the Letter of No further information can be provided at this point in time as the files are archived. Authority did not lead to any adverse Customer impact.

43. National Adviser Services Pty Ltd On 19 October 2016, a Customer's premises were damaged by fire in an arson attack. An The Customer's claim was denied. Authorised Representative of NAS attempted to arrange a building insurance policy on 23 The Authorised Representative was reported ASIC and the ASIC investigation is ongoing. October 2016 (after the fire), backdated to September 2016 (before the fire). The incident was recommended by IAG's external investigators to be reported to the relevant The Authorised Representative was acting as the Customer's agent, which meant that at the authorities. time the Authorised Representative sought to arrange the insurance, they acted in behalf of the Customer. Backdating the policy inception date was done fraudulently in an attempt by

COMMERCIAL IN CONFIDENCE Page 23 RCD.0001.0015.0027

the Authorised Representatives to secure a payment from the insurer, on the Customer's behalf. The loss amount was recorded as $634,766. On 19 October 2017, NAS was notified of the issue and on 31 October 2017 it revoked that person's status as an Authorised Representative. On 8 November 2017, NAS notified ASIC of the revocation of the Authorised Representative.

44. Swann Insurance (Aust) Pty Ltd On 29 April 2013, a Customer purchased a gap insurance policy and later requested a refund Swann advised FOS CGC that: of the premium paid plus interest. The matter was referred to FOS CGC (CX3777). (a) all dispute matters either originating from the Consumer Action Law Centre or were On 4 October 2013, a different Customer purchased a gap insurance policy and requested a complaints of a similar nature would be managed at a single point by Swann senior refund of the premium paid plus interest. The matter was referred to FOS CGC (CX3683) technical specialists or by the IAL IDR team; On 18 January 2017, FOS CGC wrote to Swann regarding both matters and Swann's (b) to ensure that review processes would be prompt, these matters would be escalated directly compliance with Code Subsections 10.4, 10.13, 10.12. to IDR, bypassing the need for manager review; On 8 March 2017, Swann wrote to FOS CGC acknowledging breach of Code Subsections (c) contact would be made with Customers or their representatives within 24 hours to provide 10.4, 10.13, 10.12 with respect to CX3683 but not in relation to CX3777. the details of the Swann senior technical specialist or the IAG IDR team representative; and In relation to CX3683 Swann acknowledged that while it provided a response to the Customer (d) all complaints relating to Swann add-on insurance products would be treated as urgent and within 15 business days of receipt of the complaint, the response failed to include information it would expect to resolve them within 15 business days. concerning the Customer's rights to take their complaint to EDR if Swann's initial internal review decision did not resolve the complaint, and the Customer's right to take their complaint to FOS. Swann also confirmed that it did not issue a final IDR determination letter as it did not consider that the Customer had requested that the complaint had been escalated to IDR for review.

45. Swann Insurance (Aust) Pty Ltd On 5 September 2016, FOS wrote to Swann advising that Case 443480 has been referred to Further to what is summarised at Entry 73, on 5 October 2016, Swann advised FOS that it: FOS as a possible systemic issue in respect of Swann's process for selling add-on insurance, (a) had reduced its involvement in add-on insurance products; including gap insurance, met its good faith obligations. This complaint was also considered as part of the systemic review (see Entry 73). (b) had been actively assisting ASIC with its inquiries about gap insurance and participating in industry working group through the ICA; On 5 October 2016, Swann wrote to FOS and advised what steps it was taking in relation to its sale of gap insurance products. This was acknowledged by FOS on 28 October 2016, and (c) would reinforce and enhance training with a view to improving sales practices and it closed the matter. processes; (d) had developed a new front end sales system that improves the presentation of information and has built in clear explanations of products for the Customer; and (e) had commenced a process for ensuring that where a Customer had been sold a product by an Authorised Representative, was provided with a copy of all relevant product information.

46. Swann Insurance (Aust) Pty Ltd On 13 December 2016, FOS wrote to Swann regarding a possible systemic issue in relation On 21 August 2017, Swann advised FOS that it was working closely with ASIC to reach a resolution to its complaints handling procedures (case 460462). In particular FOS made inquiries with for its Customers. Swann advised further that: Swann in relation to how it ensures that it provides responses to Customers within 45 days of (a) it was yet to have a final timeline agreed with ASIC to when a final resolution would be in receiving their complaints and whether it advises Customers about their right to refer place; complaints to EDR and provides contact details for FOS. (b) it would advise FOS once an agreed timeline was reached with ASIC; and On 27 January 2017, Swann responded to FOS and advised that it remained committed to ensuring all complaints were dealt with openly, honestly, fairly, and promptly. (c) it had voluntarily agreed to implement a remediation program. On 19 April 2017, FOS wrote to Swann regarding dispute 397767 (case 431996) and made inquiries about a potential systematic issue in Swann's complaints handling procedures, in particular, Swann's policies and procedures for the sale and monitoring of insurance policies through motor dealers. On 17 May 2017 Swann advised FOS that it was unable to determine what information it failed to produce in relation to the sale of insurance through Authorised Representatives.

COMMERCIAL IN CONFIDENCE Page 24 RCD.0001.0015.0028

FOS determined that the matter represented a systemic issue but that it would not take further action at that time. On 21 August 2017, Swann wrote to FOS and advised that it did not concede any regulatory breaches associated with the matter and asked that it be considered a "potentially" systemic matter.

47. WFI Insurance Limited On 10 November 2014, an uninsured Third Party was at fault for a motor vehicle accident WFI committed to FOS CGC to: with a Customer. WFI initiated debt collection activity against the Third Party. (a) ensure WFI recoveries employees completed a learning module regarding the Code; and The Third Party complained that WFI failed to respond to a financial hardship request and (b) schedule employee training regarding Code Section 8 to be completed by year end 2016. that repeated requests for further information from the Third Party were unreasonable. On 5 January 2016, FOS CGC wrote to WFI regarding possible breaches of the Code (CX3426). On 6 October 2016, FOS CGC determined that WFl's repeated requests for further information resulted in a breach of Code Subsections 8.5 and 8.6.

48. WFI Insurance Limited On 21 January 2015, a Customer damaged their photography equipment and lodged a claim Lumley advised FOS CGC that the breaches were due to the wrong letter template being used, the t/as Lumley under a marine insurance policy with Lumley. The claim was denied due to an exclusion for incident was unique and not systemic, and that refresher training had been provided to all electrical, mechanical or digital, malfunction damage under the policy. The matter employees. subsequently went to IDR. Further, Lumley investigated its denied marine claims dating back to July 2012, and confirmed that On 3 March 2015, Lumley issued its IDR final decision letter to the Customer and referred to no other complaints progressed to IDR where the wrong template was used. a period of three months for referring the complaint to FOS when it should have said that there was a two year referral period. On 7 September 2015, FOS CGC wrote to Lumley regarding the wording in its final decision letter to the Customer advising that the wrong time frame would be a breach of the 2012 Code Subsections 6.1.1 and 6.9(c) (CX3122). On 6 October 2015, Lumley acknowledged the breaches in its response to FOS CGC. On 21 October 2015, FOS CGC recorded the breaches of the 2012 Code Subsections 6.1.1 and 6.9(c), was satisfied with the remedial action taken, and closed the file.

49. WFI Insurance Limited On 2 June 2015, a Customer lodged a claim with WFI under their home and contents policy WFI provided FOS CGC with information about their quality and assurance framework. t/as Coles Insurance following a theft at their property. WFI accepted the claim and, amongst other amounts, On 24 May 2016, WFI made a payment to the Customer in the amount of $10,376.27 in settlement offered a settlement amount for unspecified jewellery subject to the Customer signing a Deed of the unspecified jewellery items, pursuant to direction from FOS. of Release. On 17 June 2016, the Customer accepted WFl's offer to resolve the dispute for a further payment of The Customer disputed a number of amounts to be paid under the claim and extensive $8,886.86 in full and final settlement of the claim. negotiations were conducted between WFI and the Customer to reach agreement. The Customer refused to sign the Deed of Release. On 9 December 2015, the Customer made a complaint to FOS (dispute 422772). FOS noted that although WFI accepted liability of up to $10,281, it did not make payment to the Customer until after FOS's involvement. FOS was concerned that this conduct was not in accordance with Code Subsection 7.2. FOS referred the complaint to FOS CGC which wrote to WFI on 20 February 2017 regarding possible breaches of the Code in relation to the request that the Customer sign the Deed of Release and the withholding of payment on the accepted portion of the claim until the Deed was signed (CX3953). On 18 May 2017, WFI conceded that its conduct was in breach of Code Subsection 4.4, but not in breach of Code Subsection 7 .2. On 20 June 2017, FOS CGC recorded the breach and confirmed the matter was finalised.

