Archived Posts Lists

Australian Regulatory Compliance Review
Australian Technology and IP Business
Credit Union and Mutual Law
National Consumer Credit Reform
Personal Property Securities Australia
Longview Business Insights
Australian Private Health Insurers
Wills, Trusts, Super
Mutuals Resource Centre


Commonwealth legislation
Corporate Governance
Not-for-Profit links
Regulator Links

December 20, 2013

Privacy Regulations amended: credit reporting provisions

Privacy Regulation 2013 was registered on 17 December 2013. It updates and consolidates the Privacy Regulations with changes made to implement the Privacy Amendment (Enhancing Protection) Act 2012 which commences on 12 March 2014.

The main changes relate to credit reporting as a result of amendments to Part IIIA of the Privacy Act.

Regulation 6 – Consumer credit liability information
This Regulation prescribes the terms or conditions of the consumer credit for the purposes of the definition of consumer credit liability information in paragraph 6(1)(e) of the Act. These are:

(a) how the principal and interest on the consumer credit are to be paid (with the regulation specifying that payments be classified as either principal and interest, principal plus interest with a residual balloon, or interest only);

(b) whether the term of the consumer credit is fixed or revolving;

(c) if the term of the consumer credit is fixed – the length of the term;

(d) whether the individual is a guarantor to another individual is in relation to that particular line of credit of the other individual;

(e) whether the consumer credit is secured or unsecured; and

(f) any variation that may be made to items contained in the above paragraphs (a) to (e).

Regulation 10 – Meaning of credit provider
Regulation 10(2) excludes from the definition of credit provider under subsection 6G(6) of the amended Privacy Act any organisation or small business operators acting in the capacity of a current or prospective landlord in relation to the individual with whom an organisation or small business may be transacting. Any landlord which receives rent in arrears is therefore excluded from the definition of a credit provider.

Regulation 11 – Meaning of credit reporting business
This Regulation excludes from the definition of credit reporting business under subsection 6P(4) of the amended Privacy Act those businesses which provide personal information to a credit provider for the purposes of verifying an individual’s identity or validating other information relating to the individual’s financial position (such as real property assets) provided by an individual to a credit provider.

Regulation 12 – Meaning of repayment history information
This regulation specifies the circumstances in which an individual has not met an obligation to make a monthly payment that is due and payable, pursuant to subsection 6V(2) of the amended Privacy Act. The Regulation provides that where an individual misses any or all repayments due in a month, irrespective of the actual payment cycle for that obligation, then the individual is taken to have missed a payment. The intention of this section is to ensure that there is only one report each month per credit account of an individual’s repayment history information.

Regulation 22 – Transitional
The Regulation provides that information requests that are being processed on or before the commencement date of the Privacy Amendment Act may be processed under the existing Part IIIA of the Privacy Act up to, and including, 31 March 2014.

More about the Privacy Amendment Act

Print This Post Print This Post

Posted 20th December 2013 by David Jacobson in Compliance, Financial Services, National Credit Code, Privacy

August 16, 2013

Remedying a financial services or credit compliance breach: BOQ update

When a financial services licensee or a credit licensee finds a compliance breach it needs to make a number of decisions including:

  • what is the scope of the breach?
  • what does it need to do to fix it?
  • will it report the breach to ASIC? (for significant AFSL breaches there is a 10 business day time limit)
  • does it need to compensate customers?
  • what does it need to do to prevent it happening again?
  • For Credit Act breaches, will it make a penalty application to a court?

In April we discussed ASIC's response to BOQ's report of a breach relating to a failure to link Mortgage Offset Accounts (MOA) to some eligible home loan accounts over a number of years.

BOQ agreed to appoint an independent expert to review its remediation processes to ensure that:

  • all affected customers are identified and appropriately compensated, and
  • BOQ's compliance systems are adequate to prevent a similar error occurring in future.

BOQ has now announced that it has completed a comprehensive review of its products, processes and systems, identifying a number of legacy issues. The review has identified the incorrect application of interest rates and fees.

As a result of this review, BOQ will refund customers an estimated $34.5 million and incur additional remediation costs of $11.5 million.

BOQ said: "The problems have been caused by a number of issues, including overly complex products which required too many manual processes... Systems have also been put in place to ensure fees are being appropriately collected."

Print This Post Print This Post

Posted 16th August 2013 by David Jacobson in Compliance, Financial Services, National Credit Code

August 1, 2013

Report on credit card-related consumer credit insurance

ASIC has released Report 361 Consumer credit insurance policies: consumers’ claims experiences (REP 361) based on interviews with over 50 consumers who had claimed on a CCI policy with one of 9 insurers for their credit card.

