In March 2021, the Banking Code Compliance Committee (BCCC) conducted a mystery shopping exercise into subscribing banks’ (banks) compliance with their obligation under the Banking Code of Practice (the Code) to cancel direct debits on request.

Overall, the results showed an improvement on previous BCCC mystery shopping exercises, with 71% of interactions indicating a bank would comply. In November 2018, the industry compliance rate was 44%.

pie chart showing 71% in grey (compliant) and 29% in dark orange (non-compliant) pie chart showing 71% in grey (compliant) and 29% in dark orange (non-compliant)

While increases in some bank’s individual compliance rates are a positive development, when compared to historically low rates a result of only 71% is still a significant cause for concern.

The BCCC acknowledges the actions taken by several banks to improve their compliance performance. However, there is some way to go for individual banks and the industry as a whole to meet the BCCC’s expectations.

All banks should consider the additional steps they can take to ensure compliance with the direct debits’ obligations. This report highlights good practice initiatives and recommendations that have been adopted by some banks.

The direct debit obligation and why it is important

What is a direct debit?

When a customer sets up a direct debit, they allow a merchant or service provider to withdraw money from the customer’s transaction account into a merchant’s account at set times. For example, to pay bills or make repayments. These payments are processed through the Bulk Electronic Clearing System (BECS), a framework administered by the Australian Payments Network.

A direct debit is different to a recurring payment. The direct debit obligations in the Code apply only to payments set up using a BSB and account number. They do not apply to recurring payments from a debit or credit card.

The direct debit obligation

Under Chapter 34 of the Code, banks must promptly process a customer’s request to cancel a direct debit. The bank must not ask or suggest that the customer first raise the cancellation request with the merchant. However, the bank can suggest that the customer also contact the merchant or service provider to inform them that the direct debit has been cancelled.

This protection also appeared in previous versions of the Code.

Why is it important?

The direct debit obligation in the Code is important because it gives customers control over their finances. This is particularly important for customers who are experiencing financial difficulty.

It is also important that customers can approach the bank to cancel their direct debits as some customers, including those experiencing vulnerability or accessibility issues, may find it difficult or may not be able to contact the merchant that is debiting the account.

Mystery shopping results

History of poor compliance

The BCCC and its predecessor committee, the Code Compliance Monitoring Committee (CCMC), have been monitoring banks’ compliance with the direct debit obligations since 2008. The CCMC published three reports (in 2009, 2012 and 2017) which all made recommendations for how banks could improve their rates of compliance with these obligations.

In 2008, only 20% of contacts with bank staff members were considered to be indicative of compliant conduct. In 2010, this figure had risen to 36%. In 2011, it had dropped to 33%. In 2017, 46% of contacts were considered compliant. In March 2018, compliance was at 56%.

The CCMC undertook further mystery shopping in November 2018, with the results – a compliance rate of 44% – published in the BCCC’s 2018-19 Annual Report. Due to this decrease in compliance, some banks were required to develop and implement a remediation plan within six months to improve rates of compliance with the direct debit obligations. The BCCC committed to further direct debits’ monitoring to test whether banks’ efforts to improve Code compliance had been successful. A mystery shopping exercise was originally scheduled for 2020, but was deferred due to the COVID-19 pandemic.

2021 mystery shopping results

The BCCC undertook the mystery shopping exercise in March 2021. Across 378 mystery shopping surveys, 269 responses were deemed to be compliant and 109 were non-compliant – for an overall compliance rate of 71%. The compliance rate was consistent for both branches and call centres. Chart 1 provides a breakdown of how this compares with previous results.

chart showing compliance rates for the industry as a whole since 2008. In 2008 20% were compliant, in 2010 36%, 2011 33%, 2017 46%, February 2018 56%, November 2018 44% and in 2021 71%. chart showing compliance rates for the industry as a whole since 2008. In 2008 20% were compliant, in 2010 36%, 2011 33%, 2017 46%, February 2018 56%, November 2018 44% and in 2021 71%.

