A draft Credit Reporting Code (CR Code) was released for public consultation on Friday with comments due by 5 May 2013. This draft supplements, amplifies and clarifies new requirements for handling credit reporting information that will take effect on 12 March 2014 along with several other major changes to the Privacy Act.
Credit providers and others regulated by the CR Code who have not had input on the draft CR Code so far have a very short time to identify the impact it will have on them and make any necessary submissions to the Australian Retail Credit Association (ARCA), the body that is developing the draft CR Code.
From a credit provider's perspective, key features of the CR Code include:
additional disclosures to be made by credit providers when collecting personal information from an individual that they are likely to disclose to a credit reporting body (CRB);
a "safe harbour" for credit provider disclosures to be made on a credit provider's website if certain conditions are satisfied;
restrictions on a credit provider reporting default information to a CRB in certain circumstances where the defaulting individual has made a financial hardship assistance request to the credit provider;
details of what a credit provider must include in a notice of refusal of credit;
detailed rules about individuals' rights to access and correct their credit reporting information or credit eligibility information;
complaints handling mechanisms and membership of external dispute resolution schemes; and
additional definitions to supplement, amplify and clarify new definitions to be included in the Privacy Act of terms like "consumer credit liability information" and "payment information".
Background to the draft Credit Reporting Code and next steps
In December 2012, the Office of the Australian Information Commissioner (OAIC) requested ARCA to develop the CR Code. Following the public consultation that has just commenced, ARCA is scheduled to lodge the draft CR Code with the OAIC by 1 July 2013.
If the draft CR Code is accepted and registered by the OAIC, the CR Code will bind credit providers, CRBs and other specified credit industry participants like mortgage insurers and trade insurers.
ARCA has noted that the draft CR Code has been formulated to:
address expectations made clear in the credit reporting amendments to the Privacy Act or the Explanatory Memorandum;
include provisions that correspond with the current Credit Reporting Code of Conduct (that will be replaced by the CR Code from 12 March 2014);
make credit reporting operate more effectively from a practical perspective (in some instances)
assist consumers to understand the new systems and use them where necessary; and
address industry uncertainty as to how to interpret certain aspects of the new credit reporting provisions in the interests of consistency of approach within the industry.
In addition to the CR Code, it will be necessary for credit industry participants to comply with the Privacy Act regulations dealing with handling of the credit reporting information. These regulations have yet to be released.
Other impacts of the CR Code
From a credit provider's perspective, other impacts of the CR Code include:
- additional details on what a credit provider must do to assist a CRB regarding the integrity of consumer credit-related information;
- clarification of the tests to be satisfied before a credit provider is able to disclose a serious credit infringement to a CRB on the basis of fraud or because the individual cannot be contacted;
- additional restrictions on a credit provider's ability to use information that is sourced from a CRB, to ensure the information is not used for marketing purposes;
- additional restrictions on when a credit provider can request credit reporting information from a CRB, to ensure that a credit provider does not make requests for purposes that go beyond assisting an individual to avoid defaulting on their obligations to the credit provider (this would prevent requests made simply to monitor or check an individual's overall credit worthiness or behaviour);
- requirements for reasonable systems for secure electronic transmission of credit reporting data; and
- restrictions on credit providers nominating eligibility requirements for pre-screening assessments to target high risk customers (rather than for responsible lending).