Privacy and confidentiality are the Code of Banking Practice obligations that banks breach most commonly, followed by ensuring that staff are properly trained and competent, and responsible lending.
The Banking Code Compliance Committee’s latest report on banking code compliance, which covers the six months to the end of last year, details 20,863 code breaches affecting 4.4 million customers. The breaches had a financial impact of A$100 million.
Other common breaches involved debt recovery practices, dealing with customers in financial difficulty and complaints handling.
Under the banking code obligations, banks must report to the BCCC every six months, providing a summary of their compliance with the code.
For the 2018/19 financial year banks reported 15,597 breaches. The BCCC said the big jump to 20,863 breaches in the six months to December may mean that some banks have stopped under-reporting or that there are growing areas of concern.
“The committee has long held the view that some banks continuously under-report on their compliance with the code. We are still unable to conclude definitively whether the increase in breaches reported each year represents a deterioration in bank conduct or is a demonstration that banks are better able to identify and fix problems.”
The BCCC also said it has concerns about the quality of the data banks provide, and would like to see “substantial” improvement.
More than 50 per cent of all reported breaches fell under Part 2 of the code, which covers obligations to protect privacy and confidentiality, train staff to understand the code and engage customers in a fair, reasonable and ethical manner.
Typical breaches include: processes not followed correctly; fees charged incorrectly; information provided to an incorrect party; interest or discount errors and identification errors.
Breaches of Chapter 17 of the code, which covers responsible lending, were also common.
The BCCC said: “Most of the Chapter 17 breaches were the result of an irresponsible or incorrect lending decision. For some breaches, banks reported that they did not make sufficient inquiries about a customer’s needs or financial situation, or the bank made an incorrect assessment of a customer’s situation.”
A perennial issue showed up in breaches: “not taking appropriate care with customers experiencing vulnerable circumstances or not considering a customer’s vulnerability when providing a service.”