Skip to content
Circular Home
Issue 33 - May 2018

An update from the Code Compliance and Monitoring Team

The Code team is a separately operated and funded business unit of the Financial Ombudsman Service (FOS) Australia. We support independent committees to monitor compliance with codes of practice in the Australian financial services industry to achieve service standards people can trust. Find out more about who we are and what we do.

We support these committees:

  1. The Banking Code Compliance Monitoring Committee
  2. Customer Owned Banking Code Compliance Committee
  3. General Insurance Code Governance Committee
  4. Insurance Brokers Code Compliance Committee
  5. Life Code Compliance Committee

Click on the dropdown boxes below read about some of the things we’ve been doing recently.

1. Banking Code Compliance Monitoring Committee (CCMC)
Inquiry into banks’ compliance with Direct Debit obligations  
In October 2017, the Banking Code Compliance Monitoring Committee (CCMC) released its Report into banks’ compliance with their direct debit obligations under clause 21 of the Code. 
Research conducted by the CCMC in early 2017 identified that non-compliance was unacceptably high and, at the time the report was released, the CCMC put banks on notice that it would continue monitoring compliance in this area until it is satisfied compliance has permanently improved.
The CCMC conducted further mystery shopping to measure compliance in March 2018, the results of which will be communicated to banks individually in the coming weeks. 
More work in this area is scheduled to take place later this year, and we will release the results as soon as they are available.  
Code Breach Reporting Inquiry
The CCMC is currently examining banks’ monitoring activity and further analysing the breaches reported by banks in their 2016/17 Annual Compliance Statement (ACS). 
Through this work, the CCMC anticipates reporting on:
  • the level of monitoring banks are conducting
  • the issues that are leading to any non-compliance
  • the number of customers impacted by banks’ failure to comply with Code obligations 
  • the financial impact to customers caused by banks’ failure to comply with Code obligations. 
Data was due to be provided to the CCMC by 29 March 2018, and we will report the outcomes of this Inquiry in coming months. 
Inquiry into banks’ compliance with Financial Difficulty obligations 
The CCMC is currently consulting with banks on an inquiry into their compliance with the Financial Difficulty obligations under the Code. Through this Inquiry the CCMC will:
  • Assess the adequacy of banks’ financial difficulty frameworks and provide guidance to banks about alterations required to meet the revised Code obligations relating to financial difficulty. 
  • Develop guidance for banks on best practice principles when working with customers to overcome financial difficulty. 
  • Assess, benchmark, and report on banks’ level of compliance with the 2013 Code. 
  • Share examples of good practice with the industry and community. 
The CCMC looks forward to sharing the outcomes of this work later in 2018.
Annual Compliance Statement  
Each year the CCMC issues each subscribing bank with an Annual Compliance Statement  to report on its compliance with the Code. The statement enables the CCMC to:
  • benchmark banks’ compliance with the Code 
  • report to the industry and wider community on current and emerging issues in Code compliance
  • establish the areas of highest priority for its future monitoring work.
The CCMC has started consulting with banks on a new form of data collection aimed to broaden and deepen the information reported by banks on their compliance with the Code.
Following this consultation, banks will have until 31 August 2018 to provide the CCMC with data from the 2017-18 reporting period. 
CCMC: Code of Banking Practice development  
In December 2017, the Australian Banking Association submitted the revised Banking Code of Practice to the Australian Securities and Investments Commission for approval under section 1101A of the Corporations Act 2001. 
The CCMC looks forward to working with current and new subscribing banks as they transition to the revised Code once it is released. 
2. Customer Owned Banking Code Compliance Committee (COBCCC)
Annual Compliance Statement Verification Program
