CBA ordered to disclose ‘misleading conduct’ on website, though CommBank app spared

CBA Public Notice

The Federal Court of Australia has ordered The Commonwealth Bank of Australia (CBA) to publish notices on its website stating that it had misled business customers with erroneous interest charges.

The Federal Court’s ‘adverse publicity order’ will require CBA to publish, “at its own expense”, both a written and audio-visual notice of misconduct on its website. The notices must be kept on the bank’s landing page for at least 90 days.

CommBank was alleged by ASIC to have breached the ASIC Act on 12,119 occasions, with corporate regulator stating that the bank had charged “higher-than-advised interest rates on business overdraft accounts”. The error was attributed by CBA and ASIC to a coding mishap.

The alleged breaches occurred between 1 December 2014 and 31 March 2018, court documents reveal, impacting more than 2,200 CBA business customers.

The Federal Court has, however, spared CBA from having to post the notice on its popular consumer banking app an option that was mooted by ASIC.

More than 6.3 million customers are active on the CommBank App, with the court acknowledging that a “large majority of users are retail customers, as compared to business customers”.

ASIC had argued for the “novel” notification approach to ensure that all CBA customers would be informed of the breaches.

Justice Lee, while considering the ASIC proposal, ultimately deemed such a requirement inappropriate given the breaches impacted CBA’s business customers only.

Moreover, he said, being a consumer-focused app, such a notice could be left “open to be misinterpreted by those users of the CommBank App with lower literacy rates”.

Justice Lee warned of the risk of “significant overspill”, with misconduct notices broadcast to customers that are unrelated to or unaware of the context surrounding them.

“I… accept, again based on the evidence adduced, that this may cause such users to be confused, anxious, distressed, alarmed, suspicious, and/or uncertain, which may have further consequences in respect of how such users manage their finances and interact the CommBank App,” Justice Lee said.

“On balance, however, I have determined after hearing [the] argument that it would not be appropriate to proceed down this novel course at this time on the present evidence and in these circumstances.”

Justice Lee nevertheless conceded that section 12GLB of the ASIC Act – which covers a requirement for organisations convicted ASIC Act breaches to publish a public notice – has hitherto been subject to “very little judicial commentary”.

He hinted that future cases may explore the option of more “novel” approaches to public breach notices, believing there is “merit in rethinking the form in which the Court is to order an adverse publication notice”.

“Although I am satisfied that the written notice and the audio-visual notice I will order to be published on specified websites will have some limited utility, I am far from convinced that the form of publication fastened upon is optimal (despite not proceeding down my originally contemplated course due to the level of uncertainty it entails in this case).

“Of course, this does not mean that in another case, depending upon the evidence, it would be inappropriate to make an order of the type ASIC proposed and I contemplated.”

CBA was found by ASIC to have overcharged interest in excess of $2.2 million following an investigation triggered by the 2019 Hayne Royal Commission. Systems and process errors were blamed for the surcharge mishap.

ASIC, during its investigation, identified “a coding error” as the prevailing cause of the problem, which saw “interest and fees for certain SBO [simple business overdraft] and BOD facilities [being] sourced from two software systems, referred to as SAP (being ‘internal’ pricing) and SPARR (being ‘external’ pricing)”.

“As a result of the coding error, affected customers were charged both the SAP sourced rate and the SPARR sourced rate,” ASIC alleged.

CBA has been ordered to provide a proposed version of the audio-visual notice to the Court by 27 August 2021 and must comply with the adverse publicity orders within 30 days.

The Court has also ordered CBA to pay a $7 million penalty for the breach.