Embedding the banking code of practice : Obligation management

The Banking Code Compliance Committee (BCCC), Australia has conducted an inquiry between July and  October 2019 into Code subscribing banks’ (banks) transition to the new 2019 Banking Code of Practice (the Code) to confirm whether banks have taken appropriate steps to ensure compliance with the Code. The objective of the inquiry was to have a holistic review of the banks’ transition to the Code.

BCCC has come up with a set of recommendation based on their observation of code adherence across the subscribing banks. The diagram below illustrates some of the key considerations that need to be made while incorporating the code of practices into the existing operations.



BCCC Recommendation #1

Identifying obligations

A good point to start this is to

  • identify the compliance gaps between existing practices prior to Code approval and the obligations set out in the Code, and
  • develop and implement appropriate policies, processes, procedures and system changes to ensure compliance with the Code from 1 July 2019.

What is important is to use a consistent taxonomy to differentiate a variety of these obligations. While identifying the obligations it is important to differentiate what can be automated, which are there to meet the legal compliance, which are there to support product design & distributions and which are behavioural and subjective in nature. Some common obligations may need to support more than one set of compliance or policy adherence objectives.

The number of obligations that need to be monitored for each control may vary based on a number of factors including product distribution model, geography, channel, process etc.

BCCC Recommendation #2

Mapping obligations into your existing compliance framework and business process

The code is equally applicable to all the entities, brands and subsidiaries. Irrespective of whether the products are offered under white-label agreements, e.g. credit or loan products, it requires uniform compliance. So the obligations need to be mapped to relevant metadata, geography, business processes and risk criteria.
— products and services
— business units
— services channels
— back-office and processing teams
— control environments (to ensure it can adequately report to BCCC).

— risk criteria

Every obligation needs to be assessed for individual and contextual risk and a risk definition needs to be attached to it.

Risk-based supervision increases the effectiveness of code compliance while increasing efficiency through improved resource allocation and processes. It assists in prioritization of resources to the areas of greatest conduct risk. Risks are not eliminated, but supervisors are able to address them in the most efficient and effective way of pursuing their objectives. This allows Banks to address the risks in a systematic manner giving priority to what matters most.


If you want to learn more about the obligation identification, mapping strategy, send us an email (sales@cognitiveview.com) for more information.

Cognitive View Blog banking code of conduct Australian banking association

Findings of Banking code compliance committe

Australian Banking code of practice released in July 2019 and many Banks have committed significant time and resources to the code transition projects.

Based on the Banking Code Compliance Committee (BCCC), 2019–20 has been a year of two distinct halves. Although it started with lots of optimism, the bush fire and covid-19 pandemic unleashed a global health and economic crisis that continues to pose a significant threat to millions of Australians and present banks with unprecedented operational challenges. The expectation and priorities of BCCC have shifted, and the focus has been more towards meeting the needs of individual and small business customers while operating in challenging circumstances.

Based on some of the code-subscribing Bank’s self-reported data

  • There have been 15,597 Code breaches in 2018–19 compared to 10,123 in 2017–18.
  • More than 9 million customers were affected.
  • The total financial impact of the breaches was more than $90 million.
  • Human error caused 91% of all breaches.
  • The most commonly breached Code clauses were similar to 2017–18, with the majority of breaches concerning the Code’s obligations around privacy and confidentiality and responsible lending.


BCCC has launched an inquiry into banks’ transition to the 2019 Code to see whether they had taken the necessary steps to ensure compliance. The inquiry raised concerns about compliance in a number of key areas across the industry and highlighted the need for banks to continue their efforts to meet the BCCC’s expectations and the higher standards required under the 2019 Code.

To support the work required to be undertaken by banks, the report set out a number of specific recommendations for banks to achieve good practice and ensure ongoing compliance with the 2019 Code, with a focus on issues including:

  • Senior executive oversight of compliance
  • Staff training and key performance metrics
  • Inclusive and accessible services for all customers
  • Customers experiencing vulnerability
  • Treatment of small business and farming customers.

