Bank Australia RESPONSIBLE BANKING

RCD.0001.0063.0002

Bank Australia Limited ABN 21 087 651 607 222 High St Kew VIC 3101

16 February 2018

Mr Simon Daley Solicitor Assisting the Roya l Commission Australian Government Solicitor

Dear Mr Daley

ROYAL COMMISSION INTO MISCONDUCT IN THE BANKING, SUPERANNUATION AND FINANCIAL SERVICES INDUSTRY

I write in reply to your letter dated 8 January 2018. Bank Australia welcomes the invitation to provide the Royal Commission with responses to the questions posed in your letter. In this submission, the Commission will find an overview of Bank Australia's business and approach to banking, along with formal submissions in response to the specific questions of interest.

Since Bank Australia does not have a connection with an RSE licensee of a registrable superannuation entity, we have not addressed question 4 in your letter.

1. Introduction and context

Bank Australia Limited ACN 087 651 607, AFSL/Australian Credit Licence Number 238431 ('we', 'our', 'the bank', or 'Bank Australia') is a customer owned retail bank. The principal activities of the bank are the raising of funds as authorised by the Prudential Standards administered by the Australian Prudential Regulation Authority (APRA) and the Banking Act 1959 (Cth), and the application of those funds in providing financial accommodation to customers.

Bank Australia is a mutually owned Authorised Deposit-taking Institution (ADI) and an unlisted public company limited by shares. As a small retail bank, our structure is simple: we are 100% owned by our customers, and the bank in turn owns shares in two shared-service enterprises (Data Action Pty Ltd - a supplier of core banking and data network facilities, and Cusca l Limited - an ADI regulated by APRA, which provides payment services to the majority of Australia's mutual ADls).

We are governed by an Australian-based Board of Directors, our day-to-day operations are led by a single executive team and our more than 400 employees are 100% Australian based. We do not offer sales-based commissions to any employees or bonuses to our executives, which helps ensure that our focus remains on achieving the best outcome for our customers.

Page 1of22 RCD.0001.0063.0003

Bank Australia

We are a retail bank that operates firmly in the rea l economy, serving people and communities. We represent more than 140,000 customers, and are custodians of $5 .1 billion in assets (at 30 June 2017) . We are a growing bank having seen our assets grow by 42.6% over the past two financial yea rs, and as our business matures, we are investing heavily in improving our core banking systems, processes and customer experience.

As owners of the bank, our customers share in the mutual prosperity we create. Our profits are returned to customers through better rates and fees, and we seek to use money to create positive social and environmental change.

Our simple customer owned business model seeks to offer fairly designed and competitively priced products and services to our customers including deposit and transaction accounts, home and personal loans, credit cards and insurance (in partnership with Al lianz and QBE). We also have a small commercial portfolio (7% of lending) and provide banking services to schools, not for-profit entities and sma ll businesses. Our full range of deposit and home lending products are Certified Responsible by the Responsible Investment Association of Australasia (RIAA).

We play an active role in banking and mutual sector industry forums through our membership of the Australian Bankers' Association (ABA), the Customer Owned Banking Association (COBA), and the Business Council of Cooperatives and Mutuals (BCCM).

Customer ownership model

The customer owned banking model evolved from the credit union movement and it is influenced by the International Cooperative Principles. Customer owned banks exist to benefit their customers, not to deliver profits to external investors.

We hold the view that the customer owned banking model provides an inherent protection for customers and helps to avoid short-term focus on profit maximisation and shareholder return. As a COBA member, Bank Australia is a signatory to the Customer Owned Banking Code of Practice (the Code). The Code specifies that customer owned banks focus on their customers, treat them fairly and ethically, lend responsibly, and recognise their rights as owners. We also aim to offer lower interest rates for customers who borrow from us and higher interest rates for customers who deposit with us.

Our customer owners each have an equal vote and a voice in the governance of their bank, such as electing directors and approving total director remuneration. The customer ownership model empowers people to play an active role in the cu lture and future of their bank; and provides them with a voice on the products and services that matter to them.

Our values

Bank Australia is committed to values-based responsible banking. This means we believe in supporting our customers' financial wellbeing as well as contributing to a fair and just society, thriving communities and a hea lthy planet.

