Industry codes of practice occupy an unusual place in the prescription of generally applicable norms of behaviour. They are offered as a form of ‘self‑regulation’ by which industry participants ‘set standards on how to comply with, and exceed, various aspects of the law’.[1] They are offered, therefore, as setting generally applicable and enforceable norms of conduct. Industry codes pose some challenge to the understanding that the fixing of generally applicable and enforceable norms of conduct is a public function to be exercised, directly or indirectly, by the legislature.
As Treasury pointed out, self-regulation through an industry code carries with it a number of limitations and difficulties:[2]
- the standards set may not be adequate;
- not all industry participants may subscribe to, and be bound by, the code;
- monitoring and enforcement of compliance with the code may be inadequate; and
- the limited consequences for breach of the code may not be enough to make industry participants correct and prevent systemic failures in its application.
I would add one point. There may now be some doubt about the extent to which obligations contained in industry codes can be relied on and enforced by individuals. The doubt arises, in part, because of the broad range of provisions contained in industry codes. Some are expressed as promises, capable of direct application to the relationship between an individual and a financial services entity. Others are not.
Another matter to be considered is the necessarily incremental development of this area of the law through judicial decisions. Intermediate courts of appeal have held that terms contained in earlier versions of the Code are incorporated into, and form part of, the contract between bank and customer or guarantor.[3] Of necessity, these decisions related to specific provisions of the Code, and were informed by the specific circumstances of the cases.
In the circumstances, there may be some uncertainty about which provisions of industry codes can be relied on, and enforced, by individuals. Uncertainty of this kind is highly undesirable. All participants in the financial services industry – including consumers – must know what rules govern their dealings. This is especially so given that rights under contracts with financial services entities are capable of being traded, assigned and subrogated. Parties to contracts, not only the immediate but also any successor parties, must know what terms govern their relationship.
Some attention has already been given to how these limitations and difficulties can be met. In its December 2017 report, the ASIC Enforcement Review Taskforce made five recommendations about industry codes in the financial sector. It recommended that:
- ASIC approval should be required for the content of and governance arrangements for relevant codes;[4]
- entities should be required to subscribe to the approved codes relevant to the activities in which they are engaged;[5]
- approved codes should be binding on and enforceable against subscribers by contractual arrangements with a code monitoring body;[6]
- an individual customer should be able to seek appropriate redress through the subscriber’s internal and external dispute resolution arrangements for non-compliance with an applicable approved code;[7] and
- the code monitoring body, comprising a mix of industry, consumer and expert members, should be required to monitor the adequacy of the code and industry compliance with it over time, and periodically report to ASIC on these matters.[8]
Each of these recommendations is directed towards meeting difficulties of the kind identified by Treasury, and I see their force. But, as I explain below, I consider it necessary to go one step beyond what was proposed by the ASIC Enforcement Review Taskforce. As Treasury rightly said in its submissions, ‘[f]or codes to be meaningful rather than tokenistic, there needs to be reasonably effective mechanisms in place to ensure adherence’.[9] In particular, there must be adequate means to identify, correct and prevent systemic failures in applying the code. As I have said, in order to do that, some provisions of the codes should be picked up and applied as law.
Before saying more about that, I note that Treasury invited consideration of whether similar aims could be achieved by providing ASIC with rule‑making powers generally similar to those given by the Competition and Consumer Act 2010 (Cth) (the Competition and Consumer Act).[10] Treasury observed that adopting a model of that kind would require consideration of how wide the power would be and what accountability mechanisms or constraints would accompany it.[11]
I do not favour pursuing this course.
As ASIC indicated in Regulatory Guide 183, which related to the approval of codes, harnessing the views and collective will of relevant industry participants is essential to the creation of an industry code.[12] I would not discard those benefits by giving ASIC the entire responsibility for creation of the kinds of norms that are now set out in the 2019 Banking Code and that have been developed and applied within significant parts of the banking sector for many years. As I explain below, ASIC can and should encourage industry to develop the ideas that are to be reflected in the enforceable code provisions, and should more broadly continue to engage with industry about its codes. But it is now time to give certainty and enforceability to key code provisions that govern the terms of the contract made or to be made between the financial services entity and the customer or a guarantor.
[1]Treasury, Interim Report Submission, 9 [56].
[2]Treasury, Interim Report Submission, 9–10 [58].
[3]Brighton v Australia and New Zealand Banking Group Ltd [2011] NSWCA 152; Doggett v Commonwealth Bank of Australia (2015) 47 VR 302; National Australia Bank Ltd v Rose [2016] VSCA 169.
[4]ASIC Taskforce Review, Final Report, December 2017, 33.
[5]ASIC Taskforce Review, Final Report, December 2017, 34.
[6]ASIC Taskforce Review, Final Report, December 2017, 35.
[7]ASIC Taskforce Review, Final Report, December 2017, 35.
[8]ASIC Taskforce Review, Final Report, December 2017, 35.
[9]Treasury, Interim Report Submission, 12 [65].
[10]Treasury, Interim Report Submission, 14 [76].
[11]Treasury, Interim Report Submission, 14 [76].
[12]ASIC, Regulatory Guide 183, March 2013, 4 [183.1].