Media Release: Banks’ compliance, monitoring and reporting deficient, report finds

Banks breached their Code of Banking Practice 10,123 times in 2017–18, according to a Banking Code Compliance Monitoring Committee (CCMC) report released today.

The CCMC said these self-reported breaches of the Banking Code affected more than 3.4 million people, costing them more than $95 million. However, these impacts are likely to be significantly understated.

The number of breaches was almost 10% less than last year, but the report said this was unlikely to reflect improved compliance. The CCMC remains concerned about banks’ inadequate monitoring and reporting processes.

Sally Davis, Chief Executive of the CCMC, said she was not convinced that the decrease in reported breaches reflected improved compliance with the Banking Code by subscribing banks.

“We remain concerned about banks’ compliance and their ability to identify, record and report Code breaches,” she said.

“Lending, collecting debt and resolving customer complaints are core areas of banking activity, yet several banks reported zero breaches of the Code’s obligations in these areas. Five banks reported zero breaches of the Code’s provision of credit and internal dispute resolution obligations, while six banks reported no breaches of their debt collection obligations. This is unlikely to accurately reflect the true situation on the ground.”

The report said that banks too often failed to proactively compensate customers affected by a breach. For the most part, compensation was paid to customers only after a directive from ASIC or the Financial Ombudsman Service (now Australian Financial Complaints Authority). This was particularly evident when banks breached their responsible lending obligations.

“Banks need to do better; they must not rely on individual customers to know and assert their rights,” Ms Davis said. “Banks must take steps to understand the extent and impact of the breach and to proactively remediate and compensate customers where it is appropriate to do so.

“The driver for this report is our desire to increase banks’ accountability for their compliance with the Code. We want banks to be transparent with the community about the times they let customers down, and about how they identify and address their mistakes.”

Some banks that continued year after year to report low breach numbers could not demonstrate robust compliance monitoring processes. One said its breaches were immaterial and did not warrant reporting; another acknowledged that while breaches had probably occurred, it could not explain why these had not been reported to the CCMC.

“Such explanations are unacceptable,” Ms Davis said. “Where we have concerns about an individual bank’s breach reporting, we have begun investigations, examining that bank’s conduct and compliance frameworks in more detail.”

The report, Compliance with the Code of Banking Practice 2017–18, said that the main self-reported breaches were privacy and confidentiality (44%) and provision of credit (25%). Banks stated that 93% of all the breaches were due to human error.


CCMC Report: Compliance with the Code of Banking Practice 2017–18 PDF (715kb, 63 pages)


About the CCMC (

The independent Banking Code Compliance Monitoring Committee’s purpose is to monitor and drive best practice Code compliance, through a collaborative approach with the banking sector and other key stakeholders.

To do this the CCMC will:

  • examine banks’ practices
  • identify current and emerging industry wide problems
  • recommend improvements to bank practices, and
  • consult with and keep stakeholders and the public informed.

Nineteen Australian banks (from 14 banking groups) subscribe to the voluntary Code.


Further information:

Sally Davis

Chief Executive

Banking Code Compliance Monitoring Committee

[email protected]

(03) 9613 7341