COMMERCIAL IN CONFIDENCE Page 25 RCD.0001.0015.0029

50. WFI Insurance Limited On 21 July 2015, a Customer was involved in a single vehicle accident when they hit a stray On 26 August 2015, WFI agreed to waive the excess and provide a full reimbursement of the cost dog. The Customer lodged a claim with WFI. The Customer advised that they were unable of repairs. to pay the excess upfront and wanted the excess waived due to financial hardship. WFI WFI reviewed its Customer complaints database and disputes databases and found no record of advised the Customer that a claims specialist would return their call. any similar instances where financial hardship processes were not followed by WFI. Accordingly, On 23 July 2015, the Customer contacted WFI after receiving no response and was advised WFI took the view that this complaint was isolated incident. Further, refresher training was provided that they should contact the City Council and request that they pay the excess. WFI further to all relevant employees, with a particular focus on compliance requirements for financial hardship advised the Customer that if they were unable to have the Council pay the excess and they obligations. were unable to pay the excess cost themselves, WFI would cancel the claim. Employees involved were counselled in relation to relevant business processes and informed they On 21 August 2015, FOS CGC informed WFI that they had received an allegation that WFI would be receiving additional training regarding obligations under the Code. may have breached the Code (CX3229). In relation to corrective actions to ensure ongoing compliance, WFI agreed to: On 17 September 2015, WFI acknowledged that the employee had not followed standard (a) develop a Code module for its claims manual; business procedure in relation to assessing the request for financial hardship assistance. (b) provide additional employee training; (c) undertake review of its Code compliance framework; and (d) reiterate that referral to the financial services counselling hotline was part of standard business processes.

51. WFI Insurance Limited A Customer had a home insurance policy with WFI for a property in New South Wales. On 9 WFI amended the Customer's address. In order to prevent a similar occurrence, WFI committed to t/as Coles Insurance September 2015, the Customer sold their New South Wales property and moved FOS CGCto: permanently to Queensland. On 11 September 2015, the Customer wrote to WFI to inform it (a) distribute an internal memorandum within two weeks (of its response to FOS CGC on 24 of the change of address and asked for their home insurance policy to be changed to reflect November 2016) to all relevant employees reinforcing their obligations in relation to: the new address. (i) the quality of personal information and the need to ensure that any personal On 17 March 2016, WFI sent a policy renewal to the New South Wales address. On 29 information collected is accurate up to date and complete in accordance with the March 2016 the Customer wrote to WFI to reiterate the request for the change of address. Privacy Act; On 24 April 2016, WFI sent a reminder to the Customer at the New South Wales address that the policy renewal was overdue. On 3 May 2016, the Customer again requested the address (ii) conducting sales and renewal processes in accordance with Code Section 4, and be updated. WFI did not respond to this letter. the relevance of same when correspondence is not actioned in a timely fashion; On 21 May 2016, the Customer lodged a complaint with FOS. (iii) a Customer's right to make a complaint about any aspect of their relationship with WFI and conducting complaints handling in accordance with Code Section 1 O; and On 10 October 2016, FOS CGC wrote to WFI regarding possible breaches of Code Subsections 5.1 (a) and 10.3 (CX3762). On 24 November 2016, WFI conceded that its (iv) the expectation that employees follow standard business process in relation to conduct was in breach of Code Subsections 5.1 (a) and 10.3. On 1 February 2017, FOS CGC classifying and actioning digitised postal mail; recorded the breaches and confirmed the matter was finalised. (b) provide feedback and additional coaching to the employees responsible for monitoring and actioning requests sent to the WFI shared mailbox, including a refresher of the IAG training modules on the Code, Privacy Act and complaints handling; and (c) conduct regular audits on employee workloads to ensure that excessive workloads are not experienced, thereby reducing the risk of mail not being actioned in accordance with service level agreements. WFI also reported that IAG had invested in the establishment of a 'digital mailroom' where correspondence received by mail was scanned (10,000 +items per day across IAG) and a PDF of the postal mail was then sent to various internal shared mailboxes to be classified and retained electronically against either the claim (in the claims mainframe system), the policy (in the policy mainframe system) or the centralised customer experience database, as appropriate.

52. WFI Insurance Limited On 11 July 2016, the Customer lodged a claim with WFI for damage to the shower in their WFI paid compensation in the amount of $3,500 to the Customer in resolution of the FOS dispute. t/as Coles Insurance bathroom. A builder was engaged to arrange a number of inspections and reports and it was WFI also committed to FOS CGC to: concluded the damage was a result of a burst water pipe under the house. On 23 August

COMMERCIAL IN CONFIDENCE Page 26 RCD.0001.0015.0030

2016, the Customer was placed in temporary accommodation while the repair works were to (a) provide refresher training to all claims employees in relation to claims handling and be undertaken. The Customer did not move back into their property until 23 December 2016. management of complaints and disputes; The Customer was unhappy with damage to the heating ducts and carpets caused by the (b) continue auditing claim files; and tradesmen in carrying out repairs, the length of time for the repairs, settlement amounts and (c) introduce a business process improvement in the form of a new standard procedure the handling of the matter generally. On 13 February 2017, the Customer made a complaint including a requirement that claims employees immediately notify their manager of to FOS (Dispute 465002). On 26 April 2017, FOS issued a preliminary view that the only concerns raised by a Customer during the claims lifecycle. matter outstanding was the provision by WFI of a warranty for the work completed. The Customer referred the matter to FOS CGC. Further, a decision was made to establish a specific WFI team to manage Customer complaints relating to WFI claims management, and that team became operational from 10 July 2017. On 15 March 2017, FOS CGC wrote to WFI regarding possible breaches of Code Subsections 6.2, 7.2, 10.4, 10.10 and 10.19 (CX3973). On 24 July 2017, WFI conceded that its conduct was in breach of Code Subsection 7 .2, 10.10, 10.12 and 10.13, but not in breach of Code Subsections 6.2, 10.4 and 10.19.

53. WFI Insurance Limited On 23 August 2016, an uninsured Third Party was at fault for a motor vehicle accident with a WFI accepted the claim and apologised to the Customer. WFI committed to FOS CGC to: t/as Coles Insurance Customer. On 26 August 2016, the Customer lodged a claim with WFI and provided the (a) counsel the claims employees who made errors in the handling of the matter; and Third Party's name, address, car registration and vehicle description. On 29 August 2016, WFI withdrew the claim on the basis that the Customer was unable to provide details of the (b) provide refresher training to employees on the Code with particular reference to Code other driver. Chapter 7. On 14 October 2016, the Customer made a complaint to FOS. On 20 October 2016, WFI apologised to the Customer and accepted the claim. On 10 November 2016, FOS CGC wrote to WFI regarding possible breaches of Code Subsections 7.2, 7.9, 7.16 and 7.19 (CX3843). On 12 December 2016, WFI conceded that their conduct was in breach of Code Subsections 7.2, 7.9, 7.16 and 7.19. On 21July2017, FOS CGC acknowledged breaches of Code Subsection 7.2 and 7.19 and no further action was taken.

54. Westcourt General Insurance In November 2014, Westcourt was notified that one of its Authorised Representatives had Westcourt notified ASIC of the Authorised Representative's conduct and provided voluntary Brokers Pty Ltd fraudulently represented to various Customers that it had arranged insurances on their assistance with the investigation. At that time, the Authorised Representative had only been behalf. Westcourt made a voluntary notification to ASIC. authorised by Westcourt for two months. An ASIC investigation found that from June 2013 to October 2014, the individual Authorised Westcourt worked with the Authorised Representative's previous authorising licensee to obtain a list Representative fabricated Builders' Warranty Insurance certificates for four Customers of affected Customers. Westcourt sent letters to all of the Authorised Representative's Customers operating in the building and construction industry. It also found that in one instance the confirming that the Authorised Representative was no longer acting as a broker and that Westcourt Authorised Representative failed to notify a Customer that their insurance was due to renew. would be managing their policies going forward. Westcourt has had an ongoing relationship with This came to light when the Customer tried to make a claim, which was denied, as the policy many of the Customers since. had not been renewed. ASIC permanently banned the individual from providing financial services. As a result of the conduct of the Authorised Representative, some Customers were at risk of breaching residential dwelling building contracts and at risk of contravening the Home Building Contracts Act 1991 (Cth). ASIC found that the individual Authorised Representative had acted independently of their employer.