When taken out on credit cards, a CCI policy covers consumers if they cannot meet their credit card repayments because, for example, they are made redundant, or are unable to work because they had an accident or fell ill. CCI policies also typically provide cover to consumers in the event of death.

While consumers whose claims were accepted were generally pleased to receive a benefit payment that assisted them, they were not always happy with their experience, because:

  • their benefit payment was less than they had expected, or
  • payments were not made in a timeframe consistent with credit card repayment due dates.

According to the General Insurance Code of Practice overview for the 2011–2012 financial year 11.6% of claims made on CCI policies were denied

The research also identified the following in relation to consumers' experiences making a claim on their CCI policy:

  • most consumers did not know how to make a claim or who to contact (often they contacted the entity who sold them their policy and not the insurer);
  • most consumers did not make a claim promptly
  • some consumers struggled with the claim assessment process which included completing long forms and providing documented evidence (such as medical certificates)
  • the longer it took for a claim to be finalised the greater the financial impact this usually had on consumers, and
  • consumers had mixed experiences making a complaint about their claim.

The report contains useful case studies.

ASIC is currently conducting industry surveillance focusing on the handling of CCI claims, complaints and cancellations.

ASIC says it will take enforcement action when necessary especially where CCI has been mis-sold.

Print This Post Print This Post

Posted 1st August 2013 by David Jacobson in Financial Services, Insurance, National Credit Code

July 12, 2013

Credit reporting code update

Following public consultation, the Australasian Retail Credit Association (ARCA) has lodged an application with the Office of the Australian Information Commissioner for the registration of a new credit reporting (CR) code.

If registered, the CR code will come into effect on 12 March 2014 with the other privacy amendments relating to consumer credit.

The OAIC is currently reviewing the application and the proposed CR code.

The CR Code is a document that is intended to work in practice to apply privacy principles to business operations.

The CR Code will be binding and have legislative effect.

The OAIC has the discretion to:

  • accept the CR Code and register it or
  • modify the CR Code and consult on the new version or
  • reject aspects of the CR Code and seek further modification by the code developer.

The OAIC has published a summary of the credit reporting changes to the Privacy Act.

Print This Post Print This Post

Posted 12th July 2013 by David Jacobson in Financial Services, National Credit Code, Privacy

June 11, 2013

Review of guarantee procedures

The Code of Banking Practice Compliance Monitoring Committee (CCMC) has released its Report of its Inquiry into pre-contractual obligations in relation to guarantees.

The CCMC has made some recommendations to assist with informed decision making by prospective guarantors prior to the execution of a Guarantee and has highlighted areas for bank attention when transitioning to the revised 2013 Code of Banking Practice by 1 February 2014. The 2013 Code contains clauses which are largely the same in the 2013 Code as clause 28 of the 2004 Code.

While the inquiry concluded that banks which participated in its inquiry had appropriate systems and procedures in place to comply with clauses 28.3 to 28.6 of the Code, the Report concluded that banks that only provide general warnings regarding the need for independent legal and financial advice in the Guarantee documentation should review this practice.

The Report identifies good practice as conducting interviews with prospective guarantors to explain the commitments and risks associated with entering a guarantee in addition to requiring customers to seek independent legal and financial advice.

In addition good industry practice suggests that even a prospective guarantor who has received independent advice, should be given at least 24 hours to consider the Guarantee documents prior to signing.

The Code applies to small business transactions as well as regulated consumer credit transactions.

Guarantees play a significant role in the provision of credit, both for personal and business purposes.

In some cases considered by the Financial Ombudsman Service and the courts the level of debt secured by the Guarantee was significant.

Bank obligations fall into four areas:
1. the provision of information, notices and warnings about the rights and responsibilites of potential guarantors and the risks associated with guarantees;
2. the provision of information and relevant documentation regarding the financial position of the borrower;
3. the consideration of this information by the prospective guarantor; and
4. the execution or signing of the Guarantee.

Print This Post Print This Post

Posted 11th June 2013 by David Jacobson in Financial Services, National Credit Code

May 2, 2013

OAIC’s Guide to Information Security

The Office of the Australian Information Commissioner (OAIC) has published a final version of its Guide to Information Security: ‘Reasonable steps’ to protect personal information.

The Australian Privacy Commissioner, Timothy Pilgrim, said that 100% of the high profile investigations he completed in 2011–12 involved data security issues.

Information security obligations for businesses are contained in the National Privacy Principles, the credit reporting provisions in the Privacy Act and the Tax File Number Guidelines.

The guide provides guidance on information security, specifically the reasonable steps entities are required to take under the Privacy Act to protect the personal information they hold.

It provides examples of steps and strategies which may be reasonable for an entity to take.

