Consultation Paper on Minimum Operating Standards for the Resolution of Customer Complaints – Deposit-Taking Institutions (April 2026)

TABLE OF CONTENTS: SECTION Title 1 Introduction 2 Governance, Structure, and Systems for Complaint Handling 3 Complaint Management Framework and Staff Competence 4 Complaint Handling and Resolution Process 5 Documentation and Record-keeping 6 Enforcement 7 Transitional Period MINIMUM OPERATING STANDARDS FOR THE RESOLUTION OF CUSTOMER COMPLAINTS - DEPOSIT TAKING INSTITUTIONS Market Conduct & Consumer Protection Thematic Working Group Bank of Jamaica & Financial Services Commission April 7, 2026 CONSULTATION PAPER:

1 Glossary Unless otherwise defined in these Standards, terms used herein should have the same meanings as assigned to them in the Banking Services (Deposit-Taking Institutions) (Customer-Related Matters) Code of Conduct, 2016 (“the Code”) and the Banking Services Act, as applicable. For data reporting and interpretation, the understanding of what constitutes a complaint and the classification of complaint types should be consistent with the complaint definitions and groupings used by Bank of Jamaica in its Annual Report or any subsequent supervisory guidance, to ensure uniformity of reporting and analysis across DTIs. “Board” means the board of directors of a deposit-taking institution, or a committee designated by the Board to discharge its responsibilities under these Standards. “Complaint Handling Unit” means the functional unit, division, or team within a deposit-taking institution responsible for coordinating, tracking, escalating, and monitoring the resolution of customer complaints. “Complaints Policy and Procedures Manual” means the written document approved by the Board setting out a DTI’s internal policies and procedures for receiving, recording, escalating, resolving, and monitoring complaints, consistent with the Code and these Standards. “Service-Level Standards” means the performance benchmarks, timelines, and quality indicators established by a deposit-taking institution for the intake, handling, escalation, and resolution of complaints. “Digital Complaint-Management System” means the electronic system or platform used by a deposit￾taking institution to record, track, monitor, and analyse complaints data in accordance with these Standards. “Standards” means these Minimum Operating Standards for the Resolution of Customer Complaints.

2 Section 1. Introduction

1. Bank of Jamaica (“the Bank”) published the Banking Services (Deposit Taking Institutions) (Customer Related Matters) Code of Conduct, (“Code of Conduct” or “the Code”), in 2016. The Code of Conduct sets out minimum standards of conduct for deposit-taking institutions (“DTIs”) with respect to customer-related matters including customer complaints. These Minimum Operating Standards are issued in consideration of section 132(4) of the Banking Services Act and provide operational guidance aligned with Articles 7, 12, and 13 of the Code, which promote fair and transparent treatment of customers by DTIs.
2. These Standards build upon the expectations of the Code by establishing institution-wide standards for complaint-management systems that promote fairness, transparency, accountability, and institutional learning. In doing so, DTIs will be provided with a supporting framework for the handling and resolution of customer complaints1 , in a manner that embeds these principles into broader governance, risk management, and service quality frameworks while ensuring alignment with international approaches to market conduct and customer protection.
3. The objectives of these Standards are to: (a) Ensure that customers can lodge complaints through multiple, easily accessible channels; (b) Promote fair, consistent, and timely resolution of complaints; (c) Ensure that all complaints are logged, analysed, and addressed through standardised processes; (d) Strengthen governance structures and controls for managing complaint-related risks; (e) Use feedback from complaints to improve internal systems and customer outcomes; and (f) Require that complaint data and analysis are reported to senior management, Boards, and the Bank to support oversight and transparency.
4. DTIs must read these Standards in conjunction with the Code2 . Article 16 of the Code provides that DTIs who contravene the Code are liable to sanctions under the Banking Services Act as a consequence for non-compliance with any directions issued by the Supervisor. In areas where timelines, obligations, or requirements are already set out in the Code, DTIs are expected to comply with the Code, and these Standards should be interpreted as reinforcing and operationalising those obligations rather than creating new or duplicative obligations. 1 “Customer” has the meaning assigned to it in the Code. 2 These Minimum Operating Standards constitute supervisory guidance issued by Bank of Jamaica in line with the relevant sections of the Banking Services Act and the Code of Conduct and are not intended to constitute legal advice. DTIs should seek independent legal advice where necessary to ensure compliance with all applicable laws and regulations.

3 Outlined below are minimum operating standards for DTIs, setting out minimum expectations for the handling of financial customer complaints to promote fair treatment and enhance protection for their customers 3 : Section 2. Governance, Structure, and Systems for Complaint Handling

5. DTIs are expected to establish a sound complaint handling framework supported by strong governance, defined structures, and effective systems. Accordingly, the Board and senior management of DTIs must provide clear oversight and ensure that policies, staff, and systems support fair, timely, and consistent treatment of customer complaints across the institution.

A. Complaints Policies, Procedures, and Documentation Standards

6. Approval and Review of Complaints Manual: The Board should approve a comprehensive Complaints Policy and Procedures Manual detailing the policies and procedures for handling customer complaints, aligned with Article 7 and Article 12 of the Code, which collectively require DTIs to establish and implement written procedures for handling complaints, staff training, and disclosure of policies to customers4 . In light of these obligations, DTIs should develop a step-by￾step procedure document that aligns with Article 7, ensuring that all staff are trained on these procedures. These Standards therefore provide further operational guidance on the level of detail expected in such manuals.
7. Complaints Policy and Procedures Manual: Each DTI should maintain an up-to-date manual setting out internal expectations and minimum procedural requirements for receiving, documenting, escalating, resolving, and monitoring complaints. To this end, at a minimum, the manual should address the following: (a) Mechanism for Submission/Handling of Complaint Channels: Consistent with Article 12(c)(i) of the Code, the manual must specify multiple, accessible, transparent, and effective communication channels for lodging complaints (e.g., in-person, telephone, online banking, mobile applications, and written submissions). Channels should be available without charge to customers. In addition, the manual should include provisions for persons with disabilities as defined under the Disabilities Act, such as, where practicable, visual, audio-visual, or assistive technology tools, to facilitate access to the complaint process. These channels should be reviewed at least biennially to ensure continued effectiveness; (b) Access to Status Updates: DTIs should implement a range of accessible channels as stated in paragraph 7(a) that allow customers to check the status of their complaints; 3This list is not exhaustive and does not preclude a DTI from adopting and implementing other industry best practices. 4 Article 7 sets out the mechanisms DTIs should establish and implement in order to ensure compliance with the Code.

