COBCCC Annual Report 2021-22

The Customer Owned Banking Code Compliance Committee (COBCCC) has released its latest Annual Report, reporting on its activities during 2021-22.

The report notes that self-reported breaches by customer owned banking institutions for the 2020-21 reporting period decreased 11% on the previous year – the first decrease in six years.  More than 568,000 customers were affected by the breaches, with a total financial impact exceeding $9 million.

“While the decrease in reported breaches may suggest better processes and systems in some customer owned banking institutions, we remain concerned about the institutions that reported no breaches in the last financial year.”

“Reporting no breaches may appear a great result, but it is more likely that it indicates deficiencies in detection or reporting systems and processes,” the Chair of the COBCCC, Ms Jocelyn Furlan, said.

The Annual Report notes the most self-reported breached provisions of the Code related to privacy, customer service, and legal and industry obligations. Privacy issues accounted for one in three self-reported breaches.

“The self-reported breaches we saw covered a range of areas and affected a significant number of customers. And we recognise that despite the overall decrease in self-reported breaches, there is still much to improve,” Ms Furlan said.

The Report notes customer-owned banking institutions did not specify short-term remedial actions for one-quarter of breaches, or long-term remedial action for three-quarters of all self-reported breaches.

“While it is important to focus on reporting breaches, we also need to emphasise that there needs to be remedial action when breaches are identified. This is crucial for customers and demonstrates a commitment to improve practices and prevent the breach from recurring”, Ms Furlan said.

During the year the COBCCC published a Learning by Example report, providing recommendations for subscribers on improving processes.

The COBCCC’s own motion inquiry (OMI) into how customer-owned banking institutions deal with customers experiencing vulnerability and family violence and elder abuse also featured in the Annual Report.

It looked at the frameworks and processes subscribers have in place to deal with these issues and how prepared they are to meet the vulnerability obligations included in the new version of the Code from 31 October 2022.

“Customer owned banking institutions need to have appropriate ways to work with vulnerable customers, especially people experiencing family violence or elder abuse,” Ms Furlan said.

“It was pleasing to see that most subscribers had made efforts to meet the provisions in the new Code, but we note that they can do more.”

“The new Code comes into effect at the end of October this year and customer-owned banking institutions will need to be fully prepared to comply with the provisions for vulnerable customers.”

The COBCCC’s work on vulnerability will remain an important part of its monitoring framework in 2022-23. The OMI Report into Vulnerability is available on its website.

View the Code of Practice and the COBCCC’s Annual Report on the COBCCC website.