Banks plan to keep submissions on a new banking code that may water-down internet banking protections secret – until any changes are a done deal.
The New Zealand Bankers Association – which represents the major banks and bills itself as the voice of the banking industry – issued a draft code of banking practice in June.
The draft code would do away with a “guiding principle” in the current code that states banks will continue to reimburse “genuine victims of internet banking fraud”.
The guiding principle was incorporated into the banking code of practice in 2012 after banks had backed down on a move to shift more of the liability for internet fraud on to consumers in the face of a media-led backlash.
The new draft code runs to just 1200 words – in contrast to the current code which comprises almost 10,000 words – and makes no direct reference to fraud liability.
The Bankers Association said in June that it would make the submissions it received on the proposed changes public. The deadline for public submissions closed in July.
But spokesman Philip van Dyk clarified on Friday that it had decided it only made sense to release them “once we’ve finalised the code and responded to submitters”.
It expected to finalise the revised code “in the new year”.
Van Dyk indicated the approach was intended to be helpful to submitters.
“That way it’s clear how we’ve responded to submissions in the revised code,” he said.
The association was preparing a response to the question of whether the decision not to release the submissions until the code was finalised might stifle debate on the proposed changes.
The current code has been criticised for being contradictory in places and offering banks more protection than consumers.
However, the guiding principle regarding fraud liability was welcomed by consumer groups when banks first agreed in 2008 that they would incorporate it into the code.
InternetNZ executive director Jordan Carter described it at the time as “a significant win for people who use internet banking services”.
The new draft code contains only high-level principles – such as a commitment by banks to deal with customers “fairly, reasonably and in good faith, in a consistent and ethical way”.
Bankers Association chief executive Karen Scott-Howman explained in June that banks were proposing a shift to a less prescriptive “principles based approach” that didn’t try to replicate demands and safeguards in their own terms and conditions.
Most banks’ individual terms and conditions attempt to strike a compromise over fraud liability.
For example, BNZ’s terms and conditions mean that customers could be liable for fraud losses if they write down their internet banking password, voluntarily disclose it, use the same or a similar password for a service other than internet banking, fail to take “reasonable care” to safeguard their computer, or fail to follow the bank’s security advice.
However, its conditions state that customers won’t be considered to be liable for any fraud losses that arise solely because they have failed to install and update appropriate security software on their computer.
Consumer NZ was consulted in advance on the draft code and chief executive Sue Chetwin said in June that she believed it was “pretty innocuous” but agreed it would mean more would hinge on the detail in banks’ individual terms and conditions.