4 (c) Complaint Handling Timelines: DTIs must comply with the timelines established under Article 13 of the Code. Internal policies and procedures may provide shorter timelines, where appropriate. However, these timelines cannot exceed those prescribed in the Code (Article 13(a)(b)); (d) Escalation Framework: The process through which a customer can escalate a complaint, in the event of dissatisfaction with any aspect of the process. A clear hierarchical structure should be established for escalating complaints, including specific roles and responsibilities at each level. To support transparency, this process should be communicated clearly to customers through multiple medium to ensure customers are aware of and understand the escalation process; (e) Record-keeping for Complaints: The Manual should include procedures for the recording, tracking and maintenance of complaints received by the DTI either directly or through its agent. Accordingly, DTIs should invest in systems that can log and track complaints, generate reports, and facilitate effective monitoring and management of complaint data; (f) Response to Non-Compliance: Subject to Article 12(c)(iv) of the Code, mechanisms to address non-compliance with the DTI’s policies and procedures must be documented and enforced consistent with such other relevant policy and procedure including the HR manual. DTIs must establish corrective measures to address non-compliance with a DTI’s policy and procedures and communicate these corrective measures to the Board; (g) Analysis of Complaints Data: DTIs should establish mechanisms for the ongoing analysis of complaints data and maintain documented findings to identify patterns, root causes, and emerging risks. The results of these analyses should be shared with the functions responsible for risk management, internal audit, compliance, strategic planning, and product development, to support continuous improvement and inform enterprise-wide risk assessments. Risks identified through complaints analysis should be incorporated into the DTI’s risk management framework to ensure that conduct, operational, and reputational risks are appropriately monitored and mitigated. In addition, the internal function responsible for complaints oversight should conduct an annual review of the DTI’s Complaints Policy and Procedures Manual, considering complaints data, systemic issues, and identified gaps, and should submit the findings and any recommended amendments to the Board; (h) Policy Review and Updates: The Board should formally review and re-approve the Complaint Policy and Procedures Manual at least every two years, or sooner where significant regulatory, operational, or risk-related changes occur. This biennial review should explicitly consider the results of senior management’s annual review, along with findings from internal audit, compliance, and complaint-data analyses, to ensure the manual remains effective, relevant, and aligned with emerging risks and supervisory expectations; and

5 (i) Handling of Special Cases: Procedures for handling complaints submitted anonymously, by third parties, or on behalf of vulnerable customers should be documented either directly or through its agents. Such complaints should be recorded and investigated in accordance with the standard process, and should not be dismissed solely on the identity or anonymity of the source. 8. Public Disclosure and Availability of Complaints Procedures: DTIs should ensure their customer complaint policies and procedures are disclosed in accordance with Article 12(d) of the Code, and are readily available in each place of business and in all locations operated by the DTI (i.e. head office (for locally incorporated DTIs) and all branch and sub-branch locations) as well as agent locations, as the case may be, and also published on the DTI’s website and applicable social media platforms. The procedures should be presented in plain, accessible language, make provisions for persons with disabilities as defined under the Disabilities Act, and should include clear instructions on how customers may escalate complaints to Bank of Jamaica or other relevant bodies. DTIs should ensure that all physical (e.g. in branch) and digital (e.g. the DTI’s website) points of access for customers prominently display or link to the complaint handling procedures. 9. The compliance function of the DTI is responsible for overseeing the implementation of the complaint handling policy and procedures manual, including monitoring adherence, initiating corrective actions, and conducting periodic evaluations of effectiveness. The DTI’s internal audit should provide independent assurance through a structured audit program that includes periodic reviewing of the framework’s operation, verifying data integrity, and assessing compliance with applicable regulatory and institutional requirements. The results of these audits should be presented to the Board or Board Audit Committee and integrated into the DTI’s enterprise-wide risk assessments. B. Dedicated Customer Complaint Handling Unit 10. Establishment of a Dedicated Complaint Handling Unit: DTIs should maintain an adequately staffed, trained, and resourced unit tasked with coordinating and overseeing the handling of customer complaints as set out in the Code. While the relevant business line or unit is responsible for resolving complaints in practice, the complaint unit retains responsibility for ensuring that complaints submitted by a customer are logged, tracked, escalated, and resolved in accordance with policies and within the specified timelines. The Complaint Handling Unit should be staffed with personnel skilled in conflict resolution and customer service and receive ongoing training. Reporting should be to the compliance function, with parallel accountability to the risk management function, and oversight from senior management and the Board; 11. Appointment of Designated Complaints Officers: DTIs should designate one or more responsible officers as required under Article 12(b) of the Code of Conduct, with clear accountability for overseeing timely resolution. Furthermore, designated officer(s) must ensure the following: (a) processes are effective; (b) complaints are escalated where necessary; and

