New General Insurance Code of Practice: See the changes impacting compliance

New General Insurance Code of Practice: See the changes impacting compliance

Access Polonious' free guide to GICoP compliance in investigations.

Australia’s insurance industry is undergoing the biggest regulatory and compliance changes in its history.

The Insurance Council of Australia (ICA) has released a new General Insurance Code of Practice, and all insurers are required to implement the changes by July 1, 2021. The changes are legally binding and, from July 1, 2021, organisations can be fined for non-compliance. These fines can amount to hundreds of thousands of dollars.

To avoid penalties and compliance headaches, insurers will need to change their business to comply with the new regulations, which must be met in their entirety, as opposed to a piecemeal approach. The new Code is a result of a two-year review by the ICA, which invited input and recommendations from various organisations.

Australia’s insurance industry leaders must act now to bring their investigation teams, and the wider organisation, in line with the changes. Investigation teams will be pressured by the more detailed compliance requirements, but this does not mean there are no business imperatives.

Polonious’ report, New General Insurance Code of Practice: A reference guide to how changes will impact fraud investigations, gives insurance industry leaders an overview of the required changes, and details of how the impending requirements can go a long way to benefiting the business, including:

  • The Insurance Council of Australia (ICA) has released a new General Insurance Code of Practice and by July 1, 2021 all insurers are required to implement the changes, which are legally binding.
  • From July 1, 2021, organisations can be fined for non-compliance and these fines can amount to hundreds of thousands of dollars. Larger breaches can result in significant financial impact, including compensation for loss or damage, and payment of a community benefit up to $100,000 per offence.
  • Minor breaches will attract minimal financial impact, and, with rectification steps within a certain time, companies can audit their own compliance with the Code at their own cost and advertise corrections.
  • When deviating from an agreed investigation behaviour, an individual can raise a complaint against the insurer with the Australian Financial Complaints Authority (AFCA), and complaints will be given much more weight.
  • Insurers also risk damage to their brand from negative media reports resulting from a failed or non-compliant investigation, where the claimant is often portrayed as the victim.
  • Complaints are on the rise — by a huge 230 per cent. The General Insurance Code Governance Committee found Australia’s insurance sector breached the code of practice 31,186 times during the 2019 financial year. Source: com.
  • About one-third of finalised complaints were found in favour of consumers or small businesses. Source: General Insurance in Australia, Annual Report, April 2020.
  • At least 50 of Australia’s top insurers are expected to abide by the new Code Of Practice come July 1, 2021.

The new Code of Practice includes very detailed changes and new requirements, down to the number of minutes an interview should take and most systems are not equipped to handle this level of detail.

With Polonious, compliance is not a burden

New regulations should not mean a higher level of reporting burden. Now is the time to take advantage of better technology, methodologies and workflows to ensure your compliance and customer service obligations go hand-in-hand.

Turn today’s investigation challenges into tomorrow’s business process improvements with Polonious.

The report details how the changes directly impact insurance companies; outlines the penalties for non-compliance; and shows how you can not only meet the compliance requirements, but improve the business as a result.

Polonious integrates all the new compliance measures into the core system. With one application, it is possible to meet compliance requirements and reduce investigation time and load.


The huge cost of insurance fraud: $40B a year in the US alone

The huge cost of insurance fraud: $40B a year in the US alone

Polonious is a market leader when it comes to helping insurance companies combat insurance fraud and other forms of malpractice. What does this mean for insurance companies? Quite a lot it seems. While it is difficult to know exactly how much fraud costs the insurance industry, we do know it is big business.

In the US, the FBI estimates the total cost of insurance fraud (non-health insurance) is estimated to be more than $US40 billion per year, which translates to between $400 and $700 per year in the form of increased premiums for the average family. With more than 7,000 companies collecting over $1 trillion in premiums each year in the US, the size of the industry provides more opportunities and bigger incentives for committing illegal activities, according to the FBI.

