The regulation of insurance intermediaries in the Australian financial services market

The insurance industry discharges a critical role in the Australian economy and is a significant part of the Australian financial services market. The industry relies upon intermediaries, the principal types being brokers and agents, to promote, arrange and distribute their products and services in the market. The pivotal role that they play in this context and sensitivities associated with the consumer oriented products, such as house and contents insurance, has ensured close regulatory attention. Of particular importance was the passage of the Insurance (Agents and Brokers) Act 1984 (Cth), a comprehensive attempt to address the responsibilities of intermediaries as well as particular problem areas associated with the handling of money. However, with the introduction of financial services and market reform early in the new millennium this insurance intermediary specific regulatory approach was abandoned in favour of a market-wide strategy; that is, market reform was based upon across-the-board licensing, disclosure, conduct and fairness standards, and all financial products and services are now regulated at a generic level under Ch 7 of the Corporations Act 2001 (Cth). This article briefly explores the categories of insurance intermediaries and the relevant distinctions between them but focuses mainly upon the regulatory context in which they operate. This context transcends a strictly legal framework as the regulatory body, the Australian Securities and Investments Commission (ASIC), has sought to inform and guide the market through Policy Statements and Regulatory Guides. The usefulness of these guides as an adjunct to the legislation in explaining the scope and operation of regulatory framework is examined. In addition, the article looks at the self-regulatory and dispute resolution practices in this area and their impact. In conclusion an assessment of this across-the-board regulatory regime is advanced.

Enhancing security and continuity management at international airports

Operators of busy contemporary airports have to balance tensions between the timely flow of passengers, flight operations, the conduct of commercial business activities and the effective application of security processes. In addition to specific onsite issues airport operators liaise with a range of organisations which set and enforce aviation-related policies and regulations as well as border security agencies responsible for customs, quarantine and immigration, in addition to first response security services. The challenging demands of coordinating and planning in such complex socio-technical contexts place considerable pressure on airport management to facilitate coordination of what are often conflicting goals and expectations among groups that have standing in respect to safe and secure air travel. What are, as yet, significantly unexplored issues in large airports are options for the optimal coordination of efforts from the range of public and private sector participants active in airport security and crisis management. A further aspect of this issue is how airport management systems operate when there is a transition from business-as-usual into an emergency/crisis situation and then, on recovery, back to ‘normal’ functioning. Business Continuity Planning (BCP), incorporating sub-plans for emergency response, continuation of output and recovery of degraded operating capacity, would fit such a context. The implementation of BCP practices in such a significant high security setting offers considerable potential benefit yet entails considerable challenges. This paper presents early results of a 4 year nationally funded industry-based research project examining the merger of Business Continuity Planning and Transport Security Planning as a means of generating capability for improved security and reliability and, ultimately, enhanced resilience in major airports. The project is part of a larger research program on the Design of Secure Airports that includes most of the gazetted ‘first response’ international airports in Australia, key Aviation industry groups and all aviation-related border and security regulators as collaborative partners. The paper examines a number of initial themes in the research, including: ? Approaches to integrating Business Continuity & Aviation Security Planning within airport operations; ? Assessment of gaps in management protocols and operational capacities for identifying and responding to crises within and across critical aviation infrastructure; ? Identification of convergent and divergent approaches to crisis management used across Austral-Asia and their alignment to planned and possible infrastructure evolution.

Immediate indefeasibility : is it under threat?

Immediate indefeasibility has been adopted in Australia for close to 40 years. Recently however, and against the backdrop of economic fragility and global deregulation, there has been a polite questioning of its place. In Australia, some may argue that case law developments and legislative reform have placed indefeasibility under the microscope — in New Zealand, a similar telescoping by the respected views of their Law Commission. This note examines these reforms. It concludes that these reforms do not place immediate indefeasibility under threat. Rather, they modify and adapt the doctrine to fit within the context of contemporary financial instruments. Nevertheless, changes have so far been piecemeal, and its time for a consistent and logical examination of this issue to occur on the national, rather than the stage of each state.

A hierarchical security assessment model for object-oriented programs

We present a hierarchical model for assessing an object-oriented program's security. Security is quantified using structural properties of the program code to identify the ways in which `classified' data values may be transferred between objects. The model begins with a set of low-level security metrics based on traditional design characteristics of object-oriented classes, such as data encapsulation, cohesion and coupling. These metrics are then used to characterise higher-level properties concerning the overall readability and writability of classified data throughout the program. In turn, these metrics are then mapped to well-known security design principles such as `assigning the least privilege' and `reducing the size of the attack surface'. Finally, the entire program's security is summarised as a single security index value. These metrics allow different versions of the same program, or different programs intended to perform the same task, to be compared for their relative security at a number of different abstraction levels. The model is validated via an experiment involving five open source Java programs, using a static analysis tool we have developed to automatically extract the security metrics from compiled Java bytecode.

