Banks don’t need 10 commandments to do the right thing, just six, according to the head of the banking royal commission.
The first of those commandments set out by commissioner Kenneth Hayne is to “obey the law”. The other five relate to ethical conduct: do not mislead or deceive, be fair, provide services fit for purpose, deliver services with reasonable care and skill, and when acting for another act in their best interests.
Banks are, in fact, required as a condition of their banking licence to treat customers “efficiently, honestly and fairly”. In addition to the ABA Banking Code of Practice, which covers the industry, banks also have codes of conduct that they promote with assurances any breaches will be dealt with harshly.
Often this is mere window dressing. The truth is that most codes of conduct are just glossy, aspirational documents handed to new employees then promptly forgotten until an excuse to fire someone is needed. Their lie has been exposed by the many examples of dishonest, illegal, deceptive, fraudulent, grossly incompetent or grossly negligent conduct revealed by the royal commission.
So how to make codes of conduct real tools of good behaviour rather than exercises in deceptive advertising? The answer is to enshrine Justice Hayne’s six commandments in every bank’s code of conduct and make any breach to that code criminal.
Codes of conduct
Major banks publish their official codes of conduct prominently. The codes are endorsed by boards, and clearly state there are censures for code breaches. For example, the National Australia Bank code threatens staff with termination for breaches.
These codes are effectively a company’s promise about how it will behave and what it will deliver. Any failure to uphold it could potentially be pursued in court — by the corporate regulator, individuals or a class action — as misleading and deceptive conduct.
Value to customers
In general, the banks have viewed their codes as non-binding statements of comfort with no real enforceable value to aggrieved customers.
Two legal rulings in recent years, though, have taken a different view.
In 2015 the Victorian Supreme Court of Appeal ruled (in Doggett v CBA) the Commonwealth Bank of Australia (CBA) had breached the Banking Code of Practice by failing to exercise care and diligence in forming a view on a borrower’s ability to repay a loan. The bank had been chasing two loan guarantors for more than $3 million.
The Court of Appeal followed this up with a 2016 ruling that the National Australia Bank had no claim to demand nearly $4 million from a man who had agreed to be a loan guarantor. The judgement in NAB v Rose found the NAB officer involved in the loan had breached two clauses of the Banking Code of Practice by failing to tell the guarantor he should seek independent advice or offer him a 24-hour cooling-off period.
Value to shareholders
While failing to uphold its code of conduct may make a bank liable to customers, failing to report breaches makes it potentially liable to shareholder action. This is because shareholders arguably rely on those promises to guide their investment decisions.
In 2017, shareholders sued the Commonwealth Bank for inadequately disclosing bank risks from climate change. They did so on the basis of the bank’s duty to notify investors of material matters under section 299A of the Corporations Act.
Though the lawsuit was dropped when CBA acknowledged these risks in its 2017 annual report and promised to report climate change risks in the future, this case shows shareholders expect banks to declare all risks, not merely credit and market risk.
APRA’s prudential report into the CBA, published in April, also highlighted the importance of risk from reputational damage from practices inconsistent with its code of conduct.
This may be why ANZ has become the first Australian bank to publicly report such breaches. However, the information in its reports is meagre. The reports do not identify how significant a breach is, actions taken, managerial sanctions or lessons learnt.
Regulators, and to some extent political parties in government, have traditionally been reluctant to pursue banks too aggressively (as evidenced by the protracted delay in calling the financial services royal commission).
Growing public anger and the revelations at the royal commission have now changed the operating climate. There is now a serious risk that all conduct (even those inconsistent with a bank’s code of conduct) are fair game for legal challenges.
Public reporting of code breaches should be a standard industry practice. Banks should see such reporting as one step in rebuilding public confidence and trust. Shareholders have no other way to assess a company’s expected behavioural standards except through its published code of conduct.
But just reporting failures to meet minimum conduct standards doesn’t change a bank’s culpability in breaching its responsibilities in the first place. If a board fails to take remedial action when that code is breached, it should be held liable for providing false or misleading information and breaking contractual guarantees.
Codes of conduct should be an area where the banking royal commission’s final report recommends specific reforms.
To protect customers, the law could mandate behaviour defined in a code of conduct to be strictly liable, and breaches criminal, and allow exemplary damages to be awarded.
Even if regulators are reluctant to enforce the law to protect customers, making it clear that codes of conduct are legally binding and breaches strictly liable will allow more individuals and class actions to confidently sue banks that fail to uphold the minimum standards of behaviour society expects.
To most of us Justice Hayne’s guidelines for ethical conduct might seem like stating the obvious, but apparently, bankers need to be told explicitly.