Comparison of 8 Major Companies’ Code of Ethics and Conduct

Comparison of 8 Major Companies’ Code of Ethics and Conduct

Good corporate governance incorporates a set of rules that define the relationship between stakeholders, management and the board of directors of a company and influence how the company is operating. The importance of corporate governance cannot be understated as it enables organisations to achieve their goals, make formal decisions, prevent fraud, control risks and assure compliance. 

To determine the appropriate ethical guidelines for your company, you might consider studying some of the best examples of code of conduct examples for businesses. 

This blog will help you understand:

  • Definition of Code of Ethics
  • Definition of Code of Conduct
  • Difference between Code of Ethics and Code of Conduct
  • Comparison of 8 Major Companies’ Codes of Ethics and Conduct 

Code of Ethics

A code of ethics is a set of guiding principles intended to ensure a business and its employees act with honesty and integrity in all facets of its day-to-day operations and to only engage in acts that promote a benefit to society. Sometimes referred to as a value statement, it behaves like the “Company’s Constitution” with general principles to help guide employee behaviour.

The document outlines a set of principles that affect decision-making. For example if an organization is committed to protecting the environment and “being green”, the code of ethics will state that there is an expectation for any employee faced with a problem, to choose the most “green” solution. It does not cover specific behaviour like a code of conduct, rather it outlines the principles that should guide that behaviour.

Typically, focus areas include:

  • Social Responsibility
  • Discrimination
  • Environmental issues

3 Types of Codes of Ethics

A code of ethics can take a variety of forms, but the general goal is to ensure that a business and its employees are following state and federal laws, conducting themselves with an ideal that can be exemplary, and ensuring that the business being conducted is beneficial for all stakeholders. The following are three types of codes of ethics found in business.

Compliance-based Code of Ethics

For all businesses, laws regulate issues such as hiring and safety standards. Compliance-based codes of ethics not only set guidelines for conduct but also determine penalties for violations.

In some industries, including banking, specific laws govern business conduct. These industries formulate compliance-based codes of ethics to enforce laws and regulations. Employees usually undergo formal training to learn the rules of conduct. Because noncompliance can create legal issues for the company as a whole, individual workers within a firm may face penalties for failing to follow guidelines.

To ensure that the aims and principles of the code of ethics are followed, some companies appoint a compliance officer. This individual is tasked with keeping up to date on changes in regulation codes and monitoring employee conduct to encourage conformity.

This type of code of ethics is based on clear-cut rules and well-defined consequences rather than individual monitoring of personal behavior. Despite strict adherence to the law, some compliance-based codes of conduct do not thus promote a climate of moral responsibility within the company.

Value-Based Code of Ethics

A value-based code of ethics addresses a company’s core value system. It may outline standards of responsible conduct as they relate to the larger public good and the environment. Value-based ethical codes may require a greater degree of self-regulation than compliance-based codes.

Some codes of conduct contain language that addresses both compliance and values. For example, a grocery store chain might create a code of conduct that espouses the company’s commitment to health and safety regulations above financial gain. That grocery chain might also include a statement about refusing to contract with suppliers that feed hormones to livestock or raise animals in inhumane living conditions.

Code of Ethics Among Professionals

Financial advisers registered with the Securities and Exchange Commission (SEC) or a state regulator are bound by a code of ethics known as a fiduciary duty. This is a legal requirement and also a code of loyalty that requires them to act in the best interest of their clients.

Certified public accountants, who are not typically considered fiduciaries to their clients, still are expected to follow similar ethical standards, such as integrity, objectivity, truthfulness, and avoidance of conflicts of interest, according to the American Institute of Certified Public Accountants (AICPA).

Code of Conduct

A company’s code of conduct covers major legal, ethical, and compliance risk areas to help employees make the right choices, even when they’re not easy. Your  code of conduct sets the  ethical standards and establishes expectations for employee behavior in the workplace. Employee adherence to your company’s code of conduct is essential to maintaining a reputation of integrity and preventing risk for your organization. Codes of conduct cover specific behavioural expectations in specific situations.

Topics may include:

  • Conflicts of Interest
  • Protecting Company Information
  • Financial and legal integrity
  • Reporting wrongdoing

Difference between Code of Ethics and Code of Conduct

A Code of Ethics governs decision-making, and a Code of Conduct governs actions. They both represent two common ways that companies self-regulate. They are often associated with large companies, and provide direction to employees and establish a public image of good behavior. 

A code of ethics is broader in its nature, outlining what is acceptable for the company in terms of integrity and how it operates. A code of conduct is more focused in nature and instructs how a business’ employees should act daily and in specific situations.

8 Examples of Major Companies’ Code of Conduct and Ethics

To determine the appropriate ethical guidelines for your company, you might consider studying some of the best examples of codes of conduct for the following major businesses.

Technology Companies


Google’s Code of Conduct emphasizes its values such as customer care, integrity and transparency. The document clearly states who must adhere to the standards set forth and how misconduct will be addressed.

It highlights the importance of speaking up and taking action against wrongdoing. Overall, their Code of Conduct is concise and well organized.


Microsoft’s Standards of Business Conduct revolves around one central theme: trust. Microsoft emphasizes that trust is an important aspect of its operations, including with customers, governments, fellow employees, investors and representatives.

