Powered by MOMENTUM MEDIA
investor daily logo

CBA admits to second-highest banking breaches

  •  
  •  
6 minute read

Both the CBA and ANZ chiefs have identified their banks within a recent industry watchdog report, revealing the Commonwealth Bank committed the second-highest number of breaches of the industry’s code per billion dollars in household deposits, during the second half of 2019.

The recent review from watchdog Banking Code Compliance Committee (BCCC) revealed Australian banks had reported 20,863 breaches of the Banking Code of Practice from July to December 2019, with 4.4 million customers affected and $100 million in estimated financial impact. 

Only two banks account for 72 per cent of the total breaches reported to the BCCC, which contributed to a significant rise to the breaches total topping 20,000 across the banking industry during the half, compared to 15,597 in the 2018-19 12-month period.

On Friday CBA chief executive Matt Comyn told the House of Representatives standing committee of economics that the group was the unnamed “Major Bank 2” in the first chart of the report, revealing the Commonwealth Bank had the second-highest number of breaches per billion dollars in household deposits, between 30 to 35.

==
==

Mr Comyn noted the committee had said there were differences in how institutions reported the breaches, but the majority of CBA breaches had come from the bank’s call monitoring. 

“We take about 15 million calls every year,” he said.

“If for example, one of our agents is talking to a customer that doesn’t read out word for word exactly every script, including the call monitoring script, repeating it for the customer, every word in any of the descriptions, we will breach potentially multiple times in a single call.

“It’s a significant area of focus for us… we would clearly like the total number of breaches to be much lower than they currently are.”

CBA deputy CEO David Cohen also weighed in, saying one breach of a section in the code could also constitute a violation of another section. For example, a breach against vulnerable customers could also be a contravention of the requirement for banks to deal with customers in an ethical, fair and reasonable manner.

“We’ll get multiple breaches out of a single incident,” Mr Cohen said. 

“We’ve had discussions with the BCCC where [it’s] acknowleged that we’re probably at the forefront of the approach the banks are taking to compliance.”

He claimed CBA was “probably going beyond” what other banks do around risk and compliance.

Meanwhile ANZ boss Shayne Elliott identified ANZ as Major Bank 3 in the first chart, which had the eighth highest breaches per $1 billion in household deposits, and Major Bank 4 in the report’s third table, which measured the impact of the breaches.

In terms of impact, ANZ had the fourth-highest number of incidents, at 183, with 318,551 affected customers and a financial impact of $5.2 million.

The other two big four banks, NAB and Westpac, are due to front the parliamentary committee next week.

The Banking Code of Practice, which sets out expectations for how banks deal with customers, was developed by and is owned by the Australian Banking Association – but the banks’ compliance is tracked by the BCCC, which is an independent body.

The 19 banks subscribed to the code are required to self-report on their compliance every six months, with the code being part of the bank’s contract with customers and enforceable by law. All ABA members that provide retail banking services must adopt the code. 

The BCCC has questioned if the new rise in breaches means that the banks have adapted from previous feedback around under-reporting breaches, of if there is a growing trend of more customers not being protected under its code – but it has assumed the former is more likely. 

BCCC chair Ian Govey also raised concerns around data quality, calling for banks to stop “cut and pasting” their reporting from internal systems.

The banks had reported 2,411 incidents, which caused 10,387 breaches, impacting more than 4.4 million customers, with total financial impact totalling more than $100 million.

Privacy and confidentiality was the most commonly breached code obligation, according to BCCC, followed by the banks’ duty to train staff to understand the code and engage with customers in a fair, reasonable and ethical manner.

The banks had reported that the majority (60 per cent) of incidents were caused by human error alone, 13 per cent involved a control, training or resourcing failure and 13 per cent were due to a system error. A further 8 per cent of incidents were caused by human error along with another cause.

CBA on Thursday had seen a class action filed against its former subsidiary Count Financial by law firm Piper Alderman, over commissions paid to advisers in respect of financial products, including insurance and certain obligation around ongoing advice from 21 August 2014 to 21 August 2020.

Count Financial was acquired by CountPlus in October last year, but CBA is still on the hook for managing customer remediation matters arising from the past, having provided an indemnity to CountPlus of $300 million.

Sarah Simpkins

Sarah Simpkins

Sarah Simpkins is a journalist at Momentum Media, reporting primarily on banking, financial services and wealth. 

Prior to joining the team in 2018, Sarah worked in trade media and produced stories for a current affairs program on community radio. 

You can contact her on [email protected].