We are a profitable bank, but maximising profit is not why we exist. We are in business to achieve our purpose of using the business of banking to create mutual prosperity for our customers in the form of positive economic, socia l, environmental and cu ltural impacts. We are a member of the Global Alliance for Banking on Values (GABV), a group of 46 banks that exist to serve people and the planet while generating mutual prosperity.

Page 2 of 22 RCD.0001.0063.0004

Bank Australia

As a member of the GABV Bank Australia seeks to help change the banking system so that it serves people, is more transparent, supports economic, socia l and environmental sustainability and serves the real economy.

Our va lues set the frame for how we operate, and our Responsible Banking Policy guides how we approach the business of banking. This includes not lending to people and organisations more than they can afford to repay, not marketing or offering unsolicited credit limit increases, helping customers experiencing hardship, and not lending to industries that cause harm to people and the planet.

Our values Our responsibilities

Treat our customers with dignity and respect To our customers - we need to enhance our customers' financial wellbeing and create shared value

Va lue, encourage and support our To our communities-we want to build an employees equitable and humane society

Operate ethically and with integrity To our environment - we want to protect natural capital and promote sustainable development

Apply prudent financial and business To our staff - we need to ensure a safe, practices inclusive and rewarding workplace

Be economically, environmentally and socially responsible

By taking a responsible approach to lending, we work hard to ensure that we do not place our customers under unnecessary pressure or hardship by offering excessive amounts of credit. Our policy is to assess every loan and credit card application with the same stringent approach, so that we lend only amounts that people can afford to repay. As a result, we have consistently had one of the lowest loan delinquency rates (loans in arrears of 30 days or more) of any Australian ADI at 0.2% of total loans (at 30 June 2017).

Our culture

Maintaining a positive cu lture is a strategic priority for Bank Australia. Our policies, procedures and behavioural standards are designed to help our people apply the bank's values in the way they serve our customers by treating them with respect, acting with integrity, and taking a responsible approach to decision making.

A critically important factor that shapes our cu lture is our approach to remuneration and incentives. As our customers expect, we take a responsible approach to remuneration, offering fair and competitive sa laries to our employees. We aim to ensure that the customer's interest comes before any individual or corporate incentive to sel l products or services that do not benefit the customer. As such, we do not offer sales-based commissions to any employees or bonuses to our executives, which helps our focus remain on helping customers find the right product that suits their needs. This approach removes the tension between customer interest; and, reward and incentive frameworks, which has contributed to many of the cu ltural and behavioural issues that have damaged trust in the wider banking and finance sector in recent years.

Page 3 of 22 RCD.0001.0063.0005

Bank Australia

We offer our customers general and consumer protection insurance products through a commercial partnership with Allianz and Lenders' Mortgage Insurance through a commercial partnership with QBE. We receive a commission on sales of these insurance products. However, this commission is paid directly to the bank, and does not form part of any remuneration or incentives for employees.

Bank Australia also works with accredited mortgage brokers and pays commission to them for referred mortgage loans. Customers who seek finance through brokers are assessed on the same stringent responsible lending policies and procedures. Our broker remuneration model aligns closely with the recommendations made in the independent review, commissioned by the ABA and conducted by Stephen Sedgwick, into banking sector remuneration.

A positive culture also relies on an engaged workforce that is committed to the organisation's purpose and values. We frequently survey our employees to measure their engagement with and commitment to the bank's values and ethical standards. In the most recent survey conducted in November 2017, the resu lts indicate that employees believe that the bank's commitment to ethical business practice is high.

While we hold ourselves to a high standard of behaviour, there have been limited instances where we have not lived up to those expectations. However, we believe that the evidence demonstrates that overall, our customer owned model and values put the bank in a strong position to identify and respond to issues before they cause a material disadvantage to our customers. When issues are identified, we seek to respond promptly and compensate customers where loss has been suffered.

Our risk management approach

To minimise and manage our exposure to risk, we maintain a risk management framework that monitors the overall operating environment, uses reliable information for ana lysis, and seeks to ensure effective controls are in place across the bank. This includes taking an active approach to monitoring the wider banking sector and, as issues emerge, assessing the potential for that issue or failure to have occurred at Bank Australia.

We have adopted the three lines of defence methodology to protect against the inherent risks that threaten the ongoing viability of retail banks: l. Central to our risk management approach is maintaining a strong risk culture within our workforce. Each operational area across the bank manages its own risks and is responsible for risk identification, management and mitigation. This first line of defence encourages a risk culture that involves all staff.