COMMERCIAL IN CONFIDENCE Page 27 RCD.0001 .0015.0031

ANNEXURE 41 BEHAVIOUR THAT MAY HAVE FALLEN BELOW COMMUNITY STANDARDS AND EXPECTATIONS

Entry Entity Conduct Remedial and prevention steps (and trading name where relevant) A summary of the nature, extent and effect of the conduct; if the conduct has been the A summary of steps taken to remediate, and where necessary prevent future occurrence of, the subject of any inquiry, investigation or proceeding. conduct; and any identified cause of conduct, and if it could be attributed to culture, governance or other practice of the entity or industry

55. Accident & Health International In March 2015, there was an identification of a possible historic breach of AHl's AFS Licence The last master policy manufactured by AHi expired on 1 April 2014. As at 6 March 2015 (the date Underwriting Pty Ltd for inadvertently issuing contracts of insurance which may have included a component of the voluntary notification), AHi did not underwrite any master policies and presently has no comprising a contract of life insurance as defined in s9 of the Life Insurance Act 1995 (Cth). intention to do so. (CGU acquired 50 percent of AH/ on 1 July2010 and it was wholly AHi acted as a wholesale intermediary in providing master CCI policies (providing sickness As reported to ASIC, in the event that AHi decided to manufacture a master policy in the future it owned by 1 July 2015) and accident cover) to an insurance broker who engaged a distributor to sell individual would ensure that the provisions of any such arrangement were clearly general insurance policies policies to Customers. Nominated Customers of the distributor were accepted automatically so that the uncertainty does not arise again. under the master policies and issued with a COi. The periods of the insurance for Customers were typically short, lasting no longer than five weeks. AHi made a voluntary notification to ASIC on 6 March 2015 in which it disclosed a possible breach of its AFS Licence by issuing insurance which may have, in part, constituted a life policy for the purpose of s9 of the Life Insurance Act 1995 (Cth) at certain, and limited, times. ASIC took no further action on the issue following the notification.

56. CGU Insurance Limited In November 2010, a fit and proper assessment was not completed for the new CGU CEO The CFO of CGU confirmed to APRA that the assessment would be completed within four weeks of before their commencement date, which constituted a technical breach of APRA's Prudential the CEO's commencement. APRA was comfortable with the approach being taken and no further Standard CPS 520. action was taken. A voluntary notification was made to APRA on 5 November 2010.

57. CGU Insurance Limited Throughout April to December 2013, CGU's internal assessors changed the methodology for During consultation with ASIC and FOS, CGU agreed to: assessing its pre-accident market value for total loss motor vehicle assessment claims. This (a) commence a refund program for the identified impacted Customers that would take into meant that CGU was using a figure constructed utilising national average figures and not account interest payable on any underpaid amounts; local area figures for assessing those claims. (b) CGU Claims' National Claims Assurance team would continue to monitor, review and report CGU claims employees raised the issue internally after becoming aware of a FOS decision in on their findings of how claims assessors were considering market value assessments; and relation to another insurer's approach to assessment methodology (Case Number 202544). (c) the CGU Risk & Compliance team would continue to oversee the National Claims From this internal inquiry, CGU found that some Customers may have been financially Assurance team monitoring and would report to the CGU Risk & Compliance Committee on impacted as a result of the method of assessment. any exceptions to compliance with market value assessment requirements. The Committee CGU made a voluntary notification to ASIC on 31January2014. In consultation with FOS included the CGU CEO, Chief Risk Officer and senior management. and ASIC, CGU carried out reviews and wrote to Customers who may have been financially In addition to the above, CGU committed to provide further tra ining in respect of total loss impacted and additional payments made. assessments of motor vehicle prices, which would be reviewed by the CGU Risk & Compliance CGU initially thought there was a total of 404 cases affected, however a review confirmed team and it was to incorporate an updated incident management process. there was 140 affected policies of which 29 required a refund. The total refunds were $20,994.20.

58. CGU Insurance Limited After extensive consultation with the insurance industry, on 3 March 2014, the FSL Monitor On 29 August 2014, CGU entered into an Enforceable Undertaking with the FSL Monitor which released final guidelines on how insurers were expected to deal with over-collections of the remained in effect to 31 December 2014. CGU undertook to: FSL during the 2012-2013 financial year. (a} pay $210,000 to the Consumer Action Law Centre; Subsequent to the year ending 30 June 2013, CGU calculated that it had over-collected FSL (b} take (and refrain from taking) various steps regarding its publication of a media release in the net amount of $1.184 million. On the day of (but prior to) publication of guidelines by regarding its CFA donation; and the FSL Monitor, CGU made a donation of the over-collected FSL to the Victorian CFA. The donation to the CFA did not accord with the guidelines. (c) provide the FSL Monitor with an independent report reconciling CGU's refunds of FSL, foregone instalments of FSL on policies cancelled between 1 July 2013 and 1 March 2014, The FSL Monitor inquired into potential contraventions of the FSL Act by CGU, including in and FSL received between 30 June 2013 and 1 March 2014 in relation to the CFA region. respect of the contents of its media release regarding the donation to the CFA.

COMMERCIAL IN CONFIDENCE Page 28 RCD.0001.0015.0032

CGU did not admit that it had contravened the FSL Act, but acknowledged: (a) the FSL Monitor's concerns that CGU may have contravened sections 26 and/or 31 of the FSLAct; (b) the FSL Monitor's concerns about CGU not following the administrative path for over- collections set out by the Monitor in the guidelines; and (c) that any over-collection of FSL should have been disbursed, where practicable, to those persons who contributed to such over-collection in proportion to the amount of FSL they paid or to organisations representing the interests of Victorian insurance consumers.

59. CGU Insurance Limited In 2017, an internal review identified inaccuracies in relation to the reporting to ASIC of IAG committed to a review of the competence, experience and skills of each of the Responsible changes in Responsible Managers in a timely manner. Essentially, there were insufficient Managers, and a formalisation of their appointments by each AFS licensee having particular regard Insurance Australia Limited records kept to demonstrate the requisite qualifications, experience and skills of responsible to their respective AFS licence authorisations. HBF Insurance Pty Ltd managers, and the register of Responsible Managers for select entities had not been Further, a formal Responsible Manager Appointment Procedure was put into development to define maintained since 2003. Mutual Community General IAG's approach to documenting the competence, experience and skills of all responsible managers Insurance Proprietary Limited IAG made voluntary notifications to ASIC between 3 March 2017 and 6 November 2017, and of AFS licensees in the IAG group. It was intended that the Procedure would include the criteria stated that it had no reason to believe that the technical breach impacted the ability of IAG (or and approach used to assess suitability for nomination as a Responsible Manager and roles and Swann Insurance (Aust) Pty Ltd any of its entities) to provide financial eservices covered by its licences, nor caused any responsibilities for: Insurance Manufacturers of Customer detriment. (a) reviewing Responsible Managers regularly or when business activities change; Australia Pty Limited On 10 March 2017, KPMG made a notification to ASIC under s990(k) of the Corporations Act (b) maintaining and updating records of the competence, knowledge and skills of Responsible National Adviser Services Pty Ltd in relation to the same matter. Managers; and Westcourt General Insurance (c) reporting any changes in the required timeframes to ASIC. Brokers IAG also committed to updating ASIC registers to reflect any changes brought about by the process Accident and Health International above and to: Underwriting Pty Ltd (a) carry out a stock-take of all existing Responsible Managers listed with ASIC and remove or amend the list to ensure it is up to date; (b) engage an external expert for advice on recommended processes moving forward to ensure compliance; and (c) carry out annual training sessions for JAG Responsible Managers.

