Australian Citizens Party formerly Citizens Electoral Council

Banks prey on customers through corrupted banking Code

Australia’s modern financial system is based on principles developed by the 1981 Campbell Committee, which recommended deregulation and privatisation of the banking sector. A decade later, amidst industry misconduct and rising public dissatisfaction with the banks, the 1991 Martin Inquiry was established to assess the consequences of financial deregulation implemented as a result of the Campbell Report.

Banking code breaches
Breaches of the Banking Code of Conduct have increased, but with effectively no consequences for the banks. Source: BCCC

Retired political economist and former University of Sydney lecturer, Dr Evan Jones, has described the Martin Report as a “whitewash”, which ignored dysfunction in the deregulated financial system. Instead, the Martin Report championed more deregulation, including in the form of industry self-regulation through a financial industry ombudsman and a code of banking practice.

The Martin Committee praised the industry-funded and banker-designed Banking and Financial Services Ombudsman (BFSO), which had started operating the previous year, and proposed the establishment of an ombudsman to cover the whole financial services industry.

The Martin Report also recommended that a code of banking practice be developed, which was initially undertaken by Treasury and the Trade Practices Commission. However, as Dr Jones has documented, the code was then handed over to the banks themselves to develop, as a trade-off for the contractual enforceability of the code. According to an article authored by Jones in the 8 February 2019 Pearls & Irritations, the code has been a facade since its “sanitised introduction under bank control” in 1996. Jones, an advocate for bank victims, has also asserted that since its privatised inception in 1996, the Code has been a “joke, with no substantive effect whatsoever”. The Banking Code of Practice (the Code) is owned and developed by the banks’ lobbyist, the Australian Banking Association (ABA).

According to Jones, the “early history of the Ombudsman scheme and the Code of Banking Practice exposes the major banks’ collective ethos. The Labor Government acquiesced to the banks’ formal commitments to meaningful self-regulation. The banks committed themselves immediately to ensuring that neither the Ombudsman scheme nor the Code would function effectively. In particular, a bank’s contractual obligation under the Code has never been enforced. The banking sector henceforth became essentially unregulated (save for the weak reed of ‘prudential’ regulation of banks’ capital adequacy), and so it remains to this day.”1

Monitoring of the Code

The Martin Committee recommended that the banking code should be monitored by a Commonwealth regulatory authority, recommending the Trade Practices Commission for the role. However, the job was given to the Australian Payments System Council, a non-statutory body chaired by the Reserve Bank, with members representing industry and consumer interests. In 1998, the newly-established corporate regulator, the Australian Securities and Investments Commission (ASIC), was given responsibility for monitoring the Code.

In 1999, Liberal MP Joe Hockey, who was simultaneously Minister for Financial Services and Regulation and Minister for Consumer Affairs, initiated an inquiry into industry self-regulation. Hockey’s Taskforce members were primarily drawn from the private sector. The Taskforce recommended that the banking Code should now be administered and monitored by industry, replacing ASIC’s role as overseer of Code compliance.

The Taskforce’s recommendation was enshrined in the following 2003 revision of the Code, which was finalised in an amended version in May 2004. This revision introduced the Banking Code Compliance Monitoring Committee (CCMC), which was supposed to independently monitor the banks’ compliance with the code. Several months prior to the finalised Code revision, the banks and the ABA created the Code Compliance Monitoring Committee Association, with a Constitution authored by Malleson’s (NAB’s premier law firm, according to Jones), which was concealed from the public for over a decade.

A submission by the Tasmanian Small Business Council (TSBC) to a 2016 parliamentary inquiry into the behaviour of banks towards borrowers in financial difficulty, included detailed research on the history of the Code and the CCMC. The TSBC documented that the secret Constitution contained clauses which severely constrained the effectiveness of the CCMC, and gave both the Australian Banking Association and the Financial Ombudsman Service (FOS, the BFSO’s successor) unseemly influence over the CCMC’s operations. Members of the CCMC who blew the whistle on the problematic governance arrangements and Constitution resigned from the organisation, seemingly after their concerns were largely ignored by formal reviews. Eventually, the conflict was exposed, and the Code was revised again in 2013, although the ABA and FOS retained significant influence over the CCMC’s functions. In its submission, the TSBC asserted: “There is significant evidence suggesting that the ABA and hence the banks and bankers, have acted to retain control over the compliance procedures that would require them to deal fairly and openly with all their customers, including all small businesses.”

