The Context
On 30 January 2026, the Financial Markets Authority issued a public warning to Aioi Nissay Dowa Insurance. The trigger was a nine-year failure of manual processes. These processes were designed to identify customers eligible for multi-policy discounts. They did not work. The result: 5,055 customers were overcharged. The total sum was $700,000. The breach was of Part 2 of the Financial Markets Conduct Act. The FMA’s diagnosis was binary: “either poor controls or ineffective systems.” The company self-reported within 72 hours of discovery. This action mitigated the penalty. Comparable failures at AA Insurance, Tower, and IAG have drawn fines of $6.2 million, $7 million, and $19.5 million respectively. The warning is the ledger entry. The systemic failure is the asset being depreciated.
The Risk
The FMA found no deliberate misconduct. This does not absolve the board. The risk is not in the single transaction. It is in the aggregate. A failure persisting for 3,285 days indicates a governance gap in financial controls. Directors may be liable if such a gap is deemed a failure of their duty of care under the Companies Act 1993. The $700,000 is merely the principal. The real liability is reputational and regulatory. The FMA’s public warning is a marker. It establishes a pattern of conduct. Future breaches may be viewed as reckless, not merely negligent. This could trigger personal liability under the Financial Markets Conduct Act for allowing a business to operate in a manner likely to deceive. The audit trail leads directly to the boardroom table.
The Control
The strategic solution is a forensic audit of all customer-facing financial algorithms and manual override processes. Map every discount, rebate, and promotional offer to its system trigger and control point. Then, implement continuous transaction monitoring with automated exception reporting. Treat customer overcharges as a critical financial control failure, not an IT glitch. The cost of this control is a fraction of the potential fine and reputational capital at stake.
The Challenge
These are the critical questions you should be raising at the board table:
| What is the total financial exposure from all other manual processes or legacy system rules that have not been audited since implementation? | |
| Precisely which board committee (Audit, Risk) owns the dashboard that tracks the volume and value of customer refunds as a key control metric? | |
| Show me the mathematical model that proves our current control environment would detect a similar $700,000 leakage within one quarter, not nine years. |