The code of conduct also offers a process to help employees make difficult decisions that reflect Microsoft’s values and standards. Offering a process can be a useful way to simplify complex ethical decisions and ensure consistent behaviour. However, avoid getting too specific as this may result in legalistic responses, e.g. ‘Well, the code of conduct didn’t specifically say NOT to do that…’.

Read more on their website


Facebook’s Code of Conduct covers important topics such as conflicts of interest, harassment, confidentiality and protection of user data. Despite not using photos and visuals, it is simple, concise and easy to comprehend.

The company also highlights that employees can report violations anonymously to sources that they feel comfortable speaking to, including managers, HR and/or the Legal Department. The code of conduct also includes links to the company’s whistleblower and complaint policy.

Learn more about Facebook’s Code of Conduct on their investor relations website


IBM’s Code of Conduct revolves around their core values which are:

  • Dedication to every client’s success
  • Innovation that matters, for our company and for the world
  • Trust and personal responsibility in all relationships

The company further highlights environmental affairs, human rights principles, and workforce diversity in their business conduct and expectations of their employees. These achievements are highlighted in their Corporate Responsibility report

Overall, their Code of Conduct appears to be well organized and easy to understand. 

Financial Institutions


The ANZ Code of Conduct and their supporting policies set the expected standards of behaviour linked to their values.

Their guiding principles include:

  • Integrity
  • Collaboration
  • Accountability
  • Respect
  • Excellence

The company has two Codes of Conduct, which provide employees and Directors with a practical set of guiding principles to help them make fair, balanced and ethical decisions in their day to day work:

  • ANZ Non-Executive Directors Code of Conduct
  • Code of Conduct

The ANZ Non-Executive Directors Code of Conduct outlines their code guiding principles followed by the actions to be undertaken. This includes:

Act Ethically and Professionally

  • Act in the best interests of ANZ and create trust, confidence and goodwill with ANZ’s shareholders, customers and other stakeholders
  • Undertake our duties with appropriate care and diligence and in accordance with our legal obligations
  • Behave in a way that takes into account ANZ’s impact on the community and the environment in both the short and long term
  • Understand our authorities and any relevant limits and exercise any such authorities responsibly and within limits
  • Use all of ANZ’s systems and equipment appropriately and for proper purposes. This includes email, messaging, internet access, and technology and banking systems
  • Not engage in conduct (either in our capacity as a Director or otherwise) that may cause damage to ANZ’s reputation or is incompatible with our position as Directors of ANZ

Act with integrity

  • Act honestly and transparently in all our dealings with and for ANZ
  • Not knowingly mislead directly or indirectly, make false statements or mislead by omission
  • Not make promises or commitments we know ANZ does not intend, or would be unable, to honour
  • Use goods, services and facilities provided to us by ANZ in accordance with the terms on which they are provided

Treat all people with dignity and respect

  • Treat all people we deal with through our work with respect and dignity
  • Never harass, bully or unlawfully discriminate
  • Make appointment decisions based on merit

Manage conflicts of interest

  • Not improperly use the name of ANZ, our position or information obtained by us as a Director of ANZ for personal financial gain or to obtain any benefit for any other person or business
  • Fully disclose all relationships we have with ANZ in accordance with policies on independence that the Board may adopt from time to time
  • Ensure any personal dealings with ANZ must be in accordance with policies that the Board may adopt from time to time
  • Fully disclose any material personal interest, as well as any other interest which is appropriate to disclose in order to avoid an actual or perceived conflict of interest, in accordance with such policies that the Board may adopt from time to time
  • Never accept or offer any improper payment of benefits in connection with their role as an ANZ Director
  • Never accept any gift, reward or entertainment, including disclounter products, free travel or accommodation, if there is an expectation that could conflict with our role as an ANZ Director.

Protect privacy and confidentiality

  • Respect the privacy of others
  • Not improperly disclose any information about ANZ that is not already in the public domain
  • Ensure that confidential information relating to ANZ customers, staff or operations is not disclosed, inadvertently or deliberate, to third parties without the consent of ANZ

Comply with the code, law, policies and procedures

  • Be aware of and comply with all relevant laws and regulations applicable to use
  • Not take any action, or fail to take action, that may breach the law or applicable ANZ policies and procedures
  • Complete all induction and education programs required of us to build and maintain our awareness and understanding of relevant laws, policies and procedures

Furthermore, it encourages employees to contact the Group General Counsel or Company Secretary if they are unsure of their obligation or ANZ’s expectations.

These documents can be found on ANZ’s official website.


CommBank’s Code of Conduct articulates the standards of behaviour expected of their clients and stakeholders. The Code connects their purpose and values with a ‘Should We?’ test, to help deliver the right outcomes. Their ‘Should We?’ calls into question transparency, consistency with values and policy, as well as fairness which helps employees exercise good judgement.

