The Banking Code Compliance Committee (BCCC) has published its report on compliance with the Banking Code of Practice for the July to December 2022 reporting period.

In this reporting period, there was an increase in breaches related to privacy, responsible lending, complaints handling and branch closures.

Human error was reported as the most common cause of breaches which the BCCC says indicates potential issues in two areas:
• staff capability and training
• breach analysis and reporting

Joint account breaches

Although joint account breaches declined, examples of breaches included:
• One bank allowed one account holder to transfer funds out of a joint account without the
approval of the other account holder. This resulted in a financial impact of $151,504.
• One bank failed to apply restrictions to a joint account after being notified of a dispute
between the account holders. This resulted in a financial impact of $95,000.
• One bank processed a redraw from a joint home loan with only one borrower’s signature.
This resulted in a financial impact of $28,000.
• One bank changed the authority on a joint account without the approval of both account
holders. This resulted in a financial impact of $50.
• One bank failed to change the signing authority on a joint account. The bank reported no
financial impact from this breach.

Top three breaches
The top three breaches by number of affected customers were:
• One bank sent some customers an expired offer and others a communication thanking them for a charitable donation that they may have not made. The breach affected 1.8 million customers and was attributed to a system error.
• One bank inadvertently allowed an adviser to access account names, numbers and balances of some customers’ accounts. The breach affected 1.5 million customers and was attributed to an internal system error.
• One bank issued demand notices with daily accrual amounts that could have been inaccurate if the interest rate changed before the payment was due. The breach affected 1.2 million customers and was attributed to a deficiency in process.

Subscriber banks must report the total number of breaches they identified during the reporting period, as well as the details of a sample of incidents that meet certain criteria.

For the sample incidents, the BCCC requires details of each breach. Banks must describe the incident, event or action and then list one or more Code obligations that were breached.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.