Key recommendations include:

  • Banks should adopt a broad interpretation of inclusive and accessible products and services.
  • Banks should develop specific vulnerability policies, processes, training and resources to support compliance with Chapter 14. Training should be delivered to all customer-facing staff on an ongoing basis.
  • Where a bank has chosen to adopt a broader small business definition, it should not later assert the relevant Code obligations do not apply.
  • Without exception, banks must develop capabilities for reporting small business data to the BCCC. Banks need to provide consistent reporting to allow for benchmarking and year-on-year comparisons.
  • Even beyond transition, senior executive staff should ensure that the spirit and awareness of Code obligations are embedded at all levels of the bank.
  • Staff training programs should adequately raise staff awareness and competency to identify and report a possible breach of the Code internally. Training programs should promote the importance of a positive customer-focused culture that promotes compliance with the Code.
  • Banks should review and develop KPIs that ensure staff performance metrics promote behaviours that prioritise good customer outcomes and reflect the Guiding Principles and spirit of the Code.
  • Banks should continue developing initiatives to improve products and services that are inclusive and accessible to all groups of customers. Bespoke initiatives are important to challenge old ways of working and using external partners may provide useful expertise.

What is coming ahead?

Vulnerability, inclusivity and accessibility

Based on the feedback from the Australian Banking Association (ABA), the Australian Financial Complaints Authority (AFCA) and a number of consumer advocacy groups and small business stakeholders, BCCC initiated 2019 Code Transition Inquiry, which found that while banks had made significant efforts to empower staff to take extra care with customers experiencing vulnerable circumstances, there was more work to be done. The pandemic has made this code compliance even more critical.

Throughout 2020–21, the BCCC will continue an Inquiry into banks’ compliance with Part 4 of the Code, which outlines the key consumer protections for disadvantaged customers. Part 4 contains several new obligations that were introduced with the 2019 Code, including the requirement to treat customers experiencing vulnerable circumstances with sensitivity, respect and compassion; and the need to make banking services inclusive and accessible to everybody, including older people, people with disability, Indigenous people and people with limited English.


Customer vulnerability requirements for GI Code of practise

One of the great things about GI Code of practice (GICOP) is that the code, which is written in plain English, sets out the standards that general insurers must meet when providing services to their customers, such as being open, fair and honest. On 7 May 2020, the Insurance Council of Australia revised the implementation timeframe for the new GICOP to better support customers during COVID-19 and recognising the stretched resources of insurers following their need to respond to COVID-19 and recent natural disasters.

For part 9 i.e. Supporting customers experiencing vulnerability, it requires full compliance by 1 January 2021.

While the adoption of the GICOP is currently voluntary, compliance is monitored by the Code Governance Committee. The Australian Securities and Investments Commission (ASIC) is expected to eventually be given powers to enforce certain provisions of the GICOP.

Supporting customers experiencing vulnerability

What’s new?

The new Part 9 applies to retail insurance products only and introduces provisions to assist customers from experiencing vulnerability. The 2014 GICOP did not contain these provisions although some insurers have had policies in place already to deal with some of these issues. Implementation of these provisions has been fast-tracked because many customers may be vulnerable due to the health and economic impacts of COVID-19.

Customers may require support even when they have not made a claim. For example, vulnerable customers who are purchasing a new policy or amending a current policy to better suit their needs may need additional support from the insurer. Similarly, customers in financial distress may need to approach insurers about ongoing insurance claims and the provisions will apply regardless of whether the claim was caused by COVID-19 or not.

What is vulnerability?

To best support customers, insurers could keep an open mind about what constitutes a vulnerability. The new GICOP does not exhaustively define vulnerability. Instead, it lists 11 express factors which may cause someone to be vulnerable including age, disability, health conditions, family violence, language barriers, cultural background, Aboriginal or Torres Strait Islander status, remote location or financial distress.

What does Part 9 require insurers to do?

To support vulnerable customers, signatories to the GICOP commit to do a number of things including:

  • taking ‘extra care’ with customers who experience vulnerability;
  • publishing on the insurer’s website a policy about supporting customers experiencing family violence;
  • having internal policies and training appropriate to employees’ roles to help them identify and support vulnerable customers;
  • providing access to interpreters where practicable;
  • updating the insurer’s website with an easy-to-find link to information on interpreting; services, teletypewriter services and other resources for people with the language barrier;
  • treat people with any past or current mental health condition fairly; and
  • only asking relevant questions when deciding whether to provide cover for a pre-existing mental health condition.

