ASIC has stated that automated credit decisioning software processes need to be rigorously and continually tested to ensure that the licensee who uses them is complying with their responsible lending obligations.

ASIC has announced that lender Nimble Australia Pty Ltd (Nimble) will refund to 7,069 borrowers $1,590,390 (including all establishment fees) after ASIC had concerns that Nimble was failing to meet its responsible lending obligations by using online assessment credit decisioning software with algorithms which did not properly take consumers’ financial information into account.

The borrowers entered into small amount credit contracts with Nimble through its website between 1 July 2013 and 22 July 2015 when some had a negative funds position and there was a statutory presumption of unsuitability under section 131(3A) of the National Credit Act.

ASIC’s investigation found that:

• Nimble had not properly assessed the financial circumstances of many consumers before providing them with loans. In some cases financial information contained in bank statements was not accounted for in the final assessment.
• Nimble failed to consistently recognise when consumers had obtained repeat small amount loans within a short period of time. Even when repeat loans were properly identified, Nimble did not take sufficient or appropriate steps as required by law to rebut the presumption of unsuitability before providing a loan to the consumer.
• Nimble failed to make proper inquiries of consumers’ requirements and objectives, and inquiries that were made were of a general nature and resulted in not enough information for Nimble to fully understand the consumer’s needs.

Nimble’s online application enquiry with respect to the reason for the loan relied on a drop-down menu of four broadly worded options one of which was “temporary cash shortfall”.

As part of its undertaking to ASIC, Nimble is also required to:

• make a $50,000 contribution to Financial Counselling Australia; and
• engage an independent external compliance consultant to review their current business operations and compliance with the consumer credit regime and report back to ASIC.

ASIC acknowledged that Nimble has made significant changes to their system and processes since the ASIC investigation commenced.

Automating credit decisioning: how can assessment software comply?

Guidance on ASIC’s expectations of decisioning software can be obtained from the draft Regulatory Guide attached to CP 254 Regulating digital financial product advice.

To paraphrase CP254, in relation to monitoring and testing algorithms, ASIC expects credit licensees to:

(a) have appropriate system design documentation that clearly sets out the purpose, scope and design of their algorithms. Decision trees or decision rules should form part of this documentation, where relevant;
(b) have a documented test strategy that explains the scope of their testing of algorithms. This should include test plans, test cases, test results, defect resolution (if relevant), and final test results. Robust testing of algorithms should occur before a loan application is first assessed, and on a regular basis after that;
(c) have appropriate processes for managing any changes to an algorithm. This includes having security arrangements in place to monitor and prevent unauthorised access to the algorithm;
(d) be able to control, monitor and reconstruct any changes to algorithms over a seven-year timeframe. Note: A licensee must keep a copy of all quotes, preliminary and full suitability assessments for funded loans and a record of all material that forms the basis of an assessment of whether a credit contract will be unsuitable for a consumer in a form that will enable the licensee to give the consumer a written copy of the assessment if a request is made under section 132 of the National Credit Act within 7 years of the date of the loan.
(e) review and update algorithms whenever there are factors that may affect their currency (e.g. changes in the law);
(f) have in place controls and processes to suspend the online loan assessments if an error within an algorithm is detected; and
(g) have in place adequate resources, including human and technological resources, to monitor and supervise the performance of algorithms through an adequate and timely review of the assessments made.

The compliance of automated credit assessments must be regularly tested. This means that a sample of the assessments should be reviewed by a human adviser for compliance with the responsible lending requirements. The assessment review process should not be a ‘tick-a-box’ exercise. This may involve credit application reviewers considering any additional information, as appropriate, to form a view on the automated assessment. Algorithms should be regularly monitored and tested through periodic and random assessment reviews.