Get all your news in one place.
100’s of premium titles.
One app.
Start reading
The Guardian - AU
The Guardian - AU
World
Josh Taylor

Commonwealth Bank fined a record $3.55m for breaching spam laws with millions of emails

Exterior of a Commonwealth Bank branch
The Australian Communications and Media Authority fined the Commonwealth Bank $3.55m for breaching the Spam Act by sending 61m emails requiring customers to log in to their accounts. Photograph: Asanka Ratnayake/Getty Images

The Commonwealth Bank has paid a $3.55m fine for breaching spam laws in the largest penalty of its kind in Australia’s history.

The Australian Communications and Media Authority announced on Wednesday the fine had been levied against the bank after it sent 65m emails to customers which breached the Spam Act. More than 61m of the marketing emails unlawfully required customers to log in to unsubscribe.

New regulations came into effect in April 2021 requiring marketers to allow users to unsubscribe from emails easily, without needing to log in.

Most of the breaches occurred after CBA updated its electronic banking terms and conditions in November 2021, which inadvertently took out language the bank had been using in communications to exempt itself from the Spam Act changes while it was in the process of creating a direct unsubscribe link.

An unsubscribe link was also broken in 13 message templates that ended up going to 4 million customers. Of those, 5,000 messages were sent to customers who had tried to unsubscribe.

“The scale and duration of the breaches by the CBA is alarming, especially when the Acma gave it early warnings it might have some issues and the steps it took were ineffective,” said Acma’s chair, Nerida O’Loughlin. “The failure to fix the issues shows a complete disregard for the spam rules and the rights of its customers.”

A spokesperson for CBA said the company had been engaged with Acma around the changes to unsubscribe and identified issues to the authority, which then became the subject of investigation.

CBA’s group executive marketing and corporate affairs, Monique Macleod, said the bank accepted the findings and apologised for the error.

“Since reporting this matter to Acma, we’ve fixed the issues that were the subject of Acma’s investigation, and strengthened our systems, processes and controls to support ongoing compliance,” she said.

CBA has also provided a three-year court-enforceable undertaking to Acma to independently review its online marketing practices, staff training and regular compliance reporting.

“We continue to see large and well-known businesses who should know better than breaching the spam laws,” O’Loughlin said. “This action is a further warning to all businesses that non-compliance with Australia’s spam laws will not be tolerated.”

The Commonwealth Bank reported a profit for the March quarter of $2.6bn.

The chief executive of the Australian Communications Consumer Action Network, Andrew Williams, said while the fine was small compared with the bank’s profit, it sent a message to other businesses.

“The fact that that is the largest fine of this nature, it sends a clear message and I’m sure I’m sure they’re taking the reputational issue seriously,” he said.

Williams said the undertaking would also mean CBA would face a higher fine if found in breach in future.

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.