6 (c) matters are resolved within prescribed timelines as established by the Code, policy, and procedures. 12. Designated officers may be located centrally, or geographically distributed at key parish, town, or branch locations, depending on the DTI’s size, complexity, and business model, and will serve as the official points of contact for both customers and Bank of Jamaica. These officers should be vested with the authority and access to resources necessary to monitor complaint handling, hold business lines accountable, and ensure systemic issues are addressed. To support visibility, the contact information for each designated officer should be prominently displayed across all customer communication channels to ensure visibility and accessibility; 13. Monitoring Unit Performance Against Service Standards: Every complaint handling unit should be evaluated against a set of service-level standards developed by DTIs that are periodically reviewed for ongoing relevance for intaking/logging, documenting, tracking, and resolving complaints. DTIs should make these service-level standards available to Bank of Jamaica upon request. Where a DTI identifies sustained non-performance against service-level standards, the matter should be escalated to senior management and corrective action documented; 14. Customer Awareness of the Complaint Handling Unit: To support customer awareness, DTIs should ensure that their customers are aware of the existence, mandate, and functions of their respective complaint handling unit. The unit should also be aware of the policy and procedures manual, and how the unit can be contacted by customers who have complaints as prescribed by the Code. Information about the unit should be incorporated into customer agreements and on the DTI’s website, readily available at each place of business and in all locations operated by the DTI, including agent locations. DTIs may use channels such as periodic statements, websites, or other appropriate media to keep customers informed about their rights and available support. 15. Finally, the compliance function of DTIs should monitor the performance of the complaint handling unit, including adherence to service-level standards, proper escalation of systemic issues, and the accuracy of internal reports. Internal audit should periodically assess the effectiveness of the unit and its alignment with governance expectations and regulatory standards. C. Digital System for Handling Complaints

16. Implementation of Digital Complaints Management System: To support consistent tracking across the institution, each DTI should maintain a digital system for documenting, monitoring, analysing, and tracking the status of customer complaints, scaled to the size, complexity, and risk profile of the institution. The system must be capable of generating a unique complaint ID number and recording all key complaint data;
17. Security Safeguards and Data Access Controls: The complaint system should include safeguards to ensure that only authorised staff can access complaint information, based on clearly defined roles and responsibilities. Access should be protected by secure login protocols, such as strong password authentication or multi-factor authentication. The system should maintain user access logs to enable auditability and traceability of actions taken. All complaint￾related data must be stored and transmitted using appropriate encryption or other protective

7 measures to prevent unauthorised access or tampering. These safeguards must comply with the provisions of the Data Protection Act, 2020, (“DPA”) and reflect established good practices in information security management; 18. System-Wide Access to Complaints Records: All records of customer complaints should be accessible at all branches and offices of the DTI through the digital system for handling complaints, which may be achieved, for example, through the implementation of a centralised database that can be accessed securely by authorised personnel from any location to ensure consistency in complaint handling across all branches; and 19. Competency and Monitoring of System Usage: To maintain system integrity, DTIs should ensure that responsible officers in the complaint handling unit are competent in the operation of any system designed to monitor complaint handling. 20. Further, the compliance function is responsible for ensuring that the digital complaint management system operates in accordance with institutional policies, security protocols, and service expectations. Internal audit should assess the system’s data integrity, access controls, and reliability through periodic IT and operational audits. D. Appropriate Governance and Oversight

21. Board and Senior Management Oversight of Complaint Handling Systems: The Board, or a committee designated by the Board, and senior management of each DTI should ensure that the policy, procedures, and mechanisms for handling customer complaints are effective and efficient in overseeing the complaint handling system for the DTI. This should involve regular review of reports generated from the complaint handling system to ensure the system meets the DTI’s standards for customer service and compliance. At a minimum, such reviews should be conducted quarterly, with summary analyses and key performance metrics presented to the Board or its designated committee (e.g., Risk, Conduct, or Audit Committee) within thirty (30) days of the end of each quarter;
22. Principles of Fairness and Timeliness: The Board, or a committee designated by the Board, and senior management should ensure that the complaint handling and redress framework of each DTI is committed to fairness, consistency, timeliness, and transparency in resolving complaints consistent with the Code. Clear and thorough policies for handling complaints should be developed and implemented, with regular monitoring and reporting processes established to ensure consistent adherence;
23. Information Required by the Board for Oversight: The Board, or a committee designated by the Board, and the senior management of each DTI, should request the following information at least quarterly, on, at a minimum: (a) The trends in customer complaints received by or made against the DTI, including types and volume of complaints, and demographic information; (b) A report on the functioning of the complaint handling process and redress mechanisms against benchmarks set out in these Standards, as well as against any internal benchmarks set by the DTI;

8 (c) Level of customer satisfaction with the complaint handling process and redress mechanisms of the DTI, as evidenced by results from customer satisfaction surveys or any other appropriate means; (d) Any weaknesses identified in the complaint handling process and redress mechanisms of the DTI; and (e) In an expedited timeframe, customer complaints that are considered to be significant and which require action from senior management. 24. Where appropriate, these reports should also be used to inform product improvements, service redesign, or operational policy changes aimed at addressing root causes of recurring complaints. 25. Senior Management Review and Remedial Action Planning: Senior management should ensure the effectiveness of the DTI’s complaint handling and redress mechanisms. Management review should focus on whether: (a) Deficiencies related to the DTI’s business conduct and operations as identified in the complaint handling processes are promptly and properly rectified to prevent future issues; (b) Resources allocated to the complaint handling function are sufficient to resolve complaints in an effective and timely manner; (c) Issues and findings identified in audits or other independent reviews are followed up appropriately; (d) Any modification to the complaint handling and redress mechanisms is warranted, considering the latest development in areas such as scale and scope of products or services being offered, regulatory landscape, and technological innovation; and (e) Whether complaints data is being utilised by the risk function to inform the DTI’s risk register, risk appetite monitoring, and conduct risk metrics. 26. The compliance function should coordinate internal reporting on customer complaints, ensuring that key findings, risks, and trends are communicated to senior management and the Board or its designated committee. This should include assessing whether the DTI has clear escalation protocols that trigger risk or audit committee review based on thresholds such as unresolved complaint volume, repeat complaints by product, or systemic control failures. Section 3. Complaint Management Framework and Staff Competence

