- We reviewed submissions made to the Royal Commission and sought insight from community legal centres on guarantor issues and outcomes.
- We collected and analysed qualitative and quantitative data from the 13 banks that subscribed to the Code when the Inquiry commenced, including their written policies and processes.
- We reviewed four banks’ performance audit results to assess their operational compliance with the Code’s guarantee obligations.
- In 2018, approximately $500 billion worth of consumer and small business credit was supported by guarantees – see Page 16 of the report.
- While banks had adequate written policies and processes, we were concerned to find that banks
frequently failed to comply with the Code’s guarantee obligations in practice – see key findings below.
- Banks must improve practices to meet the BCCC’s expectations for compliance with the current Banking Code – see recommendations for improved practice below.
For the first time in a BCCC Inquiry, a sub-set of banks conducted performance audits which identified non-compliance with several important Code provisions, including pre-guarantee disclosure obligations. Equally concerning, audits found numerous instances where banks could not demonstrate compliance.
The Inquiry found that while banks had adequate written policies and processes to comply, banks:
- lacked effective record management practices
- conducted inadequate or ineffective monitoring of compliance controls
- dealt with non-compliant guarantees on a case-by-case basis and too heavily relied on legal advice when considering whether to enforce a non-compliant guarantee
- lacked guarantee-related data capability.
The BCCC is concerned about failures to consistently provide full disclosure of key information to guarantors – an issue closely linked to banks’ poor record keeping practices and the challenges associated with disparate systems, business units and subsidiary brands.
The Code obligations are a crucial safeguard to ensure guarantors understand the risks involved when providing a guarantee. With more than $500 billion of credit supported by guarantees in 2018, it is essential that banks strictly comply with the Code’s guarantee provisions.
Banks are also at risk if they fail to comply with the Code. The report highlights that the Australian Financial Complaints Authority (AFCA), which can consider complaints from guarantors, may decide that the bank cannot rely on the guarantee if it finds it did not meet its Code obligations to the guarantor.
The BCCC has made 23 recommendations for improved industry practice across the guarantee provisions.
The BCCC has serious concerns about guarantee practices and expects banks to take immediate action.
1) Frequent failure to comply with Code obligations before taking a guarantee
Banks frequently failed to comply with their pre-guarantee Code obligations based on the breach data, BCCC investigations and the audit results. This includes the requirements to provide key disclosure information to prospective guarantors before accepting a guarantee and banks’ arrangements for a guarantee to be signed in an appropriate environment.
The audits also identified instances where the bank could not evidence compliance on individual guarantor files. This was largely linked to poor record management practices.
These failures mean that a prospective guarantor may not receive adequate information to understand the risks and make an informed decision about giving a guarantee.
2) Banks lacked effective record management practices
The leading reason audited banks could not demonstrate compliance with the pre-guarantee obligations was because of poor record keeping controls. For example, some banks could not show that key information was given to a prospective guarantor before accepting the guarantee, or that the guarantee was executed in the absence of the primary borrower.
Community legal centres highlighted record keeping as a key issue when requesting guarantee documents on behalf of clients – citing instances where key documents had not been retained or had been lost.
If these audit results are representative of broader industry practice, then there is a risk that banks will be unable to demonstrate compliance with their guarantee obligations either during bank or BCCC monitoring activities, or to the guarantor in the event of a dispute or a complaint.
3) Banks’ monitoring of compliance controls was inadequate or ineffective
All audited banks found control gaps in their guarantee process which were not previously detected by their routine monitoring activities. For example, one bank’s audit found control gaps relating to both pre-existing controls to comply with the 2013 version of the Code and newly developed controls to comply with the current Banking Code.
Again, if the audit results are representative of industry practice, the risk that guarantee compliance is not being adequately monitored or that compliance gaps are not being detected is of serious concern. Banks must test the effectiveness of monitoring and controls to comply with the current Banking Code even where improvements have been made.
