Bank lacked reason to close accounts immediately

Closing accounts, Privacy & confidentiality,
Rory lived in Australia but had a bank account in New Zealand. He used online banking to access this account and regularly emailed his New Zealand bank to instruct it to send payments to his Australian account.
March 2020

In April 2018, Rory was locked out of his internet banking after repeatedly entering the wrong password. He called the bank to change his password. Before doing this, the bank had to complete a security identification process to confirm the caller was indeed Rory and not someone impersonating him. In Rory’s case, it couldn’t do this because he hadn’t registered a phone number to his profile (despite requests to do so). The bank attempted to explain this to Rory, but he became frustrated and the call deteriorated before ending abruptly. 

Rory returned to New Zealand six months later and visited a branch to get a replacement debit card. While there, he asked for a copy of his original agreement with the bank, which dated back to 2006, and also proof that the bank’s current terms and conditions were applicable to his account. The interaction with the teller did not go well, and Rory was eventually asked to leave. 

The following day the bank closed his accounts without notice. It had no contact details for him but examined his account transactions and concluded he was staying at a nearby hostel. It couriered a closure letter to him at the hostel, along with a bank cheque. It also arranged to serve a trespass notice on him at the hostel the same day. 

Rory complained the bank had acted unreasonably in not resetting his password, and also in the way it treated him at the branch and in the way it closed his accounts. He further complained about the bank’s use of his transaction information to find out where he was staying.

Our investigation

We found the bank acted reasonably in not resetting Rory’s password, given he was calling from an overseas number not registered to his profile. Banks understandably must be cautious when receiving requests to reset passwords for security reasons. However, we found the bank did not have reasonable grounds to close Rory’s accounts without notice. Good industry practice requires a bank to give at least 14 days’ notice prior to closure, unless there are exceptional circumstances, such as a risk to staff safety. While Rory might have been unpleasant to staff at the branch, there was nothing to suggest that he had threatened staff and any concerns the bank had about his behaviour were addressed by issuing the trespass notice.

We also found the bank had misused his transactional information to find out where he was staying.


We made a formal decision on Rory’s complaint and recommended the bank pay $2,000 in compensation in full and final settlement of it.  However, Rory was not satisfied with our decision and did not accept our recommendation.

Print this page