The reasonable steps

9.36     As discussed above, the ALRC recommends that banks and other financial institutions should be required to take reasonable steps to prevent the financial abuse of their customers. Such a provision in the Code would be a valuable additional safeguard against the financial abuse of vulnerable customers.

9.37     The industry guideline sets out many steps that banks should take, including:

  • staff should be ‘trained to identify potential financial abuse as part of their fraud prevention programs’;

  • where abuse is suspected, staff should consider talking to the customer—and ask ‘clear, factual, and non-threatening questions’;

  • staff should check third party authorisations and documentation—‘If a third party presents a withdrawal form or instructions, bank staff should verify the third party’s authority by directly contacting the customer or checking associated documentation (ie power of attorney document)’;

  • staff might seek advice from others in the bank—eg, managers, internal lawyers, fraud, security—and delay transactions until further investigation work is done; and

  • staff might also seek advice from the Public Advocate or other relevant agency, but without identifying the customer.[44]

9.38     The guidelines also discuss administration, guardianship and powers of attorney, stating, in part:

Before an administrator or guardian can be provided with access to, and information on, a customer’s accounts or facilities, banks should ask for written proof of their status, such as certified copies of an instrument or order. Once verified, banks should note the appointment or authority on the customer’s accounts or facilities. … Banks need to understand the level of access the attorney has over their customer’s account or facility because a power of attorney can be tailored to certain types of decisions or transactions.[45]

9.39     In a 2016 report about financial elder abuse, a US federal regulator, the Consumer Financial Protection Bureau, recommended that banks and credit unions: train staff to recognise and respond to abuse; use fraud detection technologies; offer ‘age-friendly’ services; and report suspicious activity to authorities, whether or not reporting was mandatory in their state.[46]


9.40     Many stakeholders in this Inquiry stressed the importance of banks responding to elder abuse. Training staff was the most commonly suggested step, with some stakeholders submitting that such training should be mandatory.[47]

9.41     For example, National Seniors Australia submitted that relevant codes of practice should require that staff be trained to:

  • recognise signs of abuse and recognise the common profile of a vulnerable customer and/or potential abusers;

  • understand protocols to deal with suspected abuse; and

  • understand enduring powers of attorney and administration orders made by tribunals.[48]

9.42     The Law Council of Australia also said it supports mandatory training for staff and that training should include:

  • the nature of an enduring power of attorney, including the difference between joint and joint and several;

  • ensuring that, where an enduring power of attorney commences upon loss of capacity, the person dealing with the attorney is satisfied that there has been a loss of capacity with respect to the particular transaction at hand (a principal may have capacity for some decisions and not others);

  • the difference between an enduring power of attorney for personal matters (which does not confer authority to conduct financial affairs) and an enduring power of attorney for financial matters; and

  • awareness of the types of limitations on the exercise of power under an instrument and the effect of those limitations.[49]

9.43     Another stakeholder listed these examples of possibly suspicious transactions:

Atypical use of ATM cards; Uncharacteristic non-sufficient funds activity or overdraft fees; Activity in previously inactive accounts; Opening new joint checking account or adding joint owner to existing account; Increase in total monthly cash withdrawals compared to historical patterns.[50]

9.44     The Financial Services Institute of Australasia submitted that its members ‘broadly support strategies to strengthen educational and ethical standards for financial services professionals to identify and appropriately respond to cases of elder abuse’.[51]

9.45     In some cases, it might be appropriate for bank staff to try to speak with an older person alone, for example, where an older and at-risk customer comes into a branch with a relative or friend and asks to transfer funds to that person.[52] Further, if the older person does not speak English, ‘staff should not rely on the relative or friend to translate for them’.[53]

9.46     Alzheimer’s Australia said that banks should train staff to prevent the financial abuse of people with dementia.[54] Similarly, Disabled People’s Organisations Australia submitted that staff should be ‘trained in supported decision-making to ensure they are aware of the supports to which their clients may be entitled, as well as the limitations of supporters in this area’.[55] Capacity Australia said that it had produced training on elder abuse for accountants and financial planners, but is ‘struggling with engaging the interest of the industry’, and that therefore training should be required.[56]

9.47     The Institute of Legal Executives commented that training should include ‘appropriate questioning and listening techniques’, because some transactions which appear suspicious may not be.[57]