60. Insurance Australia Limited On 19 April 2010, IAL made a voluntary notification to ASIC regarding a possible breach due Following an internal investigation, IAL implemented additional controls to ensure the print failures t/as NRMA Insurance, SGIO and to a technical computer coding error, that occurred from January 2010 until it was rectified on as a result of a coding error were identified and to ensure that Customers were not adversely SGIC 16 March 2010. As a result of this error, policy documentation, including the COi and/or the affected by the breach. IAL: PDS, was not sent to some Customers. (a) acknowledged that it was on risk for all policies taken out during the period; The total affected Customers was 8,002. On 29 April 2010, ASIC advised that as a result of gave the Customers who had paid for their policy an additional 21 day cooling off period the steps taken by IAL, it would not take any action in respect of the breach notification. (b) after their PDS and COi were distributed; and (c) gave an extended period of time to pay for Customers who had not yet paid their premium.

61. Insurance Australia Limited On 22 June 2010, the ASB released a Case Report following a complaint made regarding a In response to the ASB Case Report, IAL modified the advertisement to remove the material t/as NRMA Insurance television commercial where a professional sports player pushed a vending machine until a relating to the vending machine. chocolate fell out. The complaint focused on the "theft" of chocolate by a "role model" for children. The ASB said that there could be a depiction or suggestion of theft by the actions of the sports player and the image of the sports player shaking the vending machine was a depiction that could cause injury, and it was a depiction of an activity that could cause harm.

COMMERCIAL IN CONFIDENCE Page 29 RCD.0001.0015.0033

The ASB determined that the advertisement did depict material contrary to prevailing community standards on safety and therefore the advertisement breached section 2.6 of the Australian Association of National Advisors Code of Ethics.

62. Insurance Australia Limited On 6 April 2011, IAL made a voluntary notification to ASIC regarding a breach relating to PDS IAL modified its NRMA, SGIO and SGIC online motor and home insurance applications so that all t/as NRMA Insurance, SGIO and notifications online. Customers consented to receiving a PDS online before proceeding to purchase. SGIC As a result of IAL redesigning its end-to-end estimate, purchase and payment web application This consent was to be evidenced by the following wording in the application which was located for its motor and home insurance products in 2010, a new "buy" functionality was included next to the 'BUY NOW button. where IAL would offer general insurance products online (motor and home insurance). The If you buy now you agree to receiving your Product Disclosure Statement online now. We'll redesigns did not take into account IAL's obligations to provide a PDS at, or before, the time it mail you a copy to keep shortly. issues or offers to issue a financial product, or contain a mechanism to obtain a Customer's agreement to receive PDS online. The words 'Product Disclosure Statement' were hyperlinked to the relevant PDS in a downloadable and printable format. A hard copy PDS was also available to be posted to the Customer. An internal review determined that between March 2010 and October 2010, 41,694 Customers purchased the affected insurance online. IAL also implemented the following ongoing processes with respect to delivering PDSs online and associated online financial services disclosure requirements: On 21 April 2011, ASIC advised that it would not take any action in respect of the breach given the remedial action taken by IAL. (a) end-to-end compliance reviews of online estimate, purchase and payment processes either as changes are made to the online application or twice yearly whichever occurs first: and (b) a formal checklist of all PDS and financial services disclosure requirements providing improved clarity of requirements.

63. Insurance Australia Limited On 23 November 2011, IAL made a voluntary notification to ASIC stating that due to a The 2,070 policy holders affected were sent an apology letter and the policy documentation. t/as NRMA Insurance, SGIO and combination of factors, COis and PDSs were not sent to a number of renewing home An internal review identified that the renewal policy documents were not distributed to Customers SGIC insurance Customers. The error affected Customers whose renewable insurance cover due to a combination of the following factors arising from system and human error: expired between 1 August 2011 and 7 August 2011. The total number of policyholders affected was 2,070. (a) errors in the system programming required for the launch of the new home insurance product resulted in renewal COi containing premium errors. Policy documents for a weekly ASIC advised on 25 November 2011 that it would not take any action on the matter. mail file batch run were withheld until the errors were fixed and accurate documents could be provided to Customers; (b) the weekly mail file contained policy documents for 27, 100 home insurance Customers in total, of which 20,959 required rectification due to premium errors. Upon rectification of these errors the corrected 20,959 policy documents were reprocessed for production the following week at which time they were printed and sent to Customers. However, the 6, 152 policy documents which did not require rectification within that weekly mail file batch run were not re-printed. Of those, 2,070 pay-by-the-month Customers did not receive their updated PDS and COi within the time frame required; and (c) the reconciliation processes for mail file batch runs did not identify that part of the weekly batch file had not been printed. To prevent a similar occurrence, IAL has implemented a process where in the event a mail file batch is held back for correction, the print management team is to ensure the whole mail file batch is reproduced.

64. Insurance Australia Limited t/as Between 25 October 2013 and 1 November 2013, IAL sent a pre-renewal letter to 733 IAL discovered the error on or around 8 November 2013 and made a decision to provide the NRMA Insurance, SGIO, SGIC comprehensive motor insurance Customers. The communication stated that if these additional benefits to any Customer that renewed their comprehensive motor insurance policy after Customers renewed their policies, they would be eligible for: receiving the communication. In November 2013, IAL sent out a letter to the 527 renewing Customers, confirming that they would be entitled to the additional benefits for their renewed policy (a) unlimited car hire cover until their car was fixed or claim settled; and period (typically, 12 months). (b) cover for windscreen, window glass or sunroof with no excess to pay. An internal investigation by IAL identified that the issue was caused by a mail house error. The This was incorrect as the benefits referenced in the communication were not available to following additional controls were implemented to ensure such errors would not reoccur: comprehensive motor insurance Customers.

COMMERCIAL IN CONFIDENCE Page 30 RCD.0001.0015.0034

Five hundred and twenty seven (527) Customers subsequently renewed their comprehensive (a) improved data differentiating fields; and motor insurance policy after receiving this incorrect communication. (b) additional validation scripting.

65. Insurance Australia Limited On 17 March 2014, ASIC requested further information in relation to a marketing campaign The applicable email marketing campaign was stopped within two days from receipt of ASIC's t/as NRMA Insurance relating to compulsory third party insurance. ASIC was of the view that marketing material letter. This type of email marketing was internally assessed to ensure such errors would not had been sent to an individual that held no NRMA insurance policies, and therefore called reoccur. into issue the following statutory provisions: (a) s 1041 H of the Corporations Act; and (b) s12DA of the Australian Securities and Investments Commission Act 2001 (Cth). An internal review of the relevant individual's record revealed that as at 14 April 2014, they held two NRMA insurance policies and had not opted-out of receiving marketing material from IAL. An internal investigation into the matter did however reveal that the email component of the marketing campaign had been incorrectly sent to a certain Customer group. ASIC advised IAL on 8 October 2014 that it would not take any action on the matter.

66. Insurance Australia Limited On 27 March 2014, ASIC requested further information in relation to a Customer's Independent of this correspondence with ASIC, IAL introduced its re-designed NRMA compulsory t/as NRMA Insurance compulsory third party policy premium. IAL's response to ASIC on 8 May 2014 prompted third party policy document on 24 October 2014. The new document identified all the relevant ASIC to request further information on 8 October 2014 in relation to the NRMA compulsory rating factors that had went into determining the premium. third party policy document. ASIC was advised of this redesigned document on or around 17 November 2014, and on 16 ASIC's concern was that relevant rating factors that went into determining the compulsory December 2014 ASIC responded stating that it had considered this redesigned document identified third party policy premium were not adequately disclosed. the requisite rating factors. On 16 December 2014 ASIC confirmed it would not take any action on this matter.

