17.08.2010
59.122 Many credit providers are already members of industry-based EDR schemes, notably those involving the BFSO and TIO. Veda Advantage, the main consumer credit reporting agency, also is a member of the BFSO.[142]
59.123 In 2007, the House of Representatives Standing Committee on Economics, Finance and Public Administration considered the operation of EDR schemes in the context of a report on home loan lending. The Committee concluded that EDR schemes ‘appear to be an effective and low-cost mechanism for resolving consumer complaints’.[143] In recommending that the Australian Government regulate credit products, the Committee referred to the fact that membership of an approved EDR scheme is mandatory under the Corporations Act.[144]
Discussion Paper proposal
59.124 In DP 72, the ALRC proposed that the new Privacy (Credit Reporting Information) Regulations provide that credit providers only may list overdue payment information where the credit provider is a member of an EDR scheme approved by the OPC.[145]
Submissions and consultations
59.125 In response to IP 32, stakeholders emphasised the desirability of access to EDR schemes in credit reporting complaint handling.[146] The Consumer Action Law Centre, for example, noted that encouraging EDR in credit reporting complaint handling is ‘consistent with developments in other industry areas, especially related areas such as financial services regulation and more recently, moves to implement such a requirement in the consumer credit arena’.[147]
59.126 Stakeholders generally supported the proposal made by the ALRC in DP 72.[148] The Uniform Consumer Credit Code Management Committee (UCCCMC) stated that the proposal was consistent with the intention of the Ministerial Council on Consumer Affairs to promote consumer access to EDR in relation to credit disputes. Further, the UCCCMC noted that,
in not recommending the establishment of a new specialised EDR scheme to handle credit reporting complaints, the proposal also reflects the current trend towards rationalisation of industry-based EDR schemes.[149]
59.127 The Financial Counsellors Association of Queensland stated:
From our experience, where EDR is working there is a very good chance of a reasonable outcome for the consumer. EDR schemes are only costly to those who choose to disregard due process and push the boundaries of the law.[150]
59.128 A number of industry stakeholders suggested that it would be preferable for EDR schemes to be approved by ASIC, rather than by the OPC (as proposed by the ALRC).[151] The OPC agreed that the new regulations should provide that credit providers only may list overdue payment information where the credit provider is a member of a recognised EDR scheme, but did not support a role for the OPC in ‘approving’ such schemes.
[T]he recognition of an EDR scheme already approved under another statutory basis, such as schemes approved by ASIC under the Corporations Act, would be a very different role to the Office establishing its own separate benchmarks and an overall EDR scheme approval process. The establishment of such an approval process would have significant resource implications for the Office and is not in the Office’s view an appropriate role for it to adopt.[152]
59.129 ARCA stated that, while it agreed in principle with the ALRC’s proposal, it should go further, so that membership of an EDR scheme approved by ASIC is a precondition for participation in the credit reporting system.
This higher threshold is needed to ensure the integrity of the credit reporting process, including data quality, is maintained. To simply restrict default listing ignores the need to maintain the data quality of the other elements of data—which constitute the majority of content for the majority of consumers.[153]
59.130 National Legal Aid agreed with ARCA that the regulations should ‘require all entities having access to credit reporting’ to be members of an EDR scheme that complies with ASIC standards.[154] Legal Aid Queensland stated that the regulations should provide minimum requirements for both internal dispute resolution and EDR, and suggested that standards for EDR should be modelled on the ASIC policy. Further,
Where the credit provider is not currently a member of an EDR scheme because they are not utilities or do not provide a financial service as defined under the Australian Securities and Investment Commission Act 2001 … the credit provider should either join a current financial services scheme or the scheme must meet those minimum standards and be approved by the OPC.[155]
59.131 Stakeholders emphasised that the EDR process should have the power to resolve all aspects of the dispute, not just those involving privacy.[156] Legal Aid Queensland stated that, in its experience, it is often the liability for the debt that is in issue rather than the credit reporting process. It noted that EDR schemes in the financial services sector ‘resolve the issue of liability for credit products even though these products are not financial services for the purposes of the ASIC Act’.[157]
59.132 The AFC opposed the ALRC’s proposal. It stated that, as a matter of principle, membership of EDR schemes should be voluntary—because ‘the evolution of such schemes in the credit area has generally been in the context of self-regulation and voluntary’. Where mandated, such schemes
have usually been for financial products which government has itself mandated (eg occupational superannuation) and/or where the business holds the customers’ money on promise for a future service (eg insurance).[158]
59.133 In the context of credit reporting, the AFC also considered that
the cost of such membership for the smaller subscribers to the credit reporting agencies will act as a deterrent to reporting defaults to the overall detriment of the credit reporting system.[159]
ALRC’s view
59.134 EDR schemes are already a significant feature of credit reporting complaint handling. In particular, many credit providers are members of the BFSO and TIO schemes and Veda Advantage is a member of the BFSO. Industry and consumer groups generally agreed that the use of EDR in the handling of credit reporting complaints should be facilitated.