4) Banks dealt with non-compliant guarantees on a case-by-case basis and relied too heavily on legal advice
When banks become aware that they have not complied with the Code when obtaining a guarantee, they consider what actions to take on a case-by-case basis. Most banks assessed the materiality of the Code breach when deciding on their approach. They relied too heavily on their solicitors for legal advice on the validity and enforceability of a guarantee.
While it is appropriate for the bank to obtain legal advice, it is also important that banks avoid an overly legalistic approach. Banks’ treatment of non-compliant guarantees must take into account the Guiding Principles that underpin the Code and banks’ obligations under clause 10 to engage with guarantors in a fair, reasonable and ethical manner.
Banks did not provide details about when or how they communicate non-compliance to impacted customers and guarantors.
5) Banks lacked guarantee-related data capability
Banks confirmed that they had difficulty providing requested data about guarantees. Banks store guarantee data in a variety of ways, including as paper files in branches or storage facilities, in individual customer files and have different systems for subsidiary brands and business units. Collecting guarantee data for the BCCC was a largely manual process.
Some banks could not distinguish between consumer and small business loan guarantees. The majority of banks do not have readily available data about guarantee outcomes, such as the number of guarantees enforced by the bank for any given period.
A lack of guarantee-related data such as the types of guarantees held and the outcomes experienced by guarantors will impact banks’ ability to pro-actively identify trends and compliance risks and make continuous improvements to their guarantee process.
Recommendations for improved practice
The report contains 23 recommendations for improved practice, including practical examples to illustrate these recommendations.
1. Banks should review relevant processes and training to ensure staff are adequately supported to distinguish between different types of guarantors and when the Code’s guarantee liability limit applies.
2. Relevant staff should make a prospective guarantor aware if the transaction is covered by the Code and where they can get further information.
For example, raising awareness of this during initial guarantor interviews.
3. Banks should periodically review deed of guarantee templates to ensure they meet the requirements of the Code.
4. Where possible, banks should meet face-to-face with the prospective guarantor to highlight the matters disclosed in the terms and conditions under clause 96 of the Code.
5. Update policies and processes to require staff to consider the prospective guarantor’s unique circumstances when delivering key disclosures, particularly if they show signs that they may need extra help to understand the nature and effect of the guarantee.
For example, for a prospective guarantor who does not speak English as a first language, lending staff should engage an interpreter to ensure they receive real time explanation of the disclosures and are given an opportunity to ask the lender questions in the absence of the borrower.
6. Processes, systems and technology should enhance staff capability to:
a) identify vulnerable guarantors who may require additional support to understand the guarantee information provided.
b) tailor their approach to disclosing the matters contained in clause 96 of the Code in a meaningful and accessible way to suit the individual.
c) keep contemporaneous records about any indicators identified and any additional care taken to give the pre-contractual disclosures.
For example, some banks described adopting a standard guarantor conversation template that can be used to document all interactions with the guarantor, including internal lender notes. A single source of record keeping with respect to the guarantor can be useful in the event of a dispute or compliance review.
7. Banks should include clear guidance in processes to help staff to locate, retrieve and store guarantee disclosure information, particularly where the bank has disparate systems, business units and subsidiary brands.
8. Banks should build the requirements of clauses 97 and 99 of the Code into the design of their processes and systems to help staff to comply.
For example, update systems to automate the creation of guarantor disclosure documents to reduce the reliance on manual processes or develop staff checklists with required communication and documents to be given to a prospective guarantor.
9. Staff training should educate staff about the essential role they play to ensure a prospective guarantor is given all key information to understand the risks, to help to protect their interests and to make an informed decision.
For example, use case studies in lenders training to illustrate the long-term harm that can occur when a bank fails to ensure the guarantor is making an informed decision.
10. Banks should capture a director guarantor’s request to receive or waive their right to receive the documents listed in clauses 96-99 of the Code.
