The Frequently Asked Questions (FAQs) below may help Code subscribers with transition to and implementation of the 2022 Code. If you have any queries or concerns about compliance with the 2022 Code, please email us at [email protected].

NIBA provided a Member Implementation Guide to help Code subscribers transition to the 2022 Code.


We have also prepared this comparison guide with an overview of changes between the 2014 and 2022 Codes.

The Terms of Engagement is an opportunity to outline up front to new clients, the services an insurance broker will provide and how the insurance broker will be remunerated for those services.
NIBA developed a Terms of Engagement template that can be customised to suit the organisation’s needs.

Yes. We encourage Code subscribers to report all breaches of the Code in their Annual Compliance Statement.
For further information, please refer to our Tip of the Month ‘Complying with the Code.

NIBA confirmed that implementation of Section 6.1 will be deferred until 1 November 2023.
The extension of Section 6.1 comes after discussions with brokers and IT providers that it will take time to make system changes to achieve full compliance with obligations under this section.
The IBCCC encourages Code subscribers to work towards full compliance with Section 6.1 as soon as possible.

Whether resolution of a breach was immediate or drawn out, it was a breach. As such, you must report it.

Your staff, including agents and representatives, must report a breach or potential breach of the Code to your relevant compliance department within five days of discovery (Section 8.2(a)(iv)(B) of the 2022 Code).

Reporting Code breaches has a range of benefits, both to the organisation and the industry.

It helps identify compliance risks, trends and issues. It allows us to understand the nature of breaches and offer targeted guidance and examples to help subscribers improve.

Along with information about the resolution, it can help other brokers with their practices.

Use the Breach Data Report to track the incident and the steps to remedy the breach, including short-term and long-term actions.

It depends on the root cause.

Identify what the root cause of the breach is. Was it one broker who sent the renewal notices late to multiple clients because of a manual error?

If it was, this would be considered one Code breach that affected multiple clients.

If the root cause for each breach varies, record them as breaches with separate root causes. Each root cause will likely result in different remediation.

This depends on the circumstances.

First, it is important to remember the obligations in the Code and to always act in the best interests of the client.

If you have not done everything you can to get in touch with the client and help facilitate a renewal, there may be a breach.

Here are two examples:

You call a client one week before their policy expires to start the renewal process.
When you call the client, they are unable to confirm or verify information and advise you they will get back to you.
You rely on the client to give you the information when they have it.
Despite you contacting the client every day, they do not get back to you with the information you need until after the policy has expired.
You finally get the information and secure the renewal, but it is over a week late.
This is a breach of the Code because, although you were waiting on the client to give you necessary information, you did not contact him at least 14 days before the renewal expired to begin the process.
A client holds a home construction policy with you. It is a single term non-renewable contract expiring on 28 February.
Two weeks before the expiry, on 14 February, your system prompts you to send the client a form to extend the policy. But because this is a single term non-renewable contract, you decide to wait a few days to see whether the client will ask for an extension.
By 20 February, you still have not heard from the client, so you email them the form.
On 7 March, after the policy had lapsed, the client asks you to make a claim for storm damage to their property. The claim was denied.
This is a breach of the Code because you should have sought instruction from the client sooner about an extension of their policy and should have made greater effort to get in contact with them.

In the 2014 Code, privacy breaches were commonly reported against Service Standard 1 (compliance with law) and breaches of money handling were reported against Service Standard 7 (money handling).

The 2022 Code captures breaches concerning privacy and money handling in Section 3.1(b)(ii) under Code Principles. This requires compliance with all relevant laws and obligations.

The Code Principles underpin all interactions with clients and should be embedded into a company culture and reporting framework.

The 2022 Code is designed to go beyond base legal obligations. Breaches of legal requirements fall under the reporting requirements to other regulatory bodies (such as Office of the Australian Information Commissioner – OAIC, Australian Securities and Investments Commission – ASIC, Australian Prudential Regulation Authority – APRA).

We try to avoid duplicating such reporting obligations.

However, if a breach of the law has occurred and the root cause is for example a training error, report it under Section 8.1 of the 2022 Code.