Data breach prevention

Australia does not yet have mandatory data breach notification laws (see last year's ALRC proposals) so we don't know about breaches other than those that get public notoriety (eg files dumped in bins, stolen laptops or forgotten CD's.)

But we can learn from those breaches analysed in the USA: Verizon has published its 2009 Data Breach Investigations Report.

Its analysis of data breaches concluded:

  • 74% were caused externally, 20% internally;
  • 67% were aided by errors, 22% involved privilege misuse;
  • 69% were discovered by a third party, 87% were considered avoidable through simple controls.
The 5 recommendations were:
  • Ensure essential controls are met.
  • Have data retention policies: find, track, and assess data.
  • Collect and monitor event logs.
  • Audit user accounts and credentials.
  • Test and review web applications.

In Australia the Privacy Commissioner has issued a Voluntary Data Breach Notification Guide.

ASIC policy proposals on competence and training for credit licensees

ASIC has released its policy proposals on competence and training for credit licensees.

ASIC’s Consultation Paper 113 Competence and training for credit licensees (CP 113) explains how ASIC proposes to interpret the competence requirements as they apply to credit licensees.

There are two parts to the competence and training requirements of the new credit regime – competence at the licensee level (organisational competence) and training standards for representatives, including employees and agents of a licensee (representative training).

As a general rule, ASIC expects key people to have a relevant qualification (either an industry specific course or a more general qualification) and at least two years relevant experience.

ASIC proposes to accept key people without relevant qualifications but with five years relevant experience in the credit industry over the last seven years until December 2013.

Because of the diversity of roles in the credit industry, ASIC proposes not to prescribe particular training for most credit representatives. Licensees will need to document their training regimes.

The exception is for mortgage broking representatives who ASIC expects to have a Certificate IV in Financial Services (Finance/Mortgage Broking). Existing mortgage brokers who do not have this qualification will be given until December 2013 to obtain it.

Deposit guarantee scheme update

Board of Taxation Discussion Paper on GST and cross‑border transactions

The Board of Taxation has released a discussion paper on the Board’s review of the application of GST to cross‑border transactions.

The Government has asked the Board to consult widely with relevant stakeholders and report to the Government on improvements to the design of the GST system necessary to ensure that cross‑border transactions are treated in an efficient and effective manner. A particular focus will be those design features underpinning the involvement of non‑residents in the Australian GST system with a view to simplifying the design.

The closing date for submissions is 4 September 2009.

Senate Committee Termination Payments Bill reporting date extended

The Senate Economics Legislation Committee's inquiry into the Corporations Amendment (Improving Accountability on Termination Payments) Bill 2009 has been extended as the committee requires more time to finalise its report. The committee intends to present the final report by Monday, 7 September 2009.

NAB drops overdrawn account fees

Senate Committee Consumer Credit Bill reporting date extended

The Senate Economics Legislation Committee’s report in relation to the committee’s inquiry into the National Consumer Credit Protection Bill 2009 and related bills has been delayed.

The committee requires more time to finalise its report. The committee intends to present the final report by Monday, 7 September 2009.

Financial Ombudsman case studies

The latest newsletter from the Financial Ombudsman Service (here) has 3 case studies worth reviewing to understand the Ombudsman's approach to resolving disputes:

  • Financial planning advice: Mr and Mrs A complained about the advice they received from their bank's financial planner about how they could arrange their financial arrangements to allow Mrs A to qualify for the maximum aged pension and maximise their income. After a meeting with the bank’s planner, he provided advice that Mrs A would qualify for the full pension if her term deposit monies were invested in a superannuation fund in her name and recommended investment in a bank balanced superannuation fund.

    Mr and Mrs A accepted the advice and transferred the funds to the recommended fund. Mrs A subsequently reached retirement age and applied for the aged pension. However, she was subsequently advised by Centrelink that her pension entitlement was approximately half the full pension. A review of the financial planner’s advice showed he had erred in his calculation. The lower pension entitlement therefore meant Mr and Mrs A’s overall already modest income fell after implementing the planner’s recommendation. The value of Mrs A’s superannuation investment subsequently fell significantly.

