Banks' obligations

Consumer credit contracts legislation covers most of the lending-related complaints we investigate. A consumer credit contract will exist whenever a bank lends to a customer for personal use, such as through a mortgage, credit card, arranged overdraft or personal loan. Such contracts typically take the form of a customer agreement (such as a home loan agreement) or the standard terms and conditions of a product (such as a credit card account) to which a customer agrees to abide.

Changes to the Credit Contracts and Consumer Finance Act 2003 impose specific obligations on lenders (such as banks) and lending agents (such as repossession agents and debt collectors) to act responsibly. The changes also aim to protect vulnerable consumers. 

Under the revised Act, banks must:

  • comply with responsible lending principles (see the Responsible Lending Code, which sets out these principles)
  • ensure customer agreements, and banks' actions under those agreements, are not oppressive for customers
  • disclose all of the terms and conditions of lending – including what the repayments will be, how the bank will calculate interest, and what fees or charges, if any, will apply – before borrowers sign the customer agreement
  • give borrowers a five-working-day cooling-off period in which to change their mind about the agreement they have signed.
  • comply with stricter rules about fees and charges they can apply
  • comply with more comprehensive rules about hardship applications (see below).

The Act extends protections to those who are considering borrowing from a bank as well as to those who already have a lending agreement with a bank. 

Responsibility principles

The Act requires banks to act with the care, diligence and skill of a responsible lender when advertising consumer credit contracts and before entering into an agreement to provide credit (and before taking a relevant guarantee). This responsibility extends to all subsequent dealings with the borrower or guarantor.

The Act's responsibility principles require banks to:

  • make reasonable inquiries to be satisfied that the credit is likely to meet the borrower’s requirements and be repaid without the borrower suffering substantial hardship
  • help the borrower to make informed decisions about whether to enter into the agreement, and to make informed decisions in all subsequent dealings
  • treat borrowers and their property reasonably and in an ethical manner, including during any repossession process
  • make sure agreement terms and powers exercised by banks are not oppressive
  • meet all legal duties to the borrower.

See the legislation for full details.

Financial hardship

Customers suffering unforeseen hardship are entitled to ask their bank to vary the terms of their contract. They must have been in default for less than two months and have not missed four consecutive payments. Their application must be in writing and must explain the reasons for being unable to make repayments (such as illness, injury, loss of employment or the end of a relationship). Banks must comply with lender responsibility principles when assessing hardship applications. See our Hardship and financial difficulty quick guide for details.

Complaints related to the Act

If you consider your bank has not complied with its responsibilities under the Act and you are unhappy with its response to your concerns, you can contact us. We can look at complaints about a bank’s breach of a statutory obligation or industry code. Note, however, that we don’t have power to make banks alter their policies or practices.

More information

Our Quick Guides Complaints about loan decisions and Guaranteeing someone’s debt also have information about credit contracts. 

The National Building Financial Capability Charitable Trust has a Code of Responsible Borrowing, which covers such areas as affordable repayments, alternatives to borrowing, knowing what you’re signing, and keeping lenders informed about life changes that affect repayments.   

The Commerce Commission has detailed information covering all aspects of consumer credit changes.

The credit laws also aim to protect vulnerable consumers.

Rectangleguyleaning 7.59.47 PM

Privacy & confidentiality

Banks have a legal duty to protect the confidentiality of existing and former customers. Banks also have obligations under the Privacy Act 1993, which contains 12 privacy principles about personal information. In the banking sector, these principles govern:

  • banks’ collection and storage of customer information
  • customers’ rights to access and correct information about themselves
  • the disclosure of personal information.

We can consider complaints about breaches of privacy and duty of confidence. Sometimes we refer a privacy complaint to the Office of the Privacy Commissioner if we consider it would be better dealt with by that office. An example would be if a customer sought compensation that exceeded our limit. 

