ASIC has released its Report 584 Improved protections for deposit accounts with third-party access following a review by ASIC of deposit accounts that can be operated by a financial adviser, stockbroker or accountant, on a customer’s behalf.

ASIC’s review looked at the policies, procedures, and controls that banks have in place to prevent fraud and unauthorised transactions for consumers who have deposit accounts that can be operated by their adviser.

The review found that the amount of control that advisers are provided with over a consumer’s deposit account varies between different banks – from ‘view only’ access to complete control.

Banks have a common law obligation to exercise reasonable care and skill when processing transactions on a customer’s account to ensure that those transactions are consistent with the wishes of the customer.

Under their AFS licence, banks also have an obligation to provide their financial services efficiently, honestly and fairly. This means that banks should have controls in place to protect customers’ money, and remediate any customers for fraudulent transactions which occurred due to an error by the bank.

ASIC’s review did not identify concerning levels of fraud, but found that the banks reviewed could do more to manage the risks to customers associated with third party access to money in customers’ accounts.

At the time of ASIC’s review, a substantial amount of money was held in adviser-operated deposit accounts across the five banks reviewed ($28.675 billion by approximately 530,000 customers across 455,679 accounts). Around 73% of the accounts were linked to individuals who were aged 50 years or older with these accounts holding around 82% of total cash balances. ASIC’s review found that adviser-operated deposit accounts are most popular with older Australians.

The findings of the review, include:

• Banks should do more to explain the level of access that customers are providing to their financial adviser, and the potential risk of unauthorised transactions: application forms play an important role in explaining access levels to customers;
• The level of adviser access should be confirmed directly with the customer after opening the account;
• Customers should be able to easily change the level of adviser access on the account;
• Customer contact details should be accurate and kept separate from the adviser’s contact details;
• Banks should ensure that all customers can receive statements or have online access to their account;
• Customers should be notified about adviser-initiated transaction requests by the bank;
• Banks should conduct background checks and ongoing monitoring of advisers who use the accounts;
• Monitoring systems could be improved with specific triggers to identify adviser fraud;
•  Suspected misconduct by advisers using these accounts should be reported to ASIC;
• Banks should ensure all customer complaints are considered fairly.

The five reviewed banks were:

• Bendigo and Adelaide Bank Limited;
• Commonwealth Bank of Australia;
• Macquarie Bank Limited;
• National Australia Bank Limited;
• Westpac Banking Corporation.

The banks involved in the review have agreed to make improvements to their current practices based on ASIC’s findings, including:

• Ensuring account application forms adequately explain to customers that they will be giving the adviser authority to operate on their account, and sending follow up communications to customers after the account is opened with details of the authority that has been given;
• Better monitoring of the advisers’ use of these accounts and their transaction requests, and investigating any suspicious requests; and
• Considering the circumstances of any fraud that occurs using these accounts and, where appropriate, remediating a customer who has lost funds due to unauthorised transactions by their adviser.