Customer Owned Banking Code Compliance Committee Privacy Statement

Customer Owned Banking Code Compliance Committee (COBCCC) Privacy Statement

Download a copy of our Privacy Statement here.

‘COBCCC, ‘we’, ‘us’ or ‘our’ refers to the Customer Owned Banking Code Compliance Committee (COBCCC), its members and the Secretariat.

About the COBCCC

The COBCCC is an independent compliance monitoring body established under part C section 174 of the Customer Owned Banking Code of Practice (Code) and clause 1 of the Customer Owned Banking Code Compliance Committee Charter (Charter).

The Code establishes an industry code of practice for Australia’s credit unions, mutual banks and mutual building societies and reflects the value customer owned banks place on improving the financial wellbeing of their customers and communities

Further the Code sets standards for practice that are sometimes higher than that required by the law, in certain areas, and covers issues not necessarily addressed by the law. In adopting the Code, all Code subscribers agree to abide by the higher standards set out in the Code.

Under the Code, the COBCCC has been tasked with the responsibility of establishing a transparent and independent governance framework to ensure Code compliance is effectively monitored and enforced and it has the following functions and responsibilities:

  • to receive Compliance Reports, and monitor and report on Code Subscribers’ adherence to minimum reporting standards;
  • to investigate complaints and allegations that a customer owned banking subscriber has breached its obligations under the Code;
  • to conduct own motion Inquiries into compliance with aspects of the Code;
  • to make determinations in relation to complaints, which the Committee has investigated, and Inquiries which the Committee has conducted and at its discretion impose sanctions;
  • to engage with stakeholders in relation to Code compliance and influence positive changes in industry, by:
    • empowering consumers to access their rights under the Code
    • supporting Code Subscribers to comply with the Code, and
    • providing Code training.
  •  to provide advice to the Customer Owned Banking Association (COBA) on:
    • training and other activities;
    • amendments to the Code or Charter;
    • financial matters associated with the activities, of the COBCCC;
  • to publish information on the activities of the COBCCC and to promote its work;
  • to publish an annual report on the activities of the COBCCC.

We publish and share information about our compliance and monitoring activities and provide information to government, regulators, consumers, small business and the community.

So that we can carry out our function and perform our activities we work with a carefully selected group of third parties that include the Australian Financial Complaints Authority (AFCA), COBA, Code subscribers and parties to COBCCC investigations, technology and data companies.

Our work with them often involves sharing personal information and this Statement sets out how and when we share that information.

Our Commitment

We are bound to comply with the Privacy and Confidentiality obligations that are set out under the Code and the Charter as they apply to information provided to it by Code Subscribers and parties to the Committee’s investigations. We choose to abide by the Privacy Act 1988 (including the Australian Privacy Principles, and Mandatory Data Breach Notification) which sets out the principles for the appropriate and secure handling of all personal information that we collect, use, disclose and store.

We are committed to handling all personal information carefully, responsibly and securely ensuring that we manage personal information in an open and transparent way.

The Committee will also comply with its obligations related to Privacy and Confidentiality under the 2022 Customer Owned Banking Code of Practice and the Committee’s Charter.

Notification of our Privacy Statement.

When we collect personal information about an individual, we will, notify the individual of our privacy statement by:

  • Publishing the privacy statement on the COBCCC website; and
  • Providing a copy of the Privacy Statement on request.

Personal Information (PI)

PI is defined as “information or an opinion, whether true or not, in a material form or not, about an identified individual or an individual who is reasonably identifiable.  Common examples include; name, address, email address, date of birth, tax file number, or bank account details.

The personal information, we collect and hold

Most of the personal information we collect will be collected directly from the individual and may include their full name, address, telephone numbers, email, date of birth and gender.

We will usually collect personal information directly from the individual, by email, via an online form published on the COBCCC’s website, by written correspondence, from a telephone conversation or by facsimile transmission.

