08.06.2017
Recommendation 9–1 The Code of Banking Practice should provide that banks will take reasonable steps to prevent the financial abuse of vulnerable customers, in accordance with the industry guideline, Protecting Vulnerable Customers from Potential Financial Abuse.
The guideline should set out examples of such reasonable steps, including in relation to:
(a) training staff to detect and appropriately respond to abuse;
(b) using software and other means to identify suspicious transactions;
(c) reporting abuse to the relevant authorities, when appropriate;
(d) guaranteeing mortgages and other loans; and
(e) measures to check that ‘Authority to Operate’ forms are not obtained fraudulently and that customers understand the risks of these arrangements.
9.16 Banks are often in a good position to detect financial elder abuse and protect their at-risk customers. National Seniors Australia said that employees of financial institutions ‘may be in the best, and sometimes the only, position to recognise financial exploitation as it occurs’.[13] The Australian Bankers’ Association (ABA) submitted that banks can ‘play an important role in recognising potential financial abuse’.[14] For some, banks are not only in a good position to stop abuse, they have a moral duty to protect their customers. The Office of the Public Advocate (Qld) said that with ‘unparalleled commercial success comes a level of social responsibility’.[15]
9.17 There is an industry guideline on how banks might respond to elder abuse, but it is voluntary and unenforceable. The ALRC recommends that the Code explicitly state that the reasonable steps that banks must take are provided for in the industry guideline. As discussed below, this is intended to make the provisions of the guideline contractually binding on the banks, as are the provisions of the Code.
9.18 This chapter focuses on the ABA’s Code of Banking Practice and industry guidelines, but related changes should also be made to the Customer Owned Banking Code of Practice, to protect the customers of the credit unions, mutual banks and mutual building societies that subscribe to that Code.[16]
The Code, guidelines and other regulation
9.19 The Code of Banking Practice (the Code) is part of what has been described as a ‘complicated tapestry’ of banking regulation.[17] Regulations to protect bank customers from fraud, unauthorised transactions and other potentially abusive conduct include those in case law, the National Credit Code, the Australian Securities and Investments Commission Act 2001 (Cth), and the ePayments Code.
9.20 For example, the ePayments Code, administered by the Australian Securities and Investments Commission, ‘regulates electronic payments, including ATM, EFTPOS and credit card transactions, online payments, internet and mobile banking, and BPAY’, and includes ‘rules for determining who pays for unauthorised transactions’.[18]
9.21 Eighteen banks, including each of the ‘big four’, have signed up to the Code—it reportedly covers 95% of the retail banking market.[19] While banks are not required to subscribe to the Code, those that do are ‘contractually bound by their obligations under the Code’.[20] The Code provisions address:
bank accounts, bank transfers, loans, credit cards, terms and conditions, account statements, financial difficulty, debt collection, dispute resolution and related matters. All of these matters are subject to other legal requirements that have continued to evolve since the Code was first conceived.[21]
9.22 The ABA, which developed the Code, states that
[t]he principles and obligations set out in the Code apply to the majority of banking services delivered to individuals and small businesses across Australia. … The Code gives individual and small business customers important rights and confirms existing rights.[22]
9.23 Compliance with the Code is monitored by the Code Compliance Monitoring Committee (CCMC).[23]
9.24 The Code does not include provisions specifically directed at elder abuse.[24] Instead, guidance for banks on elder abuse is set out in the ABA’s industry guideline, Protecting Vulnerable Customers from Potential Financial Abuse (the industry guideline).[25] The Financial Ombudsman Service has called the guideline ‘best practice’ in dealing with a bank dispute about financial abuse.[26] The ALRC acknowledges the value of this resource. As discussed below, many of the safeguards recommended by stakeholders are already featured in these guidelines.
9.25 However, the industry guideline is voluntary and ‘does not have legal force or prescribe binding obligations on individual banks’.[27] The ALRC considers that banks should have binding obligations to protect their older customers from abuse, to the extent that this is reasonable. This is why the ALRC recommends that the industry guidelines be incorporated into the Code.