Concepts similar, but not the same

A duty of confidence and the legal obligation to protect privacy are similar, but not the same. The former applies to information about individuals and businesses, the latter to information about individuals only (and that includes bank staff). If a complaint requires us to look into the behaviour of a staff member, we can ask the bank to tell us what systems or process changes it has put in place to correct a problem, but we cannot seek information about any disciplinary or other action the bank may have taken against that individual.

Disclosing confidential information

There are four broad situations in which a bank can lawfully disclose confidential information:

  • When the law compels it to: Banks sometimes have to give evidence about a customer’s affairs in court. Banks can also be required to give information to the Inland Revenue Department (under the Tax Administration Act 1994), to the Ministry of Social Development (under the Social Security Act 1964) and to a company liquidator (under the Companies Act 1993). Banks are also required to report suspicious transactions to Police (under the Financial Transactions Reporting Act 1996 and Anti-Money Laundering and Countering Financing of Terrorism Act 2009).  
  • When it has a public duty to: This applies when there is a danger to the state or when the wider public needs protection against crime. A bank needs to balance the public interest with respecting a customer’s right to privacy when it considers providing information about that person to a third party.
  • When a bank must disclose information to protect its interests: This applies when a bank takes legal action against a customer (such as to recover a debt), or defends an action from a customer and needs to provide information about the customer’s affairs.
  • When a customer agrees: A bank can disclose customer information if the customer agrees. A bank must ensure the information is correct and within the scope of the customer’s consent. A customer may, for example, agree to the bank’s disclosure of information about one account only. If the bank releases information about other accounts, it has breached its duty of confidence.

When a bank breaches confidentiality or privacy

If we consider a complaint about breach of confidence or privacy to be valid (whether accidental or deliberate), we assess whether this has resulted in a direct financial loss to the customer and, if so, award compensation. We also look at whether the customer has suffered distress, embarrassment or inconvenience. We must be satisfied any distress, embarrassment or inconvenience warrants a compensation payment. Sometimes customers submit substantial claims for minor frustration or inconvenience. We are unlikely to award compensation for minor mistakes that have little or no harmful effects company liquidator (under the Companies Act 1993). Banks are also required to report suspicious transactions to Police (under the Financial Transactions Reporting Act 1996 and Anti-Money Laundering and Countering Financing of Terrorism Act 2009). 

Common scams targeting bank customers

You always need to be on your guard when it comes to banking and money matters. That doesn’t mean being suspicious or paranoid. Rather, it means exercising care and maintaining a healthy scepticism towards individuals or companies when you’re online. We recommend you take the following precautions:

How to bank safely

  • Find out something about the company or individual you are dealing with. Do an internet search, look for reviews, ask for a physical address you can check, and look up the company on the Companies Register.
  • Check Consumer Protection’s scam alert website.
  • Check with someone independent and trustworthy before you commit to anything.
  • Do not give out account details unless the business is established and trusted.
  • Never accept money into your account for subsequent transfer to others.
  • Never give out your PIN or internet banking password.
  • Check your accounts regularly to ensure money is going to the right places.
  • Report any likely scams to your bank.
  • When emailing people about making a payment, confirm the payment details using another form of communication (such as by phone). You may not be communicating with the person you imagine, because fraudsters hack into email accounts and assume the account holder’s identity. A quick phone call can foil such deception.
  • Contact your bank immediately if you suspect you have been scammed. It may be able to reverse a payment (but that’s unlikely if you’ve authorised the payment and it has gone through).

If you find you've become the victim of a scam and you complain to us, our job is to determine whether your bank is liable for the loss.

Phishing scams

Scammers try to trick customers into giving out personal information such as bank account numbers, passwords and credit card numbers. This is called a phishing scam. Typically, customers receive an email from what looks like their bank. It will say they need to confirm some personal details, usually their internet banking username and password. It will contain a link to a website that looks like the bank’s but is fake. Customers who enter these details will soon find scammers have accessed their accounts and cleared out their money.

Be extremely wary of emails that appear to be from your bank and that ask you to confirm your personal details. Banks will never ask you for your password in emails. Don’t click on links within any email if you have the slightest suspicion about its authenticity. Simply delete the email. If you need to go to your bank’s website, type the address into your browser.