27. A sound complaint management system requires effective governance, well-defined internal controls, documented procedures, and competent staff. Accordingly, DTIs are expected to embed these principles across all business units to ensure fair, timely, and consistent outcomes for customers across channels and products. Strong customer service relations at all relevant staff levels must therefore underpin the framework, promoting courtesy, respect, and professionalism in every customer interaction and reinforcing trust in the DTI.
28. DTIs should ensure that their complaint management framework and associated policies are consistent with Articles 12 and 13 of the Code of Conduct. In this regard, DTIs should assess

9 their existing arrangements and make any enhancements required to ensure full alignment with the Code and these Standards. A. Governance and Internal Controls

29. The designated officer should be sufficiently senior and have overall responsibility for the complaint management framework. As a result, this officer should have the necessary authority to enforce corrective measures and oversee end-to-end complaint resolution processes across the organisation.
30. Each DTI should maintain a formal policy on complaint management approved by the Board or a designated committee. This policy should be reviewed at least biennially to reflect evolving regulatory expectations, operational changes, customer needs, and supervisory guidance. The review process should include input from the internal audit and risk functions and incorporate findings from complaints trend analysis, audits, and regulatory reviews.
31. Internal controls for complaint handling should include: (a) Documented procedures for receiving, logging, categorising, escalating, resolving, and closing complaints; (b) Clearly defined turnaround times for acknowledgements, as well updates on milestones during the process and on the final resolution; (c) Quality assurance mechanisms such as peer reviews, spot checks, and supervisory sign￾offs; (d) Mechanisms to document actions taken and decisions made at each stage of the complaint; (e) Controls to ensure alignment with applicable regulatory guidance and redress obligations; (f) Internal control testing by the internal audit function to assess control design and operating effectiveness on a periodic basis; and (g) A complaint tracking system capable of providing status updates to complainants and generating performance metrics to monitor timeliness, resolution quality, and systemic issues.
32. The complaint handling function should operate with sufficient independence from front-line business units to ensure objectivity in evaluating complaints, particularly those relating to sales practices or potential misconduct. Where relevant, misconduct-related complaints should be escalated to the compliance and risk functions for investigation and integration into the DTI’s conduct risk framework.
33. Reports should be submitted to the Board or its designated committee at least quarterly, or more frequently based on complaint volumes or assessed risks, summarising: (a) Complaint volumes, categories, and resolution timelines; (b) Root cause analysis of emerging patterns; (c) Operational or reputational risks associated with complaints; (d) Results of internal audits or regulatory reviews; (e) Actions taken to address deficiencies or recurring issues; and

10 (f) The impact of complaint patterns on the institution’s risk appetite, product design, and customer trust. 34. Material complaints or systemic issues (e.g., those related to digital fraud or policy misalignment) should be escalated to the Board or a relevant sub-committee and reflected in enterprise risk dashboards, compliance reviews, or product assessments, as appropriate. Clear internal triggers (e.g., unresolved complaints above a defined threshold, high volume of repeat complaints, or complaints affecting vulnerable customers) should require formal escalation to the risk or internal audit functions; and 35. Complaint data should be used proactively to inform improvements in product design, service quality, and risk management practices. The risk management function should periodically review complaints data to update the institution’s risk register, conduct risk indicators, and control assessments. B. Staff Competence and Role-Specific Training 36. Front-line staff, call centre agents, relationship managers, agents, and outsourced personnel must be trained on the DTI’s complaint management policies and procedures, consistent with the training obligations set out in Article 12(c)(iii) of the Code. At a minimum, these persons should be able to: (a) Distinguish between feedback, inquiries, complaints5 , and disputes6 , noting that all expressions of dissatisfaction must be treated as complaints in the first instance, consistent with the Code. DTIs should ensure that policies and procedures clearly differentiate the handling of these categories; (b) Refer complaints to the appropriate unit for resolution; (c) Recognise when to escalate complaints; (d) Provide timely and accurate status updates to customers; and (e) Execute any other responsibilities that are in line with quality customer service expectations 37. Compliance and risk staff should receive periodic training on, at a minimum: (a) Analysing complaints for root causes, systemic risks, and product/service design flaws; (b) Monitoring adherence to complaint handling obligations and service-level standards; (c) Identifying breaches or customer harm warranting remediation; and (d) Using complaints data to inform enterprise risk assessments, conduct risk frameworks, and control testing. 38. Board members should receive periodic briefings or sensitisation sessions on, at a minimum: (a) Trends in customer complaints and what they imply about institutional culture and performance; 5 “Complaint” has the meaning assigned to it in the Code. 6 “Dispute” has the meaning assigned to it in the Code.

11 (b) The DTI’s obligations under applicable laws and supervisory expectations; (c) Strategic responses to complaint patterns, including policy and product design changes; and (d) Significant complaint trends or risks that require escalation, as well as the implications of these trends or risks for the DTI. 39. Staff in the complaint handling unit will be expected to undergo comprehensive, role-specific training at least annually that includes, at a minimum: (a) Understanding regulatory requirements, including turnaround timelines and record￾keeping obligations; (b) Effective communication skills for drafting acknowledgements and responses; and (c) Use of complaint data to improve service delivery and reduce recurrence. 40. Training must be, at a minimum: (a) Delivered at onboarding and at regular intervals thereafter, and in any case, no less than annually; (b) Updated based on audit findings, regulatory developments, or internal reviews; and (c) Tailored to reflect the responsibilities of each staff group or functional area. C. Ongoing Competence and Evaluation

41. DTIs should maintain systems to track staff participation in, and completion of, all complaint￾related training programmes. Refresher training should be conducted on at least annually and additionally whenever material changes occur to ensure that staff remain current with evolving regulatory requirements, institutional policies, and customer protection standards.
42. Outcomes from training should be incorporated into staff performance evaluations, particularly for those roles that materially affect the complaint handling process. This integration reinforces accountability and ensures that competence in complaint management is treated as a core aspect of professional performance.
43. Internal audit should periodically test the adequacy of training content and delivery. This may be achieved through staff interviews, file reviews, and process walkthroughs, for example, with results reported to senior management and the Board as part of broader assurance on complaint handling.
44. In addition, each DTI should coordinate complaint-related training on an institution-wide basis and monitor the ongoing competence of staff. The risk function should contribute actively to the development of training materials and identify emerging conduct or operational risks requiring targeted staff sensitisation. Internal audit should also assess, at regular intervals, the effectiveness of training programmes and the extent to which competencies are embedded in frontline and oversight functions.

