In its October 2012 newsletter the Code Compliance Committee for the Mutual Banking Code of Practice commented on the diversity and quality of breach and complaint registers used across Code subscribers. The Committee commented that there appears to be no common industry practice or guidance in place about the importance of accurate and meaningful capture of breach and compliance data.
Recording and monitoring complaints and breaches is a critical part of any compliance framework.
The complaints handling process of Code subscribers must comply with clause 28 of the Code of Practice. The Australian Standard on Compliance Programs (AS 3806-2006) is a useful benchmark.
Recognising a complaint is an important training issue. These may be received at branches, by letter, by email, by feedback from your website or in call centres. However they are received they must be recorded to ensure the required response time deadlines are met.
Whether complaints and breaches are recorded in hard copy registers, in excel spreadsheets or in databases does not matter as long as the system is able to track when complaints are lodged, the nature of the complaint, when they are responded to and when they are resolved. The records must be accessible, be maintained and be monitored.
It’s what you do with the complaints you receive that is important. You have to tell your customers how their complaint will be dealt with (and when) as well as the ultimate resolution and keep them informed along the way. And complaints should be analysed internally to assess whether they are an indicator of a widespread problem, poor customer service or a potential breach of a law or Code.
Unresolved complaints become disputes which must be separately recorded and monitored, particularly if they are referred to External Dispute Resolution.
If complaints or disputes involve compliance issues there must be a process to assess them and what has been done to fix them.
You need to establish the appropriate links between your IDR procedures and your EDR Scheme (see ASIC RG 165)
If they are substantial breaches of an AFS Licence they need to be reported to ASIC within 10 business days.
Accordingly your compliance system needs to include reporting regularly to your Risk and Audit Committee on whether there have been any complaints, breaches or disputes and whether previous matters have been resolved or not.
This must be positive reporting: even if there has been no complaint, breach or dispute you must report that fact if that is the case.
Bright Law can help review your complaints process.