In readiness for implementation, insurers should prepare an internal policy with practical examples addressing Part 9 and provide training appropriate to employees’ roles. For example, insurers could use technology to enable customers who require ‘extra care’ because of a language barrier to nominate a preferred way of communication or recognise the appointment of a support person.

Financial hardship

Financial Hardship in the GICOP has a specific meaning and is often confused with the concept of ‘urgent financial need’. Financial hardship occurs when a person has difficulty meeting financial obligations to the insurer, other than the payment of premium. In comparison, a customer has ‘urgent financial need’ if the customer requires expedited assessment of a claim or an advance payment.

The health and economic impacts of COVID-19 mean that more people may need to contact insurers and request support due to financial hardship.

What’s new?

The Financial Hardship section of the new GICOP contains a number of strengthened provisions which may require insurers to re-think their approach to identifying and assessing such requests.

While the 2014 GICOP contained provisions requiring insurers to provide GICOP training to employees, the new GICOP contains express provisions requiring insurers to have internal policies and training appropriate to employees’ roles to help identify whether a person is experiencing Financial Hardship and decide how they can provide support.

The Financial Hardship section of the new GICOP also requires the insurer to notify the person in writing of its decision within 21 calendar days after receiving the application or any requested supporting documentation. If requesting supporting documentation, the insurer must make the request as early as possible and be specific about the information needed. Standard templates simply requesting more evidence to justify the financial hardship are unlikely to meet this requirement.

A new requirement in the Financial Hardship section relates to collections. This requirement applies to all collections regardless of whether the person might need to invoke Financial Hardship or not. The insurer, Collection Agent or solicitor must ensure that the first communication about the recovery of any money owed contains information to show the amount is fair and reasonable. For example, this could include documentation showing the actual cost of repairs.

How Cognitive View can help

The companies need to have internal policies and training for agents to take account of the particular needs of vulnerability. Whilst many insurers meet the policy requirements,  supervising agents or staff whether they meet the policy requirements consistently can become a huge challenge. A person may be vulnerable due to a range of circumstances and sometimes agents fail to be empathetic because of the high-pressure work environment.

Cognitive View analyzes customer communication data including contact centre to automate GI code of compliance, conduct risk monitoring requirements. Leveraging AI it helps agents to identify customer vulnerability real-time and also can help supervisors in recognizing where people and process require further improvement.

This essentially improves consumer fairness, public trust in financial services, and enhances market integrity.

Cognitive View Market Conduct Regulation

Market conduct regulation in USA

Regulators have historically sought to enhance a customer’s understanding of the products they purchase, imposing prescriptive requirements for disclosure, as well as setting professional standards for sales advisers. The goal is to rebalance the ‘information asymmetry’ – however, issues have continued to arise.

An essential component of insurance regulation is the appropriate oversight of the ways insurance companies distribute their products in the marketplace, namely, market conduct regulation (or market regulation).

Market conduct—a term commonly used in the insurance industry to describe problems associated with the distribution and sale of insurance—has become a key insurance regulatory focus over the last decade. Insurance regulators view market conduct as critical to ensuring the welfare of consumers and maintaining public confidence in the insurance industry.

Market regulation attempts to ensure consumers are charged fair and reasonable insurance prices. It also strives to ensure consumers have access to beneficial and compliant insurance products and are protected against insurers that fail to operate in ways that are legal and fair to consumers.

  • Market regulation is regulatory oversight that primarily focuses on regulated entities’ compliance with laws and regulations other than those related to financial solvency. Market regulation complements financial solvency regulation. Problems spotted during a market conduct review can be a precursor to financial solvency concerns.
  • Market regulation also evaluates companies’ fulfilment of contractual obligations to their policyholders and claimants.
  • In a broad sense, market regulation encompasses functions that historically have been performed both within the various state insurance departments, such as rate and form review, producer licensing, and consumer assistance, and those functions that historically have been performed outside of the departments through market conduct examinations and investigations.

The NAIC, USA  introduced a new Market Conduct Annual Statement (MCAS) collection system to provide states with a uniform data collection system for collecting insurance companies’ market-related information. Moreover, the Market Regulation and Consumer Affairs (D) Committee monitors all aspects of the market regulatory process for continuous improvement. This includes market analysis, regulatory interventions with companies and multi-jurisdictional collaboration.