As Dr Jones asserted in Pearls and Irritations, the revised Code “was corruptly structured to inhibit access to the complaints process”. Jones asserts that the CCMC’s “capacity for compliance monitoring was inhibited in utero”.2

Code breach oversight monopolised by bank-backed entities

In the 2019 revision of the banking Code, the CCMC was rebranded into a new organisation, the Banking Code Compliance Committee (BCCC), which operated in largely the same way and was staffed by former CCMC employees.

There were familiar constraints on the BCCC’s operations— its Charter can be amended by the ABA, and any material changes to the BCCC’s operating procedures must be developed in consultation with the banks. Reminiscent of some of the CCMC’s governance arrangements, the ABA and FOS’s successor, the Australian Financial Complaints Authority (AFCA), retain significant influence over the BCCC’s operations.

For example, AFCA and the ABA jointly appoint the chair of the BCCC. The Committee’s other two Members consist of a consumer representative appointed by AFCA, and an industry representative appointed by the ABA.

The Committee is supported by a secretariat provided by AFCA’s Code Compliance and Monitoring Team (Code Team), which is a “separately operated and funded business unit of AFCA”. The Code Team “work[s] with code subscribing financial firms to ensure they comply with their code obligations”, is industry-funded, and operates under a service agreement between the BCCC, the Australian Banking Association and AFCA.

There is significant crossover between the BCCC’s secretariat team and AFCA’s Code Team. The BCCC’s current CEO, Prue Monument, is simultaneously the General Manager of Codes and CEO of Banking Code Compliance with AFCA. The BCCC’s Deputy CEO, Rene van de Ridjt, is also the Deputy General Manager of AFCA’s Code Compliance and Monitoring Team; in these roles, van de Ridjt “leads the strategic direction and operational management of the BCCC”.

The Citizens Party has previously raised concerns over the banker-designed AFCA’s extreme secrecy, industry capture and lack of accountability. (AAS, 26 Jan. 2022.) Together with the banker-designed and industry-funded BCCC, AFCA and the Australian Banking Association monopolise the primary avenues by which customers can report breaches of the banking Code.

Banks breach customer contracts without consequence

Banks are required to self-report Code breaches to the BCCC every six months. Notably, a November 2021 joint submission from several consumer representative groups, including the Consumer Action Law Centre and Financial Rights Legal Centre, raised concerns over the “glaring inconsistencies” in the data the BCCC receives from banks, and asserted that there were “clear shortcomings in the output and effectiveness” of the BCCC.

Although the BCCC acknowledges that it regularly receives reports from customers about alleged Code breaches, only a small minority of these are ever investigated, and the BCCC’s deliberations often take years to finalise. Similarly, the BCCC’s predecessor, the CCMC, received 2.5 million complaints under the Code between 2004-2012, but only investigated 200 of them.

Although the BCCC has the power to apply “sanctions” to a bank for breaching the Code, this is conditional upon the breach finding being serious or systemic; or if the bank has failed to act on the BCCC’s instructions or requests to take steps to remedy the breach. The so-called “sanctions” are a slap on the wrist: the BCCC can require the bank to take corrective action, implement staff training or a compliance review; can “formally warn” the bank; or “name” the bank on the BCCC’s website or in its annual report (although the BCCC has only ever named two banks, neither of which was a major bank, and only one other bank has ever been named since 2008).

The BCCC can only report “serious or systemic” instances of Code breaches to the financial regulator, ASIC, and appears curiously reluctant to take even this step. For example, on 30 September 2020, the BCCC issued its finding in relation to Bendigo and Adelaide Bank’s Great Southern Loans (GSL) business unit, a failed agri-business investment scheme in which thousands of everyday mums and dads lost hundreds of millions of dollars and their homes, after a controversial court decision allowed the banks to foreclose on them. The BCCC found “serious and systemic” breaches of the Code and non-compliance with a number of the Code’s consumer protection provisions, including: debt collection practices; the treatment of customers experiencing financial difficulty; and fair and reasonable conduct. However, the BCCC’s only sanction was “naming” the banks. The BCCC did not report the Code breaches to ASIC.