The document specifically articulates the standards of behavior the company expects of their employees when engaging with, and balancing the interests of, the Bank’s stakeholders. The following outcomes have been outlined:

  • Fair customer outcomes are at the heart of our strategy, plans, decisions, judgements and actions.
  • Our products and services are fair, transparent, and meet customer needs, and our distribution approach is appropriate for customers. We are compassionate to the circumstances of customers, including those who are most vulnerable.
  • The potential for unfair outcomes is proactively identified, and complaints and issues are managed in a timely manner.
  • Market manipulation, insider trading, failure to manage conflicts of interest, and inappropriate sharing and use of confidential information are not tolerated.
  • We recognise that environmental and social risks can impact our business and communities and we are committed to ensuring that these risks are identified and managed appropriately

Westpac Banking Corporation

The Westpac Banking Corporation’s Code of Conduct defines four outcomes, each stronger aligned with the company’s values. This includes 1. Helping our customers and communities, 2. Being ethical, 3. Strengthening our corporate compliance, and 4. Supporting our people. Underneath each outcome, it outlines what this means for Westpac and their employees.

Helping our customers and communities

  • We are always helpful and do the right thing by our customers, suppliers and community
  • We always look for ways we can be better and simpler
  • We help our customers to make informed choices and our communications are clear
  • We lend responsibly and provide vulnerable customers with extra support and care
  • When designing, distributing and fulfilling our products we always consider their fairness and suitability for our customers
  • We handle customer complaints confidentially, with consideration and respect and take responsibility for proactively resolving complaints or referring them to the right person
  • We proactively identify potentially unfair customer outcomes, identifying the cause of the issue and if we make a mistake, immediately own it and fix it
  • We consider the long-term environmental and social impacts of our decisions

Being Ethical

  • We are trusted to do the right thing and act with honesty, integrity and due care and skill in all our dealings with the bank including as customers
  • We ensure that our actions, personally and professionally, do not put Westpac Group’s reputation at risk
  • We always ask ‘Should We?’ rather than just ‘Can We?’
  • We put the customer and bank ahead of personal interests and identify, declare, record and appropriately manage conflicts of interest
  • We uphold market integrity and protect against market misconduct, market manipulation and insider trading
  • We compete fairly to provide our customers with great products, service and innovation
  • We understand and comply with our offshore obligations when dealing with international customers or markets

Strengthening our corporate compliance

  • We protect our community and the integrity of the financial system. This includes meeting our anti-bribery and corruption, anti-money laundering and counter-terrorism financing and tax transparency obligations to mitigate the risk of fraud
  • We take accountability for identifying, managing and reporting all forms of risk, including compliance and conduct
  • We are open and transparent with regulators and report in a constructive, accurate and timely way
  • We use technology in a safe, secure and productive way
  • We keep customer, supplier and other third party information and our own confidential and sensitive information private and secure; protecting it from unauthorised use and not using it inappropriately for personal gain or sending it inappropriately to a third party

Supporting our people

  • We create a safe, diverse and inclusive place to work where we welcome diversity of thought and experience, prioritise our people and our customers’ safety and wellbeing and do not tolerate discrimination, bullying or harassment, including sexual harassment
  • We employ, promote and reward employees who live our purpose, values and behaviours and act in accordance with the expectations of our Code of Conduct
  • We work together as a team, support each other and are professional in our interactions
  • We take unlawful and unethical behaviour seriously – if we think something is not right, we speak up as soon as possible, and we listen and respond
  • We communicate with the public responsibly and only speak to the media when authorised

The document also highlights policies for topics such as conflict of interest, sexual harassment and anti-bribbery and corruption which help achieve the above outcomes. Managing such issues are critical to meet standards of responsibility and ethical conduct. Learn more about potential breaches in corporate compliance in our 4 part-series in Workplace Fraud.

This can be found on their website.

National Australia Bank

NAB’s Code of Conduct outlines the standards of behaviors expected of employees in order to better serve clients. The structure is fairly similar to Westpac’s Code of Conduct, as it outlines four major values and how they achieve it. The 4  include 1. Excellence for Customers, 2. Grow Together, 3. Be Respectful and 4. Own it. The code further elaborates on ways to achieve these targets such as practicing open communication and always putting clients first.

Furthermore, their policies are divided into the following sections:

  • Customers and Communities
  • Colleagues
  • Governance and Risk

Each section outlines the standards they expect to deliver.

Customers and Communities

  • Fair and ethical customer outcomes are at the heart of our plans, decisions and actions.
  • We only provide products and services that are right for our customers and match their needs and circumstances.
  • Our products and services are transparent and easy to understand.
  • Customer interactions are consistently high-quality experiences. All colleagues complete learning and competency requirements, and only operate in roles where they hold the required accreditations.
  • We take extra care of customers who are at a greater risk of harm or loss because they are experiencing vulnerability.
  • Concerns about unfair customer outcomes are proactively identified and owned or escalated.
  • Customer complaints, pain points and harm – including financial losses, distress and inconvenience – are promptly and appropriately addressed and, where appropriate, remediated.
  • We do not tolerate anti-competitive conduct, market manipulation, predatory market practices, insider trading, failure to manage conflicts of interest, bribery and corruption or inappropriate control and use of confidential or personal information.
  • We recognise that environmental and social risks can impact our communities and we are committed to ensuring these risks are identified and managed appropriately. 


