32nd Annual Credit Law Conference - Regulatory Update
Speech by ASIC Commissioner Sean Hughes to the 32nd Annual Credit Law Conference, 12 October 2022.
Check against delivery
Thank you for that warm introduction. It is always a pleasure being a part of the Annual Credit Law Conference, and doubly so when being able to attend in person.
It is always important for a regulator such as ASIC to be open about its intentions and for us to hear your feedback as to our performance and priorities.
Before I commence, I would like to begin by acknowledging the traditional owners and custodians of the lands on which we meet today, the Yugambeh language region. And to pay my respects to their elders past, present and emerging. I extend that respect to Aboriginal and Torres Strait Islander people present today.
As our collective day-to-day begins to settle after two years of disruptions, a new – but not unrelated – set of challenges now demand our attention. Growing in the undercurrent of uncertainty that was the global response to COVID-19, these demands have gradually been revealing themselves this past year.
In brief, these are the growing perpetration of scams against consumers; the rise of cost-of-living pressures for consumers; and the impacts of new obligations commencing during the pandemic.
Fortunately, they are being faced head on. The organisations present here today, their customers, and regulators continue to navigate problems and work together to determine appropriate solutions.
Some issues were outlined in our recent Corporate Plan and its eight core strategic projects – four of which I will detail throughout my address:
- The growth of scams and strategies to disrupt them;
- Improving the reportable situations regime;
- Work on the Financial Accountability Regime; and
- Supervision of design and distribution obligations.
Other challenges I will address relate directly to this audience and the sectors you represent.
During the pandemic we saw banks and other lenders stepping up to improve their hardship arrangements for customers in need. With the continuing rise in interest rates, I hope to outline both the progress we have witnessed as well as the expectations we continue to hold.
Throughout my address, I will highlight cases of misconduct and consumer harm we continue to strive to stop. And, to close, there are a couple of initiatives we expect movement on as we approach 2023.
For now, allow me to begin with ASIC’s key projects.
It would be remiss of me not to start with a mention of the cyber security issues which have been at the forefront of media and community attention in the past month.
Last month, Optus initially reported a cyber-attack that resulted in a data breach of up to 9.8 million customer records. The information may include customers’ names, dates of birth, phone numbers, and email addresses. For a subset of customers – additional personal data was stolen, including addresses and ID document details, such as driver's licences, Medicare numbers, or passport numbers. There is a risk that this information may be used to commit identity theft and fraud.
Whether you have been personally affected or not, it is clear that vulnerability – not gullibility – is a key factor in Australian consumers’ exposure to scams.
Sadly, it’s not unrealistic to say that there is a scam tailored and ready to affect each and every one of us. At the same time, the challenge and value of collecting and storing data has grown exponentially and the implications of our data storage and protection procedures are now appropriately under question.
Our vulnerability to scams continues to escalate year on year. Last year saw Australians lose a record $2 billion to scams. That’s $2 billion of harm perpetrated on Australians. Young parents, first home buyers, sole-traders, investors, their pay-packets and savings: all gone.
If one positive is to emerge from these experiences, it is that being unified in our vulnerability, means we ought to be unified in our development of effective and timely solutions. ASIC has commenced a project that seeks to understand the practices adopted by authorised deposit-taking institutions.
We are currently engaging with several banks to look at their scam detection, identification, and prevention. It is pleasing to say that many banks have sophisticated scam detection systems in place already, but further improvement is needed to address ever more clever scamsters. One element being debated is the issue of liability for loss, and compensation for customers who have suffered financial loss from scams. We will review policies and data from a number of ADIs with varying risk profiles beyond just the major banks, such as smaller ADIs and digital only banks. This is being done with the intention of providing commentary on better practice and areas for improvement. ASIC anticipates publishing findings of the project and sharing insights on a real-time basis as appropriate.
It is evident from what I have said that scams are an area where our corporate allies are key. Stakeholder bodies such as the ABA and COBA are part of regular discussions on tackling the issue. Independent bodies such as Australian Payments Plus and Aus PayNet are part of quarterly liaison meetings with the RBA and ACCC. The purpose of these meeting is to specifically discuss initiatives to mitigate scam losses.
