The Customer Owned Banking Code Compliance Committee (the Committee) released its Annual Compliance Report 2017-18. A copy of the report can be downloaded here.

The Committee welcomes an increase in self reporting of breaches of the Customer Owned Banking Code of Practice (the Code). However, many of those who subscribe to the Code still have work to do to achieve good practice and the Committee cautions against complacency. Central to that is building a framework that enables compliance with the Code, while embracing the opportunity to learn from complaints and Code breaches.

In its Annual Compliance Report, the Committee chairman, Dr Sue-Anne Wallace AM, urged executives who set the culture of a business to lead the way. A Code of Practice, she said, should “impose accountability and responsibility on the Boards and executives who determine the culture and operations of a business. It should bring transparency and accountability to the conduct of institutions. Training is critical, as is creating a culture of compliance, and whistle-blowing when necessary”.

The Annual Compliance Report reveals:

  • Self-reported breaches of the Code almost doubled to 2,004, most involving customer service (42%), privacy (22%) or legal requirements (11%). The increase was mainly due to one large institution self-reporting a significant number of breaches of the customer service standard. While it was encouraging that almost three-quarters of subscribers self-reported – reflecting a positive culture of reporting breaches – 18 reported no breaches at all. The Committee suggests that those reporting zero breaches should review their monitoring and reporting framework, including the root cause analysis of complaints.
  • This was the first time the Committee requested detailed information regarding the impact of Code breaches. Code subscribers identified that 68,032 customers were directly affected by breaches (where information was provided). The Committee notes that this data might be incomplete, as some institutions were not able to provide this information.
  • The number of customer complaints rose to 21,615 (from 18,662), with a third involving service issues. Deposit-taking products and payment systems featured significantly. 37% of complaints were resolved in favour of the customer, 25% by mutual agreement and 21% by general feedback.
  • The Committee was encouraged by the high percentage of complaints resolved within 21 days (88%) but urged subscribers who said they had received no or minimal complaints to review their complaints systems to ensure they are fully compliant with ASIC’s Regulatory Guide 165. This states that companies are not required to record a complaint or dispute if it is resolved by the end of the fifth business day to the customer’s complete satisfaction. The Committee, however, recommends that subscribers record all complaints and was pleased to note that 81% followed this advice.
  • The Committee held two own motion inquiries in 2017-18. The first examined direct debit obligations and found that only 52% of subscribers conducted a compliance review as recommended by the Committee. Online information emerged as a particular concern.
  • An own motion inquiry into privacy found that all subscriber institutions have an accessible privacy policy and all provide training, but the high level of Code breaches caused by human processing error shows that staff must be made more aware of privacy obligations. Institutions were advised to implement more training and a comprehensive review of processes.
  • The Committee also used the Annual Compliance Report to share examples of how institutions reported, monitored and remedied breaches with the aim of identifying and promoting good industry practice.

The Committee welcomes any feedback or comments to [email protected]