Other aspects of the model

55.183 Stakeholders have raised a number of other matters relevant to a move towards more comprehensive credit reporting. For example, concerns were expressed that, if credit reporting information is to include information about credit accounts that have been closed (as recommended above), regulation needs to include a definition of a ‘closed account’ since there is ‘no general industry practice’.[243] The OPC suggested, in this context, that a credit provider should be required to notify the credit reporting agency, as soon as practicable, that the account has been closed.[244]

55.184 Legal Aid Queensland expressed concern about the timeliness of repayment performance information, especially given its view that the industry struggles to list existing default information in a timely manner under the current regime and that reporting repayment performance information would make it easier for credit providers and debt collectors to ‘use the credit reporting system as a means of pressuring borrowers to repay accounts when there is a question as to liability’.[245]

55.185 The ALRC makes no recommendation with regard to these issues, but observes that they may be appropriate subjects for consideration as part of developing a credit reporting industry code (see Recommendation 54–10).

55.186 In addition, some stakeholders considered that, if Australian law is amended to permit more comprehensive credit reporting, the sharing of this information between credit providers should operate in accordance with the principle of reciprocity. This issue is discussed below.

Reciprocity and compulsory reporting

55.187 In relation to data sharing among credit providers, the principle of reciprocity has been expressed as dictating that ‘data will be shared on the principle that subscribers receive the same credit performance level data that they contribute, and should contribute all such data available’.[246]

55.188 One of the stated aims of ARCA is to improve data standards and consistency, including by promoting the principle of reciprocity.[247] The UK provides one model in this regard. In the UK, the finance industry established the Steering Committee on Reciprocity to develop guidelines on the ‘use and sharing of credit performance and related data on individuals’. This body consists of representatives from credit providers and credit reference agencies and has produced principles of reciprocity that set out the ‘rules for the recording, supply and access of credit performance data’ shared through the credit reporting agencies.[248]

55.189 The principle of reciprocity is closely related to the concept of compulsory reporting—the idea that it should be compulsory for credit providers to report some or all kinds of credit reporting information. The value of credit reporting information may be reduced significantly by the fact that credit providers may ‘pick and choose’ whether information about particular overdue payments or other adverse information is reported. On the other hand, compulsory reporting obligations may interfere with the relationship between a credit provider and its customers—for example, when negotiating a repayment plan with an overcommitted individual.

55.190 Some credit providers supported compulsory reporting as desirable, but not necessarily as a subject appropriate for regulation.[249] Others opposed compulsory reporting because of possible compliance costs for smaller credit providers[250] and telecommunications service providers.[251] In addition, some stakeholders noted that compulsory reporting of default information could prevent negotiated settlements[252] and, by removing discretion in reporting, diminish the effectiveness of important provisions of the Code of Banking Practice, which requires a subscribing bank to try to help customers overcome difficulties with credit.[253]

55.191 Another related concept is that of ‘tiered’ access to credit reporting information, including access for non-credit related purposes, such as debt collection and identity verification. Tiered access can be based on reciprocity, or take other factors into account so that subscribers may obtain some categories of information that they do not provide to the agency. For example, some companies might be permitted to use credit reporting information for identity verification, despite not providing information on their own customers.[254]

55.192 In DP 72, the ALRC noted that credit providers generally support the principle of reciprocity in credit reporting and obligations consistently to report information.[255] Support was not universal, however, and some participants in the existing credit reporting system stated that contributing data to a more comprehensive system should not be compulsory.[256]

55.193 In DP 72, the ALRC concluded that credit providers themselves and their industry associations should take responsibility for deciding how information sharing should proceed within the framework provided by legislation. It would not, therefore, be appropriate for the new regulations to mandate reporting obligations. The ALRC proposed, nevertheless, that the credit reporting industry code should provide for access according to principles of reciprocity.[257]

55.194 This proposal was generally supported,[258] but subject to many qualifications and exceptions. Stakeholders highlighted the complexity of applying reciprocity principles.[259] ARCA stated that the practical implementation of reciprocity is likely to be ‘more complex’ than suggested in DP 72:

To illustrate: as credit providers are from different industries, ARCA believes that a credit provider shares all available information from its particular industry eg a Telco should be able to access all credit reporting information from a different industry eg a bank. ARCA also acknowledges that although there may be limitless variations to the forms of reciprocity, it may for implementation purposes also need to keep the policy relatively simple. As this is only of relevance to industry it is recommended that this is the responsibility of the industry [code of conduct] to manage.[260]

55.195 ARCA also referred to the need for flexibility during the implementation period, so that reciprocity is able to be phased in according to the reporting and other capabilities of credit providers.[261] Similarly, Veda Advantage stated that it supported a system of tiered access ‘whereby [credit reporting agencies] can assess a subscriber’s access to information based on their capacity to meet compliance requirements and the extent of risk they face’.[262]

55.196 GE Money provided detailed views on how principles of reciprocity should be implemented to distinguish between existing and more comprehensive categories of credit reporting information. GE Money submitted that telecommunications companies, for example, should be able to elect to provide and receive only the existing ‘negative’ default information, but not more comprehensive repayment performance information.[263]

55.197 Legal Aid Queensland expressed concern that reciprocity, by requiring all defaults to be reported, would reduce the incentive for consumers and credit providers to negotiate settlements of debts. Further,

There is no evidence from industry, even with the inclusion of better data accuracy and the availability of more comprehensive information, that data scoring will allow those consumers with one default to access mainstream credit. Consequently, if reciprocity is required in relation to credit reporting of negative information, it may in our view result in more consumers accessing fringe credit.[264]