59.135 In Chapter 49, the ALRC makes recommendations intended to promote the use of EDR schemes in privacy complaint-handling generally. These include a recommendation to amend the Privacy Act to empower the Privacy Commissioner to decline to investigate a complaint where the:
complaint is being handled by an EDR scheme recognised by the Privacy Commissioner; or
Privacy Commissioner considers that the complaint would be handled more suitably by an EDR scheme recognised by the Privacy Commissioner, and should be referred to that scheme.[160]
59.136 In the resolution of credit reporting complaints, it is appropriate that EDR schemes provide the first line of dispute resolution beyond the credit provider or credit reporting agency. Such schemes are funded by industry and have expertise in the commercial environment in which their members operate. The ALRC is concerned also to improve OPC conciliation and determination processes and to address the capacity of the OPC to identify and address systemic issues. Placing more of the frontline complaint-handling burden on EDR schemes should assist in achieving these aims.
59.137 In DP 72, the ALRC proposed that the new Privacy (Credit Reporting Information) Regulations provide that credit providers only may list overdue payment information where the credit provider is a member of an EDR scheme approved by the OPC.[161] The main issues raised by stakeholders in response to this proposal concerned:
what role the OPC should have in approving EDR schemes for the purpose of credit reporting complaint handling; and
whether membership of an approved EDR scheme should be a condition of participation in the credit reporting system.
59.138 As discussed above, some stakeholders have suggested that it would be preferable for EDR schemes to be approved by ASIC, rather than by the OPC.[162] The reasons for this view included that many credit providers are already members of ASIC-approved EDR schemes;[163] and that such schemes are well equipped to deal with aspects of disputes that are unrelated to privacy or the regulation of credit reporting.
59.139 ASIC’s EDR approval policy is stated to apply to ‘any external complaints resolution scheme operating in the financial system that requires or seeks our approval’. The responsibility of ASIC to approve EDR schemes is part of its role as a financial services regulator, and derives from a number of sources, including the licensing of industry participants and approval of industry codes of practice.[164] As noted above, many credit providers are financial services providers and required by the Corporations Act to belong to an EDR scheme approved by ASIC.[165] Some credit providers, for Privacy Act purposes are, however, providers of goods and services on credit and are only involved tangentially with the broader financial system. Such organisations are less likely to be members of ASIC-approved EDR schemes.
59.140 As the privacy regulator, it is appropriate that the Privacy Commissioner have oversight of the adequacy of EDR schemes that handle credit reporting complaints. As discussed in Chapter 49 (in relation to the power of the Privacy Commissioner to decline to investigate a complaint), the use by the ALRC of the term ‘approved’ was not intended to indicate that the OPC would need to establish its ‘own separate benchmarks and an overall EDR scheme approval process’.[166] To make this clear, the recommendation should refer to Privacy Commissioner ‘recognition’, rather than approval, of EDR schemes.
59.141 In the context of credit reporting complaints, the Privacy Commissioner can be expected to recognise EDR schemes already approved by ASIC under the Corporations Act and those with another statutory basis, such as the TIO.[167] More broadly, the Privacy Commissioner could recognise schemes that are certified by an independent third party as complying with the ASIC standards[168] and other similar instruments.
59.142 Some stakeholders suggested that membership of an EDR scheme should be a precondition to any participation in the credit reporting system, rather than to only the listing of overdue payment information.
59.143 The ALRC does not agree with this alternative approach. Dispute resolution is needed most in relation to credit reporting information that is adverse to, and may have serious consequences for, the individuals concerned. Membership of an EDR scheme can be expensive. The compliance burden may not justify imposing EDR obligations on credit providers who may, for example, wish to obtain credit reporting information in order to help decide whether to provide goods or services on credit, but do not list defaults.[169]
59.144 The ALRC recommends that the new regulations should provide that credit providers may only list overdue payment or repayment performance history where the credit provider is a member of an EDR scheme recognised by the Privacy Commissioner. As described in Recommendation 55–2, repayment performance history means information indicating whether, over the prior two years, an individual was meeting his or her repayment obligations as at each point of the relevant repayment cycle for a credit account; and, if not the number of repayment cycles the individual was in arrears. While repayment performance history will often be ‘positive’ in terms of the perceived credit worthiness of the individual concerned, where payments are late it is similar to overdue payment information—that is, default listings under current s 18E(1)(b)(vi) of the Privacy Act.
Recommendation 59-7 The new Privacy (Credit Reporting Information) Regulations should provide that credit providers only may list overdue payment or repayment performance history where the credit provider is a member of an external dispute resolution scheme recognised by the Privacy Commissioner.
[142] Other credit reporting agencies are not members of an EDR scheme.