  • Everyone feels safe and included in the workplace and health, safety and wellbeing are promoted. We take a zero tolerance approach so that no one experiences unlawful discrimination, bullying or harassment — including sexual harassment or racism.
  • Customers have confidence in NAB’s integrity and quality of service. This is why we’re only hired, promoted and recognised when we demonstrate the highest levels of professionalism and character.
  • Customers know they are in safe hands. This is because we only act within our authority and carefully consider what’s best for our customers. We always use access to technology and assets responsibly.
  • Customer interactions are consistent and high-quality experiences. We achieve this by ensuring everyone at NAB meets learning and competency requirements, and works in roles where they hold the applicable accreditations.
  • Colleagues do not compromise the integrity of NAB or its stakeholders. Any conflicts or perceived personal conflicts of interest, criminal convictions or charges are declared.
  • Colleagues are rewarded for driving long term, sustainable outcomes.

Governance and Risk

  • We meet our legal and regulatory obligations, voluntary commitments and internal standards.
  • Our customers’ personal information is respected and kept safe.
  • Our policies explain how we handle this information to keep it secure, protected from misuse, interference and loss, and from unauthorised access, modification or disclosure or personal gain.
  • Our customers and community and the integrity of the financial system are protected.
  • Our policies and standards explain how to identify, manage and control the risks of financial crime, bribery or sanctions breaches as well as commercial and personal conflicts of interest.
  • Customer interests and outcomes are a critical component of decision making and align with NAB’s risk appetite.
  • We use clear delegation frameworks for decision making to support our governance and risk management frameworks.

How Polonious Can Help

By setting out standards for behavior, a code of conduct helps minimize risks associated with employee misconduct. A well-written code of conduct makes it easier for employees to behave well because they set clear expectations, creating a positive work environment.

However, compliance is more than just checking the box. A well-managed, compliant, internal whistleblowing mechanism, ethics hotline and case management solution can help you detect problems early, address them and maintain a safe and ethical workplace, while minimizing risk.

The Polonious Case Management Software provides a consistent process that is procedurally fair for all parties, while recording all actions and decisions to ensure all evidence of the process is documented and auditable alongside any evidence gathered regarding the incident or investigation. 

Strong and effective corporate governance helps to cultivate a company culture of integrity, leading to positive performance and a sustainable business overall. Essentially, it exists to increase the accountability of all individuals and teams within your company, working to avoid mistakes before they can even occur.

Strong and effective code of ethics and conduct helps to cultivate a company culture of integrity, leading to positive performance and a sustainable business overall.

Strong and effective code of ethics and conduct helps to cultivate a company culture of integrity, leading to positive performance and a sustainable business overall. 

Making your hotline confidential will ensure employees feel comfortable using it.

To determine the appropriate ethical guidelines for your company, you might consider studying some of the best examples of code of conduct examples for businesses.

Making your hotline confidential will ensure employees feel comfortable using it.

A Comparison of 8 Major Companies’ Codes of Ethics and Conduct can point you in the right direction.

Book a Demo Now

Learn more about how Polonious can help you practice stronger and more effective corporate governance

5 ways to dig deeper than a Web search for better investigation

5 ways to dig deeper than a Web search for better investigation

Whenever an investigation begins it is only natural to jump on the Internet and do a Web search for any relevant material that is publicly available.

The Web is an ideal starting point, but there are many more data sources available to intrepid investigators. In this blog we will look at five ways to garner more information for an investigation, and how the results will help you deliver a more comprehensive result.

1. Specialist Web search engines

When people search the Internet they think of Google, but there are many more specialist search engines which focus on certain niches, or verticals.

These include alternative general search engines and forums and portals which focus on specific topics. Your investigation might relate to the aviation sector, so log onto aviation forums and look (and ask) for information which might be helpful.

There are also many localised search engines which focus on particular geographies, which could help your investigation if there are elements relating to non-English speaking regions.

2. Social networks

Your investigative work is made easier if the people you are investigating are happy to share their private live with the world.

A person’s profile can be reviewed and information can be gathered from it, and from there it will depend on how it fits into the wider case and whether it can be used to bolster the investigative process.

Like search engines, the Web is awash with social networks of all shapes and sizes. Facebook won the war for the most popular social network, but again there are plenty of niche options to include in your investigative work.

Take the time to look at any niche social networks which might give new light to the investigation.

Some OSINT providers will perform detailed social media searches for you, and Polonious integrates with a number of leading providers.

3. Government databases

In addition to open data sources like search engines and social networks, there are more shielded information repositories, such as government-controlled databases which can be used during an investigation.

These databases house public records, but often require some form of application or payment to be searched.

Examples include company records; births, deaths and marriages; estates and wills; and other regulated industry data. If the case involves a criminal or civil court matter, then there will be records available for searching.

Such data can give your investigation the boost it needs by revealing interests and relationships not contained in public repositories.

4. Associates

The person you are investigating might be very private, but their associates might not be.

Today’s connected Web can reveal a lot about a person, even if they didn’t consent to having the information about them shared.

By using a combination of search, social and other data sources your investigation can easily reveal a lot about a person, or organisation, by proxy.

Including relations and associates is now an important factor in getting the most amount of information available.

5. Work history

Another source of information for your investigation is work history. Like government data, this might not be immediately available for free, but can be sourced specialist sources such as financial records.

LinkedIn is the go-to social network for professionals and from there someone’s work history can be investigated.

While looking into work history, don’t forget co-workers. People who have worked together know a lot about each other and this information can be readily shared online.

The amount of open source information available to investigation teams extends well beyond a regular Google search. Look at the numerous free and paid-for data sources which might give your investigation the edge.

