Concerns about an increase in breaches
Banks reported 22,473 breaches for the period – an increase of over 13% compared to 19,766 in the first six months of 2020.
Banks are again reporting that increases in the number of breaches are due to improved monitoring and reporting regimes, although several banks highlighted increased workloads and resource deployments due to the COVID-19 pandemic. The BCCC has previously commented that it has viewed banks’ ongoing efforts to build capability to identify and fix non-compliance as a positive development.
The continued improvement of the banks in detecting Code breaches is commendable, as is their support for customers affected by the pandemic. However, the BCCC is concerned that so many breaches of the Code are occurring. Banks need to increase their focus on preventing breaches.
The current version of the Code has now been in operation since July 2019 and it is important for both customers and the standing of banks in the community that the number of breaches starts to decrease.
We are aware of some positive indications that banks are taking actions in this regard.
As part of our feedback process, BCCC staff regularly meet with individual banks for detailed discussions around the banks’ compliance data.
At recent meetings, two banks shared examples of where they had examined a particular set of breaches highlighted by us in previous reports, determined the causes, fixed their processes, and eliminated breaches of that nature.
One major bank has indicated that its monitoring and reporting systems have matured over time, and that it may have reached a tipping point where, as it concentrates on improving Code compliance, the number of breaches will start to decrease after years of regular increases.
We look forward to seeing further examples when banks next report on their breach data in September 2021.
Impact of COVID-19 on banks’ compliance
As with our previous report, published in April 2021, COVID-19 and its impact on banks and their customers remains a focus for the BCCC. We acknowledge the challenges caused by COVID-19, and while banks breach data does indicate it has had an impact on their compliance with the Code, we also received positive feedback from our Small and Agribusiness Advisory Panel about banks’ dealings with small businesses experiencing pandemic-induced hardship during 2020.
In 2021, the Australian Banking Association (ABA) obtained the Australian Securities and Investments Commission’s (ASIC) approval to amend the Code in light of concerns that COVID-19 may affect banks internal resources and capacity. The amendments, which came into effect in July 2021, provide some exemptions from strict timing requirements for communications under the Code.
The BCCC required banks to provide information about instances that would have constituted breaches of the timing requirements under the Code but for these exemptions. Nine banks reported 4,651 incidents which may have constituted breaches if not for the exemptions.
Improving data reporting
The BCCC is continuing to engage with the ABA and banks about ways to streamline reporting requirements and the development of additional guidance to improve the consistency and quality of banks breach data.
We will provide further updates about this work in our next compliance report.
Ian Govey AM
Banking Code Compliance Committee
Download the full report to read more.