We may also collect personal information about the individual that is publicly available – for example, on social media or available from public registers e.g. Australian Securities and Investments Commission (ASIC), Australian Business Register (ABR). We will only collect this information if it is impractical to collect it directly from the individual, or when we’re permitted to do so.

Sensitive information

Individuals or their representatives may provide us with sensitive personal information which may include health or medical information about an individual, where the information is reasonably necessary for us to undertake one or more of our functions or activities.

We ensure that individuals have always provided explicit consent to the collection and distribution of their sensitive information.


We will always seek the consent of an individual before disclosing any personal information. Any consent that we require from an individual to enable us to carry out our functions or activities, and collect, use or share, personal or sensitive information of the individual; will be recorded in AFCA‘s case management system.

When we get information, we didn’t ask for

Sometimes we may receive personal information that we haven’t asked for. If we think this information is needed, we will keep it securely; otherwise, we will take reasonable steps to destroy or de-identify it as soon as practicable.

Anonymity and pseudonymity

When dealing with us, individuals may choose not to identify themselves or want to use a pseudonym. This may prevent us from being able to carry out some or all of the functions for which personal information is required, including investigating an allegation, or where certain personal information has not been provided.

Individuals who contact us by telephone are not always required to disclose their identity.

How we use personal information

We may use personal information for the functions and activities that are concerned with:

  • investigating and determining allegations from any person that a Code subscribing customer owned banking institution has breached the Code
  • monitoring institutions’ compliance with the Code, including initiating its own Inquiries into institutions’ compliance with the Code, and
  • monitoring aspects of the Code referred to the Committee by COBA.
  • complying with legal and regulatory obligations, and if otherwise permitted or required by law, or
  • for any another purpose and only with the individuals informed consent, unless it has been withdrawn.

How we share personal information

We only share personal information as described above with third parties for the agreed purpose.

We may also share personal information with third parties if permitted or required by law. Sharing personal information with a third party for any other purpose will only be done with the prior consent of the individual in the manner set out above.

Outside Australia

The personal information of our employees, systems and most of the third parties we share information with are located in Australia, but some of this personal information might be stored in “cloud” solutions or otherwise in locations overseas.

We will not disclose personal information to third parties overseas unless we have prior authority of the individual concerned.

Keeping the personal information, we hold safe

Whether on paper or electronically, we will take all reasonable steps to secure and protect the personal information we hold.

When the personal information is no longer required, we will take reasonable steps to destroy, delete or de-identify it.

Your right of access to personal information we hold

Any individual wishing to gain access to personal information about themselves should write to us (details below), setting out whether you would like access to all or just a particular part of your personal information. We will acknowledge receipt of your request within 5 working days and provide the information requested, where appropriate, within a reasonable time.

In line with our commitment to protect your privacy, we may ask you to verify your request.

You may ask us to delete personal information we hold about you and your organisation, and we will take reasonable steps to do so, following completion of any relevant investigation.

Accuracy of personal information

If you think that personal information we hold about you is inaccurate, please contact us at [email protected] and we will correct any identified inaccuracies or let you know why we cannot do so.

Complaints and inquiries

If you have a complaint about the way we handle personal information, please contact us through the address information below and we will respond as soon as possible to resolve the issue. We also welcome any questions and comments you may have about our privacy practices.

Contacting the COBCCC

The contact details for these purposes are as follows:

General Manager, Customer Owned Banking Code Compliance Committee

P.O. Box 14240 Melbourne VIC 8001

Telephone: 1800 931 678 (ask for the Code Compliance and Monitoring team)

Email: [email protected]

Changes to this Privacy Statement

This Privacy Statement became effective 6 May 2020.

Any changes or amendments will apply to all the information we hold at the time of the update. We will post the updated Privacy Statement on our website and we encourage you to check this page from time to time.

Terms of Use

The COBCCC Website Terms of Use document can be downloaded here.

Privacy Statement

The Privacy Statement of the Committee can be downloaded here.