Table 1 below provides further details of how well each bank performed in the mystery shopping exercise.

table showing the percenatge of compliant responses from each of the 19 code subscribing banks. The banks are listed as Bank A, Bank B etc. The table also shows the sample size for each bank. The total sample size was 378 and 71% were compliant. table showing the percenatge of compliant responses from each of the 19 code subscribing banks. The banks are listed as Bank A, Bank B etc. The table also shows the sample size for each bank. The total sample size was 378 and 71% were compliant.

Further information about the BCCC’s mystery shopping exercise can be found in Appendix 1 of the full report.

Best practice compliant responses

The better responses from staff members stated that a bank could cancel a direct debit, and then went on to explain the difference between a direct debit and recurring payment – noting that the bank could not cancel recurring payments. Good practice responses also tended to notice that the desire to cancel a direct debit to ‘ease some of the pressure’ may be indicative of some kind of financial hardship and offered referrals to the bank’s hardship team.

Recurring responses indicative of non-compliance

The most common response indicative of non-compliance on behalf of the bank was the staff member stating that the direct debit should be cancelled with the merchant.

The second common response indicative of non-compliance was the staff member stating that the bank could cancel a direct debit but that the customer should contact the merchant first.

The third most recurring response was that the bank could cancel a direct debit, but it was better (or easier or faster) to cancel it via the merchant. Chapter 34 of the Code does not permit a bank to suggest to the customer that it is better or easier for them to contact the merchant because the effect is likely the same as suggesting they should contact the merchant first.

The data collected throughout this mystery shop also suggests that some bank staff members still do not understand the nuance between a direct debit and a recurring payment. If bank staff members do not understand the difference, then it is likely that customers be cancelled may also believe that a recurring payment is a direct debit, when that is not the case.

Further, some staff members’ responses suggested that direct debits set up by the bank for payments such as mortgage repayments could , but those ‘set up’ by a merchant or third-party service provider could not be cancelled.

The wording in Chapter 34 clearly envisions a scenario where the customer has a direct debit with a third-party service provider or merchant, and not just with the bank. The failure of staff to understand that the bank has a clear obligation to cancel direct debits with a merchant after the customer requests it, is clearly indicative of non-compliance with the Code.

Website information

In the CCMC’s 2017 report, the first recommendation to banks was that they should add clear, simple customer guidance on direct debit cancellation on their websites.

A review of the information available on bank websites shows that the information available varies in quality. Three subscribing banks appear to have little or no information available about direct debits, or their cancellation. If this information is available on these banks’ websites, the BCCC has been unable to locate it.

National Australia Bank (NAB) has very useful information about the cancellation of direct debits available on its website – see also Appendix 2 in the full report.

This website includes:

  • an explanation of the difference between a direct debit and a recurring payment
  • the steps required to cancel the direct debit with the bank, such as what information is required
  • a statement that direct debits can be cancelled online, in the branch, or over the phone, and
  • an explanation that the cancellation of a direct debit does not cancel the obligations a customer may have to a merchant.

The BCCC believes the information available on NAB’s website is a good example of the sort of information that should be available on all banks’ websites for customers.

If branch or contact centre staff do not know the answer to a query regarding direct debits, the BCCC is of the view that the staff member should have easy access to the correct information – either by an internal information system or by quickly searching the bank’s own website.

In the example NAB’s website, if a staff member was unclear of the correct answer to a query about the cancellation of direct debits, should the staff member view the website, the correct information would be readily available to them.

Good industry practice for improving compliance

In 2017, the CCMC made seven recommendations about what banks could do to improve their rates of compliance with direct debit obligations. The recommendations focused on:

  • improvements to guidance on websites
  • staff training and communications, and
  • banks’ monitoring activities, including mystery shopping activities.

After the previous mystery shopping exercises, the BCCC asked certain banks to report on what actions they would take to improve their rates of compliance. The BCCC considers the following actions taken by some banks are examples of good industry practice and are likely to lead to improved compliance.

