Banks responding to elder abuse

Proposal 7–1              The Code of Banking Practice should provide that banks will take reasonable steps to prevent the financial abuse of older customers. The Code should give examples of such reasonable steps, including training for staff, using software to identify suspicious transactions and, in appropriate cases, reporting suspected abuse to the relevant authorities.

7.11       Banks are often in a good position to detect financial elder abuse and protect their older customers. National Seniors Australia said that employees of financial institutions ‘may be in the best, and sometimes the only, position to recognise financial exploitation as it occurs’.[10] The Australian Bankers’ Association (ABA) submitted that banks can ‘play an important role in recognising potential financial abuse’.[11]

7.12       There is an industry guideline on how banks might respond to elder abuse, but it is voluntary and unenforceable. If requirements were instead set out in the Code of Banking Practice, as proposed, they would be legally enforceable and therefore likely to be more effective in preventing elder abuse. A similar amendment might also be made to the Customer Owned Banking Code of Practice, to better protect customers of many building societies and credit unions.

7.13       Seniors Rights Victoria submitted that there should be standard mandatory protocols for banks in relation to elder abuse, and that the industry guidelines on elder abuse should be made mandatory and incorporated into the Code of Banking Practice.[12] National Seniors Australia submitted that the financial services sector should ‘use codes of practice to better address the risk of financial elder abuse among older clients’.[13]

7.14       While most other stakeholders did not discuss potential legal mechanisms for requiring or encouraging banks to respond to elder abuse, many said there should be greater training for staff, greater reporting of suspected abuse to authorities, and other obligations on banks to identify and respond to financial abuse.

The Code, guidelines and other regulation

7.15       Banks that adopt the Code of Banking Practice are ‘considered to be contractually bound by their obligations under the Code’.[14] The ABA, which developed the Code, states that:

The principles and obligations set out in the Code apply to the majority of banking services delivered to individuals and small businesses across Australia. … The Code gives individual and small business customers important rights and confirms existing rights.[15]

7.16       The Code does not currently include provisions relating to elder abuse. The Code is now being reviewed, and one question being considered is whether the Code should ‘require banks to train their staff in the nature and impact of domestic and family violence, including economic abuse, and in identifying customers who may be experiencing domestic and family violence when making an application for credit’.[16]

7.17       Currently, guidance for banks on elder abuse is set out in the ABA’s industry guideline, Protecting vulnerable customers from potential financial abuse. The ALRC acknowledges the value of this resource. However, this industry guideline is voluntary and ‘does not have legal force or prescribe binding obligations on individual banks’.[17] The ALRC proposes that banks should have binding obligations to protect their older customers from abuse, to the extent that this is reasonable.

7.18       Banks are also regulated in relation to fraud and unauthorised transactions, which may sometimes be elder abuse. For example, the ePayments Code, administered by the Australian Securities and Investments Commission, ‘regulates electronic payments, including ATM, EFTPOS and credit card transactions, online payments, internet and mobile banking, and BPAY’, and includes ‘rules for determining who pays for unauthorised transactions’.[18]

Reasonable steps

7.19       Banks and other financial institutions should be required to take reasonable steps to prevent the financial abuse of their customers. A flexible ‘reasonable steps’ standard may be preferable to prescribing specific steps that banks must take, because with advances in technology, banks might reasonably be expected to do more in the future to identify and respond to potential abuse.[19]

7.20       The ABA guideline, Protecting vulnerable customers from potential financial abuse, sets out many steps that banks should take, including:

  • staff should be ‘trained to identify potential financial abuse as part of their fraud prevention programs’;

  • where abuse is suspected, staff should consider talking to the customer—and ask ‘clear, factual, and non-threatening questions’;

  • staff should check third party authorisations and documentation—‘If a third party presents a withdrawal form or instructions, bank staff should verify the third party’s authority by directly contacting the customer or checking associated documentation (ie power of attorney document)’;

  • staff might seek advice from others in the bank—eg, managers, internal lawyers, fraud, security—and delay transactions until further investigation work is done; and

  • staff might also seek advice from the Public Advocate or other relevant agency, but without identifying the customer.[20]

7.21       The guidelines also discuss administration, guardianship and powers of attorney, stating, in part:

Before an administrator or guardian can be provided with access to, and information on, a customer’s accounts or facilities, banks should ask for written proof of their status, such as certified copies of an instrument or order. Once verified, banks should note the appointment or authority on the customer’s accounts or facilities. … Banks need to understand the level of access the attorney has over their customer’s account or facility because a power of attorney can be tailored to certain types of decisions or transactions.[21]

7.22       In a 2016 report about financial elder abuse, a US federal regulator, the Consumer Financial Protection Bureau, recommended that banks and credit unions: train staff to recognise and respond to abuse; use fraud detection technologies; offer ‘age-friendly’ services; and report suspicious activity to authorities, whether or not reporting was mandatory in their state.[22]

7.23       Many stakeholders in this Inquiry stressed the importance of banks responding to elder abuse. Training staff was the most commonly suggested step, with some stakeholders submitting that such training should be mandatory.[23] For example, Alzheimer’s Australia said banks and other financial service institutions should have ‘measures in place to prevent and address financial abuse of people with dementia, including staff education and training’.[24] National Seniors Australia submitted that relevant codes of practice should require that staff be trained to:

  • recognise signs of abuse and recognise the common profile of a vulnerable customer and/or potential abusers;

  • understand protocols to deal with suspected abuse; and

  • understand enduring powers of attorney and administration orders made by tribunals.[25]

7.24       The Financial Services Institute of Australasia submitted that its members ‘broadly support strategies to strengthen educational and ethical standards for financial services professionals to identify and appropriately respond to cases of elder abuse’.[26]

7.25       Capacity Australia said that it had produced training on elder abuse for accountants and financial planners, but is ‘struggling with engaging the interest of the industry’, and that therefore training should be required.[27]

7.26       Providing information to older customers about financial abuse and discussing with customers how they might protect themselves are other steps banks might take.[28]

Reporting abuse

7.27       Reporting suspected abuse may also be a reasonable step for banks to take in some circumstances. A number of stakeholders submitted that banks should report elder abuse to a relevant authority.[29]

7.28       Before reporting abuse to the police or other authority, banks should consider discussing the suspected abuse with the customer who may be being abused.[30] Where the older person has a guardian, attorney or other substitute decision-maker for financial matters, the bank might also, or instead, contact that person (assuming it is not that person who is suspected of the abuse).

7.29       In Chapter 3, the ALRC proposes that state and territory public advocates and public guardians be given additional powers to investigate elder abuse, particularly when a suspected victim is unable to seek help themselves. The ALRC also proposes that people who report suspected abuse be given immunity from certain legal obligations that might otherwise prevent them from reporting abuse. This should remove an impediment to reporting abuse that banks have identified. The ABA submitted that

legal obligations including privacy laws and anti-discrimination laws as well as obligations of confidentiality and concerns about possible actions in defamation provide challenges for banks in reporting suspected financial abuse. Although the ABA does not support mandatory reporting, the industry would like to see the establishment of clear reporting guidelines for banks to follow if a bank chooses to report what it believes to be suspected financial abuse as well as a government body to which banks can report suspected financial abuse, and statutory immunity for banks choosing to report suspected financial abuse.[31]

7.30       Some customers might object to banks ‘interfering’ in their affairs—questioning how they or their family and friends spend their money, suggesting they are being abused, or reporting suspicions to the police or other authorities. Some customers may consider this an invasion of their privacy. Such objections may be even stronger if it is felt that the interference is partly because one is considered old. There is no doubt that banks must act with tact and sound judgment. As the ABA guidelines state:

Intervening in a customer’s financial matters or questioning them without due consideration and sensitivity may embarrass the customer, and possibly damage the bank’s relationship with their customer. In cases of suspected financial abuse, it is important to be vigilant and cautious.[32]

7.31       Where the older person or their representative can take steps to prevent the abuse, or to seek help from others, then it should not be necessary for the bank to notify anyone else. Older people should generally be able to decide for themselves how to respond to abuse. The need to respect people’s autonomy is, for some, the key reason underpinning their objection to mandatory reporting. State Trustees Victoria submitted that mandatory reporting ‘may be seen by the elderly as intrusive and patronising’.[33] The ALRC does not propose that banks be required to report all instances of suspected abuse to authorities, but rather that reporting abuse will sometimes be the appropriate step to take.

Authorising third parties to operate bank accounts

Proposal 7–2              The Code of Banking Practice should increase the witnessing requirements for arrangements that allow people to authorise third parties to access their bank accounts. For example, at least two people should witness the customer sign the form giving authorisation, and customers should sign a declaration stating that they understand the scope of the authority and the additional risk of financial abuse.

7.32       Retail banks in Australia typically have a standard form that customers may submit to authorise someone else to operate their bank account on their behalf. This is known as an ‘Authority to Operate’. Giving a trusted person access to one’s bank account will sometimes be convenient or even necessary, particularly for an older person who finds it difficult to use online banking services or visit a bank branch. However, it may also increase the risk of financial abuse. The ALRC proposes that additional protections be introduced to limit this risk, through amendments to the Code of Banking Practice.[34]

7.33       ‘Authority to Operate’ forms typically require the signatures of both the bank customer and the person authorised to access the account. There is no requirement for others to witness the signing of the form and often no requirement for the customer to attend the branch to submit the form. There is therefore a risk that the forms will be completed and submitted fraudulently. The older person’s signature might be forged, or unreasonable pressure might be placed on the older person to sign themselves. Some customers may not understand the arrangement or its risks, particularly if they have not visited a bank branch or otherwise sought advice. Some may not have the decision-making ability to authorise the person to operate the bank account.

7.34       Authority to Operate arrangements have been said to be ‘easily obtained’, ‘not generally required to be witnessed’, and may ‘easily’ be used for financial abuse.[35] In Victoria, they have been said to undermine the protections in the powers of attorney legislation.[36]

7.35       The ALRC proposes that banks introduce additional protections to limit the potential for these arrangements to be abused. These protections should be set out in the Code of Banking Practice[37] and might include a requirement that:

  • signatures be witnessed by two people, one of whom should be a doctor, lawyer or of another prescribed profession;

  • the customer sign a declaration stating that they understand the scope of the authority and the additional risk of financial abuse.[38]

7.36       Some may object that authorities to operate are commonly used by many bank customers, not just older people. Banks and customers may also object to the additional administrative burden. However, the safeguards proposed by the ALRC are relatively modest; they do not impose a significant administrative burden and seem unlikely to deter customers from using these arrangements.