12 Section 4. Complaint Handling and Resolution Process 45. The DTI should provide a fair, transparent, consistent, efficient, confidential, and easily navigable complaint handling and resolution process. The infrastructure supporting the submission of complaints should be intuitive and inclusive, with regular engagement and timely updates provided to customers. A robust complaint resolution system should remove any disincentive to submitting grievances and reflect the institution’s commitment to service quality and customer protection. To this end, the framework should demonstrate responsiveness to emerging conduct risks and uphold supervisory expectations on redress and remediation. Complaint-handling mechanisms should operate seamlessly with the DTI’s customer-service channels and should ensure that customers are able to interact with trained personnel. DTIs should remove barriers such as language limitations and provide inclusive interfaces such as audio or assisted-service options for persons with disabilities, consistent with the Disabilities Act. A. Reporting Complaints

46. DTIs should provide multiple mechanisms for submitting complaints, such as, where applicable, dedicated telephone lines with 24/7 access, in-branch facilities, mobile banking applications, email, web portals, or other appropriate electronic or physical channels. In this regard, all incoming channels through which complaints may be received should be identified, mapped, and integrated into the DTI’s complaint management system to ensure that no complaints are overlooked, lost, or duplicated. Special provisions must be made for persons with physical or cognitive disabilities. DTIs should continuously evaluate and enhance these mechanisms to ensure accessibility and effectiveness. To support this, the compliance function should review channel accessibility as part of ongoing fair treatment assessments.
47. Customers submitting complaints in-branch should be promptly attended to by a responsible officer. DTIs must implement queue management systems and ensure branch staff are trained to prioritise and expedite complaint handling efficiently in adherence with internally established SLS.
48. Any digital processes for submitting complaints, such as a mobile banking application or email, should be restored within one (1) business day of disruption. If this is not possible, customers should be notified of alternative methods for submitting complaints. To this end, DTIs should maintain robust technical support to minimise downtime, and contingency plans should be communicated to customers regarding any issues. Regular system checks are recommended to ensure operational reliability. Internal audit should include periodic IT audit procedures to test complaint submission reliability and downtime risk mitigation.
49. DTIs should ensure that customers have access to all the relevant information about the DTI’s complaint handling and redress processes through a range of channels including, at a minimum, in-branch and ABM signage, websites, social media platform(s), and other appropriate media. Information on these processes should be easily accessible and easily understood. This information should be regularly updated to reflect any changes in the process or contact details.

13 50. There should be no fees or costs levied on customers submitting complaints. This policy should be clearly communicated to encourage complaint submission and promote customer confidence. 51. Members of the Complaint Handling Unit should be readily available and able to answer all relevant questions posed by customers about the complaint handling process and available redress mechanisms. DTIs should ensure responses are accurate, courteous, and timely, reflecting a culture of responsiveness and transparency. Compliance should periodically review the quality and accuracy of responses to ensure alignment with the institution’s obligations. B. Communication and Engagement with the Customer

52. Customers should be informed of the DTI’s complaint handling policies, procedures, and any associated timelines for each step of the resolution process through various mediums, including, but not limited to, the DTI’s website, social media platform(s), and periodic emails to increase general awareness, transparency, and trust. DTIs should develop a comprehensive communication strategy that ensures all customers are regularly informed about how to access and navigate the complaint process. In developing this strategy, DTIs should include metrics for assessing reach, clarity, and comprehension of complaint handling information.
53. The contact information (i.e. email, telephone number, fax number (if applicable), branch address) of all designated officers responsible for handling customer complaints should be prominently displayed and easily accessible at relevant locations and online. This repository of contact information for all responsible officers should be kept up-to-date across all customer￾facing platforms to ensure transparency and accessibility.
54. Each DTI should submit the work contact information for all responsible officers to Bank of Jamaica and provide timely updates to the Bank whenever changes are made to the list of responsible officers. This repository of work contact information for responsible officers at DTIs will be published and maintained on the Bank’s website.
55. DTIs must formally acknowledge receipt of the complaint within a period not exceeding five (5) business days from the date of the DTI’s receipt of the complaint as specified under Article 13(1)(a) of the Code. The acknowledgement must include: (a) the complaint reference or tracking number; (b) the name and contact details of the designated officer handling the matter; (c) an indicative period for the initial response; and (d) information on how the complainant may obtain updates on the status of the complaint.

14 C. Confidentiality

56. DTIs should ensure that the complaint handling process is designed in way that protects the identity of customers making complaints. Therefore, the complaint handling process should create no barrier for customers to make complaints.

57. Any customer information related to an ongoing or resolved complaint must remain confidential. Regular audits should be conducted to ensure that all staff adhere to confidentiality protocols and that customer information is securely stored.

58. All digital complaint handling systems must be designed and operated in accordance with the DPA and should incorporate robust security features to safeguard customer data. These features should include secure authentication protocols, role-based access controls, and encrypted channels for the submission, transmission, and storage of complaint data. Access to complaint￾related data should be restricted to authorised personnel on a strict need-to-know basis.