2. A central risk and compliance team, led by our Chief Risk Officer, creates a second line of defence. This team is responsible for:

• ensuring the risk framework is consistent with prudential and industry practice

• overseeing risk monitoring and reporting

• maintaining a risk register, incident register, and complaints and disputes register

• monitoring regu latory compliance obligations

• overseeing the Whistleblower Policy and Program.

Page 4 of 22 RCD.0001.0063.0006

Bank Australia

3. The bank's internal auditors provide our third line of defence and provide independent assurance of the risk framework for compliance and effectiveness. Our internal auditor, KPMG, reports to the Board's Audit Committee, which meets quarterly. A third party is also engaged to comprehensively review and provide assurance of the risk framework.

The Board's Risk Committee meets six times per year and considers our risk management framework, including our risk appetite and risk monitoring. Our tolerances for risk are set by the Board and reflect our responsible banking practices.

Our approach to remediation

When complaints and disputes arise, we seek to take a proactive approach to resolution and aim to investigate and resolve issues promptly to minimise the impact on our customers.

As complaints are investigated we assess the possibility of an issue having occurred more w idely to ensure that potential systemic issues are identified. In resolving disputes we make changes to the relevant area of our operations to prevent that issue from re-occurring in the future. Additional oversight and monitoring of this approach is provided through reporting to the Board on disputes that require remediation.

There have been a very limited number of matters where customers or the bank have had recourse to litigation to settle disputes. These matters predominantly relate to home repossessions where customers have defaulted on their mortgage. Such a course of action is a last resort, and we take a responsible approach to assisting our customers where they are experiencing hardship.

2. Approach to this submission

Due diligence process

In developing this submission, Bank Australia initiated an internal due diligence and discovery process to identify all issues potentially relevant to the Terms of Reference of the Commission and to respond to the questions posed to the bank in your letter dated 8 January 2018. This review included but was not limited to an examination of:

• register of compliance breaches and incident reports

• internal and external dispute resolution register and records

• Board and Board Committee papers and minutes

• internal and external audit reports

• employee relations records

• social media and issues management records, and

• merger documents.

The objective of the review was to identify activities and behaviours that have adversely affected the bank's customers over the past 10 years including but not limited to the following areas:

• lending processes

• sales and customer service practices

• design and marketing of credit and insurance products

Page 5 of 22 RCD.0001.0063.0007

Bank Australia

• fee structures

• customer service failures and complaints handling, and

• debt management arrangements.

Our due diligence process identified some issues that have resulted in adverse outcomes for customers and required remedial action, the majority of which were isolated incidents affecting a single customer.

Definitions and interpretation of the Royal Commission's Terms of Reference

The Royal Commission's Terms of Reference indicate that there are two primary areas of interest:

• misconduct by the bank or by others acting on its behalf; and

• conduct, practice or business activity that the bank considers to have fallen below community standards and expectations.

The Terms of Reference provide an inclusive definition of misconduct. Bank Australia's submission is informed by a broad interpretation of this definition. The Terms of Reference do not provide a definition of community standards and expectations. Bank Australia believes that its stated values and responsibilities outlined on page 2, as well as those contained in the International Cooperative Principles referenced on page 2, the COBA Code of Practice referenced on page 2 and our internal Board and Staff Charters reflect community standards and expectations. This submission is therefore informed by reference to those values and responsibilities.

The incidents identified in section 4 of this submission reflect this understanding, also having regard to whether an issue has been identified as systemic, the number of customers affected, the financial cost/loss to customers or the bank, and whether the issue represents a clear misalignment with the bank's stated values.

3. Identified areas in response to questions 1 and 2

Bank Australia's due diligence process identified conduct, practices, behaviour, or activities over the past 10 years, which have disadvantaged our customers and have required us to take action to solve specific issues and to put in place controls to avoid future occurrence and impact on our customers. These can be grouped into two main areas. The nature, extent and effect of these are set out below and in section 4.

Area 1 - Process and system under performance issues that resulted in adverse customer outcomes

Bank Australia recognises that over the past 10 years there have been iso lated instances of process and system under performance, which have led to adverse outcomes for some groups of customers. In some cases these instances have been brought to our attention by a customer complaint, which has helped to highlight gaps in our monitoring and control of system performance and process compliance.

