Banking Code breach reports analysis

The Banking Code Compliance Committee has published its report on subscribing banks’ compliance with the Code for the period July to December 2019.

Banks self-report their compliance with the Code every six months.

The most common category of breaches, accounting for 53% of reported breaches overall involved a breach of Part 2 of the Code which includes obligations to ‘protect a customer’s privacy and confidentiality, to train staff to understand the Code and to engage with customers in a fair, reasonable and ethical manner’.

Part 2 breaches also include charging incorrect fees; providing data to the wrong party; delays in directing complaints to the appropriate complaints handling team; keeping inaccurate or incomplete file notes; and interest or discount errors.

Privacy incidents included a bank’s internal policy about redacting credit card numbers and when information was provided or disclosed to an  incorrect party.

Staff training incidents included:
â–Ş Processes not followed correctly
â–Ş Fees incorrectly charged
â–Ş Information provided or disclosed to an incorrect party
â–Ş Delays in directing complaints to the appropriate complaints handling team
â–Ş Incorrect correspondence provided to a customer
â–Ş Incomplete or inaccurate file notes
â–Ş Interest or discount errors
â–Ş Terms and conditions containing incorrect or missing information
â–Ş Identification errors
â–Ş Not complying with Terms and Conditions.

Banks reported that the majority of incidents (60%) were caused by human error alone, 13% involved a control, training, or resourcing failure (including process deficiencies) and 13% involved a system error. Banks reported that 8% of incidents were caused by human error along with another cause.

30% of incidents were self-identified by staff members. The other most prominent methods of breach identification were via a customer complaint, query, or feedback (27%), and line 1 quality assurance activities including call monitoring (23%). A further 9% of incidents were identified by line 2 or internal reviews.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.

David Jacobson

Author: David Jacobson
Principal, Bright Corporate Law
Email:
About David Jacobson
The information contained in this article is not legal advice. It is not to be relied upon as a full statement of the law. You should seek professional advice for your specific needs and circumstances before acting or relying on any of the content.

 

Your Compliance Support Plan

We understand you need a cost-effective way to keep up to date with regulatory changes. Talk to us about our fixed price plans.