Investigation CX18158
Code obligations 2019 Banking Code of Practice, paragraph 190(a)–(c)
Date finalised 31 January 2024



1. We investigated and found that a bank breached its deceased estate obligations under paragraph 190(a)–(c) of the 2019 Banking Code of Practice (the Code) in a serious and systemic manner.

2. In response to these serious and systemic breaches of the Code, we applied a sanction to formally warn the bank. If similar breaches occur in the future, we may apply another sanction, including publicly naming the bank for non-compliance with the Code.


3. In June 2023, we published our Deceased Estates Report which examined six banks’ compliance with the obligations under Chapter 45 of the Code. As a result of the report’s findings, we opened investigations into three banks, including the bank that is the subject of this investigation CX18158 (the bank).

4. We assessed the bank’s compliance with paragraph 190(a)–(c) of the Code:

Paragraph 190
Once notified of a customer’s death we will:
a. identify any fees that are for products and services that can no longer be provided, or will not be provided to the deceased’s estate;
b. stop charging those fees; and
c. if any fees referred to in paragraph (a) have already been charged since the customer’s death – refund those fees.


5. We wrote to the bank to request information on:

  • The findings of the bank’s internal audit into deceased estate processes.
  • The corrective actions taken to address issues identified in the audit.
  • The bank’s customer remediation efforts.

6. We reviewed the bank’s responses to determine whether it had breached its obligations under paragraph 190(a)–(c) of the Code in a serious and systemic manner.

Issues of concern

7. In June 2022, the bank conducted an internal audit on its deceased estate processes. The audit found both new and already identified issues of concern, specifically that the bank:

  •  did not properly identify all accounts owned by a deceased customer, and
  •  did not properly identify, stop and refund fees for a number of deceased estate accounts.

Bank’s corrective actions

8. The bank addressed the issues above by correcting and improving the automated tools, scripts and analytics used to identify deceased estate accounts, and to stop and refund relevant fees for those accounts.

9. The bank also uplifted weekly and monthly controls to ensure that all customer accounts are updated once a notification of death is received, that fees are appropriately stopped or refunded, and that all fees are refunded when a deceased estate is finalised.

10. These corrective actions were completed by August 2022. The bank then started to identify impacted customers and develop its remediation methodology.

11. In mid-August 2023, the bank started to refund fees to impacted accounts as part of its customer remediation program. Remediation was completed in February 2024.

12. The bank demonstrated that it undertook a range of positive actions to address the cause and impacts of the Code breaches, including:

  • Timely rectification to correct the root causes of the issues, including controls to prevent recurrence.
  • Adopting an approach to remediation that is consistent with the principle in ASIC’s Consumer Remediation Guide (RG 277) to give customers the benefit of the doubt and minimise the risk of under-compensation. It did so by refunding fees it considers it may have been permitted to charge under the Code without further internal investigation.
  • Transparent, proactive and timely communication with us in relation to the Deceased Estates audit findings and this investigation.
  • Demonstrating ongoing commitment to continuously improve deceased estates processes by investing significant funds into a deceased estates transformation project in 2021.


13. After reviewing the information provided by the bank, we found that the bank had breached paragraph 190(a)–(c) of the Code in a serious and systemic manner.

A breach had occurred

14. We found that the bank had breached its obligations under paragraph 190(a)–(c) of the Code by being unable to properly identify all customer accounts associated with a deceased estate, and being unable to ensure that all relevant fees for those accounts were stopped or refunded.

15. The bank acknowledged and self-reported these breaches of the Code to us in its biannual compliance report for the July-December 2022 reporting period.

The breach was systemic

16. The bank confirmed that 2,441 customer accounts were impacted by the above issues. Based on the number of impacted customer accounts, we found that the breaches were systemic in nature.

The breach was serious

17. The bank has refunded fees totalling $124,460.29 to impacted accounts. This amount includes $94,139 of fees that may not represent a breach of the Code but which the bank chose to refund on a ‘customer beneficial’ basis.

18. While acknowledging that the bank has refunded fees to impacted customer accounts, including fees which may have been permitted under the Code, we have also taken into consideration that:

  • While a fee refund may restore customers to their original financial position, it does not necessarily negate any financial stress that may have been caused at the time the error was made.
  • Remediation communication and compensation received after the finalisation of a deceased estate may cause emotional distress to individuals who manage the estate of a friend or relative.
  • The bank began issuing remediation payments in August 2023, almost one year after correcting its systems and processes. While acknowledging the complexity involved, we consider that the bank should have completed customer remediation in a timelier manner.

19. On the basis of the above, we found that the financial and potential non-financial impact to customers is serious in nature.

20. We also consider that the bank’s risk and control frameworks were inadequate to ensure compliance with Code obligations, which contributed to the seriousness of the breaches.



21.Paragraph 214 and 215 of the Code give us the power to apply sanctions to a Code-subscribing bank when we find a serious or systemic breach of the Code.

22. In this instance, we decided to apply a sanction to formally warn the bank in relation to its non-compliance with its deceased estates obligations under paragraph 190(a)–(c) of the Code. Similar instances of non-compliance may result in the application of another sanction in the future.

Good practice guidance

23. When we find non-compliance with the Code, we issue good practice guidance to set out our expectations for how banks should comply with the Code in future.

24. For guidance in relation to this investigation, banks should refer to our Deceased Estates Report, particularly recommendations 1, 2, 3 and 4.


BCCC functions and powers

25. The Banking Code Compliance Committee (BCCC) is an independent compliance monitoring body established under paragraph 207 of the 2019 Banking Code of Practice. Our purpose is to monitor and drive best practice Code compliance.

26. The BCCC’s role, powers and functions are set out paragraph 211, and 214 and 215 of the Code and in the BCCC Charter.

27. The BCCC’s Operating Procedures outline the procedure for conducting investigations, including the process for making a finding and imposing sanctions.

28. The BCCC’s Guidance Note No.1 outlines the factors that the BCCC will consider when determining whether a breach is ‘serious’ or ‘systemic’.