9.48     Another stakeholder stressed that banks need to be sensitive to the needs and convenience of carers:

I understand why financial institution staff may need more training to alert them to the risk of elder abuse. However, I ask that this training also be tempered by the understanding that the vast majority of carers are doing the right thing by the elders who need their help.[58]

9.49     Training to help bank staff identify suspicious transactions was also recommended in a Parliamentary Inquiry into elder abuse:

In the Committee’s opinion, banks and financial institutions should be providing such assistance to customers as part of their normal duty of care. It is vital that the staff of banks and financial institutions are trained to recognise signs of potential abuse and that there are specific protocols with the bank or financial institution, and indeed across the industry, for dealing with such reports.[59]

9.50     Unsurprisingly, banks might also employ software and other digital tools to identify suspicious transactions. Some of the tasks that stakeholders have suggested should be performed by bank staff might be performed by, or with the assistance of, these digital technologies. This will only become more important as increasing numbers of Australians use the internet for their banking and rarely visit a bank branch.

Reporting abuse

9.51     Reporting suspected abuse may also be a reasonable step for banks to take in some circumstances. A number of stakeholders submitted that banks should report elder abuse to a relevant authority.[60]

9.52     Before reporting abuse to the police or other authority, banks should consider discussing the suspected abuse with the customer who may be being abused.[61] Where the older person has a guardian, attorney or other substitute decision maker for financial matters, the bank might also, or instead, contact that person (assuming it is not that person who is suspected of the abuse).

9.53     Seniors Rights Service submitted that the Code ‘should make clear that no consequences will follow’ from bank staff reporting suspected elder abuse.[62] Paul Greenwood, a US prosecutor, went further and submitted that if ‘we make every bank employee a mandated reporter of suspected financial elder abuse, then this will ensure that proper training is given’.[63]

9.54     In Chapter 14, the ALRC recommends that adult safeguarding agencies should investigate the abuse of ‘at-risk adults’ and provide necessary support and protection. The ALRC also recommends that people who report suspected abuse to adult safeguarding agencies be given immunity from certain legal obligations that might otherwise prevent them from reporting abuse. This should remove an impediment to reporting abuse that banks have identified. The ABA submitted that

legal obligations including privacy laws and anti-discrimination laws as well as obligations of confidentiality and concerns about possible actions in defamation provide challenges for banks in reporting suspected financial abuse. Although the ABA does not support mandatory reporting, the industry would like to see the establishment of clear reporting guidelines for banks to follow if a bank chooses to report what it believes to be suspected financial abuse as well as a government body to which banks can report suspected financial abuse, and statutory immunity for banks choosing to report suspected financial abuse.[64]

9.55     The National Older Persons Legal Services Network submitted that this may not be necessary and that in most abusive situations, ‘the primary strategy should be to talk directly and alone to the person who is the suspected victim’ about the situation and what might be done.[65] Banks should then ‘take proactive or remedial action within their power, in consultation with the older person’:

They can move money into another bank account, refuse loan applications, investigate and report matters where appropriate—all with the undisclosed consent of the apparent victim.

It is more complex when the suspected victim is unable to protect their own interests and in those situations the advice of the suitable public guardian or advocate should be sought.[66]

9.56     The Customer Owned Banking Association said its members would like to see ‘a clear and consistent approach and guidelines for the banking institutions to identify and report suspected elder abuse’:

For example, if a staff member knows a family member of a person they suspect is a victim of elder abuse, the bank should have the ability to consult with that member (without disclosing too much information about the account). Banking institutions should also be able to consult with the suspected victim’s doctor or refer the matter to the police. The law currently limits bank staff to merely verifying a transaction that they suspect is taking place in the form of financial abuse.[67]

9.57     Some customers might object to banks ‘interfering’ in their affairs—questioning how they or their family and friends spend their money, suggesting they are being abused, or reporting suspicions to the police or other authorities. Some customers may consider this an invasion of their privacy. Such objections may be even stronger if it is considered that the interference is partly because someone is considered old. There is no doubt that banks must act with tact and sound judgment. As the ABA guidelines state:

Intervening in a customer’s financial matters or questioning them without due consideration and sensitivity may embarrass the customer, and possibly damage the bank’s relationship with their customer. In cases of suspected financial abuse, it is important to be vigilant and cautious.[68]