67. Insurance Australia Limited On 2 April 2014, IAL made a voluntary notification to ASIC concerning affected Customers For the 6,485 affected policyholders the cooling off period and time to pay was extended to ensure t/as NRMA Insurance, SGIO, who had taken out new business motor, home, boat, caravan or trailer insurance policies Customers had adequate time to review their insurance offer and make their insurance SGIC between the period 14 March 2014 and 17 March 2014 who had not received COi and PDS arrangements. in the required timeframe. New business policy documents were not distributed to Customers due to a combination of the The total number of policyholders affected was 6,485. On 10 April 2014, ASIC advised that following factors: they were considering the notification. (a) a coding error in the print extract program which derives the information to be printed in the premium breakdown and discount section of the COi resulted in incorrect amounts being printed for new business policies however, the total premium was correct; and (b) due to the time required to remediate the coding error and in reprocessing these files, IAL considered that for the 6,485 policies the requirement to provide the PDS and COi within the time frame required would not be met. As the breach indicated a failure of one of its control processes, IAL undertook a review of its systems implementation and testing procedures. Following the review, IAL advised ASIC that it would determine the necessary changes required to the key control process. IAL also increased its resources, including print proofing and pre-implementation testing.

68. Insurance Australia Limited On 21 June 2016, a voluntary notification was made to ASIC regarding a potential breach Through human oversight, IAL failed to implement the ESL rate change. t/as NRMA Insurance from 22 December 2012 when IAL had sufficient information to adjust its New South Wales IAL proposed to undertake a refund process for Customers where the estimated impact of the ESL rates from 19.8% to 17.5% (i.e. a 2.3% reduction) for the year ending on 30 June 2013 reduction of the ESL in December 2012 would have resulted in a reduction of the ESL estimated being the end of the 2013. contribution of $30 or above. There were an estimated 27,603 policyholders (of the 436,420) in this group.

COMMERCIAL IN CONFIDENCE Page 31 RCD.0001.0015.0035

IAL considered that by disclosing ESL estimates reflecting the higher (19.8%) ESL rate for The use of a $30 threshold was adopted as it was consistent with the threshold for Customer refund that period to Customers, it may have breached s 12DA of the Australian Securities & amounts proposed by the ESL Monitor appointed by the New South Wales Government in draft Investment Act 2001 (Cth). guidelines for the final two year transitional period for the ESL. If the ESL rate had been changed as intended in December 2012, then 436,420 Customers IAL also proposed to make a contribution of the sum of $5.7m to the following organisations (to be would have paid a lower premium. On average the ESL would have been $15.60 less per divided equally): policy. (a) Fire & Rescue NSW (b) NSW Rural Fire Service (c) Ambulance Service NSW (d) NSW SES (e) NSW Volunteer Rescue Association (f) St John's Ambulance (NSW) (g) NSW National Parks & Wildlife Service. IAL considered that the matter to be an isolated incident. Further, as the collection of ESL on insurance policies was abolished from 1 July 2017 and replaced with the ESPL (which will be collected by Municipal Councils), ongoing issues of compliance would not arise. The New South Wales Government enacted transitional legislation and appointed an ESL Monitor to oversee this transition. IAL committed to periodical review of the estimated ESL collections and estimated ESL liability with a view to promptly making any adjustments to the ESL rate which were considered necessary.

69. Insurance Manufacturers of On 19 January 2009, IMA made a voluntary notification to ASIC in relation to policy All affected Customers were subsequently sent their policy documentation and the print Australia Pty Limited documentation that was not sent within the required timeframe between 7 December 2008 management processes were reviewed to ensure that a similar error did not occur again. t/as RACV and 31 December 2008 for the RACV Complete Care motor insurance product. The cause of the issue was determined through an internal review which revealed a combination of Through an internal review, it was discovered that 633 IMA Customers did not receive their system and employee errors, including: policy documentation, including the PDS and COi, during this period. (a) bugs in the system programming required for the launch of the new product resulted in ASIC reviewed the issue and after considering the remedial action and prevention steps put COis containing print errors. Policy documentation was then withheld until the bugs were in place by IMA, ASIC advised on 21 January 2009 that it would take no further action. fixed and accurate documentation could be provided to Customers; (b) the mail house engaged by IMA to print and dispatch policy documentation delayed dispatch of correctly printed policy documentation pending review of the 'mail packs' (that is, the bundle of policy documentation to be sent to Customers) by IMA; and (c) existing controls which identified failures to dispatch policy documentation were not actioned due to employees being on leave over the holiday season.

70. Insurance Manufacturers of The FSL Act prohibited price exploitation by insurance companies in relation to the abolition On 16 January 2014, IMA entered into an Enforceable Undertaking with the FSL Monitor. Australia Pty Limited of the FSL in Victoria. IMA acknowledged that the FSL Monitor formed a view based on the investigations to date that t/as RACV On or about 31 May 2013, the FSL Monitor issued "Guidelines on price exploitation in relation between 9 January 2013 and 19 December 2013, IMA contravened s26 of the FSL Act by issuing to the fire services levy" under s27 of the FSL Act and "Guidelines on false representation or regulated contracts for building insurance in respect of Victorian properties the price for which, in misleading or deceptive conduct in relation to fire services levy reform" under s6(2)( d) of the the FSL Monitor's view, was unreasonably high. FSL Act. IMA did not consider it has breached the FSL Act and stated that premium increases, including the The FSL Monitor inquired into potential contraventions by IMA in relation to premium increase from June 2013, were driven by legitimate and justifiable reasons unrelated to the FSL increases on home building policies which were renewed between 24 June 2013 and 31 While I MA did not admit or accept that it has contravened s26 or s31 of the FSL Act and made no December 2013. admissions by the provision of the Enforceable Undertaking, it sought to address the FSL Monitor's concerns by offering the Enforceable Undertaking. IMA undertook to take various steps including:

COMMERCIAL IN CONFIDENCE Page 32 RCD.0001.0015.0036

IMA considered that the premium increases were necessary to redress an underperforming (a) the provision of refunds to Customers whose policies renewed between 24 June 2013 and portfolio, exacerbated by unprecedented increases in input costs, such as reinsurance and 31 December 2013 of an amount equivalent to the 11 % increase in base premiums, plus claim costs. IMA did not agree that it had engaged in conduct in breach of the FSL Act. statutory charges relating to that increase, in conjunction with a communication to Customers in a form agreed with the FSL Monitor; It was estimated that 206,000 IMA insurance contracts were renewed between 24 June 2013 and 31 December 2013, which had total premiums of approximately $9.3 million. (b) the engagement, at IMA's expense, of an independent auditor to undertake an audit and prepare a report on the refund arrangements to confirm that each eligible person was sent a refund cheque for the required amount with the approved communication within the required timeframe; (c) delivery of the audit report to the FSL Monitor within 150 days of the commencement of the Enforceable Undertaking; (d) to include documentation, in a form agreed with the FSL Monitor, with renewal notices during the period 15 March 2014 to 23 June 2014, that disclosed the amount of the base premium component , in addition to all Government and other charges, for the expiring and upcoming year and the change in those amounts; and (e) sending to Customers whose policies renewed between 1 January 2014 to 14 March 2014, correspondence, in a form agreed with the FSL Monitor, which disclosed various information about the amount of the base premium component for the expiring and upcoming years and the change in the amounts. The Enforceable Undertaking is no longer in effect as IMA has complied with all its obligations set out in the Undertaking. With effect from 1 July 2013, insurance policies issued or renewed from 1 July 2013 and covering property in Victoria do not include any Victorian FSL charges.

71. Strata Unit Underwriting Agency On 22 February 2008, SUU made a voluntary notification to ASIC for a technical breach in SUU notified ASIC of the revocation of the Authorised Representative, and implemented training Pty Ltd failing to notify ASIC of a revocation of an Authorised Representative. and new procedures to ensure the same issue did not occur again. (/AG acquired SUU on 18 April In March 2008, ASIC confirmed that no further action would be taken. 2008)

72. Swann Insurance (Aust) Pty Ltd Since January 2008, Swann and CGU underwrote CCI products that were distributed directly IAG recognises that, given the nature of the issues raised by ASIC, there may be community to Customers and via a number of financial institutions. concerns regarding the value of CCI products and the commissions paid to, and arrangements for CGU Insurance Limited the sharing of risk and underwriting outcomes with, financial institution partners who distributed the During that time, a series of arrangements were entered into with several of Swann/CGU CCI policies in connection with IAG. Insurance's financial institution partners, under which the financial institutions contributed capital to participate in, and share the risk and outcomes of, the CCI policies. This allowed The risk sharing arrangements with IAG's financial institution partners came to an end in 2017. those partners to participate in the underwriting profits of the CCI products. Also in 2017, IAG commenced a CCI product review with the intention of re-assessing customer In 2017, ASIC announced the formation of a CCI Working Group to progress a range of needs and redesigning the product to ensure fair value for money for customers. reforms, including a deferred sales model (17-255MR). IAG has developed a set of Product Design Principles, which have been reviewed by IAG's Ethics This followed ASIC's work in relation to add-on insurance products sold through motor Committee (formed in November 2016) and approved by the IAG Board. The Product Design dealers and a 2011 report on the sale of CCI by authorised deposit-taking institutions. ASIC Principles have also been considered by IAG's Consumer Advisory Board, whose members include has historically identified concerns with the sale and distribution of CCI products, in leaders of consumer advocacy groups, to ensure all products are focussed on addressing a clearly combination with the rates of claim denial and a relatively low net loss ratio. identified customer need.

