Accomplish 30 – June 2017

‘The Customer Owned Banking Code Compliance Committee (the Committee) promotes compliance with the Customer Owned Banking Code of Practice (the Code) to encourage best practice by Australian customer owned banking institutions to benefit their customers and communities.’

 In this issue:

News from the Committee

Own Motion Inquiry ‘Direct Debit Follow up’

Own Motion Inquiry ‘Privacy’

Feedback wanted

Annual Compliance Statement 2017

Check out our website –

Diary dates

News from the Committee

The Committee met with the Customer Owned Banking Association (COBA) Board to discuss its compliance monitoring activities and share its strategic view. COBA has now approved the Committee’s Annual Work Plan and Budget for the 2017-18 period which will focus on improved interaction and engagement with stakeholders, innovative analytical work in risk based areas to ensure compliance with Code obligations, and a collaborative approach to encourage good industry practice.

The Committee also continued its engagement with the Consumer Federation Australia (CFA) and the Financial Counsellors Association (FCA), including attendance of the FCA Conference ‘making waves’ at the Gold Coast in May 2017.

Own Motion Inquiry ‘Direct Debit Follow up’

In May 2017, the Committee conducted an Own Motion Inquiry into Institutions’ compliance with the direct debit obligations in section 20.1 of the Customer Owned Banking Code of Practice (the Code).

‘We will act promptly to cancel a direct debit facility linked to your transaction account if you ask us to do so, and we will give you an estimate of how long cancellation will take. We will not tell you to try and cancel the facility with the biller or other direct debit user first (but we may suggest that you also contact the direct debit user).’

The ability for customers to cancel direct debits via their Institution is a powerful safeguard for customers, especially for those who are in financial difficulty. Failure for Institutions to accept or act on notice of a direct debit cancellation request may cause members who are already in financial trouble to be further impacted when fees are imposed on the account.

The outcome of previous Inquiries in 2010 and 2012 were disappointing and did not meet the Committee’s expectations.

Institutions are self-reporting minimal breaches in relation to its obligations under direct debit arrangements. In the 2015-16, three breaches of section 20.1 of the Code were self-reported by Institutions, as opposed to 15 breaches in the 2012-13. It is unclear whether the reduced breach numbers reflect an improvement in the industry’s compliance performance or a lack of monitoring by Institutions in this area.

A desk top audit of information available via the 15 large (over $1b assets) institutions’ websites revealed that the Terms and Conditions of four large institutions still did not reflect full compliance with Code obligations.

Following the analysis of the data and information received via the Inquiry, we will publish a report on our website.

Own Motion Inquiry ‘Privacy’

The next Own Motion Inquiry undertaken by the Committee will assess institutions’ compliance with privacy obligations under Section D23 ‘Information privacy and security’ of the Code, including Key Promise 8 of the Code ‘We will comply with our legal and industry obligations’.

The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals.

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

The Privacy Act includes thirteen Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for the handling, holding, use, accessing and correction of personal information (including sensitive information).

The Code requires institutions to comply with the Privacy Act and its Principles, as well as setting out additional obligations and raising awareness of security issues.

30% of self-reported Code breaches in 2016-17 related to privacy and confidentiality issues, including five self-reported significant Code breaches. This is an increase from the 20% self-reported Code breaches in this area in 2015-16, which included two significant Code breaches.

Using a risk based approach, the Committee feels strongly that this is an area of major concern.

Feedback wanted

The Committee is continuing to develop an Industry Liaison Group.

If you are interested in providing ad hoc feedback on the compliance monitoring activities and would like to be involved in the development of compliance questionnaires, such as the Annual Compliance Statement and Own Motion Inquiries, please contact Daniela Kirchlinde on [email protected]

The commitment will not be difficult or time consuming. It will be as simple as providing comments on draft documents, such as the current development of the questionnaire for the Own Motion Inquiry into Privacy Obligations.

Annual Compliance Statement 2017

The 2017 Annual Compliance Statement has been reviewed and will be issued in June via an individual online portal for completion by 31 August 2017.

The ACS is a central component of the Committee’s monitoring work and asks for information about Code compliance frameworks and breach and complaints reporting and monitoring, as well as Code Subscribers’ overall culture of compliance and examples of good practice.

The reporting period is 1 July 2016 to 30 June 2017.

The 2017 ACS includes the following changes:

  • inclusion of a new category for the size of institutions based on the number of active members
  • review of the categories for Code breach reporting to avoid duplication of sections of the Code, in particular regarding key commitments, and
  • separate section 4.6 for reporting complaints resolved within five business days.

A webinar will be held on 22 June 2017 to assist Code Subscribers in completing the 2017 ACS and answer any queries.

Register now at

Check out our website –

Check out the specific information for consumers and Code Subscribers on our website, in particular how to comply with the Code regarding financial difficulty obligations, advertising standards and direct debit arrangements.

Consider providing the fact sheets in the news and publications section to your staff for training purposes.

Consumer information includes explanations of customer rights under the Code, including the rights of customers in financial difficulty, as well as information for small business and instructions on how to report a concern. Meg’s story provides a good case study.

Diary dates

Committee meetings

  • 19 September 2017, Committee meeting in Melbourne
  • 29 November 2017, Committee meeting in Melbourne
  • Feb/Mar 2018, Committee meeting (including strategic planning day)
  • June 2018, Committee meeting

Conference attendance

  • 3-4 August 2017, MAGPI Conference in Melbourne – the Committee’s Consumer Representative Carolyn Bond AO and Compliance Manager Daniela Kirchlinde will present on Code compliance matters and concerns.
  • 11-13 October 2017, Credit Law Conference, Surfers Paradise – the Code Team’s General Manager Code Compliance & Monitoring Sally Davis will present on Code compliance.
  • 21-24 October 2017, COBA Convention, Brisbane – the Committee’s Chairperson Sue-Anne Wallace AM will be attending the convention and is happy to meet with Code Subscribers.

Back to the top