☐ Do you disclose all commissions, fees, and non-monetary benefits you receive or expect to receive (Code sections 6.1 – 6.3)?
☐ Is remuneration disclosure provided at the same time as your advice or quotation, in writing or verbally as appropriate?
☐ Do your client files include notes or records showing the disclosure was provided and that you took steps to ensure the client understood it?
☐ Do your client files clearly document whether the advice provided is Personal or General, and is this reflected in your Statement of Advice (SOA) or Record of Advice)/General Advice Warning?
☐ Have you reviewed the Target Market Determination (TMD) for every product you recommend where applicable?
☐ Do you have processes to identify, disclose, and manage conflicts of interest in line with the Code (section 5.3 d)?
☐ Do you gain and record client consent before acting where a conflict exists?
☐ Are conflict disclosures and client consents retained in your client records?
☐ Does every client receive a Terms of Engagement document before you act on their behalf?
☐ Does it clearly outline your services, fees, who you act for, and your Code obligations?
☐ Is your Financial Services Guide (FSG) current and does it show the correct trading name, legal entity, AFSL/AR number, and contact details on your website?
☐ Are all client interactions, advice, and communications recorded, retained and easily retrievable for at least seven years?
☐ Can you demonstrate audit trails of renewals, disclosures, and advice?
☐ Are client files regularly reviewed or audited for completeness and compliance?
☐ Do all staff have a formal learning and development plan that includes ongoing Code training?
☐ Are qualifications (e.g. Diploma of Insurance Broking) and CPD records maintained and easily retrievable?
☐ Are authorised representatives and staff regularly reminded of their Code obligations?
☐ Is your Internal Dispute Resolution (IDR) policy compliant with ASIC RG 271 and clearly accessible on your website?
☐ Are all complaints logged, acknowledged, tracked, and reported annually to the Insurance Brokers Code Compliance Committee (IBCCC)?
☐ Do staff know how to recognise, record, and escalate a complaint or AFCA matter correctly?
☐ Do you have a written policy for identifying and supporting vulnerable clients?
☐ Does your system allow you to easily identify clients who are, or may be, vulnerable?
☐ Do you complete your Annual Compliance Statement (ACS) to the IBCCC by the due date?
☐ Do you conduct a formal annual compliance audit covering breaches, complaints, and training records?
☐ Do you respond fully and promptly to any IBCCC request for information or documentation as part of its monitoring or investigation role?
☐ Do you have and follow a written cybersecurity and privacy policy that covers encryption, access control, and data-breach response, consistent with the Privacy Act 1988 and the Australian Privacy Principles?
☐ Are staff trained annually on data handling, phishing awareness, and incident reporting?
☐ Do you have a documented process to notify affected clients and regulators in the event of a notifiable data breach?
☐ Do you maintain a compliance risk register that identifies obligations, responsible owners, and corrective actions?
☐ Are compliance responsibilities assigned to specific roles and communicated across the business?
☐ Are breaches investigated and remediated promptly, with root-cause analysis documented?
This scorecard is based on the Insurance Brokers Code of Practice and NIBA Implementation Guide (2023). This scorecard is here to guide you, not to guarantee compliance. Regulations can change, so make sure to confirm any details with your compliance team or adviser.
