The Government has introduced the National Consumer Credit Protection Amendment (Mandatory Comprehensive Credit Reporting) Bill 2018 into the House of Representatives. Background.
The mandatory comprehensive credit reporting regime requires ‘eligible licensees’ to supply credit information about consumer credit accounts to credit reporting bodies.
Credit information is defined in section 6N of the Privacy Act.
Regulations will set out the circumstances when a credit reporting body can share the credit information supplied through the mandatory regime.
Eligible licensees will initially be large ADIs that hold an Australian credit licence. An ADI is considered large when its total resident assets are greater than $100 billion.
Treasurer Scott Morrison has said the Federal Government does not propose to extend the mandate beyond the major banks at this point in time, as once the major banks begin supplying information, strong commercial incentives will encourage other lenders to participate.
Initial bulk supply of credit information
The initial bulk supply of credit information will be split across two years:
• By 28 September 2018, large ADIs must supply credit information on 50 per cent of the consumer credit accounts within the banking group to all credit reporting bodies the large ADI had a contract with on 2 November 2017.
• By 28 September 2019, large ADIs must supply credit information on the remaining accounts, including those that open after 1 July 2018 and those held by subsidiaries of the large ADI to the same credit reporting bodies as the first bulk supply.
Following the bulk supply of information, large ADIs must keep the information supplied accurate, complete and up-to-date, including by supplying information on subsequently opened accounts. This information must be supplied to credit reporting bodies that received the initial bulk supply and with whom the licensee continues to have a contract under the Privacy Act.
Supervision
The Bill relies on the existing protections established by the Privacy Act and Privacy Code and the oversight of the Australian Information Commissioner to preserve and protect the security and privacy of a consumer’s credit information
ASIC will be responsible for monitoring compliance with the mandatory regime. It has new powers to collect information and require audits to confirm the supply requirements are being met. ASIC can also prescribe the technical standards for the reported credit information.
Reporting of hardship arrangements
The Attorney‑General will be leading a review of the operation of hardship arrangements under the Privacy Act. The review will respond to concerns raised by industry and consumer advocacy groups around how hardship arrangements are treated and will make recommendations on whether reforms are required. The Attorney-General is expected to complete the review by late 2018.