Commonwealth Bank has handed itself an early Christmas present that could potentially shield it against expensive compensation claims from business customers who suffer financial losses during banking outages.
On 6 December the country’s largest bank quietly updated the terms and conditions for customers using its electronic banking platforms to include new clauses aimed at limiting its liability for losses incurred by customers when its systems malfunction or become unusable for protracted periods.
“You have the benefit of certain protections as a consumer under the Australian Consumer Law,” CBA tells customers in the revised electronic banking terms and conditions.
“Nothing in this document shall be taken to exclude liability which may not be excluded under the Australian Consumer Law.
“However, unless the relevant service is of a kind ordinarily provided for personal, domestic of (sic) household use and to the extent otherwise permitted under the Australian Consumer Law, in relation to any loss you have suffered:
i. our liability is limited to an obligation to provide the relevant service again or pay the cost of providing the relevant service again; and
ii. we have no liability for any indirect, special or consequential loss including loss of profits, actual or anticipated."
This is a controversial move by CBA that is bound to draw criticism from small business advocates, litigation lawyers and underwriters of business continuity insurance policies.
CBA’s decision to limit its liability stemming from outages appears to mark a strategic departure from the approach taken by other banks in recent years.
In 2018, National Australia Bank paid out A$7.4 million in compensation to more than 200,000 merchant customers after a six hour nationwide outage froze access to internet banking, ATMs and merchant terminals.
The incident resulted in retailers across the country being unable to transact with customers at point of sale and online.
Most of the $7.4 million paid to business customers was to cover for sales they had lost as a result of the outage.
The new CBA clause appears to preclude such compensation being paid to small businesses in similar circumstances.
CBA’s attempt to rein in its liability for the impact of outages on business customers is almost certain also to attract scrutiny from the Australian Competition and Consumer Commission, which has publicly earmarked unfair contract terms as a focus of its regulatory activities in 2024.
CBA’s revised liability clauses apply to personal and business customers of the bank because the electronic banking terms and conditions have general application across the company’s customer segments.
The ACCC is cracking down on unfair contract terms after a stiffer penalties regime came into force in November.
Under the new laws, companies found to have included unfair terms in their standard contracts with customers face penalties of up to $50 million for each contravention.
While CBA prefaced its new liability-limiting clauses with a statement that they were not intended to overcome protections embedded in Australian consumer laws, it remains an open question as to whether they might be deemed unfair terms.
An information memo circulated this week by law firm Gilbert and Tobin’s competition and regulation practice, warns clients that standard contract terms might be judged “unfair” if they cause a significant imbalance in the rights and obligations of service providers and customers.
Contract terms might also be found to be unfair if they are likely to cause detriment to a party to the contract or are not reasonably necessary to protect the interests of the service provider.
“Unfair contract terms in consumer and small business contracts are a compliance and enforcement priority for the ACCC for 2023-24, and with the changes now in place, we can expect to see the ACCC start taking enforcement action against offenders very soon,” Gilbert and Tobin warned clients in the memo.
“Some even say we may see an action before the end of this year.”
In September, the ACCC’s deputy chair Mick Keogh urged companies to avoid inserting broad terms and conditions in standard contracts.
Banking Day on Wednesday sought comment from CBA about the specific types of customer loss scenarios that would be covered by the new liability-limiting clauses.
A CBA spokesperson said the bank would respond to questions about the impact on customers of the new clauses, but was unable to provide any official comment before Banking Day went into production on Wednesday evening.
CBA HAS A POOR OUTAGE RECORD
CBA has one of the worst outage frequency records in the Australian banking sector.
An analysis of official outage data by Sydney-based data company Qi Insights shows that CBA racked up 132 hours of outage time in the two years to the end of September.
“In just over two years of reporting, ANZ (133 hours) and CBA (132 hours) have the worst records in total outage volume,” said Qi Insights managing director, Peter Drennan.
“Those numbers are significantly above NAB, which is the best performer of the major banks, at 46 hours.”
Drennan said that CBA’s online banking service was the platform most prone to reporting outages.
The online banking platform has suffered outages in every quarterly reporting period since September 2021.
University of NSW law academic Dr Anton Didenko said banks have been trying to rebalance the legal basis of their relationships with customers for many decades.
"Banks have historically sought to sway the balance of the banker-customer relationship in their favour, such as by seeking court recognition of additional customer duties," Didenko said.
"These attempts were not always successful, but courts have generally recognised the freedom of contract, occasionally suggesting that if the express contractual terms end up being too burdensome a banker would soon lose a number of customers."
Didenko said attempts by banks to curtail their liability could expedite efforts to extend the jurisdiction of the ePayments Code of Practice – overseen by ASIC - to include business customers.
ASIC has been agitating since 2022 for banks to voluntarily widen the coverage of the code to include small business customers and has raised the prospect of mandating such a reform if they are unwilling to do so.
“It seems plausible then, that if by the time the code becomes mandatory banks go too far in their attempts to shield themselves from liability, we may see a stronger case for extending the code to small businesses and using it as a regulatory tool to push back on practices the regulators may deem excessive,” Didenko said.