Title Page
-
Service Provider Name
-
Conducted on
-
Prepared by
Details of the Service Provider
-
Name
-
ABN
-
Contact Details - Name
-
Details of the Services Provided [Insert details of specific services provided]
Product, Underwriting and Pricing
-
If you have not complied with your requirements then have these incidents been registered or reported incidents and breaches in your incident / breach register and to SCC?
Policy Wording, and Disclosure Documents
-
Have you complied with your requirements under<br>- the Insurance Contact Act 1984 (Cth),<br>- the Corporations Act 2001 (Cth), and<br>- all financial services laws defined by the Corporations Act 2001 (Cth)?
Claims
-
Do you have documented claims processes and policies that are compliant with General Insurance Code of Practice (GICoP)?
-
Do you have current procedure manuals?
-
Have you complied with your make-safe authority?
-
Do you have controls in place to capture the failure of any systems, processes, or controls?
-
Do you have systems and processes in place to monitor, measure and detect whether your employees are complying with the standards under GICoP in the provision of their relevant services?<br>This includes,<br>- ensuring employees are adequately trained,<br>- ensuring employees are experienced, and<br>- ensuring that relevant professional licenses are current?<br>
-
Do you have an effective file quality review process / quality assurance program?
-
Do you have a current policy and procedure relating to fraud and anti-money laundering prevention?
-
If you have identified any customers experiencing vulnerability (CEV) have you followed your documented processes for managing these customers?
Complaints and Disputes
-
Do you have a process and controls in place to monitor your handling of complaints?
-
If applicable in the attestable quarter, have you successfully submitted your IDR complaints data to ASIC?
Outsourcing
-
In the attestable period did you consider entering into an outsourcing contract?<br>The definition is as follows:<br>'Outsourcing is an arrangement under which a Provider will perform on a continuing basis a Function or Service that currently is, or could be, undertaken by the agency itself. Such services could include claims, underwriting and offshoring data.'
Distribution Arrangements
-
Is your Australian Financial Services (AFS) Licence current?
-
Has your AFS Licence been restricted by Australian Securities and Investments Commission (ASIC)?
-
Have you reported any incidents/breaches against your AFS Licence to ASIC for the Attested Period?
-
Have you met all of your regulatory and legislative obligations in respect of your AFS Licence?<br>
-
Have you lodged company accounts with the Regulator (ASIC/FSPR) over the last twelve months?<br>- ASIC FS70 Australian Financial Services Licensee Profit and Loss Statement and Balance Sheet<br>- ASIC FS71 Auditor’s Report for AFS Licensee
-
Do you have systems in place to identify, report, manage and monitor conflicts of interest?
-
Have you met your legal and regulatory obligations for record retention and disposal for this quarter?
-
Have there been any changes to your agency ownership structure?
Information Security
-
Have you maintained an information security framework and complied with the related provisions of the your contract with SCC?
-
Has your Information Security Controls Framework been reviewed in the last 12 months?
-
Have you aware of a material weakness in any of your information security controls in the last year?
-
Have you complied with your Information Security Controls testing program?
-
If you became aware of a critical cyber security incident in the last period did you notify the Australian Cyber Security Centre within 12 hours?
-
When was the last time you completed a User Access Review (UAR) to ensure that <br>- new users,<br>- terminated users, and<br>- changes to existing users<br>are appropriately provisioned?
-
Do you use access profiling to ensure the appropriate segregation of duties?
Business Resilience
-
Have you completed a Business Impact Assessment (BIA) of critical business processes and critical systems in the past 12 months?
-
Do you have a Business Continuity Plan (BCP) for each of the critical business processes determined in your BIA which includes a recovery strategy/plan?
-
Do you have an IT Service Continuity Management (ITSCM) Plan with recovery time and recovery point objectives to align with the BIA?
-
As part of your ITSCM plan, do you have a Disaster Recovery Plan (DRP) for each of the critical systems determined in your BIA?
-
Have you tested your BCP and DRP during the last twelve months and created action plans to remediate any shortcomings?
-
Have all core operating systems used in providing core services of underwriting and claims management, been continuously available during core business hours this quarter?
Fraud and Corruption
-
Have you reported any suspected or actual misconduct in the last period?
Training
-
Have staff received adequate training, and have the skills and qualifications to do their roles, and are those records of training are maintained?
-
Have you maintained the organisational competence to meet the required<br>Financial Services (AFS) Licence and financial services laws obligations?
-
Please attach the training completion report to enable annual Code Governance Reporting.
Incident Management
-
In the last period did you receive any notices from regulators or Australian Financial Complaints Authority (AFCA) that pertain to SCC's claims handling and/or settlement services, including that part of those services performed by you?
Privacy
-
Have you taken all reasonable steps in the last period to comply with all applicable privacy legislation?
-
Have there been any new processes/projects or changes to current processes that impact the handling and/or processing of personal information that SCC should be aware of?
-
Do you have a designated privacy officer?
Modern Slavery and Economic Sanctions
-
Do you have policies and processes in place to assist with the identification an eradication of modern slavery in your supply chain network?
-
Have you maintained a process ensuring your economic sanctions screening obligations under the Corporations Act 2001 have been met?