Each instance identified can be broadly attributed to:

• a product design or system error that resu lted in an incorrect interest ca lculation and payment to a customer, or an incorrect default listing; or

Page 6 of 22 RCD.0001.0063.0008

Bank Australia

• a process design error (including where a semi-manual process has resulted in an incorrect interest calculation and payment to a customer), or an error relating to the administration of Consumer Credit Insurance; or

• the evolving maturity of the bank's monitoring and governance of system and process effectiveness.

Where these issues are identified, we seek to take a proactive approach to reso lution and aim to investigate and resolve issues promptly to minimise the effect on our customers.

As our business grows, our systems and processes are maturing to improve our ability to identify potential failures earlier, and further investments in employee capability, system upgrades and maintenance are being made. Additionally, we are building our product management capability through the recent recruitment of a Head of Product, and increasing our process improvement capability through the appointment of a Manager Operational Excellence.

The most significant incidents of process and system under performance issues are detailed further in section 4 of this submission and relate to: l. the bank's cancellation policy for Mortgage Consumer Credit Insurance, and the collection of premiums following termination of Credit Card Consumer Credit Insurance (in relation to which the bank is working with the Australian Securities and Investment Commission (ASIC) to investigate and resolve), outlined on page 9

2. non-payment of bonus interest in the first month of a new Incentive Saver or MySaver Account being opened, outlined on page 12

3. incorrect interest ca lculations in respect of early withdrawals from regular income Term Deposit accounts, outlined on page 14; and

4. incorrect default listings recorded with a credit reporting agency, outlined on page 18.

Area 2 - Policy and procedure non-compliance by employees that resulted in adverse customer outcomes

While Bank Australia strives for a compliance-driven culture supported by a highly engaged and empowered workforce, our due diligence identified that non-compliance with policy and procedures by individual bank employees has intermittently resulted in adverse customer outcomes.

The identified isolated incidents viewed together reveal that one of Bank Australia's strengths - its strong focus on high levels of personal customer service- can also create vu lnerabilities where customer-facing employees may on the rare occasion, make judgements to circumnavigate procedure to meet customer needs. This is illustrated in instances of employees enabling large transactions to fraudulent parties as a result of not satisfying all identification and security requirements because of a pre-existing relationship. No employees gained any personal benefit in any of these instances.

The nature of other sub-areas of isolated non-compliance identified include:

• inaccurate communication during the loan application process;

• credit card fraud at a cost to the customer and/or the bank; and

• customer service standard failures where there have been delays in dealing with complaints.

Page 7 of 22 RCD.0001.0063.0009

Bank Australia

We recognise that ongoing monitoring of the effectiveness of controls, training and support is required to maintain a high level of compliance with policy and procedure to ensure customers' best interests are promoted and protected. In all individual instances identified within this area, remedial action was taken and the employees responsible were either counselled, warned or terminated depending on the nature of the circumstances, so as to minimise the effect on customers. Incidents also resulted in reviews of processes, additional training and the introduction of strengthened controls and monitoring.

In recognition of the bank's growth and to ensure incidents of service failure or product issues are managed effectively, a complete review of the complaints and dispute resolution process has been underway since mid-2017, which also coincided with the introduction of the bank's Customer Advocate function. We continue to also focus on improving the capability of our employees; and, have appointed a new Manager Training who is reviewing the bank's training framework and content.

The most significant incidents of policy and procedure non-compliance by employees are detailed further in section 4 of this submission and relate to:

1. an employee mishandling a customer construction loan application, resulting in a five month delay to construction of a dwelling, outlined on page 16; and

2. three separate employees mistakenly processing fraudulent transactions, outlined on page 20.

Page 8 of 22 RCD.0001.0063.0010

Bank Australia

4. Identified issues

Ql {Misconduct): Consumer Credit Insurance

Ql Excluding cases of theft from the entity itself, or from an associated entity, has the entity identified any misconduct by the entity (including by its directors, officers, or employees, or by anyone otherwise acting on its behalf) which occurred at any time since 1 January 2008? If so, what is the nature, extent and effect of that misconduct?

Bank Australia distributes general insurance products under a partnership arrangement with a third party product issuer. Over the past 12 months the bank has become aware of issues associated with the administration of Consumer Credit Insurance (CCI) on mortgages and credit cards.

