Executive Summary

The Banking Code Compliance Committee (BCCC) conducted an inquiry between July and October 2019 into Code subscribing banks’ (banks) transition to the new 2019 Banking Code of Practice (the Code) to confirm whether banks have taken appropriate steps to ensure compliance with the Code. The inquiry is a holistic review of banks’ transition to the Code. This Report provides a high level review of banks’ approach, identifies good practice and makes recommendations for consideration by banks in light of that review. It does not provide a detailed examination of compliance with every Code obligation.

The 19 banks (detailed in Table 1) that subscribe to the Code were required to provide the BCCC with information about the steps they had taken to transition to meet the requirements of the Code.

Table 1. List of Code subscribing banks

Existing Code subscribers

AMP Bank Limited
Australia and New Zealand Banking Group Limited
Bank of Queensland Limited
Bank of Sydney Limited
Bendigo and Adelaide Bank Limited
Citigroup Pty Limited
Commonwealth Bank of Australia
HSBC Bank Australia Limited
ING Bank (Australia) Limited
National Australia Bank Limited
Rabobank Australia Limited
Suncorp Metway Limited
Westpac Banking Corporation

New Code subscribers

Arab Bank Australia Limited
Bank Australia Limited
Bank of China
Macquarie Bank Limited
Members Equity Bank Limited (ME Bank)
MyState Bank Limited

Key observations

Transition to the Code was a major project for all banks leading up to 1 July 2019. Through the information provided during the course of this inquiry, banks demonstrated that they had dedicated significant resources to plan and execute their Code transition projects. Bank-wide efforts were required to deliver transition projects that covered all relevant business units, distribution channels, systems, training materials, and internal culture to support ongoing compliance with the Code.

Those efforts appear to have resulted in banks addressing many or most issues that would be expected for a successful transition. However, the BCCC has significant concerns about compliance in a number of key areas across the industry, and some specific concerns in relation to individual banks. Banks will need to continue their efforts to meet the BCCC’s expectations and the higher standards required under the Code.

To support the work required to be undertaken by banks, this Report includes a number of specific recommendations and examples of good practice that all banks should review and implement, where appropriate. The BCCC will conduct one on one meetings with individual banks during which we will raise issues specific to that bank.

Executive oversight

The BCCC has consistently communicated to all banks the importance of the Code being embedded within risk management frameworks and for senior executives and members of the Board to have oversight of compliance. The BCCC expects executive level staff to take an active and leading role in embedding the spirit of the Code.

All 19 banks have nominated an executive who will take responsibility for compliance with the Code within their organisation.

The BCCC expects that, even beyond transition, all banks should ensure that the spirit and awareness of Code obligations is embedded at all levels of the bank. Banks should continue to report to executives and the Board to ensure appropriate oversight of compliance with the Code is maintained.

Staff training and key performance metrics

Banks’ responses to this inquiry indicate that they consider staff training to be key to ensuring the Code is embedded within the bank’s culture, particularly in regard to the new vulnerability, inclusivity and accessibility obligations.

The BCCC acknowledges that significant investment has been made to upskill staff to competently comply with the Code and banks’ approaches to Code training will vary. While some banks collaborated with external training providers, others deployed the Code training modules developed by the Australian Banking Association, or otherwise designed their own tailored Code training.

While the BCCC has not reviewed banks’ training materials, it found that banks’ responses to our inquiries did not state whether customer facing staff are trained to identify and report a possible breach of the Code. The BCCC expects a positive customer focused culture to be supported through training and considers that customer-facing staff are well positioned to identify and escalate a possible breach of the Code.

Banks should ensure that staff training programs adequately raise staff awareness and competency to identify and report a possible breach of the Code internally. The training programs should promote the importance of a positive customer focused culture that promotes compliance with the Code.

The BCCC found that banks responses did not confirm whether Code training is delivered to external third parties, such as brokers, and offshore customer-facing staff.

Banks must ensure that communications and training about the Code are delivered to all staff, including any external third parties through whom they provide their services and offshore staff. This will enable banks to set expectations of what is required to comply with the Code and how the bank will monitor and report on their compliance. 

The BCCC considers meaningful cultural change will stem from how banks measure the performance of their staff, including the value they assign to good customer outcomes.

11 out of 19 banks confirmed that they had made changes to their key performance indicators (KPIs) in pursuit of a ‘balanced scorecard’. Those banks that did not report that changes to KPIs had been implemented are strongly encouraged to consider the effectiveness of the measures they have in place to deliver and build the right culture to support Code compliance.

Banks should review and develop KPIs that ensure staff performance metrics promote behaviours that prioritise good customer outcomes and reflect the Guiding Principles and spirit of the Code.

Inclusivity and accessibility

Banks are required to provide inclusive and accessible services for their customers. This includes older customers, people with a disability, indigenous Australians and those in remote areas.

Staff competency is instrumental in ensuring banks comply with the obligations under Chapter 13. Chapter 13 has two explicit training requirements – to treat customers with sensitivity, respect and compassion (clause 33) and to provide cultural awareness training to staff who assist customers in remote Indigenous communities (clause 37).

