I am pleased to present our latest report on compliance with the Banking Code of Practice (the Code). This report covers breaches reported between January and June 2022.
Significant decrease in self-reported breaches
The good news from the reporting period is the unprecedented 38% decrease in self-reported breaches. The decrease is a great result and indicates the work to improve systems and processes is producing the desired effects.
We heard from banks that there were several factors at play for this decrease. These included:
promoting awareness of Code obligations among staff through focused training
- focusing on the root causes of breaches and resolving underlying issues
- identifying and categorising breaches more accurately
- improving systems and processes following regulatory change.
We note the 20% reduction in breaches of Chapter 5: Protecting confidentiality. This has been consistently one of the most common sources of breaches, and the reduction demonstrates an effort to get on top of the underlying issues.
While the reduction is positive, this remains the Chapter with the highest number of breaches. In a time of increasing concerns about privacy and personal data, this is something that banks need to take seriously.
Quality of submissions
While the downward trend in breaches is positive, we continued to see issues with the quality of the submissions we received.
Banks must report breaches against the right Code obligation and use better descriptions of breaches.
Too often we receive notifications with descriptions that are too broad and overuse internal jargon without further explanation.
On top of this, banks need to ensure that their submissions are complete.
We saw errors in the required sample data which indicate a concerning lack of care in preparing submissions. Banks need to provide data that is free of errors and meets the criteria in the BCCC’s Guidance Note 1 – Breach Identification and Reporting (Guidance Note).
Improving compliance reporting
In implementing the 10 recommendations from the BCCC review that are within our remit, we continue to refine our Compliance Statement and the way we collect data.
Working closely with the Australian Banking Association (ABA) and banks, we plan to complete this work in 2024 and will publish updates on our progress as we go.
Ian Govey AM
Banking Code Compliance Committee