90 incidents on record · 2026 Headlights Incident reports by Ellie Harris · Melbourne
10 new this week Library last updated 13 July 2026
← The incident library
HD-INC-078
Financial services · Australia · 2023 · Automated-decision harm

An insurer promised loyalty discounts while a pricing algorithm capped them, and the Federal Court imposed what was then a record $40 million penalty

By Ellie Harris · Filed Discount-capping 'cupping' mechanism in use March 2014 to September 2019

Alleged: Insurance Australia Limited (IAG); NRMA Insurance brand developed or deployed the AI system implicated in this incident. Details are drawn from public reports; parties are presumed innocent of any wrongdoing not established by an official finding.

An insurer promised loyalty discounts while a pricing algorithm capped them, and the Federal Court imposed what was then a record $40 million penalty

What happened

It was reported that in June 2023 Australia’s Federal Court penalised Insurance Australia Limited, the IAG subsidiary behind NRMA Insurance, $40 million over what ASIC said was a pricing algorithm that undercut the discounts the company was promising. Between March 2014 and September 2019, renewal notices for NRMA motor, home, boat and caravan policies told customers they were receiving loyalty and no-claims discounts. Behind the notice, a mechanism the company called ‘cupping’ put a floor under the price, capping how far a renewal could fall: it applied those promised discounts to an inflated base premium, so that a customer’s renewal price never fell more than a set percentage below the previous year’s price, whatever the promises on the page added up to. ASIC, which brought the case, said more than 600,000 customers received false or misleading representations; in the penalty period alone, which ran from October 2015, affected customers missed over $35 million in discounts, out of roughly $60 million across the full 2014 to 2019 period. IAL admitted the contraventions, and IAG said publicly that the failure was unacceptable and that it had apologised.

On intent, the judgment records that IAL intentionally designed, approved and implemented the mechanism, and that one consideration in approving it was the profit the company would lose without it. The conduct was not isolated. ASIC’s industry review of insurance pricing failures reported insurers repaying $815 million to more than 5.6 million consumers, with IAG-brand remediation reported at $447 million across more than 4.2 million policies. At the time of the IAL judgment the $40 million was the largest penalty a court had imposed on an Australian insurer for consumer protection breaches.

What an auditable version would have shown

The renewal notices carried discount representations, and the pricing engine computed the prices customers actually paid, and for years no record reconciled the two. An auditable version binds them together: a signed record per renewal capturing the discounts represented to the customer, the price the algorithm produced, and the arithmetic between them. Computed across the book, that is a single recurring number, the gap between promised and delivered discounts, that a board, an auditor or a regulator can read. A gap of $35 million across 600,000 customers should surface as a measurable governance signal in the first reporting period, attached to the mechanism causing it, rather than remain hidden inside millions of individual pricing decisions.

Where the gap was

The gap here was not a malfunction in the code but an absence in what was recorded about it. A MetricRecord computes signed aggregates over pricing decisions, promised discount versus delivered discount by product and cohort, turning a buried design choice into a standing number someone must own. A ConductRecord preserves each renewal’s inputs and outputs, including which pricing adjustments fired, so that when a regulator asks why a loyal customer’s price did not fall, the answer comes from the record rather than from a multi-year investigation into what the engine was doing.

What governance should have looked like

A pricing algorithm that interacts with marketing promises should be governed as a single system with them, because the customer experiences them as one thing: the price. That means the promise is a constraint the pricing engine is tested against before deployment and measured against in production, with the variance reported, signed, and reviewed. The court’s finding that profit protection was a consideration in approving the mechanism is the reason self-attestation is not enough: the record layer has to be designed to surface commercially uncomfortable numbers from the company’s own systems, rather than leaving them for a regulator to compute years later.

Failure Pattern: an algorithm applied promised discounts to an inflated base so they were not delivered in full, and no record confronted the promise with the delivered price.

Governance Principle: every promise made to a customer is a constraint the pricing system must be tested against before deployment and measured against in production, with the variance recorded and owned.

The reference implementation of MetricRecord and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. The repository is public now.

Sources

The mailing list

Fresh incident reports every week. One email to match.

We add new incidents to the library regularly, and send a single short email each week with what's new. The library stays free and open; this is just how you keep up with it.

No tracking. Unsubscribe in one click.

The record

An auditable system would have produced a signed, tamper-evident record the moment this happened: what the system did, the version that did it, the basis it acted on, and the action taken, and Insurance Australia Limited (IAG); NRMA Insurance brand could have produced it on demand.

This is the record the system as deployed did not produce in a signed, auditable form.

What this teaches
Capture what happened when it happens
What the system did, the version that did it, the basis it acted on, and the action taken, recorded at the moment, not reconstructed after.
Sign it, so no one has to trust the record-keeper
A tamper-evident entry. Edit it later and the signature breaks. The record does not ask for the benefit of the doubt.
Make it verifiable by anyone
A court, a regulator, a customer's lawyer can check the record themselves, without taking the company, or us, at our word.

Headlights summarises publicly reported AI incidents. All summaries are independently written, attributed to their original sources, and intended for research and educational purposes. Allegations are identified as such until established through official findings.

Last reviewed June 2026. This report is based on the sources listed above and reflects information available at the time of review; later developments may not be captured. Where a person is described as charged with or alleged to have done something, that allegation is unproven unless a conviction or a court or regulatory finding is stated. Headlights publishes journalism and commentary, not legal advice.

Want to write back?

Direct to my inbox.

ellie@useheadlights.com →