73. Swann Insurance (Aust) Pty Ltd In early 2016, ASIC commenced an investigation into the sale through motor dealers of Swann has agreed to provide partial and, in some cases, full premium refunds to various groups of various insurances, including add-on insurances. These investigations included the following Customers affected depending on the circumstances. Refunds are expected to total approximately add-on insurances sold by Swann: $39 million (including interest) to approximately 67,960 Customers who were sold add-on insurance products. (a) Loan protection insurance; Swann has also agreed to make a community benefit payment based on unclaimed refunds. (b) Gap insurance;

COMMERCIAL IN CONFIDENCE Page 33 RCD.0001.0015.0037

(c) Purchase price protection insurance; Swann also liaised directly with ASIC in relation to issues it raised in relation to this motor dealer channel, including in relation to appropriate steps to remediate past conduct, significantly improve (d) Walkaway insurance; Customer outcomes and ensure robust governance arrangements are in place. ASIC also (e) Protection Plus insurance; conducted factual investigations into a number of specific motor dealers. Swann cancelled the authority of three corporate Authorised Representatives following concerns regarding character. (f) Mechanical breakdown insurance; and Swann ceased its offer of add-on insurance products: (g) Tyre and rim insurance. (a) through motor dealers on 6 August 2016 when it sold its distribution rights to the motor On 12 May 2017, ASIC wrote to Swann Insurance outlining 32 issues of concern that ASIC dealer channel to Eric Insurance Limited (formerly Avea}; and sought to be addressed relating to the add-on insurance products sold by Swann. In summary, ASIC raised the following issues in relation to product design and sales practices: (b) through motorbike dealers on 13 October 2017. (a) low claims payments relative to premiums; Swann and IAG negotiated an acceptable outcome with ASIC based on assessment of the concerns by reference to the appropriateness of Customer outcomes, rather than strict legal merits. poor product design and pricing; and (b) ASIC published its media release on 19 December 2017. sales processes. ASIC expressed concern that complexity and lack of transparency in (c) IAG and Swann acknowledge and agree with many of the views of ASIC in its Report 492: "A the sales process has resulted in unfair outcomes for Customers. marketing that is failing consumers: The sale of add-on insurance through car dealers", including that many add-on products were poorly designed and did not adequately address Customer needs and that sales processes adopted for these products lacked adequate controls and often inhibited informed decision-making by Customers. It is for these reasons that Swann agreed to remediate the affected Customers under the remediation program agreed with ASIC, as outlined above. IAG has also exited the motor dealer and motorcycle dealer channel. IAG has developed a set of Product Design Principles, which have been reviewed by IAG's Ethics Committee (formed in November 2016) and approved by the IAG Board. The Product Design Principles have also been considered by IAG's Consumer Advisory Board, whose members include leaders of consumer advocacy groups, to ensure all products are focussed on addressing a clearly identified customer need. IAG acknowledges that the culture - particularly a focus on motor dealers, rather than on the end customer and policyholder - within Swann was a significant contributor to these issues.

74. Swann Insurance (Aust) Pty Ltd On 22 March 2016, Swann's internal sales team informed Swann's risk and compliance Swann performed an independent assessment of the issue and promptly turned 'on' the relevant management that a number of Swann's internal representatives did not have the correct setting in Activ8 for the internal representatives who had not had their profiles correctly mapped. profile on Swann's front-end sales system ("Activ8") and as such policy schedules may not Swann also took the following actions: have been sent to Customers between April 2015 and March 2016 as required. (a) by 15 April 2016, letters were sent a letter to all Customers, current or otherwise, who could On 19 April 2016, Swann made a voluntary notification to ASIC. have been affected, attaching the omitted policy schedule; There were 1,266 Direct Motor Vehicle, Direct Motorcycle and Tyre and Rim insurance an embedded system note was automated on all affected Customers policies which would Customers affected. (b) provide employees with information to manage any Customer inquiries about the letter and policy schedule; (c) implemented a formalised new starter checklist, which took immediate effect, that ensured al I new intern a I representatives possessed an ActivS profile with the setting 'on'. The checklist outlined specific details for managers for all new internal representatives to confirm profile activation was mapped to the Activ8 system: and (d) the profiles of all new starters was to incorporate an Activ8 setting to ensure the provision of all disclosure documents to Customers via email.

75. WFI Insurance Limited A voluntary notification was made to ASIC on 25 November 2014 regarding the failure to This event occurred before IAG acquired the WFI business. However, IAG identified that the issue FSG's during the period 1 December 2012 until November 2014. technical breach resulted from a breakdown within the business process for automation of mail (WFI was acquired on 30 June document release. 2014)

COMMERCIAL IN CONFIDENCE Page 34 RCD.0001.0015.0038

Prior to WFI being acquired by IAG, K-mart Tyre & Auto Service, as an Authorised In December 2012, there was a system change which included changes to the scripting used by Representative of WFI, sold car insurance to Customers. WFI was responsible for employees. However, the scope for implementing the system change did not allow for the FSG to distributing all insurance documents, including the FSG. be automated to the Customer within the required time frame. On 10 November 2014, as a result of an internal review stemming from the integration of WFI Following identification of the issue, changes were introduced to the control environment, including with IAG systems and processes, it was discovered that the FSG had not been provided to compliance training on the process provisions to detect reporting failures and implementing a daily 589 Customers (of which 336 were active Customers) who purchased car insurance via processing error report from the mail house to detect any failure to distribute documents. telephone. No complaints were identified where Customers had relied on not receiving the FSG as an issue. IAG took steps to ensure that the PDS was issued to Customers during the period of time that the FSG was not provided as required. ASIC provided confirmation of receipt of the voluntary notification on 4 December 2014 and stated that the notification was being considered. There is no evidence of further action being taken by ASIC.

76. WFI Insurance Limited On 11 November 2016, it was identified that 20,400 car insurance Customers whose The matter was remediated by giving the impacted Customers the option of either keeping the t/as Coles Insurance renewals commenced on and after 30 September 2016 were impacted by an error in their additional benefit or removing it and obtaining a refund. If customers opted to remove the COis issued from 26 August 2016. additional benefit, they were given contact details to do so. The background to the error relates to a 2015 offer where Customers were provided with free An internal review identified that the root cause was a misunderstanding that the hire car and taxi hire car and taxi benefit cover for a period of 12 months. On renewal in 2016, the Customers benefit was not to appear on COis after a particular time, and a lack of appropriate testing of were supposed to be notified that the free cover was no longer available and given the option renewal COis. to contact WFI to have the cover added to their policy for an additional premium. While this communication was included with the Customers' renewal packs to advise them of the changes and their options, the renewal COi did not reflect what had been communicated. The renewal COi had been automatically produced, with the additional benefit and a corresponding additional premium charge, meaning the renewal COi did not match what was otherwise communicated in the renewal packs. WFI determined that this was not a significant breach and it was not reported to ASIC.

COMMERCIAL IN CONFIDENCE Page 35 RCD.0001.0015.0039

ANNEXURE 5 I GLOSSARY OF TERMS

TERM MEANING

ACCC Australian Competition and Consumer Commission

ACL The Australian Consumer Law, contained in Schedule 2 of the Competition and Consumer Act 2010 (Cth)

AFS Australian Financial Services

AHi Accident & Health International Underwriting Pty Ltd

APRA Australian Prudential Regulation Authority

ARL Australian Receivables Limited

ASB Advertising Standards Bureau

ASIC Australian Securities and Investments Commission

Cash Store Cash Store Pty Ltd

CCI Consumer Credit Insurance

CED Customer Experience Database

CFA Country Fire Authority

CGU CGU Insurance Limited

CLC Community Legal Centre

Code The General Insurance Code of Practice. Unless otherwise indicated, references to the Code will refer to the 2014 version of the Code.