59. In handling customer complaints and related disputes, DTIs must ensure compliance with Article 14 of the Code, which incorporates the secrecy provisions of section 134 of the Banking Services Act. Internal audit and IT security teams should test data access logs and encryption protocols to ensure compliance with data protection and other secrecy laws. D. Complaint Investigation and Final Response

60. DTIs should provide a response outlining the final decision within a period not exceeding forty￾five (45) business days of the DTI’s receipt of the complaint as specified under Article 13(1)(b) of the Code. This obligation applies irrespective of whether the matter subsequently gives rise to a dispute or involves third parties engaged by the DTI. In resolving complaints, DTIs should ensure that where: (a) the complaint is upheld, in whole or in part, this response includes a description of the action taken or to be taken by the DTI to remedy the situation; and (b) the complaint is rejected, in whole or in part, a reason for the rejection of the complaint is also provided in the response, and the Bank is duly notified in writing of this decision, inclusive of the rationale for the decision

61. The Bank expects that DTIs will not delay, suspend, or otherwise seek to avoid compliance with the complaint-resolution timelines under Article 13 of the Code by re-characterising a complaint as a dispute prior to the issuance of a written final response to the customer without evidence of a disagreement between the customer and the DTI or its agent on the substance of the complaint. Internal classifications, third-party investigation timelines, or scheme-based processes do not displace the DTI’s obligations under the Code.

62. If a final decision cannot be reached within forty-five business days of the DTI’s receipt of the complaint, the DTI must inform the customer in writing and the Bank is duly notified in writing prior to the expiration of this period, at a minimum. The notification to the Bank must further:

15 (a) outline the nature of the complaint, the reasons for the delay in resolving the complaint, and the expected completion date; and (b) reflect that the customer has been informed that a final decision was not reached within the period specified. 63. Any notification under the paragraph above does not extend the maximum resolution period prescribed under the Code and does not alter the classification of the matter as a complaint for supervisory purposes. 64. Where a final decision is reached within five (5) business days of the DTI’s receipt of the complaint, the DTI issuing a response to the customer confirming the final decision and the reason for the decision is sufficient. 65. Where, following the issuance of a written final response within the prescribed timeline, the customer disputes the DTI’s position or the DTI maintains a position contrary to the customer’s claim, the matter may thereafter be treated as a dispute. In such circumstances, DTIs must clearly inform the customer, in writing, of: (a) the basis of the DTI’s position; (b) the avenues available for internal review or appeal; and (c) the customer’s right to escalate the matter to Bank of Jamaica or any other relevant authority. 66. Where applicable, redress should be provided to customers immediately upon confirmation and communication of the final decision with regards to a complaint. In this regard, compensation should use the customer’s preferred payment method where feasible, and timelines for disbursement should be communicated. The compliance function should ensure the timeliness and transparency of all such communications. Internal audit should validate turnaround time performance and integrity of decision documentation. E. Avenues for recourse

67. DTIs should implement and maintain procedures to identify clients adversely affected by process failures, errors, or omissions through internal audits or compliance reviews. Once identified, these clients must be notified and their issues resolved promptly to ensure fairness and maintain trust. A log of such identified cases and actions taken should be maintained and made available for regulatory review.
68. Customers should be informed about all the various avenues for recourse and appeal with the DTI and the Bank prior to and after the resolution of a complaint. DTIs should regularly update and distribute clear, comprehensive guides on all available recourse options to ensure customers are well-informed about their rights and the steps the customer can take if dissatisfied.
69. There should be no barriers created by the DTI, whether implicit or explicit, which may dissuade or prevent customers from contacting Bank of Jamaica to escalate a complaint. Policies should be regularly reviewed and adjusted, if necessary, to eliminate any obstacles that could inhibit

16 customers from seeking further recourse, ensuring that all escalation paths are clearly explained and accessible. 70. At the time of communicating the final decision on a complaint, or upon expiry of the 45-business￾day resolution period, or where a matter transitions to a dispute following such communication to the customer, DTIs must inform customers of their right to escalate complaints to Bank of Jamaica or any other relevant regulator. This notification must be in writing, clearly stated in the final decision, or upon expiry of the 45-business-day resolution period, and include appropriate contact details. Escalation procedures must also consider the notification requirements to the Supervisor set out under Article 13(2) of the Code, where a final decision cannot be provided within forty-five business days. Compliance should review all template responses for inclusion of proper escalation guidance and required disclosures. F. Redress and Remediation Policy 71. DTIs should have a clear policy, consistent with the obligations set out under Article 13 of the Code of Conduct, that explains how redress will be provided to customers when mistakes are made or problems occur in the complaint handling and resolution process. This policy must cover: (a) the types of mistakes or issues that may arise such as delays, incorrect charges, or poor service; (b) how the DTI decides what kind of harm the customer experienced, including both financial loss and inconvenience; (c) when and how to offer goodwill payments, refunds, or fee waivers; and (d) how to make sure customers in similar situations are treated fairly and consistently, in a manner that is transparent and compliant with the Code or any other applicable law. 72. DTIs should keep a written record of these decisions and review them regularly to make sure the process remains fair. Policies and records maintained under this section must align with the record-keeping requirements in Article 15 of the Code of Conduct, particularly in respect of documenting the resolution or outstanding matters of each complaint. Staff should be trained on how to use the policy when handling complaints or correcting errors. The policy should be reviewed at least biennially and updated in response to audit findings, changes in regulatory expectations, or patterns observed in complaint data. 73. Nothing in this Standard should be construed as limiting a customer’s right to pursue further recourse under the Code or any other applicable law. The question of whether customers may be required to waive further rights upon accepting redress will be considered as part of future legislative or policy development. Until such a framework is established by law, DTIs must not require customers to waive statutory or contractual rights to redress as a condition of accepting compensation.

17 G. Reporting on Complaints and Customer Feedback

74. The Complaint Handling Unit must report to senior management and the Board on customer complaints at a frequency proportionate to the frequency and materiality of complaints received by the DTI. This reporting should include both quantitative metrics (e.g. number of complaints, categories, resolution times) and qualitative analysis (e.g. trends, root causes, customer impact, and systemic issues). Additional analysis may be provided where necessary to capture material conduct risks.