9.58     Where the older person or their representative can take steps to prevent the abuse, or to seek help from others, then it should often not be necessary for the bank to notify anyone else. Older people should generally be able to decide for themselves how to respond to abuse. The need to respect people’s autonomy is, for some, the key reason underpinning their objection to mandatory reporting. State Trustees Victoria submitted that mandatory reporting ‘may be seen by the elderly as intrusive and patronising’.[69]

9.59     The ALRC does not recommend that banks be required to report all instances of suspected abuse to authorities, but rather that reporting abuse will sometimes be the appropriate step to take. The circumstances in which banks should report abuse should be clearly set out in the industry guideline.[70]

9.60     If the person has impaired decision-making ability in relation to this matter, the relevant authority is likely to be the state Public Advocate or Public Guardian. If adult safeguarding laws are enacted, as recommended in Chapter 14, then the abuse of ‘at-risk’ adults might be reported to adult safeguarding agencies, with the consent of the at-risk adult.[71]

9.61     This is broadly consistent with the findings of a Parliamentary Inquiry into elder abuse, which recommended the development of ‘national, industry-wide protocols for reporting alleged financial abuse’ and ‘a training program to assist banking staff to identify suspicious transactions’.[72]

Guaranteeing loans

9.62     Some older people guarantee loans to their adult children, perhaps to help them buy a house. Some stakeholders suggested that these guarantees, along with ‘reverse mortgages’ or joint loans for children, are a site of abuse, and should be addressed in banking codes and guidelines. For example, the National Older Persons Legal Services Network submitted:

It is now seen as relatively normal to ask older parents to provide some financial support or guarantee to a child seeking to buy their own home as some sort of ‘early inheritance’. In our experience, the normalising of this particularly dangerous transaction is troublesome. Unless explicitly stated, it is unlikely that front line bank staff would identify this as a potentially abusive situation that may ultimately lead to an older people becoming homeless.[73]

9.63     The Consumer Credit Legal Service (WA) submitted that some people who have provided guarantees may not be adequately protected under the Code, which ‘leaves them in a vulnerable position because they cannot seek assistance from the financial service provider in cases of financial difficulty’.[74]

9.64     The industry guideline acknowledges that financial abuse can include ‘pressuring a vulnerable customer into being a guarantor when they lack sufficient knowledge about the transaction or the capacity to make informed decisions’.[75]

9.65     Clause 31 of the Code concerns guarantees. It has been said to largely ‘codify case law and overlap with National Credit Code requirements’, including provisions in the National Credit Code with respect to warnings, the need to get legal and financial advice, and restrictions on enforcement.[76] Clause 31 provides, in part, that before taking a guarantee, signatory banks will give potential guarantors a ‘prominent notice’ that: they ‘should seek independent legal and financial advice on the effect of the Guarantee’; they ‘can refuse to enter into the Guarantee’; ‘there are financial risks involved’; they have a right to limit their liability; and they ‘can request information about the transaction or facility to be guaranteed’.[77]

9.66     Legal Aid NSW submitted that banks should also ask guarantors to confirm in writing whether they have sought independent legal or financial advice about the arrangement.[78] The independent reviewer considered that this was not necessary. The Code already requires that banks give prominent notice to guarantors recommending that they seek advice and that there be a ‘warning notice’ directly above the place where guarantors should sign.[79] The independent reviewer was ‘not persuaded that the signing of an additional document waiving the right to advice would sufficiently add to the Code protections’.[80]

9.67     However, the independent reviewer did make other recommendations about guarantees, including that the Code be amended to:

  • ‘require signatory banks to provide a guarantor with the signatory bank’s assessment that credit is “not unsuitable” for the debtor, where the signatory bank is required by National Consumer Credit Protection Act 2009 to prepare this’;

  • ‘prohibit signatory banks from signing a guarantor, who has not been legally advised, until at least the third day after the provision of all required information to the guarantor’; and

  • require signatory banks ‘to inform a guarantor where the debtor has been in continuing default for more than 2 months or where the debtor’s credit contract has been changed because the debtor has encountered financial hardship’.[81]

9.68     The independent reviewer also made the following recommendation:

In consultation with consumer representatives, signatory banks should enhance Industry Guidelines to assist bank staff to identify when a guarantee should be viewed as financial abuse and accordingly when the signatory bank should exercise its discretion not to accept a guarantee as security for credit.

