Australian Banking Association Banking Code of Practice
|
|
| Regulator |
Australian Banking Association |
| Jurisdiction |
AU |
| Status |
live |
| Applicability |
Platform |
The Australian Banking Association Banking Code of Practice is a self-regulatory code that all ABA
member banks subscribe to. The 2019 Code (as amended) sets standards for fair dealing, transparent
pricing, vulnerable customer support, hardship assistance, direct debit disputes, and account
switching. The Code is enforceable through AFCA and is a condition of ABA membership. Adherence
is also monitored by the independent Banking Code Compliance Committee (BCCC), which can publish
findings and make recommendations to ASIC.
The Code applies across all banking products and services offered to individuals and small
businesses. Key areas relevant to a digital bank: plain language communications, fee transparency,
proactive hardship identification, vulnerable and elder customer obligations, direct debit dispute
resolution, and account switching co-ordination.
Compliance register
This register maps every material obligation under the ABA Banking Code to the platform control or
institutional process that satisfies it. It is the static traceability layer for the Totara
compliance report — dynamic data (module build status, test evidence, control test dates) is
overlaid at runtime.
Scope legend
| Symbol |
Meaning |
| 🤖 Automated |
Platform enforces or performs the obligation. Primary control mode is GATE, AUTO, CALC, or ALERT. Human action is not required in the normal case. |
| 📊 Evidenced |
Platform captures the evidence trail automatically. Human compliance decision sits on top. Primary control mode is LOG. |
| 🏛 Institutional |
Obligation is met by a process entirely outside the platform — training programmes, board governance, HR, legal. Platform may generate evidence inputs but does not own the process. |
| N/A |
Obligation does not apply to this deployment configuration. |
Build legend
| Symbol |
Meaning |
| ✅ |
Module built and deployed |
| 🔨 |
Module planned — not yet built (build_status: Not started) |
| ❌ |
Uncontrolled gap — no module attributed |
Part 2 — Key commitments and communications
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| Clause 12 |
Communicate in plain language; make product information easy to understand |
🤖 Automated |
CON-001, CON-005 |
MOD-083 (AUTO) — Code obligations for plain language disclosures surfaced to agent in real time during customer interaction; MOD-050 (GATE) — disclosure enforcement module ensures required fee and product information is shown at the right point in the customer journey |
🔨 |
| Clause 15 |
Give customers at least 30 days' notice before increasing fees or reducing interest rates |
🤖 Automated |
CON-005 |
MOD-127 (GATE) — any rate or fee change unfavourable to customers is blocked from taking effect until MOD-063 confirms all affected customers have been notified with the required advance notice period |
🔨 |
Part 3 — Financial difficulty
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| Clause 28 |
Proactively identify customers experiencing financial difficulty; refer to hardship team |
🤖 Automated |
CON-008 |
MOD-007 (AUTO) — hardship flag triggers account to Protected state; collections activity suppressed automatically; MOD-040 (ALERT) — financial stress signals in health score trigger vulnerable customer flag; MOD-116 (ALERT) — arrears escalation triggers hardship workflow before collections action |
🔨 |
| Clause 29 |
Assess and respond to hardship requests within required timeframe (21 days for credit hardship under NCCP; Code requires fair and timely process) |
🤖 Automated |
CON-008 |
MOD-139 (GATE) — hardship applications must be assessed within the statutory timeframe; system tracks and enforces deadlines with escalation on breach |
🔨 |
| Clause 32 |
Suspend enforcement action while hardship assessment is underway |
🤖 Automated |
CON-008 |
MOD-007 (AUTO) — hardship flag suppresses collections and enforcement actions automatically while account is in Protected state |
🔨 |
Part 4 — Dealing with us
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| Clause 40 |
Direct debit disputes — investigate within 5 business days; provisionally credit account where appropriate |
🤖 Automated |
CON-001, PAY-005 |
MOD-053 (ALERT) — direct debit dispute SLA tracked; MOD-083 (AUTO) — Code direct debit obligations surfaced to agent during dispute handling; agent receives step-by-step prompts for the 5-day investigation process |
🔨 |
| Clause 41 |
Reverse an unauthorised direct debit on the same day if validly disputed |
🤖 Automated |
PAY-005 |