There are also support services available which focus on the many different databases containing personal information.

Web search is useful but basic search engines like Google do not cover all bases for investigations
Health Insurance Code of Practice vs General Insurance Code of Practice – What are the differences?

Health Insurance Code of Practice vs General Insurance Code of Practice – What are the differences?

According to Safe Work Australia, a code of practice provides detailed information on how you can achieve the standards required under relevant health and safety laws. Codes of practice set standards of good industry practice in areas relating to:

  • Service provision
  • Standards of professional conduct
  • Practice standards
  • Ethical behaviour

These codes promote higher standards of business and personal ethics. Many companies subscribe to codes applicable to their practises for reasons such as:

  • Strengthening relationships with their customers
  • Improving complaints handling
  • Reducing the number of disputes through improved service delivery

Entities such as the Insurance Council of Australia (ICA) in Australia, the Financial Conduct Authority in the U.K., and the National Association of Insurance Commissioners in the United States set and maintain insurance standards across the globe.

The general insurance industry in Australia, an industry covering roughly $40bn in premiums, is going through large-scale regulatory and compliance changes with the introduction of the new General Insurance Code of Practice 2021. However the health insurance industry, covering roughly $26 billion in premiums is currently not subject to the same level of regulation.

While we have written extensively on the impacts of the GICOP changes to general insurance investigations, it is important to understand how these compare to other industry codes, and how these codes might be updated in the near future to replicate some of the changes from GICOP. This blog will compare the general insurance code and health insurance code in order to understand the overlaps as well as the differences.

This blog will cover:

  • What is the General Insurance Code of Practice
  • What is the Private Health Insurance Code of Conduct
  • Comparison of the General Insurance Code and Health Insurance Code

What is the General Insurance Code of Practice

The General Insurance Code of Practice is a voluntary Code of Practice maintained by the Insurance Council of Australia under which ICA members agree to follow certain principles and standards in providing general insurance services.

The Insurance Council of Australia (ICA) has released a new General Insurance Code of Practice, and all insurers were required to implement the changes by July 1, 2021. The industry is going through one of the largest regulatory and compliance changes in history. New General Insurance Code of Practice: What changes for investigation teams? can help you understand how it applies to your practice.

Purpose of the General Insurance Code of Practice

According to the ICA, the Code is intended to be a positive influence across all aspects of the general insurance industry including product disclosure, claims handling and investigations, relationships with people who are experiencing vulnerability, and reporting obligations. The code sets out standards such as openness, fairness and honesty when providing to customers. It also sets out timeframes for insurers to respond to claims, complaints and requests for information from customers.

A full copy of the Code is available at Insurance Council of Australia.

What is the Private Health Insurance Code of Conduct

The Private Health Insurance Code of Conduct is a self-regulatory and voluntary code to promote informed relationships between Private Health Insurers, consumers, agents, brokers and corporate brokers. 

Purpose of the Private Health Insurance Code of Conduct

The Code’s objective is to maintain and enhance regulatory compliance and service standards across the private health insurance industry. According to Private Healthcare Australia, the code is designed to help you by providing clear information and transparency in your relationships with health funds. 

Private Health Funds who are signatories to the Code agree to:

  • work towards improving the standards of practice and service in the private health insurance industry;
  • provide information to consumers in plain language;
  • promote better informed decisions about their private health insurance products and services by:
  • ensuring that policy documentation is full and complete;
  • providing clear explanations of the contents of their policy documentation when asked by a consumer; and
  • ensuring that persons providing information on health insurance are appropriately trained
  • ensure information between consumers and the fund is protected in accordance with privacy principle
  • provide information to consumers on their rights and obligations under their relationship with the consumer, including information on this Code of Conduct; an
  • provide consumers with easy access to the fund’s internal dispute resolution procedures, which will be undertaken in a fair and reasonable manner and to advise them of their rights to take an issue to an external body such as PHIO

A full copy of the Code is available at Private Healthcare Australia.

Comparison of the General Insurance Code and Health Insurance Code

Although both the General Insurance Code and Health Insurance Code aims to set higher standards of service and transparency in your relations with customers, there are a few notable differences.

Who Monitors the Code

The General Insurance Code Governance Committee (CGC) independently monitors the Code to ensure companies are meeting their obligations, and achieving service standards consumers can trust.

The Code of Conduct Compliance Committee established by Private Healthcare Australia ensures the Health Insurance Code is being adhered to.  

What the Code Covers

The General Insurance Code of Practice covers many aspects of a customer’s relationship with their insurer, from buying insurance to making a claim, to providing assistance to those experiencing financial difficulty including uninsured third parties. General insurance products covered by the Code include:

Personal Classes

  • Accident and sickness
  • Consumer credit
  • Home
  • Motor
  • Personal and domestic property
  • Residential strata
  • Travel

Commercial Classes

  • Business
  • Contractors all risks
  • Primary industries
  • Industrial special risks
  • Liability
  • Motor
  • Other commercial products 

However, the General Insurance Code of Practice does not cover life and health insurance products issued by life insurers or registered health insurers. In addition, the General Insurance Code of Practice is not applicable for things such as:

  • Workers compensation
  • Marine insurance
  • Medical indemnity insurance
  • Compulsory third-party insurance
  • Reinsurance

Meanwhile, the Private Health Insurance Code of Practice covers only Private Health Insurance, as well as some provisions covering intermediaries by extension – though they also have their own code, the Private Health Insurance Intermediaries Code of Conduct.

