Tel: 1300 180 606
Address: 1402/227 Elizabeth St, Sydney NSW 2000
Australian Credit License: 501 182
This article originally appeared in AustralianBroker
The Federal Court of Australia has slapped CBA with a $7m fine as penalty for their overcharging case with the Australian Securities and Investments Commission (ASIC).
The proceedings against CBA, which commenced in November, looked into the bank’s misleading representations and conduct. The bank was found to have overcharged interest on small business loans from 2014 to 2018, with the total overcharged value reaching over $2.2m.
CBA said that this was due to a system error — over 1,510 of its clients were charged higher interest rate on their overdraft accounts. While CBA admitted to the allegations, it told the court that it had “acted expeditiously” to remedy the error. However, this response, along with its submission of a $4m to $5m penalty, was rejected by the court.
ASIC Commissioner Sean Hughes said CBA’s delay in remediating customers was an “aggravating factor” in the court’s determination of the penalty.
“When financial institutions discover overcharging, they must take immediate action to remediate impacted consumers,” he said.
Hughes furthered: “Financial services institutions need to have appropriate systems, governance and controls in place to ensure they deliver on promises made to their customers.”
The bank has so far remediated $3.74 million to the customers impacted in this case.
“CBA is now making investments in its systems as a matter of priority. All financial services institutions should make similar commitments to rebuild trust in our financial system and to avoid further failures,” Hughes said.
All visitors to this website, without exception, are invited to read and act upon the contents of this website in accordance with the following terms and conditions:
The company recognises the Office of the Australian Information Commissioner’s concerns that websites be easy to read, accessible and transparent, include appropriate privacy information and provide directions as to where to obtain further information. Confusing and irrelevant content is to be avoided.
The company recognises Clause 4.2 of the Credit Reporting Privacy Code , which provides an approved opportunity for credit provider and/or lessor disclosures of information, collected by way of a website and required under Sub- sections 21C(1) and (3)(a) of the Privacy Act 1988 as amended, to a credit reporting body. This for the various uses and attracting the various rights for the consumer and/or lessee, in accordance with Clause 4.1 (a) to (f) of the Credit Reporting Privacy Code.
These disclosures are included in the company’s Credit Information (Privacy) Management Policy (Tab 8), which is on the company’s website and the communications information content is listed in the Company’s Credit Reporting Data Management Policy (Tab 10) .
From time to time, the company’s website may facilitate consumers completing credit and/or lease applications, questionnaires, forms and the like.
The company only collects information from potential and actual consumers which is reasonably necessary, directly or indirectly, for the conduct of the company’s credit provision activities.
If the consumer suspend s or save s any online application, form, questionnaire or the like, the information the consumer has entered prior to that suspension and/or saving will be available to and retained by the company, as well as being available for the consumer to retrieve when the consumer resumes completing the online application or other activity. The company’s Credit Information (Privacy) Management Policy also applies to this information.
The company does not ask for, store, use or disclose sensitive information.
From time to time, the company’s website may contain links to the websites of third party entities. If as consumer has accessed such a third party website, via the company ‘s website, the consumer may have provided information to that third party entity. If they have chosen to provide information, access to that information may also be provided to the company by that thir d party entity, subject to an agreement between the two companies to share the information.
When viewing the company’s website, or the third party company’s website, from time to time “cookies” and “web beacons” may be used to collect information. This information may include information concerning any or all of the following:
In accordance with the company’s Credit Information (Privacy) Management Policy, the company takes reasonable steps to keep the information obtained secure and to store, use and disclose such information only in accordance with that policy. This includes the above listed information and any information included on completed and submitted applications, forms, questionnaires and the like.
The above listed information will not be used for any third party company marketing, but the company may use the information to advise the consumer of continuing and new products and services, from time to time.
The above listed information is not provided to overseas based companies for any purpose other than possible storage and review of information, for the company’s purposes only.
The above listed information may be used to assist the company in providing the consumer with any service or product, at the time of a particular visit to the company’s website or thereafter, which may or may not be the service or product that initially prompted the consumer to visit the website .
From the Privacy Commissioner’s investigation reports, the company notes that website security is an ongoing obligation and that Australian Privacy Principle 11 applies to website security management . The Office of Australian Information Commissioner’s statement, on 6 March 2014, has been noted by the company, in that the company’s policy is to continue to take reasonable steps to protect information held in digital storage.
To that end, the company utilises ICT security measures relevant to the need to protect all Internet interactions. Security steps used by the company can include:
While the company recognises that it may not be liable when a third party intentionally exploits the company’s reasonable security measures and gains unauthorised access, the company’s defence must be able to demonstrate that previous reasonable steps had been undertaken to prevent such a cyber attack.
The company’s policy is to review /update information security measures each day and to maintain information security measures that respond to the changing landscape.