This could include taking steps and implementing strategies to manage the following:
• governance
• ICT security
• data breaches
• physical security
• personnel security and training
• workplace policies
• the information life cycle
• standards
• regular monitoring and review.

The guide recommends businesses build privacy and information security measures into their processes, systems, products and initiatives at the design stage.

In the amendments that commence on 12 March 2014, the security of personal information is dealt with in APP 11. The obligations in APP 11 are similar to those in NPP/IPP 4. However, APP 11 will require an entity to take reasonable steps to protect personal information from ‘interference’ (eg hacking), as well as from misuse, loss, unauthorised access, modification or disclosure.

Langes can assist you to review your privacy policy to address information security issues.

Print This Post Print This Post

Posted 2nd May 2013 by David Jacobson in Consumer Law, National Credit Code, Privacy, Tax

April 8, 2013

Credit reporting code consultation

The Australasian Retail Credit Association (ARCA) has released for public consultation a draft of the new Credit Reporting Code of Conduct (CR Code).

If approved by the OAIC, the new CR Code will supplement the privacy protection regime set out in Part IIIA of the Privacy Act as amended in December 2012, and will replace the existing Credit Reporting Code of Conduct, that has operated since 1996. It will set out how the Privacy Act Part IIIA provisions are to be applied or complied with.

The CR Code has been designed to:

  • address expectations in Part IIIA or the Explanatory Memorandum;
  • replicate current Credit Reporting Code of Conduct obligations that continue to be relevant given that this Code will be replaced by the new CR Privacy Code;
  • make credit reporting work from a practical perspective;
  • provide some assistance to consumers to understand and interact with the new systems; and
  • address industry uncertainty as to how to interpret aspects of Part IIIA in the interests of consistency of approach within industry.

The CR Code does not encompass all aspects of Part IIIA and so compliance with the CR Code alone will not achieve full compliance with Part IIIA.

The CR Code is being released publicly so that submissions can be received from the public and stakeholder views taken into account as required by Section 26Q of the amended Privacy Act.

The public consultation process closes at 5.00pm on 5 May 2013.

It is expected the finalised draft Code will be lodged with OAIC by 1 July 2013.

Print This Post Print This Post

Posted 8th April 2013 by David Jacobson in Financial Services, National Credit Code, Privacy

February 19, 2013

Credit regulation of small business deferred

The Commonwealth Government has decided that any reforms to small business finance will be deferred. (Background)

This decision is limited to the small business reforms in Phase 2 of the consumer credit reforms.

The draft Bill's provisions relating to credit provided for investment purposes, private lenders who provide credit contracts or consumer leases through an intermediary, short-term and indefinite term consumer leases and anti-avoidance practices will not be deferred.

Print This Post Print This Post

Posted 19th February 2013 by David Jacobson in Financial Services, National Credit Code

February 12, 2013

Final Reminder: Financial Services CPD Seminars

Our next Financial Services CPD Seminars will discuss the Privacy Act amendments relating to direct marketing and credit reporting, with separate Credit Act update sessions for marketers and collections managers.

There will also be a “core” breakfast session specifically for Responsible Managers.

Key Information
* Cost: $550 (incl GST) per person for the whole program
* All sessions bookable separately
* CPD points: 6 points
* Time: 8am – 3pm
* Location: Brisbane, Sydney, Melbourne
* Designed for: Financial Services Managers who wish to stay up to date with all the relevant financial services and credit industry regulatory changes

When and where
Brisbane: Tuesday 19 February 2013
Sydney: Wednesday 20 February 2013
Melbourne: Tuesday 26 February 2013

More information and registration

Print This Post Print This Post

Posted 12th February 2013 by David Jacobson in Compliance, Corporations Act, Financial Services, National Credit Code

December 20, 2012

Consumer credit repayment history information

Under the Privacy Amendment (Enhancing Privacy Protection) Act 2012, licensed credit providers can collect consumer credit repayment history information about individual borrowers from 12 December 2012.

Repayment history information is defined in Section 6V as:

(a) whether or not the individual has met an obligation to make a monthly payment that is due and payable in relation to the consumer credit;
(b) the day on which the monthly payment is due and payable;
(c) if the individual makes the monthly payment after the day on which the payment is due and payable—the day on which the individual makes that payment.

It does not include the amount of any missed payment — only the fact that the borrower made or missed a payment.

It could include payments on a loan or credit card.

From 12 March 2014 licenced credit providers can pass repayment history information on to credit reporting bodies.

Information about any particular payment cannot be held for more than two years from the date it was due.

Repayment history information will not include information about any payment that was due before 12 December 2012.

Print This Post Print This Post

Posted 20th December 2012 by David Jacobson in Financial Services, National Credit Code, Privacy
Older Posts »