    The Financial Ombudsman Service’s view was that the recommendation made by the planner was inappropriate given Mr and Mrs A’s financial position, their historical investment profile and the resultant reduction in their income. Had the correct pension information been stated, and the appropriate recommendation supplied, it was more likely than not, in the circumstances of this case, that Mr and Mrs A would have retained their existing investment arrangements together with a part pension.

    On that basis, the Financial Ombudsman Service determined that the disputants were entitled to be put back in the position they would have been had the term deposit remained in place and the bank was liable to compensate them on that basis.

  • Travel insurance: Mr B was stranded in Thailand in September of last year when the Phuket airport was closed due to an anti-government protest. As a result, Mr B had to purchase new flight tickets, and incurred additional costs. The member denied his claim on the basis that the proximate cause for the loss arose from an excluded clause in the policy that is “a loss that arises from any act of war, or from a rebellion, revolution, insurrection or taking power by the military”. The Financial Ombudsman Service upheld Mr B’s claim on the basis the events should be described as a “riot” or “civil commotion” rather than an “insurrection”.
  • Superannuation advice: Mr D alleged that the superannuation consultant agreed to advise the consumers into the future and for an indefinite period of changes to the superannuation rules which would prevent them withdrawing their contributions without incurring tax or other penalties.

    Eight years after initial contact, changes to superannuation rules meant that a component of Mr and Mrs D’s superannuation contributions would be taxed substantially if it were withdrawn. Mr and Mrs D complained that the member breached its contractual obligation to warn them of such changes ahead of their operation, and claimed compensation.

    The Financial Ombudsman Service found that there was no ongoing retainer to provide financial advice, Mr and Mrs had not paid any fees for advice, and that there had been no contact between Mr and Mrs and the member during the eight year period. The Financial Ombudsman Service did not uphold the dispute

Margin lending dispute resolution ASIC consultation paper

The Corporations Legislation Amendment (Financial Services Modernisation) Bill 2009, if passed, will require margin lenders and advisers to obtain a licence and be subject to supervision and enforcement by ASIC. It will also give borrowers access to free external dispute resolution services where they have a dispute with their provider.

ASIC’s Consultation paper 112 Dispute resolution requirements for consumer credit and margin lending ( CP 112) explains how ASIC proposes to apply the dispute resolution requirements for margin lenders and those who provide advice on margin loans, once the Financial Services Modernisation Bill reforms of margin lending, come into effect.

Submissions close on Friday 11 September 2009.

ASIC Consultation Paper on dispute resolution

ASIC has released a consultation paper seeking public comment on proposals designed to ensure that consumers have timely access to dispute resolution if they have a problem with consumer credit or margin lending.

ASIC’s Consultation paper 112 Dispute resolution requirements for consumer credit and margin lending (CP 112) explains how ASIC proposes to apply the dispute resolution requirements for credit providers, brokers and other credit licensees and their representatives, as well as for margin lenders and those who provide advice on margin loans, once the National Consumer Credit Protection Bill (the Bill), and reforms around margin lending, come into effect.

The dispute resolution requirements are similar to those that currently apply to holders of an Australian financial services licence and their representatives.

For consumer credit, the Bill provides for a two-stage transition to full licensing. Initially those engaged in regulated ‘credit activities’ must apply to registered with ASIC, or be a representative of an entity that is registered. Applications for registration must be made between 1 November 2009 and 31 December 2009. Registered persons must have membership of an ASIC-approved external dispute resolution (EDR) scheme.

Credit licensing commences on 1 January 2010 and applications must be made by 30 June 2010. Credit licensees will be required to have dispute resolution arrangements that include:

  • an internal dispute resolution (IDR) process that meets ASIC’s approved standards and requirements;

    • and

  • membership with an ASIC-approved EDR scheme.

Those licensed to provide margin loans or advise on margin lending will be required to meet the same two requirements from the time the margin lending reforms come into effect.

Submissions close on Friday 11 September 2009.