Requirements for Investigations under the General Insurance Code of Practice

One of the key differences between the codes are the requirements around investigations. The General Insurance Code of Practice outlines many requirements pertaining to investigations.

The COP has a quality assurance program to regularly monitor and review investigations. This may include reviews of:

  • recordings, statements, affidavits or transcripts of interviews
  • Investigators’ records of investigation activities
  • Complaints about investigations, including disputes referred to the Australian Financial Complaints Authority

The quality assurance program will include reviews of non-genuine claims indicators to make sure they remain relevant, appropriate and do not discriminate. These are reviewed at least once a year.

If an investigation has gone on for 4 months, the claim will be independently reviewed by an Employee with appropriate authority, knowledge or experience, according to COP. Complainants will be informed when this happens.

Some additional constraints are summarised below

  • Investigators are required to remain objective, honest, efficient, transparent and fair at all times.
  • A single interview sitting may only last for up to 90 minutes. 
  • If the total interview time required is over 4 hours, the Investigator must obtain written consent from the ICA.
  • The Investigator must record all offers of breaks, and the interviewee’s responses.
  • If another interview time is needed, it will not be organised without at least a 24 hour break, unless otherwise agreed.
  • If during the interview it becomes apparent that an interpreter is needed (even though one had not previously been requested or arranged), then the Investigator or Employee will: a. pause the interview; and b. restart it at a later time, or date, once an independent interpreter has been arranged.
  • If during the interview the employee requires additional support (example: lawyer, consumer representative or a friend), the Investigator will: a. pause the interview; b. advise you of the support person’s role in the interview process and c. restart the interview at a later time, or date, once the support person has been arranged.
  • There will be a 5 minute break in the interview every 30 minutes. However, if an employee claims to be experiencing vulnerability, then there will be a 5 minute break every 30 minutes.
  • Employees can request additional breaks and stop the interview early and reschedule if needed.

Requirements for Investigations under the Private Health Insurance Code of Practice

There are currently no requirements around investigations under the Private Health Insurance Code of Practice. The recent changes to the GICOP requirements may add pressure on the private health insurance industry to adopt similar measures. However, these changes are unlikely to affect investigations in this industry for several reasons. Firstly, fraud in this industry is more likely to be related to providers than claimants. Secondly, and relatedly, the majority of ombudsman complaints are about other aspects of policy or service – though benefit payment delays were a significant proportion of complaints, and this could be affected by a poorly managed investigation. If similar measured are adopted by Private Healthcare Australia, they are more likely to apply to policy conditions, communication, sales, and service.

Breaches to the Code

The Code Governance Committee prepares an annual compliance report. Significant Breaches to the code will be reported to the Code Governance Committee within 10 Business Days. The Code Governance Committee may impose additional sanctions for Significant Breaches of the Code, including requiring them to do any one or more of the following:

  • compensate an individual for any direct financial loss, or damage, we caused them arising from a Significant Breach;
  • publish the fact that we have committed a Significant Breach of the Code;
  • pay a community benefit payment for a Significant Breach up to a maximum of $100,000. The size of the community benefit payment must be in proportion to our gross written premium and number of customers.

The Code of Conduct Compliance Committee established by Private Healthcare Australia also publishes an annual report on the operation of the Code, including a summary of compliance. This report will be published on the websites of Private Healthcare Australia and the Members Health Fund Alliance.

If a health fund fails to comply with a sanction, the Committee may do one or more of the following:

  • Take action to enforce compliance with the code or sanction.
  • Disqualify and immediately ban the health fund from using the Code of Conduct tick logo.
  • Name the health fund in the annual report as having not complied with the Code and/or having not complied with a sanction.
  • Report the breach on the PHA and Members Health Fund Alliance website.
  • Request that the Health fund report the breach on their own website.
  • Request that any issued sanctions be published on the non-compliant Health Fund’s website.
  • In cases where the Committee considers the breach of the Code may constitute a breach of any regulatory or legislative obligation, report the health fund to the appropriate government agency.
  • Request the health fund publish corrective advertising within one month of the request

How Polonious Can Help

In the ever-changing regulatory and compliance environment, organizations need to continue to stay up-to-date in their knowledge and conduct to avoid costly risks such as reputational and financial damage.

Polonious is constantly adding new features with further configurability and can also deploy new code as required. Our experts can utilize our legal and technical expertise to help you adhere to industry codes, company policies and relevant laws, while enabling you to improve productivity and workflow. 


A comparison of the General Insurance Code and Health Insurance Code will help you understand the large-scale changes to the General Insurance Code as well as the health insurance code and how it applies to your practice.

A comparison of the General Insurance Code and Health Insurance Code will help you understand the large-scale changes to the General Insurance Code as well as the health insurance code and how it applies to your practice. 

However workplace bullying is not limited to aggressive behaviour, and includes many other forms of treatment including ostracising particular employees.

It is important for companies to subscribe to codes applicable to their practice in order to avoid any reputational harm.