If you enter your internet banking password and other details into a fake website, it’s likely you will be liable for any losses because you disclosed this crucial information.

Fraudsters may also make phishing phone calls pretending to be your bank, telephone company, government department or a computer company. They may ask you to turn on your computer and download software that gives them access to everything on your computer. A fraudster who has gained access to your computer may be able to steal money from your bank accounts. Be very cautious about unsolicited phone calls, no matter how plausible the caller sounds. 

Sending money to scammers

Scammers can also trick bank customers into sending money to them. How they do this varies. A common way is to ask customers to send a processing fee in order to receive an inheritance or the proceeds of an investment. Another is for someone met on an online dating site to seek financial help. Losses from such scams can run into tens of thousands of dollars.

Always be careful if someone you don’t know or have met only online asks for money. It can seldom be recovered. Your bank is very unlikely to be liable for losses you suffer if you give it instructions to send money to someone, it follows those instructions and you later find out that the individual was a scammer.

Money mules

Another scam is to ask a bank customer – the mule  – to accept and forward on money stolen from another victim’s bank account. Scammers convince people there is a legitimate reason for the transfer, such as paying a fee associated with a job application or helping someone with whom they have an online relationship.

A bank may reverse a payment from a mule’s account if the money is found to have been stolen. This, in turn, can cause the mule’s account to be overdrawn if there isn’t enough money in the account. The bank will ask the mule to repay the overdrawn sum.

In such cases, we consider whether the bank’s terms and conditions allow it to reverse a payment from a mule’s account. We also assess whether the bank had sufficient information to conclude the money was stolen before it reversed the payment. If so, the customer will be held liable for the loss.     

PIN scams

These aim to get customers to disclose their PIN. Scammers have usually already stolen a customer’s wallet, but to use any credit or debit cards they need the PIN.

Scammers use different techniques to get intended victims to disclose their PIN. Scammers may, for example, say they are from the bank and have noticed suspicious transactions that indicate a card has been stolen. They will suggest cancelling the card, but doing that, they add, will require the customer to verify his or her PIN in order to authorise the cancellation. The giveaway here is that banks never ask for a customer's PIN.

Another technique is to contact a customer and say he or she has won a prize. The customer is asked to make up a four-digit number for identification purposes when collecting the prize. The scammer may be making the call from an ATM and will tap in the number. If not the PIN, the scanner will say that number has been taken, and to pick another. Subconsciously or otherwise, many customers will eventually give out their PIN.

By disclosing your PIN to anyone, you are breaching the terms and conditions of your account or card and you will generally be liable for fraudulent transactions. You won’t be liable for fraudulent transactions if you have taken reasonable care of your card and PIN. 

Financial abuse of the elderly

Financial abuse can take the form of:

  • misusing or stealing from the bank accounts of those in their care
  • pressuring a person to sign a legal document, such as a guarantee or mortgage
  • using a power of attorney in a way that is not in the interests of the person who granted it.

Pressure from family member or caregiver

Elderly people may face pressure from family members for financial support. For example, an adult child may pressure a parent to guarantee a loan or become a co-borrower on a loan using the parent’s house as security. 

If someone is pressuring you to sign a bank document, or is accessing your accounts without your permission, contact your local bank branch. Staff will give you advice on how best to protect yourself and your banking affairs. In so doing, bank staff will also be alert to any unusual activity in your accounts.

Suspicions of financial abuse

If you suspect an elderly friend or relative is the subject of financial abuse, you may like to raise the subject diplomatically with that person. Some tentative questions can either allay or confirm your suspicions. You may wish to raise your concerns with a trusted family member. The Office for Seniors runs a free helpline (0800 32 668 65) that gives callers information about elder abuse and also connects them to support services.

Other types of financial abuse

Like all customers, older people can also be approached by individuals running financial scams. Fraudsters can make contact in person, by phone, email, or through the internet. 

More information

The following organisations also deal with matters affecting the elderly: