Commonwealth Bank of Australia’s (CBA) share price dipped slightly on Wednesday morning after the bank disclosed it had entered into an enforceable undertaking (EU) with the Australian Communications and Media Authority (ACMA) and paid a record $3.55 million fine for breaches of “certain provisions” of the Spam Act.
In a statement issued on Wednesday, CBA said it “self-identified” and reported the issues that became the subject of the ACMA’s investigation.
The issue, according to the banking giant, arose in November 2021 following an update to its electronic banking terms and conditions which saw the bank send 61 million marketing emails to customers that breached the Spam Act.
According to the ACMA, the emails “unlawfully” required customers to log-in to unsubscribe. CBA then sent a further 4 million marketing emails that did not have a functioning unsubscribe facility, with 5,000 emails said to have hit the mailboxes of customers who had already asked to unsubscribe from these messages.
Labelling the scale and duration of these breaches as “alarming”, ACMA chair Nerida O’Loughlin said that ACMA gave the CBA “early warning” but that the bank took “ineffective” steps.
“The failure to fix the issues shows a complete disregard for the spam rules and the rights of its customers,” said Ms O’Loughlin.
This is the largest penalty imposed by the ACMA for breaches of the spam laws. In addition, the ACMA has accepted a three-year court-enforceable undertaking from CBA committing it to an independent review of its e-marketing practices and to implement improvements.
In a separate statement, the CBA acknowledged and accepted the findings made by the ACMA.
“We apologise to all customers impacted by these issues which should not have occurred. We’ve fixed the problem and are making changes to ensure it doesn’t happen in the future,” said CBA group executive marketing and corporate affairs, Monique Macleod.
“Since reporting this matter to ACMA, we’ve fixed the issues that were the subject of ACMA’s investigation, and strengthened our systems, processes, and controls to support ongoing compliance,” Ms Macleod added.
The ACMA explained that the Spam Act 2003 requires marketing messages to contain working unsubscribe facilities. Making consumers log-in or provide personal details to unsubscribe is also generally prohibited.
Once a message recipient has unsubscribed, sending further marketing messages is also against the law.
“We continue to see large and well-known businesses who should know better than breaching the spam laws. This action is a further warning to all businesses that non-compliance with Australia’s spam laws will not be tolerated,” Ms O’Loughlin said.
“We will be closely monitoring the Commonwealth Bank’s compliance and the commitments it has made to review its practices. If we find future non-compliance, we will not hesitate to take further action.”
Over the past 18 months, businesses have paid $11 million in penalties for breaching spam and telemarketing laws.
Maja Garaca Djurdjevic
Maja's career in journalism spans well over a decade across finance, business and politics. Now an experienced editor and reporter across all elements of the financial services sector, prior to joining Momentum Media, Maja reported for several established news outlets in Southeast Europe, scrutinising key processes in post-conflict societies.