Al Mortgage CCI : In June 2017, a customer complaint alleged that the bank's cancellation process for CCI was misleading and deceptive. Bank Australia subsequently initiated an internal review to investigate issues associated with the distribution of Mortgage CCI. Subsequently, the bank received a request for information from ASIC in relation to the bank's sales process. The bank then also appointed an external adviser to conduct a review into the bank's selling practices. The review identified no systemic issue with mis-sell ing of Mortgage CCI or misleading of customers. However, it did identify areas for improvement in the sales process related to funding and cancellation, staff product knowledge and monitoring and controls within the sales process.

Credit Card CCI : Fol lowing a customer complaint in December 2017, the bank examined a potential issue related to the expiry of Credit Card CCI policies, which contain an automatic end date. It was identified that there have been instances where policies were not cancelled on this date and that customers continued to pay premiums. The bank has identified 129 affected customers. All affected customers have been contacted and offers of remediation have been made. The process of remediation is ongoing.

Q3{a) Is the identified conduct, practice, behaviour or activity the subject of another inquiry or investigation, or a criminal or civil proceeding?

A3(a) In both instances the bank investigated the matters internally. The bank received a request for information from ASIC in relation to the bank's Mortgage CCI sa les process. An external review was also conducted in regard to the administration of Mortgage CCI. In relation to Credit Card CCI, based on the number of customers affected, this matter was reported to ASIC in January 2018. The bank is continuing to engage with ASIC on both of these matters.

Page 9 of 22 RCD.0001.0063.0011

Bank Australia

Q3(b) Does the entity attribute any of the identified conduct, practice, behaviour or activity to the particular culture or governance practices of the entity? If so, describe that culture or governance practice.

A3(b) Investigations to date have determined that these issues have arisen out of the design and implementation of the sales and administration process for these third party products. They do not point to a cultural or governance issue on the part of Bank Australia.

Q3(c) Does the entity attribute any of the identified conduct, practice, behaviour or activity to some broader cultural or governance practices in the industry or sector of the industry in which the entity operates? If so, describe those cultural or governance practices.

A3(c) The active investigation of these issues is within the purview of an industry-wide ASIC probe into the sales practices and utility of the CCI product suite for Australian consumers.

Q3(d) Does the entity consider that the identified conduct, practice, behaviour or activity results from other practices (including risk management, recruitment or remuneration practices)? If so, describe those practices.

A3(d) Investigations to date have determined that these issues have arisen out of the design and implementation of the sales and administration process for these third party products. They have also confirmed no link to remuneration practices as no Bank Australia employees receive sales-based incentive payments or bonuses associated with CCI or any other products.

In relation to Credit Card CCI, investigations have indicated opportunities to improve process and system review processes as part of the risk management framework.

Q3(e)(i) What steps has the entity taken to remedy the consequences for consumers or other businesses of the identified conduct, practice, behaviour or activity?

A3(e)(i) Mortgage CCI: Following the bank's internal review, changes have been made to processes to improve the timeliness of cancellations of products where the customer indicates they do not wish to proceed with the product on receipt of loan contracts. Wherever possible cancellations are made prior to settlement and funding.

Credit Card CCI: Once this issue was identified via a customer complaint the bank commenced an investigation to determine if this was an isolated incident or if other customers were similarly affected.

On identification of other affected customers, the bank (in conjunction with the product issuer) contacted the affected customers and offered them the choice to:

(a) end their policy and receive a refund of the premium paid from the date their policy should have ended in accordance with its terms; or

(b) continue cover under the policy for an agreed additional period of time, and continue to pay their premium.

Page 10 of 22 RCD.0001.0063.0012

Bank Australia

Q3(e)(ii) What steps has the entity taken to prevent recurrence of conduct, practice, behaviour or activity of the kind identified?

A3(e)(ii) Mortgage CCI: The bank engaged an external consultant to assist in the review of its sales practices and related procedures in relation to CCI to ensure that these align with the bank's core organisational values and regulatory requirements. The bank is currently developing an execution plan to act on the recommendations of this report. Some process changes have already been introduced.

Credit Card CCI: The bank ceased distribution and sale of the Credit Card CCI policies on 1 July 2017 when the product issuer ceased offering this product. While this product is no longer available, a number of changes have been introduced to the bank's overall system design process for new products to ensure that similar errors are not repeated in future product offerings.