In Australia, the Insurance Council of Australia reports the most common form of insurance fraud to be the exaggeration of personal claims, or “opportunistic fraud”. In contrast, premeditated, or planned, frauds are usually committed by the professional fraudster and often by organised criminal gangs. According to the ICA, while the total cost of insurance fraud is difficult to estimate with precision, in 2017 insurers detected $AU280 million in fraudulent claims across all insurance classes, excluding those relating to health insurance or personal injury (CTP, Government run Workers compensation etc). With this figure the amount of detected insurance fraud, the amount that goes undetected is likely to be much higher.

According to the Insurance Information Institute (III), common types of fraud activity include “padding”, or inflating claims; misrepresenting facts on an insurance application; submitting claims for injuries or damage that never occurred; and staging accidents.

Customer service quality also plays some part in the fraud prevention cycle as some level of fraud committed by consumers can be driven by “revenge” or “retaliation” for a personal service exchange which they think is unfair.

Checking the types of insurance fraud

According to the III, the types of fraud insurance firms must work to combat include:

  • Auto insurance fraud: Auto insurance fraud ranges from misrepresenting facts on insurance applications and inflating insurance claims to staging accidents and submitting claim forms for injuries or damage that never occurred, to false reports of stolen vehicles.
  • Healthcare fraud: Although healthcare insurance is generally outside the purview of property/casualty insurance, healthcare fraud affects all types of property/casualty insurance coverage that include a medical care component, such as medical payments for auto accident victims or workers injured in the workplace.
  • Workers compensation fraud: Employers who misrepresent their payroll or the type of work carried out by their workers to pay lower premiums are committing workers compensation fraud. Some employers also apply for coverage under different names to foil attempts to recover monies owed on previous policies or to avoid detection of their poor claim record.
  • Property fraud: When disasters strike some individuals or groups see an opportunity to file claims that are either exaggerated or completely false. Some even intentionally damage property after a disaster to receive a higher payout.

For these reasons it is important to have a canonical audit trail of activity to identify and prevent fraud before it happens.

Polonious Co-CEO Alastair Steel, says insurance fraud can be dramatically reduced with more timely and accurate information that tracks all of the many moving parts of a claim or investigation. As we have discussed in other blogs, merely identifying potential fraud will not reduce the cost of the identified fraud. Simply adding notes to the claims system or customer files will not adequately manage a complex fraud investigation. Lastly, if you’re not tracking the amounts you save versus the costs of the investigation, you can’t be clear on on the value you’re providing.

A dedicated case management system is the hub that brings all of your monitoring and insights together – insights from your claims handlers looking at files and insights from your analytics engines running over your data – and helps your investigators turn them into strong briefs you can use to deny fraudulent claims or recover those already paid. Lastly, all of your reporting can be used to identify trends and feed back into analytics, to help you identify more fraud.

New General Insurance Code of Practice: See the changes impacting compliance

With GICoP now in force, download our free compliance guide

With GICoP now in force, download our free compliance guideAustralia’s insurance industry is undergoing the biggest regulatory and compliance changes in its history and Polonious is at the forefront of tracking the changes.

To help you keep up, we have prepared a report detailing how the changes directly impact insurance companies.

The guide, New General Insurance Code of Practice: A reference guide to how changes will impact fraud investigations, outlines the penalties for non-compliance and shows how you can not only meet the compliance requirements, but improve your business as a result.

Download your free copy now to:

  • Make sense of the new legally binding investigation rules as they apply to investigators
  • Learn how compliance can help you avoid heavy financial penalties
  • Avoid breaches being escalated to AFCA and ASIC
  • Use the changes as an opportunity to streamline your business
  • Improve investigation information management with new technology
  • Boost customer satisfaction and relationships, and increase referral marketing

Keep ahead of compliance

The guide also helps you quickly locate the 42 points in the new code that affect insurance investigations with its included summary.

If you would like a printed copy, ask us and we will get one mailed to you. Also, If you would like guidance in managing the new General Insurance Code of Practice, contact Polonious Systems today.

