Banks responding to elder abuse

Recommendation 9–1               The Code of Banking Practice should provide that banks will take reasonable steps to prevent the financial abuse of vulnerable customers, in accordance with the industry guideline, Protecting Vulnerable Customers from Potential Financial Abuse.

The guideline should set out examples of such reasonable steps, including in relation to:

(a)         training staff to detect and appropriately respond to abuse;

(b)         using software and other means to identify suspicious transactions;

(c)         reporting abuse to the relevant authorities, when appropriate;

(d)         guaranteeing mortgages and other loans; and

(e)         measures to check that ‘Authority to Operate’ forms are not obtained fraudulently and that customers understand the risks of these arrangements.

9.16     Banks are often in a good position to detect financial elder abuse and protect their at-risk customers. National Seniors Australia said that employees of financial institutions ‘may be in the best, and sometimes the only, position to recognise financial exploitation as it occurs’.[13] The Australian Bankers’ Association (ABA) submitted that banks can ‘play an important role in recognising potential financial abuse’.[14] For some, banks are not only in a good position to stop abuse, they have a moral duty to protect their customers. The Office of the Public Advocate (Qld) said that with ‘unparalleled commercial success comes a level of social responsibility’.[15]

9.17     There is an industry guideline on how banks might respond to elder abuse, but it is voluntary and unenforceable. The ALRC recommends that the Code explicitly state that the reasonable steps that banks must take are provided for in the industry guideline. As discussed below, this is intended to make the provisions of the guideline contractually binding on the banks, as are the provisions of the Code.

9.18     This chapter focuses on the ABA’s Code of Banking Practice and industry guidelines, but related changes should also be made to the Customer Owned Banking Code of Practice, to protect the customers of the credit unions, mutual banks and mutual building societies that subscribe to that Code.[16]

The Code, guidelines and other regulation

9.19     The Code of Banking Practice (the Code) is part of what has been described as a ‘complicated tapestry’ of banking regulation.[17] Regulations to protect bank customers from fraud, unauthorised transactions and other potentially abusive conduct include those in case law, the National Credit Code, the Australian Securities and Investments Commission Act 2001 (Cth), and the ePayments Code.

9.20     For example, the ePayments Code, administered by the Australian Securities and Investments Commission, ‘regulates electronic payments, including ATM, EFTPOS and credit card transactions, online payments, internet and mobile banking, and BPAY’, and includes ‘rules for determining who pays for unauthorised transactions’.[18]

9.21     Eighteen banks, including each of the ‘big four’, have signed up to the Code—it reportedly covers 95% of the retail banking market.[19] While banks are not required to subscribe to the Code, those that do are ‘contractually bound by their obligations under the Code’.[20] The Code provisions address:

bank accounts, bank transfers, loans, credit cards, terms and conditions, account statements, financial difficulty, debt collection, dispute resolution and related matters. All of these matters are subject to other legal requirements that have continued to evolve since the Code was first conceived.[21]

9.22     The ABA, which developed the Code, states that

[t]he principles and obligations set out in the Code apply to the majority of banking services delivered to individuals and small businesses across Australia. … The Code gives individual and small business customers important rights and confirms existing rights.[22]

9.23     Compliance with the Code is monitored by the Code Compliance Monitoring Committee (CCMC).[23]

9.24     The Code does not include provisions specifically directed at elder abuse.[24] Instead, guidance for banks on elder abuse is set out in the ABA’s industry guideline, Protecting Vulnerable Customers from Potential Financial Abuse (the industry guideline).[25] The Financial Ombudsman Service has called the guideline ‘best practice’ in dealing with a bank dispute about financial abuse.[26] The ALRC acknowledges the value of this resource. As discussed below, many of the safeguards recommended by stakeholders are already featured in these guidelines.