COi Certificates of Insurance

Corporations Act Corporations Act 2001 (Cth)

Customer An insured or policyholder under a contract of insurance issued by an IAG entity

ESL Emergency Services Levy

FOS Financial Ombudsman Service

FOS CGC Financial Ombudsman Service Code Governance Committee (previously known as Financial Ombudsman Service Code Compliance & Monitoring)

FSG Financial Services Guide

FSL Fire Services Levy

FSL Act Fire Services Levy Monitor Act 2012 (Vic)

FSL Monitor Office of the Fire Services Levy Monitor

HBF Insurance HBF Insurance Pty Ltd

COMMERCIAL IN CONFIDENCE Page 36 RCD.0001.0015.0040

IAG Insurance Australia Group

IAGL Insurance Australia Group Limited

IAL Insurance Australia Limited

IDR Internal Dispute Resolution

IMA Insurance Manufacturers of Australia Pty Limited

LIA Life Insurance Act 1995 (Cth)

LRW Lumley Retail Warranty

NPP National Privacy Principles

OAIC Office of the Australian Information Commissioner

PDS Product Disclosure Statement

Recoveries Corp Recoveries Corporation Pty Ltd

RSE Registrable superannuation entities

suu Strata Unit Underwriting Agency Pty Ltd

Swann Swann Insurance (Aust) Pty Ltd

Third Party Any consumer who is not a Customer (that is, a Third Party is a person who is not an insured I policyholder under a contract of insurance issued by an IAG entity).

Westcourt Westcourt General Insurance Brokers Pty Ltd

WFI WFI Insurance Limited

General Insurance Code of Practice - Sections and Subsections

Subsection 2.1.4 In the 2010 version of the Code, this Subsection required the sales process in relation to the purchase and renewal of insurance to be conducted in a fair, honest and transparent manner.

Subsection 3.2.1 In the 2012 version of the Code, this Subsection required insurers to do the following within 10 business days of receiving a claim: (a) notify the Customer of the detailed information the insurer required to make a decision on the claim; (b) appoint a loss assessor or loss adjuster (as necessary); and (c) provide an initial estimate of the time required to make the decision.

Subsection 3.2.3 In the 2012 version of the Code, this Subsection required insurers to keep Customers informed of the progress of their claim, at least every 20 business days.

Subsection 3.2.4 In the 2012 version of the Code, this Subsection required insurers to respond to customers' routine requests for information within 10 business days.

Subsection 3.2.5 In the 2012 version of the Code, this Subsection required insurers to decide to accept or reject claims and notify a Customer of such within 10 business days,

COMMERCIAL IN CONFIDENCE Page 37 RCD.0001.0015.0041

once all necessary information had been obtained and all investigations had been completed.

Subsection 3.4.1 In the 2010 version of the Code, this Subsection required insurers to conduct claims handling in a fair, transparent and timely manner.

Subsection 3.4.1 In the 2012 version of the Code, this Subsection required that (unless exceptional circumstances applied) where a claim was made under a specified class of a policy and further information, assessment or investigation was required, the insurer was to: (a) make a decision to accept or deny a claim within 4 months of receipt of the claim; and (b) if a decision was not made, inform the Customer in writing of their right to access an internal dispute resolution process and take any complaint in relation to the handling of the claim to an external dispute resolution scheme.

Subsection 3.4.2 In the 2010 version of the Code, this Subsection required to insurers to only ask for and only take into account relevant information when deciding a customer's claim.

Subsection 3.5.1 In the 2012 version of the Code, this Subsection required insurers to handle claims in a fair, transparent and timely manner.

Subsection 3.5.2 In the 2012 version of the Code, this Subsection required insurers to only ask for and only take into account relevant information when deciding a customer's claim.

Subsection 3.7.1 In the 2012 version of the Code, this Subsection required insurer's employees and service providers to conduct their services in an honest, efficient, fair and transparent manner.

Subsection 3.7.4 In the 2012 version of the Code, this Subsection required an insurer's employees or service providers to not perform functions that did not match their expertise.

Subsection 3.7.5 In the 2012 version of the Code, this Subsection required an insurer's employees or service providers to have and maintain a current licence if required under legislation and membership of a relevant professional body or sufficient expertise.

Subsection 3.7.6 In the 2012 version of the Code, this Subsection required an insurer's employees to receive adequate training to carry out their claims handling tasks and functions competently and to deal with Customers professionally.

Subsection 3.7.7 In the 2012 version of the Code, this Subsection required training of an insurer's employees to include: (a) principles of general insurance and any relevant consumer protection law; (b) what to do in the event of a claim; (c) product knowledge; (d) understanding the consumer situation, particularly in the aftermath of a catastrophe or disaster; and (e) the requirements of this Code.

Section 4 This section of the Code sets out the standards for General Insurers relating to Customers' purchase of retail insurance.

COMMERCIAL IN CONFIDENCE Page 38 RCD.0001.0015.0042

Subsection 4.4 This Subsection of the Code requires an insurer's sale process and services provided by its employees and authorised representatives to be conducted in an efficient, honest, fair and transparent manner and in accordance with Section 4 of the Code.

Subsection 5.1(a) This Subsection of the Code requires that insurers provide employees and authorised representatives who act on their behalf with (or require them to receive) appropriate education and training to provide their services competently and to deal with Customers professionally (including training on the Code).

Section 6 This section of the Code sets out the standards of service for suppliers that provide services on behalf of an insurer (including investigators, loss assessors, loss adjusters, collection agents and claims management services).

Subsection 6.1.1 In the 2012 version of the Code, this Subsection required all complaints to be handled in a fair, transparent and timely manner.

Subsection 6.1.2 In the 2012 version of the Code, this Subsection required that insurers made available information about their complaints handling procedures.

Subsection 6.2 In the 2012 version of the Code, this Subsection required insurers to respond to claims within 15 business days, provided the insurer had all necessary information and had completed any investigation required.

Subsection 6.2 This Subsection of the Code requires that where services are provided on an insurer's behalf by service suppliers (including investigators, loss assessors, loss adjusters, collection agents and claims management services), the service suppliers must provide the services in an honest, efficient, fair and transparent manner, in accordance with this Section 6 of the Code.

Subsection 6.5 In the 2012 version of the Code, this Subsection required that when an insurer responded to a complaint it provide information on how the response could be reviewed by a different employee with appropriate experience, knowledge and authority.

Subsection 6.6 In the 2012 version of the Code, this Subsection required that if a Customer told an insurer that they wanted the insurer's response reviewed, the insurer was to: (a) treat it as a dispute; (b) notify the Customer of the name and contact details of the employee assigned to liaise with the Customer in relation to the dispute; and (c) respond to the dispute within 15 business days provided the insurer has received all necessary information and have completed any investigation required.

Subsection 6.7 In the 2012 version of the Code, this Subsection required that in cases where further information, assessment or investigation was required (to complete the process set out in Subsection 6.6) the insurer was to agree with the Customer reasonable alternate timeframes to complete the process must their concerns to FOS. If agreement could not be reached the customer could report its concerns to FOS.

Subsection 6.7 This Subsection of the Code requires that a service suppliers (investigators, loss assessors, loss adjusters, collection agents and claims management services) acting on behalf of an insurer notify the insurer about any complaint about a matter under the code. The insurer is to handle complaints relating to its service suppliers (acting on the insurers behalf) under the insurer's complaints process.

COMMERCIAL IN CONFIDENCE Page 39 RCD.0001.0015.0043

Subsection 6.9 In the 2012 version of the Code, this Subsection required that an insurer respond to Customer disputes in writing giving: (a) reasons for the insurer's decision; (b) information about how to access available external resolution schemes; and (c) notification of the time frame for registering disputes with the external dispute resolution scheme.