Since 2005, Polonious Systems has provided scalable workflow management and risk assessment software to businesses of all sizes. We are committed to staying ahead of technological advancements and providing advice and support with IT capabilities across insurance investigation, banking, private investigations, and education. We’re renowned for our wealth of experience, professional conduct, and willingness to support our clients comprehensively.

If you would like assistance in managing and understanding the new General Insurance Code of Practice, contact the Polonious Systems team and find out what we can do for you.

Polonious Integrations – Our Journey – part 3

Where we are now, where we’re going

Our REST APIs have enabled us to develop these rapidly, securely and cost-effectively.

Here are a few, and what we did to expand flexibility, most are completed, some current projects:


Fraud Detection Capabilities

GBG Instinct

We wrote an adaptor to use their XML Web services capabilities, their team wrote to our REST APIs.


We are writing a Spring Boot adaptor to take JSON about a claim and all of its details and create a case with all relevant details using our own REST APIs.


Shift Technologies

We wrote a Spring Boot adaptor to take JSON about a referred claim and all of its details and create a case with all relevant details using our own REST APIs.


Taylor Fry

Two-way integration with Taylor Fry’s Fraud analytics platform.

Case Information sources

CarFax – Vehicle History

We wrote a Spring Boot adaptor between requests in Polonious for Vehicle history and CarFax’s internal API. This returns a detailed car history as a PDF, textual information or both and adds them straight onto the case with a simple button click in Polonious.


Social Discovery Corporation

We wrote code to interact with SDC’s team to begin a Social Discovery. The generated report is loaded back onto to the case once complete. User just clicks a button to request a Social Search for a Person on a case.



We wrote a Spring Boot adaptor to connect to TransUnion’s search capabilities. We have integrated some of the more popular searches with a long term goal of covering the full range. These are configurable in the case view interface.


Clear Data

We are currently working on this integration.


Carpe Data

We wrote an integration to return social ‘hit’s from a person’s core information.


Public and Private Data Sources. Real-time Current and Historical. A proof of concept has been completed.


Truepic is the leading photo and video verification platform.

Video Interviewing


We wrote code to talk to S2C’s REST APIs which means in the user interface we can provide video interviewing capabilities easily.

Claims Systems

Guidewire ClaimsCenter

We used the new DevConnect to talk ‘REST’ to and from the Guidewire Claims Center system. On a Claim, service requests can create cases in Polonious, all or some updates on the case can be returned to the Claims team via the DevConnect REST calls. Even documents and images can be shared, all seamlessly from both tools.


Duck Creek

We’re currently working on this one.


Accounting Systems


We integrate with Quickbooks REST APIs. This is now at the User Interface development point. Once complete, a more seamless creation of invoices and reconcilation interface will be available.



We wrote REST APIs that help us integrate with Xero. This will use the same UI as the Quickbooks integration.

Link Analysis

I2 Analyst’s Notebook

We added GET capabilities around entities that i2 might need including cases, persons, addresses, organisations, assets and other entities. This allowed the i2 partner to develop a plugin using i2 plugin design tools in .NET. This integration is owned by the i2 partner.


Maltego – Plugin

Polonious UK wrote a Maltego plugin that talks to Polonious given information like case numbers, persons and ‘expands the graph’ in Maltego using our REST APIs

Customer Integrations

Major Australian Bank

REST APIs to integrated with core services to facilitate case creation and updates from fraud analytics tools.


Major NZ Insurer

REST APIs to integrate with their reporting systems written in Power BI. Customer did everything with minimal need from us other than the API documentation.

Also a bespoke Guidewire integration using JMule written by their team to a v1 version of our create case REST api.


Major US Insurer

Integration with their Claims platform via REST calls. Minimal involvement with our IT resources.

 Sales ForceTotally written by the Chinese IT team at a client site. This allows their sales reps to trigger a Brand Fraud case in Polonious when using a sales force mobile app in the field.
 Sumo LogicCurrently work in progress to deliver case outcomes back to sumo logic from triggered case.

