Submission - Joint submission to the 2007 Review of the Electronic Funds Transfer (EFT) Code of Conduct to ASIC (May 2007)

Q11 – Do small businesses experience problems in relation to their banking services that need to be addressed? Does the EFT Code provide an appropriate framework for addressing any problems identified?

It is essential that in this Review of the EFT Code the distinction between consumer and business transactions in the Code should be removed. This issue was the source of considerable debate during the last Review and it is arguable that the convergence of consumer and business banking has only increased since then. It is now very difficult to distinguish between consumer and business transactions.

There are no policy reasons for not including businesses in a Code that addresses mainly technical issues. Some arguments are presented in the Consultation paper, but they each have clear weaknesses:

  • Argument 1: Small businesses must be given incentives to maintain and improve their systems
    This argument implies that small business must be exposed to losing money via Internet banking fraud as a lesson in security management. In fact, financial institutions receive significant benefits from small businesses migrating to Internet banking from more expensive branch banking, and exposure to losses from fraud provides no incentive at all to improve the security of small business computer systems as they are in a weaker position than financial institutions when it comes to preventative measures.
  • Argument 2: The volume and value of business transactions may expose financial institutions to higher average losses
    This argument fails to recognise that average losses are in direct proportion to daily transaction limits and are not a reflection of the liability provisions. Although overall volume may be higher, income from business banking is also very high and the benefits to financial institutions of attracting more businesses to use Internet banking should still significantly outweigh the risks of including businesses in the EFT Code.
  • Argument 3: Subscribers may demand a reduction in the overall level of protection to the detriment of consumer stakeholders.
    Relief of the confusion over the distinction between consumer and business banking will benefit all stakeholders, including financial institutions, and this benefit is likely to outweigh any perceived detriments from this change. The threat to one group of stakeholders (consumers) appears hollow in this context.

It is also interesting to consider the terms and conditions currently provided by financial institutions. Typically, they are divided into Code compliant and non-compliant sections depending on the ‘business’ nature of the transaction. The non-compliant provisions can be harsher than the compliant provisions – particularly in relation to liability and dispute resolution.

Current terms and conditions also have specific and sometimes peculiar differences between liability for business customers and non-business customers. For example, one bank makes business consumers liable if they use part of their Driver Licence Number as their passcode, but they apply the EFT Code tests (name and birth date) to personal customers. However, a driver’s licence has no particular relevance to a business transaction. It is clear that financial institutions simply extend harsher terms to those customers not protected by the EFT Code, without any reference to the ‘business’ nature of the transaction.

Finally, dispute resolution is very complex if a business transaction is involved (or alleged). It will be simpler for all parties if this unhelpful distinction is removed and all EFT disputes are resolved according to the same rules and procedures.