Monitoring code breaches

The ability to identify, report and remedy code breaches is an important part of any code compliance framework.

In the banking industry, we have encouraged a positive culture of self-reporting, which is evident from the results of our Annual Compliance Statement program. In our first year of operation (2004), banks self-reported 195 breaches of the Code. More than ten years on – in 2014–15 – banks self-reported over 6,500 breaches.

As banks have developed more sophisticated monitoring programs, they have become better equipped to identify and record issues with their services and practices. Several banks are now moving towards a ‘principles-based’ approach to monitoring and reporting breaches, which encompasses all regulatory requirements, including the Code.

Significant breaches

Significant breaches of code obligations usually require a number of customers to have been affected by the bank’s conduct or activity and to have suffered loss. They also require the bank to undertake more extensive remedial action to correct their non-compliant conduct and reduce the likelihood of it recurring.

Generally speaking, we expect banks to consider factors identified in section 912D of the Corporations Act (2001) when determining whether a significant breach of the Code has occurred. These factors, which we use when considering if a significant breach has occurred, include:

  • the number or frequency of similar previous events that have occurred
  • the impact of the breach on the ability to supply the service
  • whether the event indicates that code compliance arrangements may be inadequate
  • the number of consumers affected by the breach, and
  • the actual or potential loss experienced by consumers arising from the breach.

In 2014–15, banks self-reported 16 significant breaches, affecting more than 150,000 customers and with a financial impact of nearly $13 million. Issues with IT systems caused a number of these breaches.

We continue to work with banks to rectify issues, provide guidance on code compliance and share examples of good practice with industry. Banks, in turn, are improving their systems and controls and demonstrating a strong commitment to self-regulation.

Find out more

Find out more about our monitoring program

Find out more about our investigations into alleged code breaches

CCMC Guidance Notes