Page 11of22 RCD.0001.0063.0013

Bank Australia

Ql (Misconduct): Bonus Saver Interest (Process/System Issue)

Al In October 2011, a customer made a complaint about a non-payment of bonus interest into a new savings account. An investigation of the complaint revealed that bonus interest had not been paid to customers for the first month after establishment of new Incentive Saver and MySaver Accounts between February 2006 and October 2011. The cause of the issue was identified as a process design error.

Due to the significant period of time between the products' inception and the issue being identified, extensive investigation was required to ensure accounts were accurately identified and credited. The bank identified a total of 4,621 potentially affected accounts. In June 2012, the bank reimbursed affected customers their lost interest, including compounded interest. The total amount reimbursed was $14,035.63.

Q3(a) Is the identified conduct, practice, behaviour or activity the subject of another inquiry or investigation, or a criminal or civil proceeding?

A3(a) This matter was not the subject of any further investigation, inquiry or proceeding.

A3(b) Investigation determined that the issue occurred as a result of an error in the process design, which resulted in system settings being incorrect at the time these products were established. While additional checks and testing may have identified the issue earlier, the incident does not point to a larger cultural or governance issue within Bank Australia.

A3(c) This issue resulted from an internal error at the time of establishing the product within the bank's systems and processes. There is no indication that it reflects broader industry practice or behaviour.

Page 12 of 22 RCD.0001.0063.0014

Bank Australia

A3(d) The investigation of this incident determined failures in the design and testing of the process for these products in 2006. Since that time the bank's risk management and governance frameworks have evolved significantly.

Q3(e)(i) What steps has the entity taken to remedy the consequences for consumers or other businesses of the identified conduct, practice, behaviour or activity?

A3(e)(i) Following the initial customer complaint, the bank immediately took steps to determine if this was an isolated incident or if other customers had been similarly affected. Once the numbers of affected accounts and amount of interest payable had been calculated, customers were reimbursed and notified of the issue and its resolution.

Q3(e)(ii) What steps has the entity taken to prevent recurrence of conduct, practice, behaviour or activity of the kind identified?

A3(e)(ii) On identification of the issue, the interest setting in the bank's core banking system was rectified immediately. Since 2006, the bank's product development and implementation process has been significantly improved including the additional requirements for electronic sign off and audit trail functions associated with testing processes. A bank-wide review of all products is currently being conducted by the recently appointed Head of Product.

Page 13 of 22 RCD.0001.0063.0015

Bank Australia

Ql (Misconduct): Term Deposits

Al In May 2017, following a customer complaint the bank investigated an issue about unpaid interest in respect of early withdrawals from regular income Term Deposit (TD) accounts.

The bank conducted an internal review back to 2010 where it found that between 2015 and 2017 interest was being incorrectly calculated resulting in a loss to the customer in the form of unpaid interest. The review found a process design error where instructions regarding the treatment of interest in cases of partial early withdrawals were omitted from procedures as well as from the product's published Terms and Conditions. The application of this procedure by employees resulted in no interest being paid on the full amount of the TD rather than just on the amount of the early withdrawal.

A total of 19 customers were found to have been affected by this issue. All affected customers were advised of the issue, provided with an apology and reimbursed for the full amount of interest owed. The total value of interest that was reimbursed to affected customers was $6,896.76.

The customer's initial complaint was resolved within a month. The bank notified ASIC on 7 July 2017 that it has determined a notifiable issue, and all remediation to customers was completed by end of August 2017.

Q3(a) Is the identified conduct, practice, behaviour or activity the subject of another inquiry or investigation, or a criminal or civil proceeding?

A3(a) This matter was reported to ASIC and APRA in July 2017.

A3(b) The issue occurred as a result of a single process design oversight. We do not consider that this issue indicates a larger cultural or governance issue within Bank Australia.

A3(c) We believe this was an isolated incident.

Page 14 of 22 RCD.0001.0063.0016

Bank Australia

A3(d) The omission of treatment of interest in the specific instance of early partial withdrawals from procedures and product documentation led to the issue. This was unrelated to other bank practices.

Q3(e)(i) What steps has the entity taken to remedy the consequences for consumers or other businesses of the identified conduct, practice, behaviour or activity?