[143]Parliament of Australia—House of Representatives Standing Committee on Economics Finance and Public Administration, Home Loan Lending: Inquiry into Home Loan Lending Practices and the Processes Used to Deal with People in Financial Difficulty (2007), 48.
[144]Ibid, 48–49, rec 2.
[145]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 55–6.
[146] Legal Aid Queensland, Submission PR 292, 11 May 2007; ANZ, Submission PR 291, 10 May 2007; Queensland Law Society, Submission PR 286, 20 April 2007; N Waters—Cyberspace Law and Policy Centre UNSW, Submission PR 277, 3 April 2007; Australian Privacy Foundation, Submission PR 275, 2 April 2007; Consumer Action Law Centre, Submission PR 274, 2 April 2007; National Legal Aid, Submission PR 265, 23 March 2007; Banking and Financial Services Ombudsman Ltd, Submission PR 263, 21 March 2007; Westpac, Submission PR 256, 16 March 2007; Consumer Credit Legal Centre (NSW) Inc, Submission PR 255, 16 March 2007; MasterCard Worldwide, Submission PR 237, 13 March 2007; GE Money Australia, Submission PR 233, 12 March 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 232, 9 March 2007; Energy and Water Ombudsman NSW, Submission PR 225, 9 March 2007; Australasian Retail Credit Association, Submission PR 218, 7 March 2007.
[147] Consumer Action Law Centre, Submission PR 274, 2 April 2007. In 2006, the Victorian Government stated that it supports legislating to require all providers of consumer credit in Victoria to subscribe to an alternative dispute resolution scheme: Victorian Government, Government Response to the Report of the Consumer Credit Review (2006), 15.
[148] Australian Privacy Foundation, Submission PR 553, 2 January 2008; GE Money Australia, Submission PR 537, 21 December 2007; Optus, Submission PR 532, 21 December 2007; National Legal Aid, Submission PR 521, 21 December 2007; Uniform Consumer Credit Code Management Committee, Submission PR 520, 21 December 2007; Office of the Privacy Commissioner, Submission PR 499, 20 December 2007; Veda Advantage, Submission PR 498, 20 December 2007; Cyberspace Law and Policy Centre UNSW, Submission PR 487, 19 December 2007; Banking and Financial Services Ombudsman, Submission PR 471, 14 December 2007; Law Society of New South Wales, Submission PR 443, 10 December 2007; National Australia Bank, Submission PR 408, 7 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007; Australian Finance Conference, Submission PR 398, 7 December 2007; Financial Counsellors Association of Queensland, Submission PR 371, 30 November 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007.
[149]Uniform Consumer Credit Code Management Committee, Submission PR 520, 21 December 2007.
[150]Financial Counsellors Association of Queensland, Submission PR 371, 30 November 2007.
[151]GE Money Australia, Submission PR 537, 21 December 2007; Veda Advantage, Submission PR 498, 20 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007.
[152]Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.
[153]Australasian Retail Credit Association, Submission PR 352, 29 November 2007.
[154]National Legal Aid, Submission PR 521, 21 December 2007. See also Consumer Credit Legal Centre (NSW) Inc, Submission PR 255, 16 March 2007; Consumer Credit Legal Centre (NSW) Inc, Credit Reporting Research Report (2007), rec 19.
[155]Legal Aid Queensland, Submission PR 489, 19 December 2007, referring to Australian Securities and Investments Commission, Approval of External Complaints Resolution Schemes: ASIC Policy Statement 139, 8 July 1999.
[156]National Legal Aid, Submission PR 521, 21 December 2007; Legal Aid Queensland, Submission PR 489, 19 December 2007.
[157] Legal Aid Queensland, Submission PR 489, 19 December 2007.
[158]Australian Finance Conference, Submission PR 398, 7 December 2007.
[159]Ibid.
[160] Rec 49–2.
[161]Australian Law Reform Commission, Review of Australian Privacy Law, DP 72 (2007), Proposal 55–6.
[162]GE Money Australia, Submission PR 537, 21 December 2007; Veda Advantage, Submission PR 498, 20 December 2007; Dun & Bradstreet (Australia) Pty Ltd, Submission PR 401, 7 December 2007; Australasian Retail Credit Association, Submission PR 352, 29 November 2007.
[163]Australasian Retail Credit Association, Submission PR 352, 29 November 2007.
[164]Australian Securities and Investments Commission, Approval of External Complaints Resolution Schemes: ASIC Policy Statement 139, 8 July 1999, [RG 139.14].
[165]Corporations Act 2001 (Cth) s 912A(2)(b).
[166] As stated by the OPC: Office of the Privacy Commissioner, Submission PR 499, 20 December 2007.
[167]Telecommunications (Consumer Protection and Service Standards) Act 1999 (Cth).
[168] Australian Securities and Investments Commission, Approval of External Complaints Resolution Schemes: ASIC Policy Statement 139, 8 July 1999.
[169] The separate issue of reciprocity of data sharing between credit providers is considered in Ch 54.