Similarly to AFCA, the BCCC is not bound by the legal rule of evidence in making its findings about Code breaches. The BCCC is only required to “have regard to” relevant legal principles and “Applicable Code Provisions”—indicating that the BCCC is not bound to strictly apply the banking Code in its decision-making!

The BCCC claims that “the Code is part of the banks’ contract with its customer and is enforceable by law. This means that customers can rely on the promises made in the Code”. However, the magnitude of Code breaches reported every year contradicts this claim.

From July 2019-June 2020 banks self-reported 40,629 Code breaches to the BCCC. These breaches impacted almost 8 million customers (nearly a third of Australia’s entire population), with a total financial impact of more than $220 million (according to the banks). The BCCC was concerned about the significant increase from the 15,507 breaches reported the previous year; however, the banks claimed that the rise in breach reports was due to increased monitoring and “improvements to risk culture”. During 2019-20, the BCCC’s funding was $1,530,918, which represents a hypothetical allocation of 19c per breach per customer to investigate. During this period, the BCCC only made six Code breach findings; the following year, in 2020-21, the BCCC made only three findings.

Notably, the most commonly reported breaches refer to serious issues which may represent significant harm to customers. For example, between July and December 2020, the top categories of Code breaches were related to: trained and competent staff (including fair and reasonable conduct) (4,564 breaches); protecting confidentiality (4,165); a responsible approach to lending (2,860); debt recovery matters (2,635); communication between the bank and customer (1,259); and helping customers who are in financial difficulty (1,086). During this period, one major bank accounted for more than 45 per cent of all breaches; however, the BCCC de-identifies bank information and therefore does not disclose firm-specific details of Code breaches.

Although the Australian Banking Association claims that the Code is an enforceable agreement which forms part of the contract between banks and their customers, tens of thousands of breaches of the Code occur every year, seemingly without consequence to the banks. For example, in response to “unexplained inconsistencies in banks’ breach data over several years” and evidence given to the 2018 Financial Services Royal Commission which “revealed unethical behaviour by banks towards guarantors”, the BCCC initiated a 2021 inquiry into banks’ compliance with the Code’s guarantee obligations. The inquiry acknowledged that the Code imposed pre-guarantee obligations to ensure that guarantors understood the risk associated with the transaction and were making a fully informed decision about giving a guarantee. The inquiry observed that in 2018, approximately $500 billion worth of consumer and small business credit was supported by guarantees.

The inquiry identified the banks’ non-compliance with several important Code provisions, including: frequent failure to comply with their pre-guarantee Code obligations; inadequate or ineffective monitoring of compliance controls; and a lack of effective record management. Audits found “numerous instances where banks could not demonstrate compliance”.

Despite the seriousness of its findings, the BCCC simply released a series of recommendations so that banks could “meet the BCCC’s expectations” for compliance with the Code; recommending that banks update their policies, compliance controls, record management requirements and increase their data capabilities. The BCCC stated that banks “should carefully consider” the report and develop an implementation plan to “close any gaps”, and planned a follow-up with the banks in March 2022.

It is evident that Australia’s banking Code is a facade, intended to mislead the public into believing that the banks will honour their contractual relationship with their customers. Australians have been abandoned to financial predators while the “independent” Code monitors simply look on and let it happen.

The dubious enforceability of the banking Code

For decades, the Australian Banking Association (ABA) has claimed that the Banking Code of Practice, which is developed and owned by the ABA, is contractually binding on the banks. Today, the ABA’s website claims that “the enforceable Banking Code stays central to the bank-customer relationship”. However, as documented by retired political economist and former University of Sydney lecturer, Dr Evan Jones, the Code has never been enforced, and the banks “continue to treat its substance cavalierly”.3 For example, in 2015 the NAB argued in court that the code had no contractual status.