9.26 There are two ways the guidelines could be incorporated into the Code. First, the Code itself could set out the reasonable steps that banks should be expected to take. This was proposed by the ALRC in the Discussion Paper.[28]
9.27 A second approach would be to leave the specific steps in the industry guideline, but have the Code provide that banks must comply with the guideline. This is a useful approach if it is easier to update the guideline than the Code, which in turn may be important if the guidelines include measures that refer to technologies or practices that are likely to change often.[29] With advances in technology and new research into effective responses to elder abuse, banks might reasonably be expected to do more in the future to identify and respond to potential abuse.[30]
9.28 The ALRC recommends this second approach, which is more consistent with recommendations of Phil Khoury in his 2017 review of the Code:
The Code could be more effective if redrafted in a modern structure, based on key principles, in a plain-speaking style with fewer carve-outs and exceptions, and with supporting detail in linked Industry Guidelines.[31]
9.29 The ABA, which administers the Code and Guidelines, is also somewhat more supportive of this second approach. The ABA said it was ‘committing to a review of the guideline, re-evaluating the reasonable steps guidance and working with member banks on the implementation of the guideline to their internal processes, procedures and policies’.[32]
The industry guideline provides guidance for banks and assists banks in responding to suspected cases of financial abuse on an individual case-by-case basis. A prescriptive clause in the Code will not allow for this flexibility and will impede the ability of banks to effectively and appropriately respond to individual circumstances of financial abuse.[33]
9.30 Alternatively, the ABA submitted, the Code could ‘include a clause reflecting a banks’ commitment to addressing elder abuse’ (presumably with the detail remaining in the guidelines).[34]
9.31 The proposal that banks should be required to take reasonable steps to respond to elder abuse was almost unanimously supported by those stakeholders who commented on it.[35] Seniors Rights Victoria submitted that there should be standard mandatory protocols for banks in relation to elder abuse, and that the industry guidelines on elder abuse should be made mandatory and incorporated into the Code.[36] National Seniors Australia submitted that the financial services sector should ‘use codes of practice to better address the risk of financial elder abuse among older clients’.[37] Aged Care Steps agreed that
banks should be implementing strict guidelines that will assist in preventing cases of elder abuse … Such guidelines and rules should be implemented within the Banking Code of Practice which will ensure the enforcement of such preventative measures to prevent and reduce the risk of financial elder abuse.[38]
9.32 COTA supported the proposal and said that ‘[b]anks must take a holistic approach to supporting older consumers to feel confident in the conduct of their own business. This could make a significant contribution to reducing the vulnerability of some people to elder financial abuse’.[39]
9.33 The Public Trustee (Qld) said that incorporating the guidelines into the Code ‘would be of great benefit to combating elder abuse’.[40] The Public Trustee submitted that, in its experience as administrator for over 9,000 adults with impaired capacity,
banks sometimes singularly are the institutions which can recognise and take action in respect of misappropriation of funds. The proposed incorporation of reasonable steps, particularly training of staff, coupled with protections to permit banks to report (untrammelled by the strictures of privacy and confidentiality) would be useful steps.[41]
9.34 Legal Aid NSW supported the idea of placing an obligation on banks to protect older customers in the Code, but suggested that, rather than banks being required to take ‘reasonable steps’, they should be required to ‘take all steps that are “reasonably practicable” to prevent the financial abuse of customers’.[42]
9.35 The Office of the Public Advocate (Qld) said that many financial institutions ‘already have these types of protections in place’, but the practices should be ‘adopted as part of standard banking practice’:
Often, banks are the first institution to become aware of unusual transactions on older people’s bank accounts. They are therefore well positioned to detect fraud and financial abuse, and act early to prevent or stop it.[43]
-
[13]
National Seniors Australia, Submission 154.
-
[14]
Australian Bankers’ Association, Submission 107.
-
[15]
Office of the Public Advocate (Qld), Submission 361.
-
[16]
This code is owned and published by the Customer Owned Banking Association (COBA) and monitored by the Customer Owned Banking Code Compliance Committee: Financial Ombudsman Service, Customer Owned Banking Code of Practice <www.fos.org.au/about-us/codes-of-practice/customer-owned-banking-code-of-practice/>.
-
[17]
Phil Khoury, Report of the Independent Review of the Code of Banking Practice (2017) 10.
-
[18]
Australian Securities and Investments Commission, ePayments Code (March2016) 2.
-
[19]
Code Compliance Monitoring Committee, Code Subscribers <www.ccmc.org.au/code-of-banking-practice-2/code-subscribers/>.
-
[20]
Australian Bankers’ Association, Code of Banking Practice—FAQs (2013) 1.
-
[21]
Khoury, above n 17, 10.
-
[22]
Australian Bankers’ Association, Code of Banking Practice—FAQs (2013) 1.
