‘BCCC’, ‘we’, ‘us’ or ‘our’ refers to the Banking Code Compliance Committee (BCCC) and its members, and the BCCC Secretariat and its staff.
About the BCCC
The BCCC is an independent compliance monitoring body established under clause 207 of the 2019 Banking Code of Practice (2019 Code). Our purpose is to monitor and drive best practice Code compliance. To do this we will:
- examine banks’ practices
- identify current and emerging industry wide problems
- recommend improvements to bank practices, and
- consult with and keep stakeholders and the public informed.
In accordance with clause 211 of the 2019 Code, we have the following powers:
a) monitor and oversee compliance with the Code
b) investigate any allegation of a Code breach noting its priority pursuant to its charter
c) as appropriate, investigate serious or systemic breaches
d) request information from subscribing banks and other stakeholders
e) make findings and recommendations on Code breaches
f) apply sanctions
g) provide guidance and reports, and
h) undertake other functions and responsibilities as reasonably determined from time to time.
Nineteen Australian banking groups subscribe to the 2019 Code.
We provide information to individuals about our functions and activities as well as information about the investigations or inquiries that we are undertaking that may assist the individual. So that we can carry out our function and perform our activities we work with a carefully selected group of third parties that include the Australian Banking Association (the ABA), Australian Financial Complaints Authority (AFCA), Code subscribers and parties to BCCC investigations, subscribing banks, and technology and data companies.
Our work with them sometimes involves sharing personal information and this policy sets out how and when we share that information.
We are bound by the Privacy Act (including the Australian Privacy Principles, and Mandatory Data Breach Notification) which sets out the principles for the appropriate handling of personal information that we collect, use, disclose and store.
We also comply with the Privacy and Confidentiality obligations that are set out under the Code and the BCCC Charter, as they apply to information provided to it by Code subscribers and parties to BCCC investigations.
We are committed to handling all personal information carefully, responsibly and securely ensuring that we manage personal information in an open and transparent way.
Is defined as “information or an opinion that can identify an individual including name, address, email address, date of birth, tax file number or bank account details”.
The personal information we collect and hold
Most of the personal information we collect will be collected directly from the individual and may include their full name, address, telephone numbers, email and date of birth.
We may also collect personal information about the individual that is publicly available – for example, on social media or available from public registers e.g. Australian Securities and Investments Commission (ASIC), Australian Business Register (ABR). We will only collect this information if it is impractical to collect it directly from the individual, or when we’re permitted to do so.
Only with the individual’s permission, we might collect sensitive personal information including health information and nationality.
When we get information we didn’t ask for
Sometimes we may receive personal information that we haven’t asked for. If we think this information is needed, we will keep it securely; otherwise, we will destroy or de-identify it.
Anonymity and pseudonymity
When dealing with us individuals may choose not to identify themselves or want to use a pseudonym, this may prevent us from being able to carry out some or all of the functions for which personal information is required, including investigating an allegation, or where certain personal information has not been provided.
Individuals who contact us by telephone are not always required to disclose their identity.
How we use personal information
We may use personal information for the functions and activities that are concerned with:
- investigating and determining allegations from any individual concerning allegations of code breaches by code subscribing banks
- monitoring banks’ compliance with the Code
- initiating Inquiries into banks’ compliance with the Code
- monitoring aspects of the Code that have been referred by AFCA and the ABA
- complying with legal and regulatory obligations
- if otherwise permitted or required by law, or
- for another purpose, only with the individuals informed consent, unless it has been withdrawn
How we share personal information
We only share personal information as described above with the third parties for the agreed purpose.
We may also share personal information with third parties if permitted or required by law or for any other purpose but then only with the consent of the individual.
Outside of Australia
The personal information of our employees, systems and most of the third parties we share information with are located in Australia, but some of this personal information might be stored in “cloud” solution or otherwise in locations overseas.
We do not disclose personal information overseas to third parties unless we have informed consent from the individual. In all cases we take such steps, as are reasonable in the circumstances, to ensure that the overseas recipient does not breach the Australian Privacy Principles.
Keeping personal information we hold safe
We store minimal personal information– whether on paper or electronically, however we take all reasonable steps to protect the personal information we hold.
When the personal information is no longer required we take necessary steps to either, return the personal information to the individual or destroy, delete or de-identify it.
Your right of access to personal information we hold
Any individual wishing to gain access to personal information about themselves, should write to us (details below) setting out whether you would like access to all or just a particular part of your personal information. We will respond to you within a reasonable time.
In line with our commitment to protect your privacy, we may ask you to verify your request.
You may ask us to delete personal information we hold about you and your organisation and we will take reasonable steps to do so.
Accuracy of personal information
If you think that personal information we hold about you is inaccurate please contact us at email@example.com and we will correct any identified inaccuracies or let you know why we cannot do so.
Complaints and inquiries
If you have a complaint about the way we handle personal information, please contact us and we will respond as soon as possible to resolve the issue. We also welcome any questions and comments you may have about our privacy practices.
Contacting the CCMC
The contact details for these purposes are as follows:
The Chief Executive Officer
Banking Code Compliance Committee
P.O. Box 14240 Melbourne VIC 8001
Telephone: 1800 931 678 (ask for the Code Compliance and Monitoring team)
Changes to this policy
This policy is effective as of 20 August 2019.
Any changes or amendments will apply to all the information we hold at the time of the update. We will post the updated policy on our website and we encourage you to check this page from time to time.