In the 2019 Financial Services Royal Commission Final Report, Commissioner Kenneth Hayne asserted that “[if] industry codes are to be more than public relations puffs, the promises made must be made seriously. … This must entail that the promises can be enforced by those to whom the promises are made”—the banks’ customers.

Hayne recommended that the financial regulator, the Australian Securities and Investments Commission (ASIC), be given powers to designate “enforceable code provisions”, meaning a breach of these provisions would constitute a breach of the law. Hayne believed that this would remove doubt about which provisions of the Code formed part of the banks’ contract with their customers, as this had previously required judicial consideration to clarify.

The Australian Banking Association spruiks the Banking Code of Conduct as a rule book that protect Australians, but it is anything but.

It appears that Commissioner Hayne called the banks’ bluff. The ABA subsequently backtracked on its decades of blithe assurances to customers, by insisting that enforceable code provisions should be limited in its submission to Treasury’s 2019 consultation on the matter. The ABA argued against applying an enforceable regime to the Code’s “guiding statements or principles, such as ‘we are committed to earning and retaining the trust of our customers and the community’, or ‘we will be accountable in our dealings with you’, or ‘to comply with all laws’[!]”.

Similarly, in its submission to the 2021 review of the banking Code, the ABA stated that “it may be that some parts of the Code are expressed in more general or aspirational terms. It could be that such provisions require redrafting if they are to be considered as ‘enforceable provisions’ under the new regime. Alternatively, it might be accepted that statements of broad intent are occasionally included in the Code to give general direction and guidance and aren’t intended to be enforceable in the strict sense.” (Emphasis added.)

Although ASIC’s new powers to designate enforceable code provisions came into force in January 2021, it has not yet designated any.

Merry-go-round for bank customers

The industry-funded Banking Code Compliance Committee (BCCC), which is the industry-funded body responsible for monitoring banks’ compliance with the Code, claims that “the Code is part of the banks’ contract with its customer and is enforceable by law”.

However, in reality the Code is not enforced, because the different entities responsible for Code monitoring, regulation and compensation for breaches are kept intentionally siloed. This arrangement results in a futile merry-go-round for customers and a free-for-all for the banks, which can systemically breach the Code—their contract with their customers—without consequence.

For example, the BCCC’s role is to monitor banks to ensure they are following the Code, largely relying on the banks to self-report breaches. However, the organisation is not a regulator, therefore it cannot impose penalties for breaches. The so-called “sanctions” the BCCC can apply for breaches are rarely used and are a slap on the wrist (at best).

The Australian Financial Complaints Authority’s (AFCA) Code Compliance Team is a separate unit of AFCA which provides secretariat services to the BCCC, and also monitors Code compliance. The Code Team does not make decisions about compensation or issue penalties or fines, as they state this is the role of the financial regulator, ASIC.

However, ASIC does not have oversight over the Code— this is the purview of the BCCC. Although ASIC claims that the Code is a “set of enforceable rules” which are “administered and enforced” by the BCCC, ASIC instead directs customers who believe their bank has breached the Code to go to AFCA.

The Australian Banking Association claims that the Code is enforceable both through contracts and through decisions made by AFCA. Although AFCA considers that a breach of the Code is a breach of contract with the customer, AFCA can only decide if a customer is entitled to compensation for loss that they may have suffered as a result of the breach. AFCA is not a court or a regulator, and therefore cannot apply penalties or impose fines for Code breaches.

Additionally, the BCCC’s Charter dictates that it cannot review a Code breach allegation if the matter is being heard or investigated by another forum, such as AFCA. Because the Code requires banks to direct their customers to AFCA in the event of a dispute, this indicates that the BCCC would be automatically prevented from investigating many Code breaches.


1. Dr Evan Jones, “The NAB, small business and the wilful ignorance of judges”, (, 16 June 2013.
2. See note 1.
3. Evan Jones, "The gaping hole in the Royal Commission’s final report", Pearls and Irritations, 8 February 2019


By Melissa Harrison, Australian Alert Service, 12 March 2022


Page last updated on 23 March 2022