Australia's insurance regulatory environment, instead of seeing abrupt upheaval, is becoming more demanding in a deeper, more structural way.
Kennedys Managing Partner Nicole Wearne said a wave of reforms is now fully operational, reshaping how insurers approach governance, accountability and risk. In contrast, the past few years were marked by relative stability,
At the centre of this shift are frameworks such as the Financial Accountability Regime (FAR), Design and Distribution Obligations (DDO) and updated prudential standards, including CPS 230 on operational risk, CPS 190 on recovery and exit planning, CPS 510 on governance and CPS 511 on remuneration.
Together, Ms Wearne said these reforms are less about adding layers of compliance and more about enforcing outcomes—demanding that insurers demonstrate real control, insight, and accountability across their operations.
The legacy systems problem
This is where one of the industry’s most persistent challenges comes into play, she said.
Many Australian insurers continue to operate on fragmented legacy systems, a by-product of consolidation following the collapse of HIH Insurance in 2001, Ms Wearne said.
“Over time, multiple systems from acquired businesses were stitched together with limited integration, creating operational inefficiencies and significant data silos,” she pointed out.
Today, these legacy constraints are more than just a technological inconvenience—they are a regulatory risk.
Encouragingly, the past few years have seen significant investment in system modernisation, Ms Wearne said.
“The growing use of artificial intelligence is expected to accelerate this progress, enhancing insurers’ ability to extract insights, identify risks early, and strengthen governance frameworks.”
“However, the divide between those who invest and those who lag is likely to widen. Insurers that fail to modernise may face heightened regulatory scrutiny, including licence conditions, capital overlays, or enforceable undertakings,” she said.
Increased coordination between APRA and ASIC
When asked if there is anticipation of an increased coordination between the Australian Prudential Regulation Authority (APRA) and other regulators like Australian Securities and Investments Commission (ASIC), Ms Wearne said Australia’s financial regulators are expected to further strengthen coordination, as scrutiny on the insurance sector and broader financial services industry intensifies in the wake of the Hayne Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry, that concluded in 2019.
Ms Wearne said this collaboration has become more pronounced in recent years, particularly in response to complex operational and governance risks.
She said joint reviews are also becoming more common, especially where systemic risks are identified.
“A notable example is the response to the Medibank cyber incident, where APRA imposed additional capital requirements to address prudential risks, while ASIC examined disclosure practices and governance frameworks,” she added.
Looking ahead
For insurers operating in Australia, the message is clear: the regulatory environment is not simply becoming stricter; it is becoming more sophisticated.
Success will depend on investment in technology, data capabilities and governance frameworks, as well as a proactive approach to regulatory engagement.
“Firms that stay informed, adapt quickly, and embed accountability at every level will be best positioned to navigate the evolving landscape,” she said.
For more insights on this topic, check out our upcoming May issue of Asia Insurance Review.