A3(e)(i) Following the initial complaint, the bank immediately took steps to determine if this was an isolated incident or if other customers were similarly affected. Once the bank had confirmed the numbers, we reinstated the lost interest and notified the customers of the issue. Information provided on the website and the Terms and Conditions regarding early withdrawals from regular income TD accounts were updated.

Q3(e)(ii) What steps has the entity taken to prevent recurrence of conduct, practice, behaviour or activity of the kind identified?

A3(e)(ii) A review of the internal controls in respect of this activity has been performed and a number of changes have been introduced to ensure that the error is not repeatable. Processing instructions have been updated as well as the product's Terms and Conditions amended to reflect the changed process. The employees responsible for processing early withdrawals have been instructed on this issue and trained on the changes. Training requirements have been amended to ensure employees receive the necessary training on partial withdrawals. A bank wide review of all products is currently being conducted by the recently appointed Head of Product.

Page 15 of 22 RCD.0001.0063.0017

Bank Australia

Q2 (Community Standards & Expectations): Internal Procedure Non-Compliance

Q2 Has the entity identified any conduct, practice, behaviour or business activity it has engaged in (including by its directors, officers, employees, or by anyone otherwise acting on its behalf) since 1 January 2008, which it considers has fallen below community standards and expectations? If so, what is the nature, extent and effect of that conduct, practice, behaviour or activity?

A2 In May 2017, the bank mishandled a customer construction loan application, resulting in a five month delay to construction of the dwelling.

The delay was caused by bank employees not adhering to lending procedures regarding customer communication, and failing to promptly escalate the customer's concerns to senior management.

Once the complaint was escalated, the issue was resolved to the customer's satisfaction in 49 days. The customer was offered and accepted compensation to cover the additional rent expenses and interest incurred. The employees involved were counselled and provided further training on managing complex loan arrangements.

Q3(a) Is the identified conduct, practice, behaviour or activity the subject of another inquiry or investigation, or a criminal or civil proceeding?

A3(a) This matter was resolved to the customer's satisfaction through the bank's internal dispute resolution process.

A3(b) The culture of the bank is to provide high levels of customer service and we do not believe that this reflects a wider cultural or governance issue.

A3(c) This matter was an isolated incident and we do not consider that it is linked to wider industry behaviour or practice.

A3(d) We are confident that the risk management practices in place encourage staff to escalate issues where they require input or decision making from a senior staff member.

Page 16 of 22 RCD.0001.0063.0018

Bank Australia

Q3(e)(i) What steps has the entity taken to remedy the consequences for consumers or other businesses of the identified conduct, practice, behaviour or activity?

A3(e)(i) The customer was offered compensation for additional rent expenses and interest incurred. This was accepted by the customer and the issue resolved to the customer's satisfaction. The employees involved were counselled and provided further training on managing complex loan arrangements.

Q3(e)(ii) What steps has the entity taken to prevent recurrence of conduct, practice, behaviour or activity of the kind identified?

A3(e)(ii) The issue was discussed at length with the employees involved and further training was provided on how to effectively manage complex loan arrangements.

The bank has since centralised the assessment of loan applications and has service level monitoring in place.

Page 17 of 22 RCD.0001.0063.0019

Bank Australia

Q2 (Community Standards & Expectations): Process/System Issues

A2 In March 2015, the Financial Ombudsman Service (FOS) advised the bank of evidence of a potential systemic issue in respect to the accuracy of default listings for customers recorded with a credit reporting agency. The bank requested a full list of all credit default listings from the credit agency and found that there were 240 accounts with inaccurate data recorded.

157 of these listings were removed and the remaining 83 default listing amounts were updated to reflect the correct amount outstanding. This was finalised in March 2015.

Q3(a) Is the identified conduct, practice, behaviour or activity the subject of another inquiry or investigation, or a criminal or civil proceeding?

A3(a) This issue was the subject of a FOS investigation, which was resolved to the Ombudsman's satisfaction following the action taken by the bank described above.

A3(b) The errors recorded with the credit agency arose from the misapplication of the credit default listing rules. This was traced to a misunderstanding of the changes to the Credit Code and a reliance on the bank's Terms and Conditions concerning overdrawn accounts. Once the issue was identified, the bank took immediate steps to rectify the issue and updated policies and procedures to ensure the issue did not occur again.

A3(c) The credit reporting industry went through a number of significant changes between 2012 and 2015, and this issue arose from a misunderstanding about the way in which certain transactions were classified under the changed rule.