75. DTIs must implement mechanisms to solicit and record feedback from customers on their complaint handling experience, covering, at a minimum, timeliness, clarity of communication, fairness, and satisfaction with the outcome. This feedback must be analysed and used to improve the complaint handling process. Key findings of this feedback should be incorporated into periodic reports to senior management and the Board.

76. The compliance function should ensure that all complaint handling processes, including intake, escalation, communication, and resolution, are implemented consistently across the DTI. Internal audit should assess adherence to these procedures, data protection obligations, and service standards as part of the DTI’s internal control framework. The risk management function should be informed of any systemic issues uncovered during complaint resolution and incorporate them into enterprise risk and conduct risk assessments. Section 5. Documentation and Record-keeping

77. Effective documentation and record-keeping are essential for transparency, internal oversight, regulatory compliance, and protecting customer interests. Accordingly, all DTIs must maintain complete, accurate, and accessible records related to the receipt, handling, and resolution of customer complaints, consistent with the Code, Proceeds of Crime Act (“POCA”), and any other applicable legislation. Record-keeping must support enterprise risk assessments, internal audits, remediation planning, and regulatory inspections. A. Keeping a record of all complaints

78. DTIs are required to keep records and documents related to customer complaints, customer disputes, and their outcomes as prescribed by the Code. These records must be accurate, complete, and current. This requirement applies to all DTIs or their agents, as applicable. These records and documents must include: (a) the name of the complainant; (b) the complainant’s address, contact information, including telephone numbers and email address, and where applicable, a copy of an identification document bearing the complainant’s face such as a driver’s licence or passport; (c) the date of the DTI’s receipt of the complaint whether directly or through its agent, as the case may be; (d) the date on which the complaint was acknowledged, and a copy of the acknowledgement;

18 (e) the nature and description of the complaint or of the dispute; (f) the category/type/subject matter relating to the complaint; (g) the name of the DTI to which the complaint relates, including the relevant branch (if applicable); (h) the name of any associated or related complaints received; (i) the method by which the complaint was submitted or came to the attention of the DTI; (j) the name and position of the DTI’s officer or employee responsible for handling the complaint or the dispute; (k) a copy of the response(s) of the DTI to the complainant; (l) a copy of the complainant’s response(s); (m) a copy of all other relevant correspondence and documentation; (n) the action(s) taken by the DTI to resolve the complaint or the dispute and the final decision taken by the DTI along with the associated dates of same; (o) the amounts associated with the complaint and the amounts reimbursed (p) whether all matters raised in the complaints were settled and, if not, the matter(s) that remain in issue; (q) the date on which the complaint was resolved, and the manner of resolution; and (r) the residual plan, if there are remaining issues to be resolved. 79. Complaint records should be stored in a structured, searchable format that allows for ease of retrieval, compliance monitoring, data analysis, and timely production for audit or regulatory examinations. These systems should support internal audit queries, escalation tracking, and retention in accordance with both legal and supervisory requirements. B. Retention and Access 80. DTIs should maintain clearly documented procedures for the recording, storage, and management of all complaints received, whether directly or through agents. In this regard, these procedures must be consistent across platforms and enable accurate, timely, and secure handling of records, and should be reviewed biennially by internal audit and updated based on regulatory findings or material process changes. 81. Information or records relating to a customer complaint must not be disclosed to any third party except: (a) with the express written consent of the complainant; (b) pursuant to a court order, warrant, or other lawful direction issued under the Banking Services Act or any other enactment; or (c) where disclosure is required for cooperation with law-enforcement or regulators in accordance with section 134 of the BSA and the DPA. 82. DTIs should maintain documentary evidence of all such disclosures and ensure that the complainant is informed of disclosures made under paragraph 79(a) where practicable.

19 83. Complaint records must be stored in formats that support easy retrieval and secure disclosure in both electronic and written form. DTIs are encouraged to adopt digital systems that improve access, reduce manual intervention, and support regulatory compliance. 84. All complaint records, including those submitted anonymously, must be retained for a minimum of fifteen (15) years, consistent with Article 15(2)(b) of the Code, or any other period as may be required under the Code of Conduct or the DPA following the closure of the account, termination of the relationship, or the date of the transaction for non-account holders. Retention policies should be tested for compliance with local law and data protection obligations and should accommodate regulatory inspection windows. 85. DTIs should ensure that complaint records are accessible at all authorised branches and offices. Centralised systems are encouraged to facilitate organisation-wide reporting, oversight, and access control. 86. At a minimum, DTIs must retain the categories of complaint information outlined in their internal complaints policy and procedures manual. This requirement must be cross-validated by internal audit to ensure that all records are systematically tagged, complete, and retrievable by complaint ID, type, and resolution outcome. C. Access for Inspection and Disclosure

87. DTIs are expected to store records of complaints in a format and system that allows for timely access by Bank of Jamaica or other relevant authority during periodic examinations or with respect to requests for information. Consequently, access logs and audit trails should be built into complaint management systems and reviewed by internal audit for compliance and breach detection;
88. Notwithstanding the above, DTIs should submit complaint handling reports to the Bank on a quarterly basis. These reports should be submitted thirty (30) days after the end of the relevant quarter in a format and template prescribed by the Bank, and will include, at a minimum: (a) Total number of complaints received and resolved; (b) Average resolution times; (c) Breakdown by complaint category or issue type; (d) Notable trends, risks, or areas of customer dissatisfaction; and (e) Any corrective actions or systemic changes made in response to recurring complaints
89. Complaints or groups of complaints that may materially affect the DTI’s financial position, regulatory compliance status, or public confidence should be immediately reported. The report should detail the nature of the complaint(s), assess the potential impact of the complaint(s), outline immediate actions taken by the DTI, and propose measures for resolution and mitigation. This immediate reporting protocol must be incorporated into enterprise-wide risk escalation policies and documented in the institution’s risk appetite monitoring framework.