Internal Polonious Integrations

AWS Amazon Cloud Automation

We wrote a comprehensive integration set that used our own REST calls to send and receive updates from automation of EC2/S3/VPC/RDS/IAM instance set up triggered from actions taken on cases in Polonious. Bizzare use-case but shows the capability well.



Text Messaging integration


Google Authenticator

Mulit-factor Authentication Integration (work in progress)



Flexible Integration both ways – inbound and outbound

One of the core strengths of our case management system is that is is very flexible and adaptable to differing business needs. This is a great thing for our customers but a bit of a pain for the development team internally when adding features.

Every development sprint we do has to be predicated by the fact that we need to cover bases for all our customer needs now, and into the future.

Our REST APIs reflect this, and our future road map for them will take this a step further.

This final section is more for your IT teams to understand our approach and how it helps their efforts to integrate with our solution.

Create Case flexibility

Create Case is our most used API, it’s the gateway to initiating action inside Polonious for some trigger like Fraud detection or a referral from Claims.

This API has its own web interface to enable pretty much anything to be used as data to create a case.  The interface allows a user to configure a mapping of inbound fields by uploading an example JSON. This JSON needs to be  ‘flat’. ie the data has to be a single level of attributes. This actually covers off on 95% of our integration needs with the backup of additional REST services for the more complex cases where, for example, variable numbers of participants are involved.

Outbound REST Call flexibility

Our Polonious customers are now very familiar with the ability of Polonious to automate outbound integration tasks.

To achieve this, we often use a key transaction point in our application, the Case Note (or action, diary, update as some of our customers call it).

This means, you may want this integration to only happen at case inception, or at case review or case update, or possibly only at case close stages. Possibly at all of the above. Our Polonious Persons can configure this for you. No Polonious IT resources are usually needed.

How this works is fairly straight forward. For any type of case note, you can setup a REST call that can locate, collate and send any case data from that case (I mean any case data, including other diary entries, person, vehicle, company data from the case, any metrics gathered on the case either singular or as totals).

Our Polonious Configurers understand how to access the deep case data and can share many examples of how to use it with your team. The technique is pretty easy to use if you’ve used a templating/programming language before. This generally needs no input from our internal IT team reducing costs and speeding the process.

For complex integrations we use an adaptor

In many of the more complex needs, systems talk different protocols and need ‘cleansing’, selection or verification of data on the way to their penultimate system. To do this, we use microservice adaptors. These can be written by our teams at Polonious or your own IT teams. They can be written in any language your team is comfortable with. We have customers who have created these adaptors in languages other than Java such as python, c# and used them to

talk to/from all sorts of different protocols like webservices, sftp,and the like.

The end point for this payload can be another system you’ve designed that talks any of the major security protocols or it can be an ‘adaptor’ web server written in any language (we prefer Java but some customers use node.js, .net, python and others. That adaptor can then forward the data (possibly after adapting it) to your internal applications in a way they understand.

Using an adaptor provides the additional benefit that the integration source code can be maintained separately from the core systems at either end. This makes updating and writing automated tests for it far easier. It also makes it much easier to understand to a new developer which improves maintainability and change cost. Due to the versioned APIs we use, this adaptor will not require regular updates to keep up with API changes.

Finally, an adaptor is just that – it can adapt more easily to internal security changes and other needs. We can easily send you more information (just by changing the payload with a quick call to our Polonious Persons. The rest is easy (excuse the pun), just a small change to the adaptor, re-run any tests, and you’ve updated your security or business requirements. You can change underlying systems with reduced pressures of dependencies as those dependencies are easy to maintain separately from the core systems.

If you are a Polonious client, we have a number of great examples we can share with you of this from our Spring Boot collection. This makes it really easy to stand up a new adaptor as and when needed.

