The Customer Owned Banking Code Compliance Committee has raised concerns about privacy breaches and the sale of consumer credit insurance in its 2019/20 annual report.
COBCCC said privacy, followed by customer service, has been the top category of self-reported code breaches over the past three years, with each category making up about one-third of breaches.
The committee conduct an inquiry on how its subscribers are handling privacy and came up with a number of recommendations. It said subscribers could improve their practice by ensuring that documents are destroyed or de-identified when no longer required, and by developing policies that detail the steps required to disclose information to overseas recipients.
The committee also conducted an inquiry into the sale of consumer credit insurance. It found that subscribers were not reviewing their products annually, as recommended by COBA.
Only two subscribers specified that their reviews considered their products’ usefulness, reliability or value for customers, as required under the Code.
The number of code breaches reported by COBCCC’s 60 subscribers increased by almost 25 per cent to 2537 in 2019/20, compared with the previous year.
However, the proportion of subscribers reporting breaches fell from 85 per cent in 2018/19 to 73 per cent in the year to June.
Around 821,000 customers were directly financially affected by breaches, with 124,000 customers receiving the wrong payments on deposits because of a programming error, and 120,000 customers having their privacy breached after a third-party data host was attacked.Complaint numbers were similar to previous years, at 27,041.
Deposit taking products and service levels continue to be the major areas of concern.
Deposit-taking products accounted for 39 per cent of self-reported complaints and complaints relating to payments made up 27 per cent of all self-reported complaints. Credit products were the subject of 17 per cent of complaints.
The committee started seven new code breach investigations and continued to investigate two existing breach allegations that remained open at June 30.
Three of the cases involved responsible lending, three involved services issues, such as delays in providing service. Five involved the same subscriber.