The Banking Code Compliance Committee has commended banks for a “great result” last year, when reports of compliance breaches fell sharply. However, it is concerned that the part of the code with the highest number of breaches is the chapter covering confidentiality. “In a time of increasing concern about privacy and personal data, this is something that banks need to take seriously,” BCCC chair Ian Govey said. The BCCC also called on banks to pay more attention to their systems and not fall back on the common excuse that breaches are the result of human error. Banks reported 15,098 breaches of the Banking Code of Practice during the six months to June last year– a 38 per cent fall from the previous six months. Breaches impacted a total of 5.2 million customers and the financial impact was A$72.5 million. In the previous period, 13.5 million customers were affected and the financial impact was $69.4 million. One breach from a major bank affected more than 2500 customers and had a $12.3 million financial impact. Common confidentiality breaches included uploading information that identified a customer to a third-party website, sending customer account numbers to an unauthorised external party and sending replacement cards to the wrong address. “Breaches of this nature are avoidable and banks must improve their systems and processes to minimise them,” the BCCC said. Other common breaches included applying the incorrect rate to products, incorrect discounts being applied to home loan accounts, incorrect charging of discharge fees, charging fees on no-fee accounts and sending marketing material to customers who have opted out of marketing communication. There were also reports of inadequate checks when assessing credit affordability, failure to provide sufficient notice of decisions not to extend business loans, failure to provide guarantee documents to a guarantor and issuing default notices to customers with financial hardship. Close to half (42 per cent) of breaches were identified through customer complaints, while 32 per cent were identified through monitoring programs and 19 per cent were self-identified. The BCCC said the proportion of breaches identified through customer complaints doubled during the reporting period. It said this may be a result of changes to ASIC’s regulatory guide to internal dispute resolution (RG 271), which broadened the definition of a complaint. Staff training was the corrective action taken in 71 per cent of cases, process improvement in 10 per cent of cases and ongoing investigation in 7 per cent of cases. The BCCC said: “While it is important to address staff performance by investing in training and improvements, banks should review breaches to see if system or process issues are also involved.”