The future

I hope this series has been interesting, it’s a good reflection of how we handle integration needs quickly and securely for on-boarding and existing customers. These are the takeaways that I hope you have seen demonstrated:

  • Customer and product Integrations have improved markedly in the last 10 years in both speed and cost.
  • Polonious have developed a great API-first approach to ensure most of your needs ready to be served.
  • Most integration work at Polonious is done by the business-facing configuration teams, this saves time and money.
  • The list of Polonious integrations is comprehensive and growing rapidly.

We are expecting a number of changes in the future to our current processes to make them easier to use, more robust, more secure. Currently we’re working on Spring Cloud services and integration technologies. We expect more flexible, scalable, secure and highly resilient services to come from this work.

Additionally, as the Insurtech space evolves, as more and more providers of case information come forward with great offerings, we intend to approach and integrate with all new information vendors as they arrive. To list a few we’d love to integrate with: NICB, Claims data providers, ebay, listings and other information providers.

Every piece of information an investigations team might want to access should be available at minimal effort to the team involved. No special interfaces, seamless integration available as simple button clicks is the way of future. Information sources that require special re-typing exercises will likely suffer in this changing landscape.

The future of case-related information at speed is looking great, we hope you enjoy the journey as much as we are.

Polonious – Improving Child Safety

Polonious World 2018, 2nd August 2018.

Free-to-attend conference on all things investigations, fraud, technology-related.

The Royal Commission into Institutional Responses to Child Sexual Abuse was announced in 2012 and completed it’s work and recommendations early this year, 2018. It was a very comprehensive review with more than 8,000 private sessions held and 2575 referrals to authorities resultant.

The presenter has extensive experience, since leaving the Australian Federal Police, into prevention and investigation of Child Safety cases in school systems and other institutions. This presentation will cover:

  • The Royal Commission into Institutional Responses to Child Sexual Abuse
  • Child Safety Workflows & Case Studies

About the speaker

Simon is the Director of Professional Standards for the Australian Province of the Society of Jesus (Jesuits), an international Catholic male religious order established in 1540.

In this role, Simon oversees all Jesuit, staff & volunteer professional standards and conduct within the Australian Province. He also leads and directs the development, implementation and maintenance of best practice standards concerning professional conduct with a particular focus on the safety of children, young people and vulnerable adults.

As a former Australian Federal Police detective, Simon is a highly experienced and nationally awarded investigator with over twenty years of investigative and advisory experience. He is accomplished in undertaking highly sensitive, secret and complex investigations in the criminal, civil and canon law arenas.

Simon has worked for many years with educational and religious institutions to assist them in, managing claims of historic child sexual abuse, reportable conduct investigations, serious staff misconduct investigations, policy advice and conflict resolution.

Simon is also a member of the Victoria Police Registration & Services Board (Review Division) and is a member of the Melbourne City Council’s Family and Children’s Advisory Committee.

About Polonious World

Polonious World is a free-to-attend event for investigators by Polonious – a world-leading Case Management software product for teams from 1-1000 investigators. It covers topics as varied as investigation techniques, running investigations teams, unique investigation case stories such as Operation Pendennis, Donnie Brasco and others as well as being a great networking event for investigation teams from Australia and around the world.

Learn more about Polonious here!

Polonious World 2017 – SureFact Australia Sponsor Profile

“Polonious is pleased to announce  SureFact Australia Pty Ltd (“SureFact”) have signed up as a sponsor for Polonious World 2017SureFact have been increasing productivity, profitability and competitive advantage with Polonious case management for over four years.

SureFact is a privately owned investigations company providing tailored solutions to insurance companies, large corporate organisations, small to medium businesses, law firms and government agencies.

The SureFact team is focused on providing timely and accurate information to insurers and other clients to enable the development of effective strategies for early and durable claim resolution.

Places for Polonious World 2017 are strictly limited and entry is free for registered delegates. Register here or contact Andrew Simpson on 0474 149041 email


SIU Insights report 2021How do you compare to other SIUs?

Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.

GICOP changes 2021Download the GICOP whitepaper and stay compliant.

Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.