CBA admits it took years to fix a code problem

The Commonwealth Bank took years to properly patch a system that was charging some of its business customers double interest on their overdrafts.

Even then, the code change did not completely fix the problem - and it took another year to fully resolve the “double-charging” issue, the banking royal commission heard yesterday.

CBA’s executive general manager of retail Clive van Horen said that some customers that took out either a business overdraft (called a BOD) or simple business overdraft (or SBO) wound up being overcharged.

All up, about 2500 customers were thought to be impacted, of which 1490 customers were repaid.

In the case of the SBO, customers wound up paying a 33.94 percent interest rate, instead of an expected 16 percent.

“What happened was the account that had [the overdraft on it] was sourcing the interest rate to be charged from two different systems,” van Horen said.

“What that meant was it sourced the interest rate from two systems and charged both of those interest rates to the account, which meant that the customer was being overcharged.

“The correct interest rate should have been 16 percent and the system applied that rate, [but] it also applied another interest rate - a thing called the excess debit interest rate - which was an error.”

The problem came to light in 2013 when a customer lodged a complaint at a CBA branch. CBA found the issue impacted SBO customers in August 2013 and BOD customers in November of the same year.

“An incident was created which was managed at a fairly low level in the organisation amongst the technology teams,” van Horen said.

“But the scale of the problem was not fully understood.”

The bank put in place a manual process as a stopgap while it worked on a proper code fix.

“What we did about it in 2013 was we put in place a manual process whilst we were developing the system based fix,” van Horen said.

“The manual process was put in place to try and identify where this [overcharging] was occurring, manual control reports were run [monthly] and customers were then corrected.

“To the best of our knowledge, we thought that there was a manual process in place that was preventing customers being overcharged. That was from late 2013 until May 2015 when a system fix was put in place.”

It was unclear whether the manual process was, in fact, run regularly; van Horen conceded it ran “intermittently, or we can’t confirm going back to find records that it was run every single month”.

Part of the reason it took so long to put in a permanent code fix, however, appeared to be that the bank believed the problem no longer existed.

“To the best of our knowledge, we still didn’t realise there was an ongoing problem so we thought the manual process was fixing it and putting all customers in the position they should have been,” he said.

Van Horen also suggested that negotiating the bank’s development pipeline and release schedules at the time was challenging in and of itself.

“Getting a system change in the pipeline requires testing and it has to get into various scheduled releases,” he said.

“[The code fix] was actually scheduled for February 2015 but got pushed back to May because the testing showed there were some issues.”

Unfortunately for CBA, even the permanent code fix did not completely solve the overcharging problem.

“The May 2015 system fix ensured that for 95 percent-plus of customers the overcharging stopped occurring,” van Horen said.

“What it didn’t do was [treat] a fairly unusual set of customer circumstances where a customer was on a certain underlying transaction account - for example, a premium business account - and then they switched to a business transaction account, and then got an [overdraft] on top of that.”

Van Horen suggested that this miss was not a result of a coding error.

Rather, he appeared to suggest the code fix was developed as specified, but that the specifications missed certain customer scenarios.

“It essentially was in the category where we did not specify requirements that would cater for all types of customer use cases or scenarios, and that was a set of customer circumstances that was not spelled out,” van Horen said.

“When we did the system fix in May 2015 we did not cater properly for that type of scenario.

“It was a miss. Clearly a fairly technical error, though.”

The bank finally closed off the overcharging issues through a "remediation" in 2016-17, which saw the bank hand back about $3 million.

“When we come to the remediation we then did in 2016-17, that went right back to 2013,” van Horen said.

“It dealt with the five percent who weren’t fixed after May 2015, but it also dealt with the near 100 percent who weren’t fixed prior to May 2015.”