Market conduct examinations occur on a routine basis, but can also be triggered by complaints against an insurer. These examinations review:

  • Agent licensing issues.
  • Complaints.
  • Types of products sold by the company and agents.
  • Agent sales practices.
  • Proper rating.
  • Claims handling.
  • Other market-related aspects of an insurer’s operation.
Cognitive View CASS Cost of Conduct

Cost of Conduct according to the Centre for Banking Research (CBR)

Below are some of the highlights of the Conduct costs project launched by the Centre for Banking Research. You can find the full report here https://www.city.ac.uk/news/2020/september/centre-for-banking-research-launches-conduct-costs-project


The CBR Conduct Costs Project aims to foster transparency in financial activity and to deliver a category of benchmarking, which comprises the level of conduct costs and the conduct risk of the banks, as an analytical tool for the banks and their stakeholders.



In aggregate, between January 2008 and December 2018, the 20 international banks, have paid conduct costs in excess of GBP 377 billion.



Over the past ten years, the cumulative total of conduct costs amounts to GBP 205.25 billion for the US banks in our sample; GBP 86.09 billion for the UK banks; GBP 41.31 billion for the Euro Area banks; GBP 40.19 billion for the Swiss banks, and GBP 4.62 for the Australian bank. Overall, the cumulative conduct costs reveal global vulnerabilities across different markets and jurisdictions.

Drivers of progress

The numbers recorded against a bank’s conduct costs might assist in explaining low profitability and share price performance. Moreover, the level of comprehensiveness of the dataset, besides adding context to the conduct costs, provides a valuable insight into a bank’s non-financial conduct performance.

Banks conduct costs to tell the story not only of specific financial institutions, their systems, and controls, governance and culture, but also the story of the individuals within the institution, their ethics, values and competence gaps. There is a connection between the institutions’ ethics and culture, and the frequency and severity of the misconduct. Likewise, conduct costs are an objective indicator of the negative effect of an inappropriate culture.





The full report can be downloaded here



Cognitive View afca Insights

What is AFCA Insights

Cognitive View’s AFCA Insights is an independent service that provides insights from AFCA’s historical complaint management data. This allows firms to learn and get a deeper understanding of past and emerging complaint patterns, AFCA’s decisions making approaches, and actionable insights to support the exiting IDR processes and respond efficiently for AFCA’s lodged complaints.

This service is built leveraging the AFCA’s existing publicly available information but continuously updated to keep up to date. This is a self-service, Insights-as-a-Service to assist you in data-driven decision making.

ASIC’s RG 271, sets out how financial firms that are required to comply with IDR requirements can meet their obligations. Financial firms must have a dispute resolution system that consists of:

  • internal dispute resolution (IDR) procedures that meet the standards or requirements made or approved by ASIC; and
  • membership of the Australian Financial Complaints Authority (EDR) schemes

Both IDR and external dispute resolution (EDR) framework combined provides access to redress for many tens of thousands of Australian consumers, small businesses and superannuation fund members who have a complaint against a financial firm.

Firms need to review their complaints data and analyze the root causes routinely – not only on a case by case basis but also observing the general trend to identify any systemic issues. Besides the firm’s internal complaints data, having a better understanding of industry trends provides an opportunity to learn from others and optimize existing people, processes, and products to prevent similar complaints.

It offers three key sets of capabilities and more.


  • Case insights is an AI-based capability that allows companies to learn from similar complaint determinations, understanding AFCA’s findings, issues, and approach to resolution. The case insights assist in resolving a specific complaint. Case insights use natural language processing and analytics technology to uncover AFCA’s previous determinations and retrieves specific answers to your questions.
  • Trend analytics provides past and emerging complaint patterns, compliance issues, industry trends. It helps in building the right complaint resolution foundation and to address any systemic issues.
  • Actionable insights provide a set of recommendations based on the gaps found and general observations from the complaint cases. It gives the necessary guidance for a variety of business stakeholders to act.

AFCA insights save a massive amount of time and cost in complaint resolution by rapid analysis of AFCA’s previous determinations. It also provides an opportunity for firms to learn from AFCA’s fairness framework and real case examples.

It offers to reflect on internal business processes, identify any systemic issues, and meet the compliance requirements required for the Industry code of conduct and Corporations act.