Book a Demo Now

Learn more about how Polonious can help you improve workflow while complying with laws and regulations

Virtual Fraud in Financial Services Forum

Virtual Fraud in Financial Services Forum

On 9 December 2021, Polonious will be attending and speaking at the Virtual Fraud in Financial Services Forum run by Transform Finance. This event connects the entire financial services industry across the Asia Pacific region in an exclusive online environment. 

At this event, you will get to hear about the ever-changing global fraud landscape from industry experts. The latest topics currently transforming the fraud industry will be covered, such as:

  • Cybercrime Challenges
  • Global Perspectives and Regulatory Insights
  • Disruptive and Emerging Technologies
  • Application and First Party Fraud, Synthetic Identity and Transaction Fraud

You will also have the opportunity to network with more than 200 C-suite, VP and Director level executives across a range of fraud prevention, detection, and investigation roles. These include roles in Financial Crime, Risk, Compliance, Legal, AI, and Data Analytics. 

The organisations in attendance are also diverse in nature, covering financial services industries such as Banking, Fintech, Insurance, Securities, and of course Polonious will be representing the Case Management industry. 

Polonious will be manning a virtual booth at this event, speaking on why you need an investigation management system, and where it sits in your anti-fraud program. This booth will be run by Polonious’ Senior Systems Configurer and ISO Systems Manager, Nicholas Fisher. Nicholas has worked with clients across banking, insurance, investigation firms, education and child protection. He knows exactly what key pain points companies experience in their fraud prevention and detection, and how Polonious can step in and help. 

Nicholas will be able to give you a crash course on why you need an investigation management system. He will cover what investigation management systems are, how they can be implemented, and their benefits to you. You will no doubt leave this event with a better understanding of why investigation management systems are more attractive than other alternatives.

If you work for a bank, fintech, payments, insurance company or the wider financial services, this event is perfect for you! Learn from live case studies, Q&As, and panel discussions at the most important event for digital innovation and fraud prevention this year. 

You can find out more about the event, including the agenda, speakers, and more general information here

We look forward to seeing you there!

Fraud in Financial Services virtual event - 9th December 2021

Thinking about attending?

You can claim a free VIP pass to the event using this link

New General Insurance Code of Practice: What changes for investigation teams?

New General Insurance Code of Practice: What changes for investigation teams?

Access Polonious' free guide to GICoP compliance in investigations.

Australia’s insurance industry is undergoing the biggest regulatory and compliance changes in its history, and these changes will significantly impact investigation teams.

The Insurance Council of Australia (ICA) has released a new General Insurance Code of Practice, and all insurers were required to implement the changes by July 1, 2021. The changes are legally binding and, as of July 1, 2021, organisations can be fined for non-compliance. These fines can amount to hundreds of thousands of dollars.

To avoid penalties and compliance headaches, insurers will need to change their business to comply with the new regulations, which must be met in their entirety, as opposed to a piecemeal approach. The new Code is a result of a two-year review by the ICA, which invited input and recommendations from various organisations.

Australia’s insurance industry leaders must act now to bring their investigation teams, and the wider organisation, in line with the changes. Investigation teams will be pressured by the more detailed compliance requirements, but this does not mean there are no business imperatives.

Polonious’ report, New General Insurance Code of Practice: A reference guide to how changes will impact fraud investigations, gives insurance industry leaders an overview of the required changes, and details of how the impending requirements can go a long way to benefiting the business.

I this blog, we will look at what changes for investigation teams.

Teams must adapt immediately

The Insurance Council’s Code of Practice changes will have an immediate impact on investigation teams and how they conduct their work, including much more detailed measurements of the actions being taken.

An extensive summary of the Code of Practice can be downloaded from the Web site. The many changes to the Code of Practice will apply significant pressure on insurers’ investigation units, including:

  1. Stricter requirements in relation to actions being taken by the investigators (e.g. 90-minute time limits
    For investigation interviews)
  2. More mandated regulation which will override any self-regulation, with penalties for non-compliance
  3. A push for more transparency for claimants

To cite a simple, but profound, example, there will now be a cap of 90 minutes on the length of an interview that an investigator can undertake. Previously, there was no time limit. Moreover there is a total limit of four (4) hours during the complete course of the investigation.

Changes such as these will apply a degree of pressure on insurers to get the information they need within that timeframe so they don’t fall foul of the requirements.

Having an unlimited amount of time previously meant that investigators did not need to worry about the pace of the interview. Now, if they go over that allotted time, they will need to explain why, and justify it.

Collecting all the necessary details to make a determination of a claim in 240 minutes of allowed interview time will be challenging in complex cases, so investigators will need to be better prepared in order to meet those strict requirements.

Should they need more time, the investigator will need to ask permission from insurers to extend the interview time and will need to record the agreement and the reasons behind it.

In another example, Part 15 of the new Code speaks to the claims investigation standards. In paragraph 73 it states, “If we appoint someone to investigate your claim, then within 5 business days, we will inform you of their appointment and what their role is”.

These are just a few of many requirements specified for investigation teams in the new Code.

What triggered the changes?

The changes come after the Insurance Council of Australia identified a number of failings in the investigation industry which have resulted in claimants being treated in an unfair manner. And little has been done to address this, despite many opportunities to do so in recent years.

Previously, the industry was self-regulated, which didn’t lead to the changes the industry needed. Neither did it bring any well-defined rules. It remains to be seen if existing investigation units will be capable of meeting the new requirements as insurers typically have thousands of investigations running at any given time.

