Stay in the know
We’ll send you the latest insights and briefings tailored to your needs
Protection of vulnerable customers, combating scams, supporting customers through hardship and managing risks associated with artificial intelligence are key policy areas of government which are likely to influence how credit reporting reforms are shaped. We have examined how broader policy considerations are likely to affect the review of Australia’s credit reporting regime.
Australia’s credit reporting framework is currently under review with the release of the “Review of Australia’s Credit Reporting Framework Issues Paper” (Credit Reporting Framework Issues Paper). The review is holistic, covering the legislative framework and the regulators involved. The review considers the flow on consequences in respect of how consumers, small businesses and credit providers engage with, and benefit from, the regime. See here.
The Credit Reporting Issues Paper raises themes that have direct relevance to strategic and enforcement priority areas for ASIC, the Office of the Australian Information Commissioner (OAIC), Telecommunications Industry Ombudsman (TIO) and energy and water ombudsmen, as well as broader consumer protection priorities of industry and government. This includes how vulnerable customers engage with credit providers, the proper treatment of consumers facing hardship and the implementation of responsible lending frameworks.
As the credit reporting regime of Australia is under review and more sophisticated methods are used to engage with credit data, we have considered some key policy areas and related reform considerations that are likely to influence the ongoing regulation and expectations around credit data.
Protecting financially vulnerable customers is an enduring priority area of many consumer-focussed regulators. For ASIC, it sits across ASIC’s focus on conduct involving predatory lending practices, debt collection misconduct, high-cost credit and small amount credit contracts and consumer leases.
The Credit Reporting Framework Issues Paper recognises that the use of technology and data is evolving and these developments influence community outcomes. The Paper specifically acknowledges that these outcomes can be beneficial to product innovation and “the protection of the most vulnerable customers”.
Supporting vulnerable customers has also been a key focus of recommended reforms to the Banking Code of Practice (BCOP). The November 2021 Independent Review of the Banking Code of Practice Final Report (BCOP Report) included a significant focus on ensuring appropriate care for vulnerable customers and how this could be appropriately supported through BCOP. A number of changes were recommended to BCOP in connection with vulnerable customers.
A recommendation of the BCOP Report that was not implemented in updates to BCOP was Recommendation 42:
Clause 40 should be amended to include that if a vulnerable customer tells their bank about their personal or financial circumstances, subject to the customer’s agreement, the bank will record this information so as to minimise the number of times the customer has to provide this information.
The Recommendation was supported by the Australian Bankers Association (ABA) in principle. However, the ABA has pointed to the Privacy Act as meaning that the adoption of this change would not be permissible:
The ABA notes that banks must comply with the Privacy Act, including obligations regarding the collection, use and maintenance of "sensitive" (including "health") information.
The ABA is currently engaged in the Attorney General's Review of the Privacy Act and, is advocating for changes that would make adoption of this recommendation permissible under the Privacy Act. Should the privacy laws be changed, the ABA will revisit this recommendation. For these reasons the ABA does not propose to amend clause 40 at this time.
In its response, to the Privacy Act Review Report, the Government has agreed to recommendations for the OAIC to issue guidance to help organisations identify vulnerability and know when they can deal with third party representatives. The Government has also supported a recommendation for further consultation in relation to issues and options so that financial institutions can act appropriately for customers experiencing financial abuse or unable to give privacy consents. Draft legislation is expected to be released in August. We expect the industry to be interested in how the drafting of reforms to the Privacy Act are framed to manage the interaction between the Privacy Act, BCOP and the expectations on credit providers and financial institutions engaging with customers experiencing vulnerability.
ASIC enforcement priority – compliance with hardship obligations
ASIC has been vocal that hardship arrangements are a priority area for the regulator. In ASIC’s recent report on financial hardship, the regulator makes clear that its view is that some in the industry are “falling short” in the design and delivery of financial hardship support.
The hardship process prescribed by the National Credit Code is set out in Diagram A. However, ASIC expects that credit providers will meet the prescribed time frame and notice requirements under the National Credit Code in a manner that has regard to the licensing obligation of ensuring credit activities are engaged in efficiently, honestly and fairly. ASIC detailed its view of what this requires in its “Dear CEO” letter of August 2023. This included expectations in respect of engaging with consumers before, during and after the hardship arrangement is agreed, having proactive measures to identify hardship and having in place appropriate resourcing to enable this.
Hardship - National Credit Code time frame
Consumer understanding of hardship arrangements and impact on credit reports
While ASIC and other regulators are keen to ensure that consumers are supported in facing circumstances of hardship, consumers are motivated to ensure that their credit history remains in good standing. Australians understand that their credit report has a powerful role in their ability to obtain credit. As the Australian Retail Credit Association has flagged, consumers may be wary of seeking assistance from financial institutions when faced with hardship on the basis of an expectation that this would affect their credit report. In ASIC’s report on financial hardship, ASIC has stated that it found instances of inconsistencies with how hardship and impacts on credit reports are communicated to consumers by lenders.
With the credit reporting framework consultation exploring community expectations around the role of the credit reporting framework on reducing the risk of financial hardship, we wait to see how the consultation outcomes will engage with the perceived tension between consumers seeking to protect their credit history while facing circumstances of hardship.