A3(d) The issue was limited to the misapplication of the credit default listing rules and reliance on its Terms and Conditions.

Page 18 of 22 RCD.0001.0063.0020

Bank Australia

Q3(e)(i) What steps has the entity taken to remedy the consequences for consumers or other businesses of the identified conduct, practice, behaviour or activity?

A3(e)(i) The bank reviewed the credit listings it had previously made to a credit reporting agency and requested that all erroneous listings be removed, as follows:

• 84 - removed savings accounts

• 63 - removed transactions under $150 threshold

• 10 - removed duplicate listings

• 83 - updated amounts, but were not eligible for removal The bank engaged with individual customers with complaints and considered requests for any non-financial loss arising from an erroneous credit listing.

Q3(e)(ii) What steps has the entity taken to prevent recurrence of conduct, practice, behaviour or activity of the kind identified?

A3(e)(ii) The bank amended its:

• procedures to ensure that default listings were no longer made on savings accounts;

• default notice, clarifying that the full amount under the contract, as accelerated, 'will' become payable if the default is not remedied; and

• section 210 Notice, which states the amount to be listed.

Page 19 of 22 RCD.0001.0063.0021

Bank Australia

Q2 (Community Standards & Expectations): External Fraud

A2 Between October 2013 and July 2014, there were three occasions where individual employees processed transactions after receiving requests to do so via unsecure email, which is behaviour that is not consistent with the bank's identification and authorisation policy. These requests were in fact made by fraudsters purporting to be legitimate customers resulting in losses to customer accounts, which were repaid by the bank.

Three accounts were affected by this issue. The bank reimbursed each customer for the amount of money taken from their account. The total losses incurred were $179,313. Reimbursement to customers was made within a month on each occasion.

Q3(a) Is the identified conduct, practice, behaviour or activity the subject of another inquiry or investigation, or a criminal or civil proceeding?

A3(a) The three incidents were reported to police for criminal investigation.

A3(b) These issues resulted from individual employees failing to follow established policy and procedure and if the applicable procedures had been followed the risk of third party fraud occurring would have been greatly mitigated.

A3(c) The bank accepts that human error is a source of risk within any organisation, particularly where manual processes and judgement are involved. However this does not reflect broad cultural or behavioural issues in the industry.

A3(d) The issues were limited to errors in judgment by the employees involved.

Page 20 of 22 RCD.0001.0063.0022

Bank Australia

Q3(e)(i) What steps has the entity taken to remedy the consequences for consumers or other businesses of the identified conduct, practice, behaviour or activity?

A3(e)(i) In all instances, the bank notified the customer of the fraudulent activity, apologised for the occurrence and reimbursed the customer the total amount taken from their account.

Q3(e)(ii) What steps has the entity taken to prevent recurrence of conduct, practice, behaviour or activity of the kind identified?

A3(e)(ii) The bank:

• amended its fraud training program provided to front line employees to specifically address this issue in its first instance;

• formally disciplined the employees involved and, in one instance, an employee involved had their employment terminated;

• strengthened its overall control framework around fraudulent activity, including the introduction of second factor authorisation controls for secure email within the bank's internet banking platform and further restrictions on which employees can process external transfer requests;

• communicated to al l employees confirming the established procedures around funds transfers and the verification of customers; and

• amended procedures in order to emphasise that unsecured emails are not a permissible source for funds transfer requests.

Page 21of22 RCD.0001 .0063.0023

Bank Australia

5. Conclusion

In responding to the Commission's questions my management team and I have endeavoured to thoroughly identify, capture and record issues about conduct during the period in question. The Board of Directors of Bank Australia have also reviewed and endorsed this response.

Should you require further information in relation to this submission or the answers to the questions as set out above, please contact Michael Magee (Coordinator, Compliance Risk) either by telephone on or by email at

Bank Australia is committed to the timely and fair rectification of issues and fai lures, and where it becomes aware there is a serious issue, proactively engages with the customer, and the relevant regulator or dispute resolution body, in order to resolve the issues and prevent them from occurring again in the future.

On behalf of Bank Australia's Board and employees, I would like to thank you for the opportunity to participate in the Roya l Commission. We look forward to assisting the Commission with any further enquiries throughout its duration.

Sincerely

Damien Walsh M anaging Director

Page 22 of 22