The Commonwealth Bank has paid a $3.55m fine for breaching spam laws in the largest penalty of its kind in Australia’s history.
The Australian Communications and Media Authority announced on Wednesday the fine had been levied against the bank after it sent 65m emails to customers which breached the Spam Act. More than 61m of the marketing emails unlawfully required customers to log in to unsubscribe.
New regulations came into effect in April 2021 requiring marketers to allow users to unsubscribe from emails easily, without needing to log in.
Most of the breaches occurred after CBA updated its electronic banking terms and conditions in November 2021, which inadvertently took out language the bank had been using in communications to exempt itself from the Spam Act changes while it was in the process of creating a direct unsubscribe link.
An unsubscribe link was also broken in 13 message templates that ended up going to 4 million customers. Of those, 5,000 messages were sent to customers who had tried to unsubscribe.
“The scale and duration of the breaches by the CBA is alarming, especially when the Acma gave it early warnings it might have some issues and the steps it took were ineffective,” said Acma’s chair, Nerida O’Loughlin. “The failure to fix the issues shows a complete disregard for the spam rules and the rights of its customers.”
A spokesperson for CBA said the company had been engaged with Acma around the changes to unsubscribe and identified issues to the authority, which then became the subject of investigation.
CBA’s group executive marketing and corporate affairs, Monique Macleod, said the bank accepted the findings and apologised for the error.
“Since reporting this matter to Acma, we’ve fixed the issues that were the subject of Acma’s investigation, and strengthened our systems, processes and controls to support ongoing compliance,” she said.
CBA has also provided a three-year court-enforceable undertaking to Acma to independently review its online marketing practices, staff training and regular compliance reporting.
“We continue to see large and well-known businesses who should know better than breaching the spam laws,” O’Loughlin said. “This action is a further warning to all businesses that non-compliance with Australia’s spam laws will not be tolerated.”
The Commonwealth Bank reported a profit for the March quarter of $2.6bn.
The chief executive of the Australian Communications Consumer Action Network, Andrew Williams, said while the fine was small compared with the bank’s profit, it sent a message to other businesses.
“The fact that that is the largest fine of this nature, it sends a clear message and I’m sure I’m sure they’re taking the reputational issue seriously,” he said.
Williams said the undertaking would also mean CBA would face a higher fine if found in breach in future.