Australia: Commonwealth Bank, Australia’s largest bank, has been hit with a record-breaking fine of $3.55 million for violating spam laws.
The Australian Communications and Media Authority (ACMA) imposed the penalty after the bank sent 65 million emails to customers that breached the Spam Act. The majority of these marketing emails required customers to log in to unsubscribe, which was deemed unlawful under new regulations that came into effect in April 2021. The updated regulations mandate that marketers must provide an easy unsubscribe option without requiring customers to log in.
The breaches occurred following the Commonwealth Bank’s update of its electronic banking terms and conditions in November 2021. During this process, certain language was inadvertently removed, which had previously exempted the bank from the Spam Act changes. Consequently, the bank lacked a direct unsubscribe link in its communications, leading to a significant number of violations.
ACMA Chair Ms. Nerida O’Loughlin expressed alarm at the scale and duration of the breaches, criticizing the bank’s failure to rectify the issues despite early warnings. Commonwealth Bank’s group executive for marketing and corporate affairs, Ms. Monique Macleod, accepted the findings and issued an apology for the bank’s mistake. In response to the investigation, the bank has taken steps to address the issues, strengthen its systems, and enhance compliance measures.
As part of its resolution with ACMA, Commonwealth Bank has committed to a three-year court-enforceable undertaking. This entails an independent review of its online marketing practices, staff training, and regular compliance reporting. ACMA’s actions against the bank serve as a warning to other businesses that non-compliance with spam laws will not be tolerated.
While the $3.55 million fine may appear small in comparison to Commonwealth Bank’s profitability, it has significant implications for the bank’s reputation. Mr. Andrew Williams, the CEO of the Australian Communications Consumer Action Network, highlighted the message sent by the substantial penalty and emphasized that future breaches could result in even higher fines. The Commonwealth Bank recently reported a quarterly profit of $2.6 billion.