For example, one bank developed a system control that prompts a guarantor information pack election form that requires the director guarantor to ‘Opt in or Opt out’ of receiving disclosure documents. On receipt of this form, the information is included in the guarantor information pack. The form is retained for internal records.
11. Banks should strengthen record management requirements in pre-guarantee processes and procedures to ensure that evidence always exists on the file to demonstrate compliance.
12. Banks should audit compliance with the current Code’s guarantee obligations. Audit samples should include guarantees obtained since 1 July 2019. Audits should include an assessment of the controls in place to ensure compliance with the Code’s guarantee obligations.
13. Banks should review the robustness of guarantee-related Quality Assurance processes to ensure that they effectively identify, record and report Code breaches for investigation.
Signing a guarantee
14. Banks should assess how they monitor compliance with the guarantee execution obligations and make improvements where gaps are identified. This includes where banks are reliant on their solicitors to arrange for the guarantee to be executed.
15. Bank staff should keep accurate records of the circumstances in which the guarantee is executed to demonstrate compliance.
For example, one bank reported that it has a branch manager complete a witness statement that attests the guarantee was signed in the absence of the borrower. This record is kept on the guarantor file which allows the bank to demonstrate compliance in the event of a review or dispute.
16. Banks should develop guidance to support lending staff who detect signs that the prospective guarantor may be at risk of financial abuse, including during the signing of the guarantee.
For example, if there are concerns that a prospective guarantor appears to be uncertain or showing signs of potential financial abuse or any other vulnerable circumstances – lenders should be empowered to delay, escalate and address these concerns before the guarantee is executed.
During the guarantee
17. Processes should clearly articulate how staff should handle guarantor requests to limit liability, including record keeping.
For example, create a standard guarantor record template to keep an itemised record of all guarantor requests. Staff should be required to apply the notes directly into the customer file/system, updating inputs and detailing the request and its outcome.
Enforcement of a guarantee
18. Banks should conduct pre-enforcement reviews of a guarantee to ensure that it has been obtained in accordance with the Code before commencing enforcement action.
19. Banks should develop guidance to help staff to negotiate alternative debt recovery options with the primary borrower before enforcing a guarantee – to embed a culture where enforcement is a last resort.
20. Enforcement of a guarantee should require the oversight and authorisation of a senior level executive of the bank, especially if enforcement involves repossession of the guarantor’s primary place of residence.
21. Banks should develop an escalation process to ensure its non-compliance is dealt with appropriately and proactively – before a guarantor makes a complaint, or the bank commences enforcement action.
22. Where a bank becomes aware of a non-compliant guarantee or where it cannot demonstrate compliance for an individual guarantee, it should:
a) deal with the impacted guarantee/guarantor in accordance with clause 10 and the Guiding Principles that underpin the Code
b) proactively determine if the guarantee is unenforceable and take appropriate action to rectify and remediate impacted customers and guarantors
c) ensure that customer and guarantor impact assessments consider the risk of current and future financial and non-financial loss because of the bank’s non-compliance, and
d) communicate with impacted customers and guarantors in a clear and timely manner – including providing them with information about how to lodge a complaint with the bank or AFCA.
23. Banks should strengthen their data capability by collecting guarantor outcome data, such as enforcement and complaints data, to gain insights into guarantee trends, compliance risks and customer outcomes for continuous improvement across the guarantee process.
Banks should carefully consider the BCCC’s report and 23 recommendations against their current capabilities and practices, and develop an implementation plan to close any gaps. We also encourage banks to consider the recommendations in the BCCC’s Building Organisational Capability Report when developing these plans. The BCCC expects that banks will report to their relevant Board audit and risk committees with updates about the bank’s implementation plan and progress to improve compliance with the Code.
We will follow up with banks on the actions they have taken to address the findings and recommendations in this report to improve the outcomes for guarantors and customers in March 2022.
1 Clause 31 of the 2013 Code of Banking Practice.