Powered by MOMENTUM MEDIA
HR Leader logo
Stay connected.   Subscribe  to our newsletter
Law

CBA hit with $7.5m fine after breaching spam laws

By Jack Campbell | |4 minute read
Cba Hit With 7 5m Fine After Breaching Spam Laws

The major bank is cooperating with an investigation into compliance issues involving messaging to customers and has been slapped with a substantial fine for its actions.

Commonwealth Bank of Australia (CBA) has been hit with a $7.5 million fine after sending over 170 million emails that weren’t compliant with Australia’s spam laws.

The investigation from the Australian Communication and Media Authority (ACMA) revealed that between November 2022 and April 2024, the major bank sent emails that did not include a way to unsubscribe. Further, 34.8 million of these messages were sent to those who either had not consented or had withdrawn their consent to receive these messages.

Advertisement
Advertisement

“The ACMA took action against CBA just last year for not delivering on their customers’ rights to unsubscribe from marketing messages. We have now had to take further action after this new investigation found that CBA had incorrectly classified millions of messages as non-commercial,” said ACMA chair Nerida O’Loughlin.

“Australians are sick and tired of this kind of spam intruding on their privacy, and it’s clear CBA did not have its systems in order.”

The Spam Act 2003 permits purely “service” messages that are not commercial to be sent without consent or an unsubscribe facility. However, the ACMA found CBA’s messages either promoted products and services (including insurance, credit, and loan offerings) or promoted CBA itself.

“The rules are clear: if a message includes marketing content or direct links to marketing content, it is a commercial message and must give people the option to unsubscribe. We have seen several companies get this wrong, and businesses are on notice to check how they are classifying messages as commercial or non-commercial.”

According to ACMA, this is the second time CBA has breached spam laws after it was hit with a $3.55 million penalty in May 2023 for sending 65 million emails without working unsubscribe arrangements.

After this latest dilemma, CBA has entered an enforceable undertaking, cooperating with ACMA investigations and accepting wrongdoings.

“We will continue to closely monitor compliance with its commitments and with the spam laws,” added O’Loughlin.

CBA “acknowledges and accepts” the findings of the investigation and has since apologised.

“We apologise for sending non-compliant messages to customers,” group executive marketing and corporate affairs Monique Macleod said.

“Timely and relevant information for our customers is incredibly important, and the way we classify that information to meet our regulatory requirements and customer expectations is an absolute priority. We are committed to meeting our obligations, and we’re dedicating significant time and resources to this.”

Leading the work in the enforceable undertaking is Leif Gamertsfelder, who has taken on the new role of executive general manager of customer communications review, reporting to Macleod.

Under Australia’s spam laws, courts can impose fines of $626,000 per day where a company doesn’t have a prior record. Maximum court penalties rise to $3,130,000 per day for companies with a prior record. Over the last 18 months, businesses have paid over $20 million in spam penalties.

This article was originally featured in HR Leader’s sister brand, Broker Daily.

Jack Campbell

Jack Campbell

Jack is the editor at HR Leader.