Accomplish 31 – September 2017

‘The Customer Owned Banking Code Compliance Committee (the Committee) promotes compliance with the Customer Owned Banking Code of Practice (the Code) to encourage best practice by Australian customer owned banking institutions to benefit their customers and communities.’

In this issue:

News from the Committee

Own motion inquiry ‘Direct Debit Follow up’

Own motion inquiry ‘Privacy’

Annual Compliance Statement 2017 data

Top four categories of Code breaches

Feedback wanted

Check out our website –

Diary dates

News from the Committee

At its recent meeting, the Committee confirmed its strategic directions to:

  • Deliver efficient and effective Code compliance monitoring and reporting practice
  • Enhance public role and stakeholder engagement, and
  • Ensure efficient and effective operations and sustainability.

Shane Tregillis, Chief Ombudsman of the Financial Ombudsman Service (FOS) Australia also attended the meeting as a guest of the Committee to discuss the legislation that has been introduced into Parliament to establish the Australian Financial Complaints Authority (AFCA) as the new single independent financial services dispute resolution body.

The Committee Chair Sue-Anne Wallace met with the Customer Owned Banking Association (COBA) Chair Wendy Machin to discuss upcoming issues concerning the customer owned banking sector and the proposed review of the Customer Owned Banking Code of Practice.

The Committee’s Consumer Representative Carolyn Bond and Compliance Manager Daniela Kirchlinde presented on Code compliance matters and concerns at the Mutuals Audit & Governance Professionals Institute (MAGPI) Conference in Melbourne in August 2017.

The Committee also continued its engagement with consumer advocates, including a meeting with Gerard Brody, CEO of the Consumer Action Law Centre to address issues concerning the sale of add on insurance products, including consumer credit insurance, among other things.

The Committee will consider the relevance of the 43 recommendations coming out of the report Elder Abuse – A National Legal Response issued by the Australian Law Reform Commission (ALRC). The release of the report is timely, given the increasing focus on family violence including elder abuse by the financial services sector.

The Committee Chair Sue-Anne Wallace will be attending the COBA Conference in Brisbane in October 2017.

The Code Teams’ General Manager Sally Davis will present at the Credit Law Conference in Surfer Paradise in October 2017 and staff of the Code Team will also present at the Financial & Consumer Rights Council (FCRC) Conference in Lorne in October 2017 addressing issues arising out of Code breaches.

Own motion inquiry ‘Direct Debit Follow up’

The own motion inquiry into institutions’ compliance with the direct debit obligations in section D20.1 of the Customer Owned Banking Code of Practice (the Code) has been finalised.

A copy of the report can be downloaded here.

 ‘We will act promptly to cancel a direct debit facility linked to your transaction account if you ask us to do so, and we will give you an estimate of how long cancellation will take. We will not tell you to try and cancel the facility with the biller or other direct debit user first (but we may suggest that you also contact the direct debit user).’

The ability for customers to cancel direct debits via their institution is a powerful safeguard for customers, especially for those who are in financial difficulty. Failure of Institutions to accept or act on notice of a direct debit cancellation request may cause members who are already in financial trouble to be further impacted when fees are imposed on the account.

The outcome of previous inquiries in 2010 and 2012 were disappointing and did not meet the Committee’s expectations.

The 2017 inquiry found that while there appears to have been some improvement, compliance with the Code’s section D20.1 requirements is still patchy, and only a minority of institutions are achieving best practice performance. Given that direct debit cancellation has been a Committee focus for some time – and given that industry and consumer advocates alike recognise the issue – this finding is disappointing.

With the aim of identifying and promoting good industry practice, the Committee has made six recommendations for improvements to policy and procedures, customer information and compliance monitoring.

Own motion inquiry ‘Privacy’

The next own motion inquiry to be undertaken by the Committee will assess institutions’ compliance with privacy obligations under Section D23 ‘Information privacy and security’ of the Code, including Key Promise 8 of the Code ‘We will comply with our legal and industry obligations’.

The Privacy Act 1988 (Privacy Act) is an Australian law which regulates the handling of personal information about individuals.

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable.

The Privacy Act includes thirteen Australian Privacy Principles (APPs). The APPs set out standards, rights and obligations for the handling, holding, use, accessing and correction of personal information (including sensitive information).

The Code requires institutions to comply with the Privacy Act and its Principles, as well as setting out additional obligations and raising awareness of security issues.

The inquiry will be undertaken in two parts – a series of telephone conferences to selected institutions as part of the Annual Compliance Statement (ACS) Verification Program and an online questionnaire to all institutions in November 2017.

The main purpose of this inquiry is to gather information to determine the causes for the high number of breaches regarding privacy obligations and highlight areas for improvement in current industry practice and performance. It is also intended to provide an insight into what compliance activities institutions undertake to rectify breach issues, update staff training accordingly and implement long-term strategies to embed compliance with privacy obligations in their company’s risk framework.

Annual Compliance Statement 2017 data

All responses for the 2017 Annual Compliance Statement (ACS) have been received and analysed. The webinar which was held in June to assist Code subscribers with the completion of the ACS received positive feedback and improved the integrity of the submitted data.

The final results will be published as part of the Committee’s Annual Compliance Report 2016-17 at the end of the year.

However, the following are the preliminary results for the 2016-17 period:


  • 6 self-reported significant breaches. Down from 11 in 2015–16.
  • 1,216 self-reported Code breaches. Up from 818 in 2015–16.
  • 76% institutions reporting breaches. Up from 67% in 2015-16 (1 large, 1 medium, 2 small and 12 micro institutions self-reported nil breaches for 2016-17).

Areas of concern

  • 24% of breaches concern privacy obligations (D23). Down from 30% in 2015-16.
  • 12% of breaches concern responsible lending practices (D6). Up from 3% in 2015-16.
  • 11% of breaches concern compliance with legal obligations (KP8). Down from 15% in 2015-16.
  • 11% of breaches concern recognising customers’ rights of owners (KP7). A new area of concern, previously only recorded below 1% of breaches.
  • 6% of breaches concern delivery of high customer service standards (KP5). Down from 20% in 2015-16.

IDR Complaints

  • 18,662 self-reported IDR disputes. Up from 14,100 in 2015-16.
  • 88% institutions self-reporting complaints. Similar to 89% in 2015-16 (1 large and 7 micro institutions self-reported nil complaints for 2016-17).
  • 90% of complaints resolved within 21 days. Similar to 93% 2015-16.

Top four categories of Code breaches

Privacy and confidentiality (D23) – 24% in 2016-17

We will comply with the Privacy Act 1988 and the Australian Privacy Principles, including with respect to credit reporting and the collection, storage, use and disclosure of your personal and financial information.

Responsible lending practice (D6) – 12% in 2016-17

We will always act as a responsible lender and will comply with responsible lending laws.

Legal and industry obligations (Key Promise 8) – 11% in 2016-17

We will comply with our legal and industry obligations. We will be responsible, prudent managers of our institution, and will comply with all our obligations under the law and relevant codes of practice. We will act fairly and consistently with good banking and financial service industry practice.

We will recognize our customers’ rights as owners (Key Promise 7) – 11% in 2016-17

As customer owned banking institutions our customers are our owners. We will ensure that you receive information that is balanced and adequate on the benefits, costs and impacts of any reasonable proposal to change our ownership structure. As far as possible, we will ensure that any information on proposals to change our ownership structure provided to you by other parties is fair and not misleading

Feedback wanted

The Committee is continuing to develop an Industry Liaison Group.

If you are interested in providing ad hoc feedback on compliance monitoring activities and would like to be involved in the development of compliance questionnaires, such as the Annual Compliance Statement and Own Motion Inquiries, please contact Daniela Kirchlinde on [email protected]

The commitment will not be difficult or time consuming. It will be as simple as providing comments on draft documents, such as the current development of the questionnaire for the own motion inquiry into privacy obligations.

Check out our website –

Check out the specific information for consumers and Code Subscribers on our website, in particular how to comply with the Code regarding financial difficulty obligations, advertising standards and direct debit arrangements.

Consider providing the fact sheets in the news and publications section to your staff for training purposes.

Consumer information includes explanations of customer rights under the Code, including the rights of customers in financial difficulty, as well as information for small business and instructions on how to report a concern. Meg’s story provides a good case study.

Diary dates

Committee meetings

  • 29 November 2017, Committee meeting in Sydney
  • 12 March 2018, Committee meeting in Sydney
  • 20 June 2018, Committee meeting in Melbourne
  • 19 September 2018, Committee meeting in Melbourne
  • 21 November 2018, Committee meeting in Melbourne

Conference attendance

  • 11-13 October 2017, Credit Law Conference, Surfers Paradise – the Code Team’s General Manager Code Compliance & Monitoring Sally Davis will present on Code compliance.
  • 12 October 2017, Financial & Consumer Rights Council (FCRC) Conference in Lorne – Code Team staff will attend and present.
  • 21-24 October 2017, COBA Convention, Brisbane – the Committee’s Chairperson Sue-Anne Wallace AM will be attending the convention and is happy to meet with Code Subscribers.

Back to the top