9 out of 19 banks confirmed they provided staff with both sensitivity and cultural awareness training. In some cases, this training has been combined with training on the obligations to assist customers in vulnerable circumstances. Eight banks did not provide details of any training provided to ensure staff are equipped to competently comply with Chapter 13. The BCCC is concerned by this outcome and will seek further information from these banks.

Some new subscribers noted the accessibility of the branches without reference to the accessibility of products and services. Branch accessibility is an important way to enhance access for customers, but it is not enough to demonstrate compliance with Code. The Report includes some good practice initiatives taken by banks to comply.

Banks should continue developing initiatives to improve products and services that are inclusive and accessible to all groups of customers.  Bespoke initiatives are important to challenge old ways of working and using external partners may provide useful expertise.

Banks should adopt a broad interpretation of inclusive and accessible products and services.

Many banks did not provide an adequate response to questions about how they would monitor compliance with the accessibility obligations. Banks focused on one or two elements of the Code provisions without offering a comprehensive overview of how they will comply and monitor compliance across the various clauses of Chapter 13.

Banks should ensure they train staff to comply with the obligations of Chapter 13 of the Code and have comprehensive plans for how they will monitor compliance.


The Code introduced important new obligations requiring banks to take extra care with customers experiencing vulnerable circumstances.

The BCCC found that banks have made significant efforts to empower staff to provide extra care but there is a lot more work to be done. Most banks acknowledged this in their responses.

11 out of 19 banks explicitly stated that they had either developed new policies, improved existing policies or created specific customer guidelines to support staff who deal with vulnerable customers. The BCCC is concerned about the ability of the remaining banks to support their staff and comply with these aspects of the Code and will seek further information from them.

13 out of 19 banks confirmed they have designed and rolled out vulnerability training to staff. Only one bank reported that training is also delivered to its broker channel and tailored for its offshore staff. Three banks did not refer to vulnerability training in their response at all.

The BCCC expects all banks to ensure they have developed specific vulnerability policies, processes, training and resources to support compliance with Chapter 14. Training should be delivered to all customer facing staff on an ongoing basis.

The BCCC intends to conduct further inquiries about banks’ efforts to take extra care with customers experiencing vulnerability. Banks will be required to provide the BCCC with additional information to demonstrate how they have embedded the commitments into policies, training and the broader culture of the bank to comply across all customer facing channels and product development.

Small business and farming customers

The BCCC required banks to explain how they will apply the Code’s small business definition. Eleven banks told the BCCC they intend to apply a broader definition to small business customers than that prescribed in the Code.

The BCCC is concerned that 2 of the 11 banks adopting a broader definition of small business, have reserved the right to contend that the Code does not apply to the relevant customer in the event of a BCCC investigation. The BCCC finds this unacceptable and expects that the Code’s small business obligations, if broadly applied by a bank, should continue to apply for the purposes of any BCCC inquiry or investigation.

Where a bank has chosen to adopt a broader small business definition, it should not later assert the relevant Code obligations do not apply.

Two of the big four banks provided information about how they will report small business data to the BCCC. One of them has indicated it will report to the BCCC in line with the Code requirements, and the other has stated that it will report small business data on a best endeavours basis.

In early 2020, the BCCC plans to scope and undertake a targeted monitoring activity into compliance with the small business obligations of the Code.

Without exception, banks must develop capabilities for reporting small business data to the BCCC. Banks need to provide consistent reporting to allow for benchmarking and year on year comparisons.

Post Implementation Reviews and ongoing Code monitoring

18 out of 19 banks plan to assess the effectiveness of their Code transition projects over the next 6 to 12 months targeting areas specific to that bank. The BCCC will require banks to provide updates on the outcomes of these reviews in due course.

Banks should consider conducting a gap analysis for their post implementation reviews on areas where the bank has identified deficiencies or otherwise implemented short-term compliance solutions. Banks should test short-term fixes that were implemented to address compliance and confirm if these are effective, or otherwise evaluate the adequacy of plans for implementing replacement solutions (including scope and timeframes).

Some responses did not provide an appropriate level of detail about their compliance monitoring frameworks for the BCCC to form a view about whether they are positioned to adequately monitor Code obligations.

Banks’ compliance frameworks may not currently be mature enough to comprehensively monitor Code compliance from 1 July 2019 to the BCCC’s satisfaction. Banks’ responses often indicated that they would be continuing to amend their controls and compliance frameworks post 1 July 2019, particularly for small business, vulnerability and financial difficulty obligations.

This raises a concern that non-compliance may go undetected in the interim and remain that way until banks have improved their Code monitoring controls.

Banks’ compliance monitoring frameworks should be mapped to explicitly reference all Code provisions.

The BCCC expects transition work to be ongoing, and that key initiatives and projects will extend well beyond 1 July 2019. The BCCC will continually engage with banks, particularly around vulnerability, small business and staff capability, to understand how they support Code compliance and ensure that non-compliance is identified, investigated, recorded and reported in a timely manner.


Download a copy of the full report – BCCC Inquiry: Banks’ transition to the 2019 Banking Code of Practice (717 KB, PDF)