Information security management : a case study of an information security culture

This thesis argues that in order to establish a sound information security culture it is necessary to look at organisation's information security systems in a socio- technical context. The motivation for this research stems from the continuing concern of ineffective information security in organisations, leading to potentially significant monetary losses. It is important to address both technical and non- technical aspects when dealing with information security management. Culture has been identified as an underlying determinant of individuals' behaviour and this extends to information security culture, particularly in developing countries. This research investigates information security culture in the Saudi Arabia context. The theoretical foundation for the study is based on organisational and national culture theories. A conceptual framework for this study was constructed based on Peterson and Smith's (1997) model of national culture. This framework guides the study of national, organisational and technological values and their relationships to the development of information security culture. Further, the study seeks to better understand how these values might affect the development and deployment of an organisation's information security culture. Drawing on evidence from three exploratory case studies, an emergent conceptual framework was developed from the traditional human behaviour and the social environment perspectives used in social work, This framework contributes to in- formation security management by identifying behaviours related to four modes of information security practice. These modes provide a sound basis that can be used to evaluate individual organisational members' behaviour and the adequacy of ex- isting security measures. The results confirm the plausibility of the four modes of practice. Furthermore, a final framework was developed by integrating the four modes framework into the research framework. The outcomes of the three case stud- ies demonstrate that some of the national, organisational and technological values have clear impacts on the development and deployment of organisations' informa- tion security culture. This research, by providing an understanding the in uence of national, organi- sational and technological values on individuals' information security behaviour, contributes to building a theory of information security culture development within an organisational context. The research reports on the development of an inte- grated information security culture model that highlights recommendations for developing an information security culture. The research framework, introduced by this research, is put forward as a robust starting point for further related work in this area.

Security analysis and enhancement of one-way hash based low-cost authentication protocol (OHLCAP)

Choi et al. recently proposed an efficient RFID authentication protocol for a ubiquitous computing environment, OHLCAP(One-Way Hash based Low-Cost Authentication Protocol). However, this paper reveals that the protocol has several security weaknesses : 1) traceability based on the leakage of counter information, 2) vulnerability to an impersonation attack by maliciously updating a random number, and 3) traceability based on a physically-attacked tag. Finally, a security enhanced group-based authentication protocol is presented.

Evaluation of financial incentives as a quality improvement strategy in the public hospital context : clinician attitudes, design variables, and economic costs

