Some customers owned banking institutions do not have robust breach reporting frameworks and are not meeting their Customer Owned Banking Code commitments. The Customer Owned Banking Code Compliance Committee has released its 2020/21 annual data report, highlighting the need for some of the smaller code subscribers to commit more resources to breach monitoring and reporting.
Overall, there were 2248 self-reported code breaches in 2020/21, down from 2537 the previous year. However, 42 of the 57 code subscribers reported breaches – up from 41 the previous year. Of the 15 subscribers that reported nil breaches, the committee said one expressed uncertainty about breach identification methods, another reviewed its data only once a year and a third reported that a possible reason for reporting nil breaches was a lack of awareness by staff of how to define and assess code breaches and complaints. The committee said: “It can be challenging for smaller institutions with limited resources to develop a robust breach monitoring framework, especially considering the need to keep up to date with frequently changing legal obligations. “But these banks have signed up to the code and made a commitment to their customers that they will meet the standards set out in it, and so we expect all code subscribers to take steps to ensure compliance.” It recommended that subscribers reporting few or no breaches take steps to improve their breach monitoring and reporting by ensuring all staff are trained in code provisions, implementing a range of breach identification methods, reviewing processes regularly and establishing accountability at senior levels. Privacy and customer service were the two main areas of non-compliance. Privacy and security accounted for around 34 per cent of breaches and customer services accounted for 18 per cent. Breaches of legal standards, responsible lending obligations and product information requirements all increased in 2020/21.