The guidance should cover the factors that might be suggestive of financial abuse and what further steps a signatory bank should take in response, including enquiries about the guarantor’s financial position to assess the extent of hardship that would result if the guarantee is enforced by the signatory bank.[82]

9.69     The ALRC has accordingly recommended that industry guidelines include provisions in relation to guaranteeing mortgages and other loans.

Authorising third parties to operate bank accounts

9.70     Retail banks in Australia typically have a standard form that customers may submit to authorise someone else to operate their bank account on their behalf. This is known as an ‘Authority to Operate’. Giving a trusted person access to one’s bank account will sometimes be convenient or even necessary, particularly for someone who finds it difficult to use online banking services or visit a bank branch. However, these arrangements can be abused,[83] and have been said to undermine the protections in powers of attorney legislation.[84]

9.71     These forms must typically be signed by the bank customer and the person authorised to access the account, but the signing of the form does not need to be witnessed by others and the customer is not required to visit the branch to submit the form. There is therefore a risk that the forms will be completed and submitted fraudulently. An account holder’s signature might be forged, or unreasonable pressure might be placed on the account holder to sign the form themself. Also, some customers may not understand the arrangement or its risks, particularly if they have not visited a bank branch or otherwise sought advice.

9.72     One reasonable step that banks might take to protect customers from financial abuse might therefore be to increase protections around these ‘Authority to Operate’ forms. For example, banks might require that an employee of the bank, and perhaps another person, witness the forms being signed. This might make it more difficult to submit a fraudulent form. The additional formality may also discourage the person given authority from later misusing the funds. These people might also be required to sign a declaration or undertaking that they will not misuse the arrangement, such as for their own benefit.[85]

9.73     Banks might also require the customer to sign a declaration or undertaking stating that they understand the scope of the authority and the additional risk of financial abuse. Customers may then be more reluctant to enter these arrangements with people they should not trust.

9.74     In the Discussion Paper, the ALRC proposed that such protections should be prescribed in the Code.[86] Submissions in response to this proposal were mixed, but many supported the proposal.[87] The National Older Persons Legal Services Network said that third party authorisations ‘ought to be considered as seriously as any other substitute decision making instrument’:

If it is not possible in a particular situation to obtain an EPOA or an administration order (and we struggle to think of a situation when this would not be more appropriate), then a third party authorisation should have as close to possible the features of an EPOA.[88]

9.75     Some said that that one of those witnesses should be a medical practitioner, lawyer or another prescribed professional,[89] a suitable bank employee or Justice of the Peace,[90] or at least that they should be independent and unrelated to the parties.[91] ADA Australia suggested that the principal should be required to sign the forms without the appointee present.[92]

9.76     The Law Council of Australia supported the proposal, but noted that another approach would be ‘to require banks to rely on instruments such as enduring powers of attorney, powers of attorney, or administration orders’.[93] However, the ABA, which opposed the proposal, said that while banks ‘strongly encourage the use of formal arrangements, some bank customers prefer to put in place appropriate measures to help protect themselves yet retain their financial independence, including an Authority to Operate’.[94]

9.77     A number of stakeholders either opposed the proposal, or expressed serious reservations.[95] Some suggested it would not significantly reduce elder abuse and that other steps were more important, while others were concerned that the cost and inconvenience of the process might outweigh any benefits.

9.78     One stakeholder said that requiring people to sign a declaration is unlikely to stop financial abuse partly because many people ‘do not read or do not understand’ what they are signing.[96] Others said that people from culturally and linguistically diverse backgrounds or with impaired decision-making ability may ‘not understand the declaration, its risks or its implications’.[97]

How are the witnesses going to attest to the fact that the customer had capacity unless it is very clear? Training and education will be key.[98]

9.79     Office of the Public Advocate (Qld) said that if a person is prepared to forge one signature, they will be prepared to forge two,[99] although this problem might be met by requiring an employee of the bank to witness the signing of the form when it is lodged.

9.80     Others suggested that these arrangements are convenient for many people, particularly for those older people who have limited ability to visit their bank or use online banking services, and that witnessing rules might be an administrative burden for customers and inhibit them from entering the arrangements. Legal Aid NSW suggested the costs may outweigh the benefits: ‘It could create excessive barriers for older people needing assistance with their banking, but not wishing to create a power of attorney’.[100]

9.81     Witnessing rules might also be a burden for carers. The Office of the Public Advocate (Qld) said it would be ‘more work and obstacles for honest people trying to make these arrangements for the benefit of the older person’.[101] Carers Queensland considered the proposal to be ‘sound in principle but ineffective in reality’.[102]

9.82     Others suggested the safeguard might not be sufficient, because the older person giving authority may be under someone’s influence and ‘may have been coached to state they understand the scope of the authority’.[103] Banks would therefore need to ensure their customers were not being coerced to give authorisation.