In 2008, a three-year pilot ‘pay for performance’ (P4P) program, known as ‘Clinical Practice Improvement Payment’ (CPIP) was introduced into Queensland Health (QHealth). QHealth is a large public health sector provider of acute, community, and public health services in Queensland, Australia. The organisation has recently embarked on a significant reform agenda including a review of existing funding arrangements (Duckett et al., 2008). Partly in response to this reform agenda, a casemix funding model has been implemented to reconnect health care funding with outcomes. CPIP was conceptualised as a performance-based scheme that rewarded quality with financial incentives. This is the first time such a scheme has been implemented into the public health sector in Australia with a focus on rewarding quality, and it is unique in that it has a large state-wide focus and includes 15 Districts. CPIP initially targeted five acute and community clinical areas including Mental Health, Discharge Medication, Emergency Department, Chronic Obstructive Pulmonary Disease, and Stroke. The CPIP scheme was designed around key concepts including the identification of clinical indicators that met the set criteria of: high disease burden, a well defined single diagnostic group or intervention, significant variations in clinical outcomes and/or practices, a good evidence, and clinician control and support (Ward, Daniels, Walker & Duckett, 2007). This evaluative research targeted Phase One of implementation of the CPIP scheme from January 2008 to March 2009. A formative evaluation utilising a mixed methodology and complementarity analysis was undertaken. The research involved three research questions and aimed to determine the knowledge, understanding, and attitudes of clinicians; identify improvements to the design, administration, and monitoring of CPIP; and determine the financial and economic costs of the scheme. Three key studies were undertaken to ascertain responses to the key research questions. Firstly, a survey of clinicians was undertaken to examine levels of knowledge and understanding and their attitudes to the scheme. Secondly, the study sought to apply Statistical Process Control (SPC) to the process indicators to assess if this enhanced the scheme and a third study examined a simple economic cost analysis. The CPIP Survey of clinicians elicited 192 clinician respondents. Over 70% of these respondents were supportive of the continuation of the CPIP scheme. This finding was also supported by the results of a quantitative altitude survey that identified positive attitudes in 6 of the 7 domains-including impact, awareness and understanding and clinical relevance, all being scored positive across the combined respondent group. SPC as a trending tool may play an important role in the early identification of indicator weakness for the CPIP scheme. This evaluative research study supports a previously identified need in the literature for a phased introduction of Pay for Performance (P4P) type programs. It further highlights the value of undertaking a formal risk assessment of clinician, management, and systemic levels of literacy and competency with measurement and monitoring of quality prior to a phased implementation. This phasing can then be guided by a P4P Design Variable Matrix which provides a selection of program design options such as indicator target and payment mechanisms. It became evident that a clear process is required to standardise how clinical indicators evolve over time and direct movement towards more rigorous ‘pay for performance’ targets and the development of an optimal funding model. Use of this matrix will enable the scheme to mature and build the literacy and competency of clinicians and the organisation as implementation progresses. Furthermore, the research identified that CPIP created a spotlight on clinical indicators and incentive payments of over five million from a potential ten million was secured across the five clinical areas in the first 15 months of the scheme. This indicates that quality was rewarded in the new QHealth funding model, and despite issues being identified with the payment mechanism, funding was distributed. The economic model used identified a relative low cost of reporting (under $8,000) as opposed to funds secured of over $300,000 for mental health as an example. Movement to a full cost effectiveness study of CPIP is supported. Overall the introduction of the CPIP scheme into QHealth has been a positive and effective strategy for engaging clinicians in quality and has been the catalyst for the identification and monitoring of valuable clinical process indicators. This research has highlighted that clinicians are supportive of the scheme in general; however, there are some significant risks that include the functioning of the CPIP payment mechanism. Given clinician support for the use of a pay–for-performance methodology in QHealth, the CPIP scheme has the potential to be a powerful addition to a multi-faceted suite of quality improvement initiatives within QHealth.

Framework for assessing financial literacy and superannuation investment choice decisions

There is a worldwide trend towards rapidly growing defined contribution pension funds in terms of assets and membership, and the choices available to individuals. This has shifted the decisionmaking responsibility to fund members for managing the investment of their retirement savings. This change has given rise to a phenomenon where most superannuation fund members are responsible for either actively choosing or passively relying on their funds’ default investment options. Prior research identifies that deficiencies in financial literacy is one of the causes of inertia in financial decision-making and findings from international and Australian studies show that financial illiteracy is wide-spread. Given the potential significant economic and social consequences of poor financial decision-making in superannuation matters, this paper proposes a framework by which the various demographic, social and contextual factors that influence fund members’ financial literacy and its association with investment choice decisions are explored. Enhanced theoretical and empirical understanding of the factors that are associated with active/passive investment choice decisions would enable development of well-targeted financial education programs.

Financial literacy and pension investment decisions

The call for enhanced financial literacy amongst consumers is a global phenomenon, driven by the growing complexity of financial markets and products, and government concerns about the affordability of supporting an ageing population. Worldwide, defined benefit pensions are giving way to the risk and uncertainty of defined contribution superannuation/pension funds where fund members now make choices and decisions that were once made on their behalf. An important prerequisite for informed financial decision-making is adequate financial knowledge and skills to make competent investment decisions. This paper reports the findings of an online survey of the members of a large Australian public sector-based superannuation fund and shows that although respondents generally understand basic financial matters, on average, their understanding of investments concepts, such as the relationship between risk and returns, is inadequate. These results highlight the need for education programs focusing specifically on developing fund members’ investment knowledge and skills to facilitate informed retirement savings decisions.

Stages of knowledge management systems in policing financial crime

A stage model for knowledge management systems in policing financial crime is developed in this paper. Stages of growth models enable identification of organizational maturity and direction. Information technology to support knowledge work of police officers is improving. For example, new information systems supporting police investigations are evolving. Police investigation is an information-rich and knowledge-intensive practice. Its success depends on turning information into evidence. This paper presents an organizing framework for knowledge management systems in policing financial crime. Future case studies will empirically have to illustrate and validate the stage hypothesis developed in this paper.