The reforms are also designed to create more openness and transparency for the claimant, with clearly defined processes requiring strict compliance. Investigators not informing the claimant of the progress of their claim, or their obligations around the investigation, can lead to many people dropping out of a claim. If the process drags on indefinitely, many people just want it to end and will withdraw the claim.

Financial Crime Detection and Investigation – The Hub and Spoke Model

Financial Crime Detection and Investigation – The Hub and Spoke Model

Financial institutions, including both banks and insurers, have been facing rising levels of financial crime for a long time, particularly cyber crime. This is especially true during the pandemic. Alongside this we have a tightening regulatory framework around anti money laundering, know-your-customer requirements, and counter terrorism funding regulations, as well as more general regulatory changes including the new General Insurance Code of Practice and the new AFCA complaints and Internal Dispute Resolution requirements in Australia.

There is an increasing workload required of financial institutions to find, investigate, and report fraudulent activity, as well as an increasing variety of methods used by fraudsters, and greater risk of loss to the organisation. Added to this, the sheer volumes of data being produced in an increasingly measured and online world has been both a blessing and a curse depending on how it’s collated and used.

This has seen a growing number of solutions aimed at leveraging datasets to detect fraud, often with particular specialities – transactions, loan applications, insurance claims, and so on. This can lead to a very siloed approach in some institutions, particularly banks where the nature of their operations requires a greater variety of detection systems. It can also come about because teams have been created at different times for different reasons – e.g. an anti-fraud team was built to help customers and reduce losses, but an AML/KYC team might have come about due to regulatory change.

There are a couple of problems with this situation. One is fairly straightforward – expense. Running multiple teams for different reasons, especially with little mutual aid or communication, is very expensive. Each team may have duplicates of other teams’ cases, each team has its own management structure, its own paperwork, and so on.

The other, more important situation is co-ordination. Financial crimes are complex and evolving, and may touch on numerous aspects of your operations. In the above situation of siloed AML/KYC teams and fraud investigation teams, organised crime syndicates that may be picked up by AML/KYC have a risk of being involved in fraud rings. If your teams are not sharing information, you may miss a red flag like a contact number from a KYC case showing up on a potential fraud. Similarly, you may miss details from a transaction fraud case that appear on a loan application, or the account a claim is to be paid into may go to a bank account that’s been flagged for AML.

The curse of big data is the combination of the above two issues – if you fail to unify and analyse all your various sources of data, you will be snowed under, and with little useful insight to show for it.

As such, there has been an increasing focus on unified financial crime systems within financial institutions. An approach often discussed is the ‘hub and spoke’ model, where numerous data sources are collated in one central location for one team to look at, and potentially one analytics solution to run over the data. However, this may not work for some institutions for the reasons mentioned above – data sources are quite varied, and a transaction monitoring engine may not be suitable for application or insurance fraud, or vice versa. Additionally, the project costs required for replacing multiple existing solutions may be prohibitive.

So, what do all of these potential fraud cases have in common? Well, they need to be investigated. Whether it’s to triage and potentially report to regulators in the case of AML, to recover money from another financial institution in a card fraud case, or to prepare a brief for recovery via the courts, all of these cases require some level of investigation. For reasons we’ve outlined before, analytics engines alone will not provide a holistic fraud solution, not to mention the issues with operating across different data sets.

As such, the natural place to collate all of the insights various detection and analytics systems can provide, and without the project costs of replacing several existing systems, is to add an integrated investigation management system as the hub to which all of your intelligence and analytics spokes connect.

Modern integrations via tools such as APIs allow seamless transfer of flagged cases between detection or analytics systems and a case manager, meaning you can run a smaller team that works only in the case manager itself. Two way integration means that updates can be fed back to detection and analytics systems, improving their accuracy, as well as passing new information between systems via the hub.

APIs also make the integration process easier, making it possible for systems such as Polonious to integrate with multiple leading analytics and detection solutions with minimal fuss.

Bringing every red flag into the one system then allows you to lay other intelligence tools over the top, such as graphical link analysis, to provide even greater insight across your whole dataset.

Lastly, all of these red flags and potential investigations are brought into a system which is specifically designed for robust investigations which comply with all your regulatory requirements.

Financial and cyber criminals are becoming increasingly sophisticated. Running a bureaucratic and fractured anti-fraud and anti money laundering program simply will not keep up.

Financial crimes detection, investigation, and intelligence increasingly uses the hub and spoke model

Financial crimes detection, investigation, and intelligence increasingly uses the hub and spoke model

Powerful graphical link analysis meets comprehensive investigation management - Polonious and Maltego

Bring all your data into one place and identify connections and red flags you wouldn’t have found otherwise.

Book a Demo Now

Would you like to see how Polonious’ can help you centralise all your detection and intelligence data in one secure, rigorous investigation solution?

SIU Insights report 2021How do you compare to other SIUs?

Check out some interesting results from our SIU management survey. Submit below form to receive the download link and related updates going forward.

GICOP changes 2021Download the GICOP whitepaper and stay compliant.

Our whitepaper covers all aspects you need to know to stay compliant with the latest GICOP changes coming into effect in 2021. Submit below form to receive the download link and related updates going forward.