55.198 The Insurance Council of Australia submitted that it would be inappropriate to apply principles of reciprocity in credit reporting to mortgage insurers.[265] Telstra also expressed a range of concerns about reciprocity, which, it stated, may lead to ‘unnecessary disclosure and inflexibility’ and constitute an unnecessary burden on credit providers:

Credit providers require discretion to assess whether disclosure is appropriate in each borrower’s circumstances. They should not be penalised for having and using such discretions sensibly by being denied access to credit reporting. This could ultimately harm the individuals whose personal information is intended to be protected.[266]

55.199 Some stakeholders stated that the ALRC should not take a position on reciprocity at this stage.[267] The Cyberspace Law and Policy Centre submitted that reciprocity ‘is largely a commercial issue for the industry stakeholders’, and any agreement would be likely to require Australian Competition and Consumer Commission authorisation under the Trade Practices Act 1974 (Cth). Therefore, the ALRC should not take a position on ‘whether participation in a centralised credit reporting system should be based on a principle of reciprocity’.[268]

55.200 The OPC supported the view that credit providers and credit reporting agencies should have responsibility for determining how access to credit reporting information is to be managed, and suggested that further research into comprehensive credit reporting include consideration of principles of reciprocity.[269] The Australian Privacy Foundation stated that the ALRC should remain neutral on the issue of reciprocity and should instead ‘endorse principles of tiered access and separate justification for input to and output from credit reference databases’.[270]

ALRC’s view

55.201 Most stakeholders agreed that, in order for more comprehensive credit reporting to benefit the operation of the credit market, reporting by credit providers of the additional data items needs to be as universal as possible. Reporting according to principles of reciprocity may be an important mechanism by which to achieve this aim.

55.202 Beyond the general proposition that, in general, credit providers only should have access to the same categories of personal information that they provide to the credit reporting agency, there lies considerable complexity. Credit providers come from different industries and have different data requirements and capacities to provide data to the credit reporting system. The relative costs and benefits of participation in the credit reporting system differ between classes of credit provider, which may raise competition issues. For these reasons, issues concerning reciprocity, tiered access and compulsory reporting are matters that should be resolved by credit providers and their industry associations, in consultation with consumer groups and regulators, within the framework set by regulation. Once resolved, these matters may be appropriate for inclusion in the credit reporting industry code.

[243]Legal Aid Queensland, Submission PR 489, 19 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[244]Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[245]Legal Aid Queensland, Submission PR 489, 19 December 2007.

[246] Steering Committee on Reciprocity, Information Sharing: Principles of Reciprocity (2003), 3.

[247] Australasian Retail Credit Association, Submission PR 218, 7 March 2007.

[248]Steering Committee on Reciprocity, Information Sharing: Principles of Reciprocity (2003).

[249] Australian Finance Conference, Submission PR 294, 18 May 2007; Institute of Mercantile Agents, Submission PR 270, 28 March 2007; Westpac, Submission PR 256, 16 March 2007; MasterCard Worldwide, Submission PR 237, 13 March 2007; EnergyAustralia, Submission PR 229, 9 March 2007; National Credit Union Association Inc, Submission PR 226, 9 March 2007.

[250] Min-it Software, Submission PR 236, 13 March 2007.

[251] Optus, Submission PR 258, 16 March 2007.

[252] Legal Aid Queensland, Submission PR 292, 11 May 2007.

[253] Banking and Financial Services Ombudsman Ltd, Submission PR 263, 21 March 2007. Optus made a similar point in relation to the Telecommunications Credit Management Code of Practice: Optus, Submission PR 258, 16 March 2007.

[254] Veda Advantage, Submission PR 272, 29 March 2007.

[255]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), [51.132].

[256] AAPT Ltd, Submission PR 260, 20 March 2007; Optus, Submission PR 258, 16 March 2007.

[257]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 51–2.

[258] GE Money Australia, Submission PR 537, 21 December 2007; Veda Advantage, Submission PR 498, 20 December 2007; Australian Credit Forum, Submission PR 492, 19 December 2007; HBOS Australia, Submission PR 475, 14 December 2007; ANZ, Submission PR 467, 13 December 2007; Law Society of New South Wales, Submission PR 443, 10 December 2007; National Australia Bank, Submission PR 408, 7 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007; Australian Finance Conference, Submission PR 398, 7 December 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007; Mortgage and Finance Association of Australia, Submission PR 344, 19 November 2007. Galexia stated that ‘in light of the cost and complexity of developing an industry Code, some further consideration should be given to including reciprocity and data consistency in the Regulations’: Galexia Pty Ltd, Submission PR 465, 13 December 2007.

[259]Legal Aid Queensland, Submission PR 489, 19 December 2007; National Australia Bank, Submission PR 408, 7 December 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007.

[260]Australasian Retail Credit Association, Submission PR 352, 29 November 2007.

[261]Ibid.

[262]Veda Advantage, Submission PR 498, 20 December 2007.

[263]GE Money Australia, Submission PR 537, 21 December 2007.

[264]Legal Aid Queensland, Submission PR 489, 19 December 2007.

[265]Insurance Council of Australia, Submission PR 485, 18 December 2007.

[266]Telstra Corporation Limited, Submission PR 459, 11 December 2007.

[267]Australian Privacy Foundation, Submission PR 553, 2 January 2008; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[268]Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007.

[269]Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.

[270]Australian Privacy Foundation, Submission PR 553, 2 January 2008.