Subsection 6.10 In the 2012 version of the Code, this Subsection required that, if an insurer was unable to resolve a complaint to the Customer's satisfaction within 45 days (including both the complaint and internal dispute resolution process referred in Section 6 of the Code), it inform the Customer of the reasons for the delay and that the Customer may take the complaint or dispute to an external dispute resolution scheme even if the insurer was still considering it (provided the complaint or dispute was within the scheme's Terms of Reference). The insurer was to inform the Customer that they have this right and details of the external dispute resolution scheme before the end of the 45-day period.

Subsection 7.2 This Subsection of the Code requires the handling of claims to be conducted in an honest, fair, transparent and timely manner.

Subsection 7.3 This Subsection of the Code requires that an insurer only ask for and rely on information relevant to a decision when deciding on a claim.

Subsection 7.8 This Subsection of the Code permits a Customer to ask if their insurance policy covers a particular loss before a claim is lodged, and requires that an insurer not discourage a Customer from lodging a claim and inform the Customer that the question of coverage will be fully assessed if a claim is lodged.

Subsection 7.9 This Subsection of the Code requires that if a Customer makes a claim and the insurer does not require further information, assessment or investigation, the insurer must decide to accept or deny the claim and notify the Customer of the insurer's decision within ten business days of receiving the claim.

Subsection 7.13 This Subsection of the Code requires an insurer to keep Customers informed about the progress of their claim at least every 20 business days.

Subsection 7.16 This Subsection of the Code requires that once an insurer has all relevant information and has completed all enquiries in relation to a claim, the insurer must decide whether to accept or deny a claim and must notify the Customer of that decision within 10 business days.

Subsection 7.19 This Subsection of the Code requires that if a claim is denied by an insurer, the insurer must: (a) give the Customer reasons for the decision in writing; (b) inform the Customer of their right to ask for the information about them that was relied on by the insurer in assessing the claim and supply that information within 10 business days if requested by the Customer, in accordance with Section 14 of the Code; (c) inform the Customer of their right to ask for copies of any reports prepared by service suppliers or external experts the insurer relied on in assessing the claim and supply those reports within 10 business days if requested by the Customer, in accordance with Section 14 of the Code; and (d) provide the Customer with details of the insurer's complaint process.

Section 8 This section of the Code sets out the standards for General Insurers in dealing with financial hardship.

COMMERCIAL IN CONFIDENCE Page 40 RCD.0001.0015.0044

Subsection 8.4 This Subsection of the Code requires an insurer to supply a debtor with an application from for financial hardship assistance and contact details for the national financial counselling hotline, if the debtor informs the insurer that they are in financial hardship.

Subsection 8.5 This Subsection of the Code requires that when assessing a financial hardship application, only information that is reasonably necessary for the assessment is requested from the debtor.

Subsection 8.6 This Subsection of the Code requires an insurer to notify a debtor about its assessment of whether the debtor is entitled to assistance for financial hardship as soon as reasonably practicable. If it is decided that the debtor is not entitled to financial hardship assistance, the insurer must provide reasons for the decision and information about the complaints process.

Subsection 8.7 This Subsection of the Code requires that if a debtor makes a request for financial hardship assistance in relation to an amount the insurer seeks from them, the insurer must contact any relevant collection agent and put on hold any recovery action in relation to that amount until the insurer has assessed the financial hardship assistance request and notified the debtor of the insurer's decision.

Subsection 8.8 This Subsection of the Code states that where it is determined by the insurer that a debtor is entitled to financial hardship assistance: (a) the insurer must work with the debtor to consider an appropriate arrangement for dealing with the debt and confirm any agreed arrangement in writing; (b) if the debtor is the insured or a Third Party beneficiary of an insurance policy, the insurer who is owed money must, upon request by the debtor, notify any financial institution with an interest the insurance policy; (c) the debtor may ask for a release, discharge or waiver of the debt or obligation (though the debtor is not automatically entitled to it); (d) if the insurer who is owed money agrees to a release, discharge or waiver, it must confirm this in writing (and if requested by the debtor, inform any financial institution with an interest in any insurance policy of which the debtor is an insured or Third Party beneficiary); and (e) if an agreement as to how to deal with the debt cannot be reached, the insurer who is owed money must provide details of their complaints process.

Subsection 8.10 This Subsection of the Code requires that where an agent of an insurer is authorised to send communication to a debtor about money owed, the communication must identify the insurer on whose behalf the agent is acting and specify the nature of the claim against the debtor.

Subsection 8.11 This Subsection of the Code imposes a duty on insurers who are owed money to require their agents to: (a) notify the insurer if a debtor informs the agent they are experiencing hardship (or tell the debtor to inform the creditor): and (b) provide the debtor with details of the insurers financial hardship process.

Subsection 8.12 This Subsection of the Code requires insurers and their agents to comply with the ACCC & ASIC Debt Collection Guideline when taking any recovery action.

Section 10 This section of the Code sets out the standards for General Insurers' complaints and disputes processes in relation to retail insurance.

COMMERCIAL IN CONFIDENCE Page 41 RCD.0001.0015.0045

Subsection 10.3 This Subsection of the Code entitles a Customer to make a complaint to an insurer about any aspect of their relationship with the insurer.

Subsection 10.4 This Subsection of the Code requires complaints handling to be conducted in a fair, transparent and timely manner, in accordance with Section 10 of the Code.

Subsection 10.7 This Subsection of the Code requires that where an insurer identifies an error or mistake in how a complaint is handled (or the Customer informs the insurer about such an error or mistake) the insurer must immediately initiate action to correct it.

Subsection 10.10 This Subsection of the Code requires that an insurer's complaints process not exceed 45 calendar days unless a final decision cannot be provided within that time frame, in which case there is an obligation on the insurer to inform the complainant (before the end of that period) of the reasons for the delay, their right to complain to FOS and the contact details for FOS.

Subsection 10.12 This Subsection of the Code requires that where an insurer is unable to respond to a complaint within 15 business days (as required under Subsection 10.11 of the Code) because the insurer does not have all necessary information or has not completed their investigation: (a) it must let the Customer know as soon as reasonably practicable within the 15-business-day timeframe and agree a reasonable alternative timetable with the Customer. If such agreement cannot be reached, the insurer must advise the Customer of their right to take the complaint to stage two of the complaints process (internal review); and (b) it must keep the Customer informed about the progress of the insurer's response at least every ten business days unless the Customer agrees otheiwise.

Subsection 10.13 This Subsection of the Code requires an insurer to respond to complaints in writing and inform the Customer of: (a) the insurer's decision in relation to the complaint; (b) the reasons for the decision; (c) the Customer's right to take the complaint to stage two (internal review) if the decision does not resolve the complaint to the Customer's satisfaction; and (d) the Customer's right to take the complaint to FOS if still not satisfied with the insurer's decision after a stage two (internal review), together with the contact details for FOS and the timeframe for taking a complaint to FOS.

Subsection 10.16 This Subsection of the Code requires an insurer to keep Customers informed of the progress of stage two internal reviews at least every ten business days.

Subsection 10.18 This Subsection of the Code requires that where an insurer is unable to respond to a request for a stage two internal review within 15 business days (as required under Subsection 10.17 of the Code) because the insurer does not have all necessary information or has not completed their investigation, the insurer must let the Customer know as soon as reasonably practicable within the 15-business-day timeframe and agree a reasonable alternative timetable with the Customer. If such agreement cannot be reached, the insurer must advise the Customer of their right to take the complaint FOS.

Subsection 10.19 This Subsection of the Code requires that an insurer's response to a Customer's complaint must be in writing and include: (a) the insurer's final decision in relation to the complaint and the reasons for that decision; and

COMMERCIAL IN CONFIDENCE Page 42 RCD.0001.0015.0046

(b) the Customer's right to take the Complaint to FOS if the Customer is not satisfied with the decision, together with contact details for FOS, and the timeframe within which the Customer must take the complaint to FOS.

Section 14 This section of the Code sets out requirements relating to access to information.

Subsection 14.2 This Subsection of the Code requires that, subject to exceptions, the Customer must have access to information about the Customer that the insurer has relied on in assessing an application for insurance cover, a claim or a Complaint, if the Customer requests it.

Subsection 14.5 This Subsection of the Code requires that if an insurer declines to provide access to or disclose information to a Customer, the insurer must: (a) not do so unreasonably; (b) give reasons for doing so; and (c) provide details of the insurer's complaints process.

COMMERCIAL IN CONFIDENCE Page 43