Banks’ code compliance under fire

John Kavanagh

The Banking Code Compliance Committee has criticised banks for not doing enough to prevent breaches of the Banking Code of Practice.

According to the BCCC’s latest report, banks reported 40,000 breaches of the Banking Code of Practice in the 2019/20 financial year – an increase of 160 per cent over the previous year.

One of the big banks (not named by the BCCC) reported 16,958 breaches – more than one-third of the total.

Over the six months to June 2020, reported breaches affected more than 3.5 million customers, with a total financial impact of more than A$123 million.

The BCCC said banks have claimed that the increase is a result of greater awareness and improved monitoring of code compliance.

However, BCCC chair Ian Govey said the committee expects banks to do more to prevent breaches, especially in areas where they typically report large breach numbers.

The most common breaches were in relation to privacy and confidentiality, responsible lending, debt recovery, assisting with financial difficulty and staff training to understand the code.

Govey said: “There will come a time when the BCCC and the broader community will expect banks to have gained sufficient insight from this breach data to prevent compliance incident from happening in the first place.

“In some areas, such as privacy and confidentiality, large numbers of breaches have been reported for many years and the BCCC will expect to see a significant decrease in the number of reported breaches.”

A small proportion of the increase was due to additional obligations under a revised code that took effect in 2019. In addition, there were six new subscribers.

Banks also reported that COVID-19 had an impact on their breach numbers. Some said increased workload and resourcing issues caused breaches. Others said staff working from home caused an increase in privacy breaches.

Banks reported that 70 per cent of the breaches were caused by human error alone.

However, the BCCC reported earlier this year that banks often use human error as the default cause of their compliance breaches, without establishing or acting on the root causes of the problems.

The most common way of responding to breaches is to provide staff feedback and training. The BCCC would like to see more focus on building more robust systems.