9.83    Another concern some stakeholders expressed was that banks might use the additional witnessing rules to limit their liability. Consumer Credit Legal Service (WA) submitted that financial institutions may use the declaration ‘as a tool to show that the customer has “waived” their rights’ and to ‘prevent older Australians from redress against their perpetrators or their banks’.[104]

9.84     The ABA submitted that the current arrangements offered sufficient protection:

A third party signatory may be added to a customer record when a customer requests another person have access to their accounts, for both financial and non-financial transactions, on a temporary or permanent basis. Unlike a formal instrument, a third party signatory does not have the authority to open or close existing accounts on behalf of the customer. The current procedure requires the accountholder to attend in person at the bank or provide certified ID. This is sufficient protection to verify the authenticity of the form.[105]

9.85     The ABA also noted that it was difficult to see how additional witnessing requirements and declarations could be made to apply only to ‘a particular category of customer … without discriminating and restricting the actions of many older people who remain highly competent’.[106]

9.86     Given the above concerns, the ALRC does not recommend that the Codeor industry guideline provide that the signing of ‘Authority to Operate’ forms must necessarily be witnessed by others. The potential administrative burden to older people and their carers seem to suggest that caution should be exercised.

9.87     However, safeguards against the abuse of these arrangements appear to be necessary, and witnessing rules and formal declarations may be one way of protecting against abuse for some customers. In other cases, it might be more appropriate for the bank to call a customer to confirm that they did in fact sign an ‘Authority to Operate’ form and that they understand the risks of allowing other people to operate their bank account.[107] These or other such safeguards should be set out in the industry guideline.

Internet banking

9.88     It is reportedly common for some people to allow a spouse or other intimate partner or family member to operate their bank accounts online. This can be as simple as sharing an account number and password, even though banks warn people not to do this.

9.89     The National Older Persons Legal Services Network submitted that ‘many older people rely on adult children to operate internet banking and that passwords are routinely accessible by those children’.[108] The Office of the Public Guardian (Qld) stressed the need to consider internet banking and ‘the mechanisms that should be in place to protect the interests of the older person who provides their family member, or attorney with access to their online accounts’.[109] The Institute of Legal Executives said ‘the issue of internet banking is of grave concern’:

We are informed of many instances where abuse has been perpetrated simply because the account holder has provided his/her account access details to another—whether through pressure being brought to bear, or simply because it is ‘easier’ for the other person to attend to (usual) payments on the account holder’s behalf.[110]

9.90     Online banking can be risky, Consumer Credit Legal Services (WA) submitted.

Some older Australians rely on close family members or friends for help with activities such as online banking. In this process, they may end up sharing their online banking details with these family members or friends, which would constitute a breach of the terms and conditions of their bank account.[111]

9.91     A related concern is whether online banking services are sufficiently accessible to some people with disability and to people who do not use computers or the internet. The National Older Persons Legal Services Network said banks should provide services that are accessible to people who ‘struggle with internet services and automated telephone programs’.[112]

9.92     This is reflected in the Code, which states that banks ‘recognise the needs of older persons and customers with a disability to have access to transaction services, so we will take reasonable measures to enhance their access to those services’.[113]

9.93     Accessible online banking may make some people less likely to delegate their banking to others, which may in turn reduce financial abuse, however this topic is broader than elder abuse and is not the subject of recommendations in this Report.

Community education

9.94     Providing information to older customers about financial abuse and discussing with customers how they might protect themselves are other steps banks might take.[114] Consumer Credit Legal Services (WA) suggested that banks might sponsor educational activities for elderly account holders, as part of a broader strategy to raise community awareness of elder abuse. It noted that ‘[c]ommunity education can include financial seminars for local seniors, including providing case studies of elder abuse and outlining the steps that can be taken to prevent or protect against financial exploitation of an elder person’.[115]

9.95     Community education about the risks of online banking may also help older Australians make informed choices about ‘who they share their personal details with and the potential consequences of doing so’.[116]

9.96     This education about the risks of online banking should be one aspect of the broader community education strategy recommended as part of the National Plan to combat elder abuse.[117]