Banks often identify “human error” as the default cause of their compliance breaches, without establishing or acting on the root causes of the problems.
This is the finding of the Banking Code Compliance Committee in a new report, which calls on banks to make compliance with the Banking Code of Practice a core part of their strategy and culture.
Banks identified human error as the cause of code breaches in 93 per cent of cases in 2017/18 and in 91 per cent of cases in 2018/19.
“When a breach occurs for which human error is to blame, it is often the case that staff conduct or actions have been influenced or constrained by internal systems, processes, technology, training or organisational culture,” the BCCC said.
“The BCCC has concerns about banks’ organisational capability, particularly in relation to how they equip and enable staff to comply with the code.”
Based on research it commissioned from Deloitte, which included an industry survey, the BCCC recommended that banks work on their staff communication, upgrade their training, strengthen compliance frameworks and put good customer outcomes at the centre of all products, systems and processes.
“While staff must understand how to comply with the code and why it is important for customers, they must also be adequately supported by their organisation to do the right thing. To address human error breaches, banks should adopt a holistic approach.”
According to the Deloitte survey, awareness of the code and its requirements was high but this did not always translate into action.
Feedback indicated that training was “generic”, with limited tailoring to specific roles within an organisation. This standardised approach reduced employee engagement and made it hard to retain information.
Many employees said they find it difficult to identify customers who are experiencing vulnerability. Many said they need more support to provide care to customers in need.
Deloitte found that code requirements were not always well embedded in systems. For example, processes for cancelling direct debits can involve multiple touch points and sign-offs.
“Multiple steps in the process increase the possibility of errors and breaches occurring, as well as the time taken to respond to what customers perceive as a straightforward request.”
The BCCC said new product design usually includes checklists to manage change consistently and mitigate the risk of staff error, but legacy systems do not always include such mechanisms.
Culture around compliance remains an issue, with Deloitte finding that some staff are reluctant to raise problems or report breaches for fear of being reprimanded or given a poor performance score.
Survey participants reported that their key performance indicators may not encourage breach prevention or reporting. Productivity is still put ahead of good customer outcomes.