9.25     However, the industry guideline is voluntary and ‘does not have legal force or prescribe binding obligations on individual banks’.[27] The ALRC considers that banks should have binding obligations to protect their older customers from abuse, to the extent that this is reasonable. This is why the ALRC recommends that the industry guidelines be incorporated into the Code.

9.26     There are two ways the guidelines could be incorporated into the Code. First, the Code itself could set out the reasonable steps that banks should be expected to take. This was proposed by the ALRC in the Discussion Paper.[28]

9.27     A second approach would be to leave the specific steps in the industry guideline, but have the Code provide that banks must comply with the guideline. This is a useful approach if it is easier to update the guideline than the Code, which in turn may be important if the guidelines include measures that refer to technologies or practices that are likely to change often.[29] With advances in technology and new research into effective responses to elder abuse, banks might reasonably be expected to do more in the future to identify and respond to potential abuse.[30]

9.28     The ALRC recommends this second approach, which is more consistent with recommendations of Phil Khoury in his 2017 review of the Code:

The Code could be more effective if redrafted in a modern structure, based on key principles, in a plain-speaking style with fewer carve-outs and exceptions, and with supporting detail in linked Industry Guidelines.[31]

9.29     The ABA, which administers the Code and Guidelines, is also somewhat more supportive of this second approach. The ABA said it was ‘committing to a review of the guideline, re-evaluating the reasonable steps guidance and working with member banks on the implementation of the guideline to their internal processes, procedures and policies’.[32]

The industry guideline provides guidance for banks and assists banks in responding to suspected cases of financial abuse on an individual case-by-case basis. A prescriptive clause in the Code will not allow for this flexibility and will impede the ability of banks to effectively and appropriately respond to individual circumstances of financial abuse.[33]

9.30     Alternatively, the ABA submitted, the Code could ‘include a clause reflecting a banks’ commitment to addressing elder abuse’ (presumably with the detail remaining in the guidelines).[34]

9.31     The proposal that banks should be required to take reasonable steps to respond to elder abuse was almost unanimously supported by those stakeholders who commented on it.[35] Seniors Rights Victoria submitted that there should be standard mandatory protocols for banks in relation to elder abuse, and that the industry guidelines on elder abuse should be made mandatory and incorporated into the Code.[36] National Seniors Australia submitted that the financial services sector should ‘use codes of practice to better address the risk of financial elder abuse among older clients’.[37] Aged Care Steps agreed that

banks should be implementing strict guidelines that will assist in preventing cases of elder abuse … Such guidelines and rules should be implemented within the Banking Code of Practice which will ensure the enforcement of such preventative measures to prevent and reduce the risk of financial elder abuse.[38]

9.32     COTA supported the proposal and said that ‘[b]anks must take a holistic approach to supporting older consumers to feel confident in the conduct of their own business. This could make a significant contribution to reducing the vulnerability of some people to elder financial abuse’.[39]

9.33     The Public Trustee (Qld) said that incorporating the guidelines into the Code ‘would be of great benefit to combating elder abuse’.[40] The Public Trustee submitted that, in its experience as administrator for over 9,000 adults with impaired capacity,

banks sometimes singularly are the institutions which can recognise and take action in respect of misappropriation of funds. The proposed incorporation of reasonable steps, particularly training of staff, coupled with protections to permit banks to report (untrammelled by the strictures of privacy and confidentiality) would be useful steps.[41]

9.34     Legal Aid NSW supported the idea of placing an obligation on banks to protect older customers in the Code, but suggested that, rather than banks being required to take ‘reasonable steps’, they should be required to ‘take all steps that are “reasonably practicable” to prevent the financial abuse of customers’.[42]

9.35     The Office of the Public Advocate (Qld) said that many financial institutions ‘already have these types of protections in place’, but the practices should be ‘adopted as part of standard banking practice’:

Often, banks are the first institution to become aware of unusual transactions on older people’s bank accounts. They are therefore well positioned to detect fraud and financial abuse, and act early to prevent or stop it.[43]