As we explained in the last edition of The FOS Circular, we recently held telephone conferences with 24 Code subscribers. The institutions were chosen based on the reporting of significant breaches and high volume of privacy breaches and/or complaints, and included all institutions with over $1b in assets.
The level of engagement in the verification program was generally positive and, as in previous years, provided valuable insights into institutions’ day–to-day management of their Code compliance obligations. This year’s examination of information privacy and security obligations also provided unique insights into the management of this substantial compliance area. It highlighted the challenges institutions face, including detailed identification and recording of breaches and IDR complaints. 
Own motion inquiry into compliance with privacy obligations
The Code reiterates and extends institutions’ Privacy Act obligations which are set out in Australia’s key privacy legislation, the Privacy Act 1988 (Cwlth)  and include thirteen Australian Privacy Principles. 
The Committee recognised there was a high and increasing level of non-compliance with privacy obligations which needed in-depth investigation. To better understand the root causes of non-compliance and to highlight areas for improvement, the Committee determined it was important to conduct an Own Motion Inquiry. With the Inquiry, the Committee wanted to gain an insight into how institutions train staff, rectify non-compliance and implement long-term strategies to embed compliance with privacy obligations in their company’s risk framework.
The Inquiry was undertaken in two parts: 
  • a series of telephone conferences to selected institutions as part of the Annual Compliance Statement Verification Program, and 
  • an online questionnaire to all institutions. 
The Inquiry was delayed due to institutions providing late responses to the questionnaire.
The findings are currently being reviewed and will be published in May 2018.
Case study: safeguards for co-borrowers
The customer owned banking institution accepted a customer as a co-borrower when the institution was aware, or ought to have been aware, that the customer would not receive a benefit from the loan. 
Code obligations
These parts of the Customer Owned Banking Code of Practice (the Code) are relevant to this matter:
  • Key Promise 8: we will comply with our legal and industry obligations.
  • Part D section 11.1: Safeguards for co-borrowers.
FOS determination
Financial Ombudsman Service (FOS) Australia considered this matter and issued a determination. 
In its reasoning, the determination considered and referred to Part D section 11.1 of the Code and held that the institution was not entitled to accept the customer as a co-borrower. The loan application information available to the institution showed that the customer would not obtain a benefit from the majority of the loan funds. 
The common law position in relation to what constitutes a benefit under a loan is that a benefit must be a real, or tangible, benefit which must be a direct or immediate gain, not an implied benefit. A benefit through an improved lifestyle obtained through the loan is not sufficient. Common law principles provide that where a person receives a limited benefit from a loan, their liability will be restricted to those loan funds from which they received a direct benefit.
By accepting the customer as a co-borrower when it should not have, the institution breached its obligation at common law and, by extension, breached Part D section 11.1 of the Code.
Notice of proposed determination
Pursuant to the Customer Owned Banking Compliance Committee Charter, the Committee must adopt the findings made in the FOS determination. 
Part C of the Code sets out the Key Promises a Code subscriber makes to a customer. These promises reflect the spirit of the Code and embody the principles and values held by Code subscribers towards their customers and the broader community. 
As legal obligations include obligations at common law, the Committee considered that by breaching Part D section 11.1 of the Code, the institution also breached Key Promise 8 of the Code.
The Committee issued a notice of proposed determination saying that the institution failed to comply with Key Promise 8 and Part D section 11.1 of the Code as, in breach of the common law, it accepted a customer as a co-borrower while the institution was, or ought to have been aware, that the customer would not receive a benefit from the loan.