-
[23]
The CCMC was reviewed by Mr Phil Khoury at the same time as he reviewed the Code of Banking Practice. The report was published in February 2017. Industry was found to be ‘largely satisfied with the performance of the CCMC’, particularly with its work ‘focused on good practice’, rather than its work ‘focused on breaches’. Non-industry stakeholders were less satisfied, but criticisms were said to be directed at the Code, the CCMC mandate and its resourcing. ‘Although some urged the CCMC towards more of a quasi-regulatory role, I concluded that it should be focused on public assurance through more visible, transparent monitoring—and adding value to the industry through a greater focus on good practice and continuous improvement’: Phil Khoury, Independent Review of the Code Compliance Monitoring Committee (2017) 5.
-
[24]
As noted below, it does include provisions for ‘customers with special needs’, but these concern matters broader than abuse. Some of the general provisions in the Code, such as those related to guaranteeing loans, discussed below, will of course be relevant to elder abuse.
-
[25]
This is part of ‘a package of materials to promote good practice and clearer processes for banks so they can better support customers who may be vulnerable to financial abuse or who want to plan ahead and manage their financial affairs, especially as they get older’: Australian Bankers’ Association, Financial Abuse Prevention <www.bankers.asn.au>.
-
[26]
Australian Bankers’ Association (ABA), Submission 365.
-
[27]
Australian Bankers’ Association Industry Guideline, Protecting Vulnerable Customers from Potential Financial Abuse (June 2013) 1. Some of the guideline may reflect pre-existing legal obligations.
-
[28]
Australian Law Reform Commission, Elder Abuse, Discussion Paper No 83 (2016) prop 7–1.
-
[29]
This may also support placing the requirements in industry codes or guidelines, rather than legislation. On the question of whether there should be a Code at all, the independent reviewer writes: ‘I also see a voluntary Code as able to be more flexibly framed than legislation, easier to understand than the law and in theory at least, much faster to update and evolve over time’: Khoury, above n 17, 5. Although if compliance with voluntary industry codes and guidelines proves poor, this may highlight the need for stricter regulation. The ALRC is also not suggesting that more prescriptive banking regulation is not appropriate for other banking requirements.
-
[30]
The Codealready includes a ‘reasonable steps’ clause: ‘We recognise the needs of older persons and customers with a disability to have access to transaction services, so we will take reasonable measures to enhance their access to those services’: Australian Bankers’ Association, Code of Banking Practice (2013).
-
[31]
Khoury, above n 17, 6.
-
[32]
Australian Bankers’ Association (ABA), Submission 365.
-
[33]
Ibid.
-
[34]
Ibid.
-
[35]
Office of the Public Guardian (Qld), Submission 384; Chartered Accountants Australia and New Zealand, Submission 368; Victorian Multicultural Commission, Submission 364; Justice Connect Seniors Law, Submission 362; Office of the Public Advocate (Qld), Submission 361; Disabled People’s Organisations Australia, Submission 360; M Berry, Submission 355; COTA, Submission 354; Legal Aid NSW, Submission 352; Law Council of Australia, Submission 351; Aged Care Steps, Submission 340; CPA Australia, Submission 338; Institute of Legal Executives (Vic), Submission 320; Consumer Credit Legal Service (WA) Inc, Submission 301; Seniors Rights Service, Submission 296; FMC Mediation & Counselling, Submission 284; ADA Australia Submission 283; Customer Owned Banking Association (COBA), Submission 271; Public Trustee of Queensland, Submission 249; Office of the Public Advocate (Vic), Submission 246; Lutheran Church of Australia, Submission 244; Assets Ageing and Intergenerational Transfers Research Program, The University of Queensland, Submission 243; Carers Queensland, Submission 236; C Fairweather, Submission 228.
-
[36]
Seniors Rights Victoria, Submission 171.
-
[37]
National Seniors Australia, Submission 154.
-
[38]
Aged Care Steps, Submission 340.
-
[39]
COTA, Submission 354.
-
[40]
Public Trustee of Queensland, Submission 249.
-
[41]
Ibid.
-
[42]
Legal Aid NSW, Submission 352. ‘The “reasonably practicable” requirement is from work safety legislation. We consider that the position of employers, who control the working environment of their employees and who are in a position of trust, is analogous to the position of banks, who are entrusted with the money of their customers and have a duty to keep it safe’: Ibid.
-
[43]
Office of the Public Advocate (Qld), Submission 361.