Hardship flag – interaction between financial institution and consumer priorities
Previously, credit reports would not have indicated a consumer’s repayment history being affected where repayments were made consistently with a hardship variation. While this is consistent with the pursuit of encouraging and supporting consumers to come forward to times in hardship to seek assistance, it also arguably undermined the purpose of comprehensive credit reporting, providing a somewhat misleading impression of the status of those payments.
This balance between ensuring that the credit report does not provide an inaccurate impression of the consumer’s financial position while also not discouraging consumers to take proactive steps to manage their circumstances was addressed through the introduction of a hardship “flag” in 2022. While the specifics of the hardship arrangement are not included, the flag is intended as a notice to potential lenders to obtain further context in connection with the flag. Recognising that credit reports can create their own risks in connection with a consumer’s vulnerability status, ASIC has also issued a no-action position in respect of reporting certain information on credit reports where reporting information could lead to consumer harm.
Request for feedback – improved outcomes?
The Credit Reporting Issues Paper sought feedback about whether the hardship flag has improved the quality of lending decisions and whether the reporting is dissuading consumers from seeking relief.
As the Credit Reporting Issues Paper notes, Australia’s comprehensive credit reporting regime is intended to support credit providers meet their responsible lending obligations, with a focus on promoting competition and efficiency in the market.
However, mandatory participation in the comprehensive credit reporting framework under the National Consumer Credit Protection Act 2009 (Cth) (NCCP Act) is limited to large ADIs – those with $124 billion or more of assets. This leaves a large portion of Australia’s lending community outside of the mandatory credit reporting framework. The Credit Reporting Issues Paper is seeking views on the expansion of the mandatory credit reporting regime.
Proposed reforms to the NCCP Act and responsible lending obligations will extend the regime to buy now pay later (BNPL) providers. As part of these reforms the role of credit reports in connection with this sector is also in focus. While a modified responsible lending regime is proposed to apply to BNPL providers, the reforms would require a BNPL provider to seek information from a credit reporting body in connection with a potential borrower under the BNPL arrangement. As the explanatory materials to the proposed reforms explains:
“The requirement for an [BNPL] licensee to seek to obtain this other information as part of the [responsible lending] framework is directed at both assessing whether a credit contract will be unsuitable for a consumer and to create a record of credit inquiry (an information request) by that licensee on the consumer’s credit report. This report will indicate to other credit providers that the consumer may have an existing [BNPL] liability, as information requests are part of the information providers must seek to obtain.”
ASIC’s submission on the BNPL reforms identified over indebtedness, missed payments and surcharging as three key areas of harm associated with BNPL arrangements. It is likely that ASIC will focus on responsible lending approaches taken by BNPL providers once a credit licence is obtained, including having regard to the role that credit information plays, or does not play, in the responsible lending framework of BNPL providers. In this context, the consultation on the effectiveness of the comprehensive credit reporting framework in improving lending decisions outside of the BNPL context will be of interest, as BNPL providers prepare for the prospect of implementing credit reporting considerations into their lending practices.
In addition to considering whether BNPL providers should be given access to credit reporting information, the Credit Reporting Issues Paper also looks at a range of other types of entities and scenarios, beyond NCCP Act-regulated lenders. Issues raised include:
With the increasingly complex credit scoring and decisioning models used by credit reporting bodies and credit providers, the Credit Reporting Issues Paper seeks to understand how lenders provide assurance that these scores do not introduce inappropriate bias into credit decisions, e.g. based on gender, age or ethnicity.
Bias has been a key concern with the use of artificial intelligence, and we note that the broader Privacy Act review is also seeking to introduce new requirements relating to automated decision-making involving personal information.
Currently credit reporting bodies are able to impose a ‘ban period’ at consumer’s request, with the effect that the body must not release the consumer’s credit report without express consent for 21 days (or longer by further request). Concerns have been raised that fraudsters are aware of the 21 day period and may wait before making a credit application.
Some credit reporting bodies offer credit monitoring services, but these have inconsistent application depending on whether a ban period applies, and alerts may be given after the fact.
The government’s focus on taking a “whole-of-ecosystem” approach to address scams, you can read more about that focus here. The Credit Reporting Issues Paper seeks to determine how these and other processes can be improved to protect consumers against scams, fraud, identity theft, financial abuse and family violence.
The Attorney General’s consultation on Australia’s credit reporting framework has just commenced. While the Issues Paper closed for submissions on 31 May 2024, this is part of a holistic review of Australia’s credit reporting framework. A report is due to be provided no later than 1 October 2024.
Read together with the enforcement priorities of ASIC and other regulators, and the government’s legislative reform agenda, we expect that the report will have broad interest amongst businesses currently using the credit reporting system, as well as those to which the system may be extended.
The contents of this publication are for reference purposes only and may not be current as at the date of accessing this publication. They do not constitute legal advice and should not be relied upon as such. Specific legal advice about your specific circumstances should always be sought separately before taking any action based on this publication.
© Herbert Smith Freehills 2024
We’ll send you the latest insights and briefings tailored to your needs