The institution accepted the Committee’s proposed notice of determination and acknowledged:

  • breach of obligations under Key Promise 8 and Part D 11.1 of the Code
  • reporting the beach in its Annual Compliance Statement
  • arranging staff training, including refresher training in this area, and
  • reviewing and amending its Credit Risk (Lending) Policy.

The matter was closed.

Institutions need to undertake effective due diligence procedures to ensure a borrower or co-borrower is only be accepted if it can be demonstrated that a real, substantial benefit (direct or immediate gain) is obtained by the borrower.
3. General Insurance Code Governance Committee (GICGC)
The Insurance Council of Australia (ICA)’s review of the General Insurance Code of Practice
The ICA recently held facilitated workshops for stakeholders to discuss the practical impacts of proposals raised by the ICA in its Interim Report. 
At the ICA’s request, we participated in three issue-specific workshops: 
  • third party distributors (external sellers of insurance products)
  • the internal complaints process, and 
  • industry data collection. 
Release of the Committee’s annual report – General insurance in Australia 2016–17: industry practice and Code compliance
The Committee released its first integrated General insurance in Australia 2016–17 report on 2 March 2018, which is available for download here
We encourage you to review the Chair’s Message and note the trends evidenced by the consolidated data and information in the report. There has been much interest in the report including by:
  • Peter Kell, ASIC Commissioner and Deputy Chair, who referred to claims breach data in his speech to the general insurance industry at the ICA’s recent 2018 Annual Forum.
  • The Productivity Commission.
  • The Australian and The Australian Financial Review
  • Daniel Forgarty, CEO, Evari Insure, who referred to claims acceptance rates during his participation in a panel discussion at ASIC’s recent Annual Forum 2018
Guidance note – financial hardship 
On 7 March 2018, the Committee released a guidance note to industry on complying with the Code’s financial hardship standards. The ICA has published the guidance note on its code of practice website here
The purpose of the note is to provide practical information to help Code subscribers, their employees and services suppliers better understand what the Committee expects of them. We hope this will help subscribers comply with the relevant Code obligations relating to financial hardship (section 8) and internal complaints handling (section 10), namely: 
  • the timely assessment of requests for financial hardship assistance
  • communication with a consumer’s authorised representative, and
  • access to internal complaints processes.
The Committee will use the guidance note as part of its approach when it assesses whether a Code subscriber has complied with the relevant Code obligations.
Own Motion Inquiry into the sale of add-on insurance products
In the last issue of The FOS Circular we let you know that the Committee had begun examining various types of add-on general insurance products directly and indirectly offered for sale by Code subscribers. Code subscribers have now completed their submissions and we are analysing the data. The Committee expects to publish a report on the findings by 30 June 2018. 
Desktop audit examining internal complaints processes
The Committee will soon be starting a desktop audit of Code subscribers’ internal complaints processes. The desktop audit will require Code subscribers to complete a questionnaire describing how they comply with the Code’s internal complaints handling obligations, and whether they have identified any non-compliance. They must also provide evidence supporting their compliance status. We will examine Code subscribers’ responses and supporting evidence and assess these against the relevant Code standards. If we identify any gaps in compliance we will work with the relevant Code subscriber to resolve them. The Committee will publish a report on the outcome of the desktop audit in 2018–19.
4. Insurance Brokers Code Compliance Committee (IBCCC)
Own Motion Inquiry 'Competency and Professionalism'
The Inquiry examined Code subscribers’ understanding of competency and professionalism, and how competency standards are achieved within their organisation. Code subscribers were asked to respond to a number of multiple choice and open text questions on competency and formal education and training.
The Inquiry was delayed due to organisations providing late responses to the questionnaire. The findings are currently being reviewed and will be published in June 2018.
Annual Compliance Statement 2017
The Annual Compliance Statement (ACS) is integral to the Committee’s work assessing Code subscribers’ compliance with the Insurance Brokers Code of Practice. It was issued to all Code subscribers at the end of December 2017 for completion by March 2018. 
The ACS asks for information about Code compliance frameworks and breach and complaints reporting and monitoring, as well as organisations’ overall culture of compliance and examples of good practice. This year it also assesses how organisations have implemented recommendations issued by the Committee following its own motion inquiry into internal dispute resolution processes (published in February 2017).
ACS data is currently being reviewed and analysed for publication in May 2018.
Stakeholder engagement
  • We held our first ever webinar in February 2018 to help Code subscribers complete their Annual Compliance Statement.
  • The Committee published these articles in the Insurance Adviser:
  1. ‘Breach and Complaints referring’ (December 2017) about its upcoming Annual Compliance Statement program
  2. ‘IB Code Key Dates 2018’ (February 2018)
  3. A case study on flood cover (March 2018)
  • The Committee met on various occasions with NIBA CEO Dallas Booth. The Chair also attended the ASIC Forum in March 2018, and met with ASIC Commissioners.
  • Code team members attended the FOS General Insurance Forum in Melbourne.
5. Life Code Compliance Committee (LCCC)
Committee updates
Ms Anne T Brown was appointed as the new Chair of the Life Code Compliance Committee in January 2018. The Committee was then able to meet in February, when it discussed self-reported non-compliance by subscribers, and focused on the Annual Compliance and Data Programme.
Over the past quarter:
  • The Committee worked on the Annual Data and Compliance Programme draft documents and data scope.
  • The Life Chair and FOS Code Team Compliance Manager attended the ASIC Annual Forum.
  • Members of the Life CCC attended the FSC Life Insurance Conference.
Annual Data and Compliance Program
The Committee signed off on three draft documents relating to its Annual Data and Compliance Program:
  • Draft ADCP Terms Of Reference
  • Draft ADCP Questionnaire
  • Draft ADCP User Guide and Defined Terms
The Code team met with Code subscribers on 6 March 2018 for a face–to-face feedback session regarding the draft ADCP documents. The team has subsequently received further written and verbal feedback, which will be considered and incorporated into the updated ADCP documents for approval by the Life CCC at its next meeting.
Work is on track for launching the ADCP and data request on 2 July 2018.
Code breach investigations
The Committee has received over 700 Code breach allegation referrals. This is a substantial amount, and mainly deal with sections 8.17 (standards relating to timeframes within which a claim decision must be made) and 9.10 (standards relating to timeframes within which to respond to a Trustee regarding a complaint lodged with the Trustee).
We are also still assessing the extent and nature of Code subscribers’ self-reported non-compliance and any subsequent remedial action.