2008/09 Annual Compliance Statements
An overview of the 2008/09 data indicates that the better discipline and rigour achieved in 2007/08 reporting has been maintained.
The detailed review of the data, including on site reviews is to be undertaken later in 2009.
Quantitative Results
These graphs provide aggregate industry data on the number and types of breaches identified by all Banks.Total breaches
It is the CCMC’s view that the increase in breaches identified reflects greater attention to breach monitoring and reporting by banks in the current year rather than any underlying increase in non compliance.
The more significant individual incidents of breach have been in the areas of provision of credit (guarantees, financial difficulty and debt collection), disclosures (interest rates, fees and charges, terms and conditions) and privacy.
Further comment on the individual significant breaches.
Privacy related breaches account for 50% of total breaches in 2008/09 (32% in 2007/08). These breaches are typically one off failures by bank staff to identify customers prior to the provision of customer information. The high number reflects a specific targeted monitoring emphasis undertaken by some banks. The CCMC has been advised that staff processing initiatives have been implemented to address the breaches. In four instances the breaches were reported as being significant in their impact.
Overview Comments
2007/08 Annual Compliance Statements
The following opinion was provided to subscriber banks in respect to information contained in the 2007/08 Annual Compliance Statements The completion of the 2007/08 compliance statements under the Committee’s revised reporting requirements and the associated introduction of an on site review programme, has for the first time provided the Committee with more reliable Code compliance performance data derived from banks’ internal compliance oversight and breach identification processes.Specifically, there is now a larger set of compliance performance data available to the Committee for analysis according to subscriber bank and by Code clause which supplements the existing data available from the Committee’s other sources (case work and theme reviews).
Overall, the Committee’s on site programme has concluded that banks generally have in place adequate processes to monitor compliance, detect and report compliance breaches and implement effective remedial actions. The introduction of the reporting of significant breaches to the Committee has improved the effectiveness of these processes and the Committee’s monitoring capability.
The Committee is pleased to note that there has been a general improvement in the integrity of the reporting of breach data in the 2007/08 Statements by subscriber banks as compared to previous years. Better discipline and rigour has been directed to Code breach monitoring, recording and oversight processes which have been important factors contributing to this improvement. It is expected that the 2007/08 improvements in reporting can be further progressed during 2008/09.
The Committee’s assessment of the 2007/08 reporting of breach incidents, together with its own data provided from case investigations and theme reviews, indicates an overall satisfactory level of subscriber bank compliance with the Code.
The Committee’s ability to form opinions on the degree of Code compliance generally, and within each subscribing bank, will improve as subsequent years’ compliance statements are lodged and analysed and as on site visits continue.
2008/09 Annual Compliance Statements An overview of the 2008/09 data indicates that the better discipline and rigour achieved in 2007/08 reporting has been maintained. The detailed review of the data, including on site reviews is to be undertaken later in 2009.