MOD-149 (AUTO) — scam and unauthorised transaction reimbursement workflow processes valid disputes; MOD-083 (AUTO) — direct debit reversal obligations surfaced to agent in real time |
🔨 |
Part 5 — Vulnerable customers
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| Clause 49 |
Identify customers who may be in vulnerable circumstances (financial abuse, elder financial exploitation, domestic violence, disability) |
🤖 Automated |
CON-003 |
MOD-040 (ALERT) — financial stress signals and behavioural anomalies trigger vulnerable customer flag automatically; MOD-126 (AUTO) — third-party authority abuse patterns trigger alert for back-office review |
🔨 |
| Clause 50 |
Apply appropriate support and referral for vulnerable customers; document support measures |
📊 Evidenced |
CON-003 |
MOD-053 (AUTO) — vulnerable customer flags visible in every agent view; special handling applied automatically; MOD-065 (AUTO) — routes customers meeting hardship criteria into appropriate workflow; MOD-138 (AUTO) — deceased estate communications managed with empathy protocols |
🔨 |
| Clause 52 |
Elder financial abuse — have specific protocols; refer to support services |
🏛 Institutional |
CON-003 |
Staff training and referral pathway design is institutional. Platform provides MOD-126 monitoring for third-party authority abuse; case management via MOD-053; referral execution is a human obligation. |
— |
Part 8 — Account switching
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| Clause 73 |
Co-ordinate account switching for customers moving from another bank; complete switching within 10 business days of customer request |
🤖 Automated |
CON-001 |
MOD-053 (AUTO) — account switching request tracked with 10-day deadline; escalation triggered on breach; MOD-083 (AUTO) — switching obligations surfaced to agent |
🔨 |
| Clause 74 |
Redirect or decline incoming direct debits and credits during switching period; notify customer |
🤖 Automated |
CON-001 |
MOD-114 (GATE) — direct debit mandate management gates new debits against a valid active mandate; MOD-063 (AUTO) — customer notifications for incoming redirects dispatched automatically |
🔨 |
Part 9 — Small business
| Ref |
Obligation |
Scope |
Policy |
Platform controls |
Build |
| Clause 80 |
Simplified dispute process for small businesses (≤ AU$3M total credit exposure) |
📊 Evidenced |
CON-001 |
MOD-053 (LOG) — case management supports small business dispute categorisation; simplified process workflow is a configuration within MOD-053; MOD-083 (AUTO) — Code obligations for small business disputes surfaced to agent |
🔨 |
The following obligations under the ABA Banking Code are the responsibility of the institution, not the platform.
| Obligation |
Owner |
Platform evidence input |
| Staff training on Code obligations, vulnerable customer identification, and hardship protocols |
Chief People Officer / Head of Customer Experience |
MOD-083 provides real-time in-workflow coaching; formal training is institutional |
| Code compliance self-assessment and annual attestation to BCCC |
Chief Compliance Officer |
MOD-053 complaint data and MOD-047 audit logs provide evidence base |
| Referral pathways to financial counselling, domestic violence support, and other support services |
Head of Customer Experience |
MOD-053 records referrals made |
| Elder financial abuse protocols and staff capability programme |
Head of Customer Experience |
MOD-126 monitoring provides early detection; protocol execution is institutional |
| Public availability of the Code and product summaries |
Marketing / Legal |
— |
Coverage summary
| Area |
Total obligations |
Platform automated 🤖 |
Platform evidenced 📊 |
Institutional 🏛 |
N/A |
| Communications |
2 |
2 |
0 |
0 |
0 |
| Financial difficulty |
3 |
3 |
0 |
0 |
0 |
| Dealing with us |
2 |
2 |
0 |
0 |
0 |
| Vulnerable customers |
3 |
1 |
1 |
1 |
0 |
| Account switching |
2 |
2 |
0 |
0 |
0 |
| Small business |
1 |
0 |
1 |
0 |
0 |
| Total |
13 |
10 (77%) |
2 (15%) |
1 (8%) |
0 |
All attributed modules are currently build_status: Not started — the compliance position will update as modules are built and deployed.
| Policy |
Title |
| CON-001 |
Customer Fairness & Conduct Policy |
| CON-003 |
Vulnerable Customer Policy |
| CON-005 |
Fee & Pricing Transparency Policy |
| CON-008 |
Financial Hardship Policy |
| PAY-005 |
Payment Fraud Prevention Policy |
Official documentation
Policies referencing this standard
- CON-001 — Customer Fairness & Conduct Policy
- CON-003 — Vulnerable Customer Policy
- CON-005 — Fee & Pricing Transparency Policy
- CON-008 — Financial Hardship Policy
- CRE-009 — Fixed-Rate Component Break-Cost Methodology Policy
- PAY-005 — Payment Fraud Prevention Policy
Compiled 2026-05-22 from source/entities/regulations/au-banking-code.yaml