Banking Code Compliance Monitoring Committee Bulletin – July 2018

Welcome to Issue 27 of The Bulletin. In this edition:


The CCMC’s 2018–21 Strategic Plan and 2018–19 Workplan

The CCMC’s purpose is to monitor and drive best practice Code compliance, through a collaborative approach with the banking sector and other key stakeholders.

To achieve this, the CCMC will:

  • examine banks’ practices
  • identify current and emerging industry wide problems
  • recommend improvements to bank practices, and
  • consult with and keep stakeholders and the public informed.

The CCMC has published its three-year Strategic Plan which identifies its broad priorities to meet this purpose.

In addition, the CCMC has developed its Workplan for 2018–19 to set out the specific tasks to be completed in the year ahead. Key features of the Workplan include:

  • Develop and implement a revised risk based approach to Code compliance investigations.
  • Develop and implement the CCMC’s stakeholder engagement plan and external communications strategy.
  • Conduct a major Own Motion Inquiry into a Code compliance matter of high priority and continue the CCMC’s follow up work into Direct Debits (Code clause 21).


Own Motion Inquiry into breach reporting

On 28 June 2018, the CCMC published the report of its inquiry into banks’ reporting of Code breaches.

The CCMC had identified inconsistencies in how banks record and report Code breaches and undertook the inquiry to better understand banks’ data and to improve its data collection strategy. The inquiry investigated breaches previously reported in the 2016–17 Annual Compliance Statement (ACS), the CCMC’s core data collection tool.

The report outlines the CCMC’s key findings, and sets out is expectations of banks for monitoring Code compliance and reporting breaches.

In summary, the CCMC expects banks will:

  • Be diligent at all times in providing accurate and complete data in response to requests for information.
  • Use breach data to identify patterns and develop systems and system controls that prevent repeated human errors.
  • Use information about breaches caused by human error to review the effectiveness of staff training.
  • Fully investigate how each breach has impacted customers.
  • Remediate customers appropriately and to record and report all corrective actions.
  • Test systems regularly and comprehensively, wherever they rely on systems to fulfil their obligations to customers.

The CCMC will continue to provide feedback to banks to ensure that the consistency and quality of breach reporting in the ACS is of the highest possible standard.

The CCMC will report outcomes from its 2017–18 ACS in its next Annual Report, due November 2018.

Report: CCMC Own Motion Inquiry – Breach Reporting PDF (567KB, 49 pages).


The revised Banking Code of Practice and the Banking Code Compliance Committee

In December 2017, the Australian Banking Association (ABA) submitted the revised Banking Code of Practice (the revised Banking Code) and the Banking Code Compliance Committee (BCCC) Charter to the Australian Securities and Investments Commission (ASIC) for approval under section 1101A of the Corporations Act 2001.

Following its lodgement of the revised Code, the ABA has made further changes. The latest version of the draft revised Code, as at 23 April, is available on the ABA’s website.

ASIC’s approval of the revised Code was considered at the Round 3 hearings of the Royal Commission into Misconduct in the Banking, Superannuation and Financial Services Industry in May 2018. The CCMC understands that the ABA and ASIC have continued discussions about the approval of the revised Banking Code following those hearings.

The CCMC awaits further information from the ABA about the approval of the revised Banking Code and will provide further details about its approach to transition following Code approval.


Financial difficulty transitional inquiry

The CCMC is currently conducting an inquiry into the Code’s financial difficulty obligations.

The CCMC scheduled a follow-up inquiry of banks’ compliance with Code clause 28 under item 1.7 of the its 2017-18 Workplan. The CCMC has broadened the scope of the inquiry to cover compliance with the 2013 Code and include a ‘transitional inquiry’ to account for revised Code provisions.

The CCMC expects the revised Banking Code to expand the financial difficulty provisions of the current Code and introduce a strong focus on vulnerable customers. In anticipation of the revised Code, the CCMC considers that it is timely to begin assisting banks with their transition.

Through this Inquiry, the CCMC will assess current levels of compliance with the 2013 Code, while also gathering information to provide guidance to banks on best practice principles.

The purpose of the Inquiry is to:

  • Assess, benchmark, and report on banks’ level of compliance with clause 28 of the 2013 Code.
  • Share examples of good practice with the industry and community.
  • Assess the adequacy of banks’ financial difficulty frameworks and provide guidance about alterations required to meet the revised Code obligations relating to financial difficulty.
  • Develop guidance for the industry on best practice principles when working with customers to overcome financial difficulty.

The CCMC plans to publish its findings by September 2018.

If you have information to contribute to the inquiry please contact the CCMC’s Compliance Manager, Donna Stevens at


The 2017–18 Annual Compliance Statement (ACS) program

The CCMC has provided banks with the 2017–18 Annual Compliance Statement (ACS) for completion. Following up on the breach reporting inquiry, the CCMC is asking banks to provide a detailed breakdown of Code compliance data to enable it to fully explore trends and emerging issues.

The CCMC consulted with banks on the development of the ACS between during April 2018, and will continue this engagement in the coming months to understand banks challenges when completing the ACS.

The outcomes of the ACS program, including any emerging risks and identified good industry practice, will be discussed with key stakeholders directly and published in the CCMC’s Annual Report for 2017–18.


Stakeholder engagement

The CCMC has met regularly with the ABA and ASIC to discuss its work program and ongoing developments regarding the revised Banking Code and the associated governance and compliance framework.

Along with the CCMC’s regular engagements with banks, consumer representatives and FOS, members of the Committee and its staff also:

  • Met with all subscribing banks and the ABA to discuss the CCMC’s Code monitoring activities and workshop the 2017–18 ACS.
  • Presented at the Financial Counselling Australia conference in Hobart.
  • Attended the Banking and Wealth Summit in Sydney.


CCMC Investigations – Key statistics

Between 1 March 2018 and 31 May 2018, the CCMC:

  • Received 4 new matters, which raised allegations of non-compliance with the following Code obligations:
    • provision of credit (2 allegations)
    • internal dispute resolution (2), and
    • compliance with laws (1).


  • Finalised 4 matters, including:
    • Two that were outside of the CCMC’s jurisdiction because they were allegations of breaches of Code clause 3 (key commitments) only. Under clause 36(b)iii of the Code, the CCMC’s investigations powers do not extend to clause 3 unless a breach of clause 3 is also a breach of another Code obligation.
    • One that was outside of the CCMC’s jurisdiction because the allegation was not about a Code subscriber.
    • One where there was no further contact from the person making the allegation.