There’s nothing worse than sending a new website live.
The meetings, the testing, the technical difficulties – the sheer stress of the whole process. There’s always something that goes wrong, big and small.
When insurer Allianz sent its updated website live in mid-December 2015, everything looked to be going pretty nicely. The executive in charge sent an email on the evening of December 10, thanking his team and assuring everyone that the few bugs found were being sorted.
But a week later, a big problem became apparent. The website had gone live with key legal disclosures and qualifications missing or obscured, and included a string of misleading statements.
There were four misleading statements in relation to car insurance, four in relation to home insurance, three in relation to life insurance and one in relation to boat insurance. There were 120 errors in all, Allianz documents said.
In one good example, statements about car insurance said Allianz guaranteed its repairs. But the company’s witness, Michael Winter, general manager of retail, confirmed there was no such guarantee.
However, despite a number of executives raising concerns inside the business, the website wasn’t taken down immediately. Allianz didn’t revert to the old site either.
“It wasn’t considered appropriate at the time,” Winter told senior counsel assisting the royal commission, Rowena Orr, QC, adopting the subdued tone of a naughty school kid who would rather be anywhere else.
“I think we were going to deal with the issues that had been identified and rectify them.”
But Allianz certainly wasn’t in any hurry. Weeks went by, and then months, before the errors were fixed across March and April.
Orr then took Winter to a meeting that occurred on May 16, 2016, where an Allianz’s Australian risk committee – which included Winter – decided not to report the breach to the Australian Securities and Investment Commission.
Winter submitted a document in his witness statement that purported to be notes from that meeting. But they were not actually Winter’s notes, or notes from anyone at the meeting – Winter started out by saying that he expected the undated and unsigned document had been created by his legal team as a sort of compendium of the themes discussed at the meeting. But he later said he really couldn’t comment on the document’s origins.
To say Orr was furious at the representation of the document is putting it mildly.
Winter said Allianz felt the issue didn’t need to be reported to ASIC, as it had agreed – or more accurately, would later agree – to honour the incorrect representations in the website statements.
Orr wasn’t having that, though. She took Winter to the rules around reporting breaches, and demonstrated that Allianz should have at least had a mind to previous similar issues when it considered whether the breach was reportable.
But there was no such discussion at that fateful May meeting mentioned in Winter’s notes (or whatever they were) and he could not recall such a discussion.
Nor was there any mention of other key matters required to be considered around breach reporting, Orr argued.
“This was the wrong decision, wasn’t it Mr Winter, not to report this to ASIC,” Orr asked.
After a long pause, Winter replied: “Yes.”
Orr than revealed that Winter had decided not to proceed with an external legal review of the website, which would have cost $25,000 to $30,000. Instead, an internal lawyer dedicated two days a week to the task. The review took 10 months to complete.
Winter agreed that decision has ended up costing a lot more than $30,000.