Internet banking

  • Implement functionality to allow customers to cancel direct debits online.

Website development

  • Update existing direct debit cancellation forms to increase user accessibility.
  • Enhance search functions about direct debits and recurring payments.
  • Publish customer guidance about the difference between a direct debit and recurring payments.
  • Upload a direct debit guide to provide customers with information about direct debit cancellations and requests for direct debit lists.

Communication to Staff

  • Update existing induction training programs to include instructions for the handling of direct debits.
  • Send quarterly reminders to contact centre staff to reinforce the correct process for cancelling direct debits.
  • Incorporate a message in the bank’s internal newsletter to emphasise the process for cancellation of direct debits.
  • Provide all staff with an easy to follow “suggested customer conversation” for requests to cancel a direct debit.


  • Conduct compulsory team ‘huddles’ on a monthly basis. These team huddles periodically address:
    • direct debit requests and how to cancel them, and
    • role play of scenarios of financial difficulty and direct debit cancellation requests.
  • Assess risk training requirements quarterly.
  • Conduct role-play scenarios for staff to familiarise themselves with the Code’s direct debit obligations.
  • Track staff members involvement in direct debits training through the bank’s learning and development team.

Mystery shopping

  • Perform mystery shopping calls every month.
  • Conduct a knowledge test of two team members within a branch every month.

Complaints Monitoring / Quality Assurance

  • Use speech analytics tools to identify and monitor calls where a customer has requested to cancel a direct debit.
  • Conduct Quality Assurance on targeted direct debit calls.

Other Initiatives and Monitoring

  • Centralise all direct debit cancellation requests to a specialised team. Each team member has a sample of calls reviewed monthly to ensure they are meeting the requirements of the Code’s direct debit obligations.
  • Conduct regular monthly meetings to review the bank’s progress and implementation of its action plan.

Other observations

Identifying financial difficulty

The scenario described by the mystery shopper hinted at the customer experiencing financial difficulty. For example, a suggestion that the customer was ‘under pressure’ or ‘struggling’ to pay their bills. It is the BCCC’s view that a customer wishing to cancel their direct debits may be indicative of a customer experiencing financial difficulty.

The BCCC is concerned that in 61% of interactions, staff members did not appear to recognise that the customer may be experiencing financial difficulty. In 39% of interactions, financial difficulty was mentioned by the staff member and/or further information was provided about how the bank may assist.


The mystery shopping involved asking questions on behalf of a family member. A number of staff members were concerned about protecting the privacy of their customers and stated that they could not provide information about a customer’s account. Staff members who went further and did not provide any information about the cancellation of direct debits were excluded from the overall results on the basis that it was not possible to determine if the response was compliant or non-compliant as the issue was not addressed.

Power of Attorney/Representatives

Many staff members in their responses (both compliant and non-compliant) offered information about how the customer could appoint a representative to act on their behalf, suggesting that staff members were alive to the possibility that they were dealing with a customer experiencing vulnerability.

On the phone/in the branch

In the mystery shopping exercise, the focus was on whether the staff member said the bank could or could not cancel the direct debit. Many of the responses however suggested that the direct debit could be cancelled in a certain way only – only over the phone, or only in the branch. As this was not the focus of this mystery shop, the BCCC did not determine that these responses were non-compliant. However, it is the BCCC’s view that banks should assist customers at the point of contact without placing further barriers in their way to cancel direct debits.

Next steps

The BCCC will be writing to all banks and providing their individual results and feedback.

Banks whose results could be improved should refer to the recommendations and good practice initiatives listed in this report and take appropriate action.

The BCCC will follow up with banks about the actions they have taken to improve compliance and continue to periodically monitor banks’ compliance with the direct debits obligations.

We will also be working with the ABA to develop a forum where banks can share knowledge on how they have improved their practices.

Full report and appendices

Download the full report (including appendices) – BCCC compliance update: cancellation of direct debits (1.3MB, PDF) September 2021 – to read more.