20 Section 6. Enforcement

90. A credible enforcement mechanism is essential to ensuring adherence to these Standards, fostering institutional accountability, and maintaining public confidence in the financial system. Enforcement in relation to matters covered by these Standards will occur through the existing framework set out in Part III of the Code of Conduct, which was issued under section 132(4)(b) of the Banking Services Act (“BSA”). Accordingly, where a DTI’s conduct reflects non￾compliance with obligations already established in the Code, the Supervisor may issue a warning and, where deficiencies persist, may issue a direction under section 132(6) of the BSA. Failure to comply with a supervisory direction constitutes an offence under section 132(7), which may give rise to the imposition of a fixed penalty. A. Warnings and Directions – Tiered Approach

91. Pursuant to Article 16 of the Code, the Supervisor may take enforcement action only in respect of obligations established in the Code. In this context, where a DTI’s conduct indicates non￾compliance with such Code obligations, including where that non-compliance is evidenced through failure to meet the operational expectations reflected in these Minimum Operating Standards, the Supervisor may: (a) issue a warning identifying the deficiency and advising of the likelihood that directions may be issued under section 132(6) of the BSA unless the issue is rectified; or (b) issue a direction requiring corrective action within a specified timeframe, in accordance with section 132(6) of the BSA.

92. Directions issued under the paragraph above must be addressed to the person with responsibility for the governance and daily oversight of the institution, as well as the members of its Board of Directors, in accordance with Article 16(2) of the Code.

93. A warning issued by the Supervisor in respect of non-compliance with provisions of the Code, whether identified through supervisory review or through deficiencies highlighted in the Minimum Operating Standards, may specify: (a) The nature of the contravention (e.g., failure to comply with the timelines in Article 13 of the Code, inadequate record-keeping under Article 15, or weaknesses in required procedures under Articles 7 or 12); (b) Required corrective actions and the deadlines for compliance; and (c) Notification that failure to rectify the breach may result in the issuance of formal directions as indicated under Section 132(6) of the BSA.

94. Where prior warnings have not resulted in timely or sufficient corrective action, or where a contravention is deemed severe or systemic, the Supervisor may issue directions under section 132(6) of the BSA, as reflected in Article 16 of the Code of Conduct. These directions may include, but are not limited to: (a) Mandating improvements to the DTI’s complaint handling policies, systems, or processes within a defined timeframe;

21 (b) Requiring restitution to affected customers, where quantifiable harm is identified; (c) Imposing enhanced monitoring, reporting, or audits obligations until deficiencies are corrected; (d) Requiring independent third-party reviews or audits of complaint handling practices; and (e) Directing the Board to consider disciplinary review of senior management where systemic failures or governance weaknesses are identified. 95. The Supervisor may escalate to these measures immediately in cases involving customer harm, repeated misconduct, or evidence of poor risk culture, where timely intervention is necessary to protect customers and preserve confidence in the financial system. B. Fixed Penalties for Non-Compliance

96. Pursuant to section 132(7) of the BSA and Article 17 of the Code of Conduct, a licensee that fails to comply with a supervisory direction issued under section 132(6) commits an offence. Where a deposit-taking institution is found to be non-compliant, the institution is liable to a fixed penalty of J$7.5 million per breach, as prescribed in Schedule 8 of the BSA. In addition to the imposition of fixed penalties, where appropriate and consistent with its powers under the BSA, the Supervisor may apply other supervisory measures to correct or mitigate the breach. C. Disclosures and Protections

(i) Public Disclosure 97. Based on the quarterly complaint reports submitted by DTIs, the Bank may publish aggregated complaint statistics such as complaint volumes, average resolution times, and recurring issues to support transparency and public awareness of complaint-handling trends. DTIs must also publish their complaint handling procedures and associated contact information on their official websites in accordance with the disclosure obligations in Article 12(d) of the Code. (ii) Whistle-blower Protections 98. Employees reporting violations of these Minimum Operating Standards in good faith are protected from retaliation under section 135 of the BSA. DTIs must ensure the availability of confidential and accessible internal channels for such disclosures. D. Additional Supervisory Measures 99. Without limiting the legal framework above, deficiencies in complaint handling may also be treated as a broader supervisory concern affecting market conduct and institutional safety and soundness. Accordingly, and consistent with its prudential powers under the BSA, the Bank may apply additional supervisory measures, which may include: (i) restricting or delaying approval of new product offerings until deficiencies are corrected; and

22 (ii) referring matters to law enforcement or other regulatory bodies where misconduct or breaches of law are identified. 100. In determining any remedial or supervisory action, the Bank will consider whether the DTI has adequately identified and addressed the root causes of recurring or systemic complaints and implemented measures to prevent recurrence. Section 7. Transitional Period

101. Bank of Jamaica will allow DTIs two years to fully implement these Minimum Operating Standards. This two-year transitional period reflects the need to establish or enhance governance frameworks, train staff, and implement digital complaint-management systems consistent with the size and complexity of each DTI.

102. DTIs will be required to submit a Board-approved implementation plan to Bank of Jamaica within six (6) months of the issuance of these Minimum Operating Standards, outlining how the DTI will achieve full compliance.

103. In keeping with the Code’s existing requirements, DTIs are expected to have foundational complaint handling mechanisms already in place. Accordingly, DTIs will be expected to: (a) within one year, demonstrate substantial compliance with Sections 2 and 3; and (b) within two years, achieve full compliance with all provisions of these Standards.

104. Following the two-year period, any non-compliance to these Minimum Operating Standards, whether identified through deficiencies highlighted in these Standards or through supervisory review, will be treated as a supervisory concern with attendant consequences. The Supervisor may, on a case-by-case and limited basis, allow additional time where justified by significant operational or resource constraints.

-End-