Over the last few months, we have met regularly with digital platforms – including Google – to discuss advertising of financial products. And limiting advertising on Google’s site to only Australian licensees (or those who are legitimately exempt) is a good step in the right direction. And we have worked with the ACCC to trial a service that takes down fraudulent websites. The trial was very successful, and we are working with third-party service providers to digitally disrupt investment scams.
The size and scale of the problem is immense, but ASIC is committed to using innovative, data-driven approaches to enable early intervention, disrupt and deter fraudulent behaviour and minimise losses for consumers. However, we alone cannot prevent scams, nor can we ever attempt to recover all losses once they occur – especially and particularly where the source of the scam is outside our legal or geographical jurisdiction.
Reportable situations (Breach reporting)
Moving to other work…
As you will all be aware, the reportable situations regime commenced in October of last year. And as we are aware, many have faced challenges in its implementation. But I am here to reinforce ASIC’s commitment to the successful adoption of the reportable situations regime.
The data provide by these reports are a critical source of intelligence to enable ASIC to identify emerging trends of non-compliance across the industry. This, in turn, allows for the detection of significant non-compliant behaviours early, facilitating prompt regulatory action where appropriate. ASIC will publish details about reportable situations as a way to enhance accountability and provide an incentive for improved behaviour.
In undertaking this work, ASIC acknowledges the significant investment made across industry in the implementation of the reforms to date and will seek to minimise further impacts. We have commenced a comprehensive plan to ensure the reportable situations regime meets its objectives for ASIC, industry, and consumers. ASIC will continue to engage with industry on reporting practices adopted by licensees to further understand any issues that are placing an unnecessary compliance burden on industry. Specifically for this audience, we are engaging with the ABA, COBA, AFIA, the Mortgage and Financial Association of Australia, the Finance Brokers’ Association of Australia, and others to identify areas for improvement across the regime.
Ultimately, this work will solidify clear expectations for compliance and design common sense solutions to ensure the consistency and quality of reporting. Such consistency will improve the efficiency of our data collection and analysis. ASIC will continue to engage with Treasury on how the regime is meeting its policy objectives.
Financial accountability regime
The third core strategic project I would like to outline is the intentions surrounding the Financial Accountability Regime – or simply the FAR.
The FAR Bill was re-introduced into the House of Representatives on 8 September and passed to the Senate which referred it to the Economics Legislation Committee for inquiry and report by 20 October 2022. The Bill has bipartisan support. Given the Parliamentary calendar this year, it is not now expected to have a final reading until after the October Budget sittings.
The FAR is designed to improve the risk and governance cultures of entities across banking, insurance, and superannuation sectors. It is designed to do this by imposing on the financial institutions a strengthened responsibility and accountability framework. This will ensure that their most senior and influential executives are held accountable for their decisions and conduct – which have the potential to significantly affect both every-day Australians and our economy. This will increase transparency and accountability across these sectors—in relation to both prudential and conduct related matters.
Following consultation with regulators and industry, the government has agreed to extend the previous Banking Executive Accountability Regime (BEAR) in a number of different areas.
The first was to encompass all financial service institutions regulated by APRA. So, the FAR will (at the end of the proposed transition period) apply to authorised non-operating holding companies of authorised deposit-taking institutions, insurance entities, and superannuation entities.
Second, this regime aims to improve not only the accountability standards in regulated entities, but also drive reforms in operating culture, and reinforce the standards of conduct expected by the Australian community. As I mentioned, this means that directors and the most senior of executives will be held accountable for their decisions and conduct.
Third, this strengthened and broadened accountability regime is being jointly implemented by APRA and ASIC and will also be co-administered by both regulators operating in close consultation and collaboration. Both regulators are committed to efficient and effective co-administration. Where possible, administrative processes will be streamlined, including through the establishment of one central portal for regulated entities to submit their accountability registrations, statements, and maps.
Each of these three elements are vital for restoring trust in the financial system.
Design and distribution obligations
The last of ASIC’s core projects I will outline are the Design and Distribution Obligations – or DDOs – which also commenced in October of last year. DDOs have been a gamechanger for the regulation of financial product design and distribution. Selling products now requires clear consideration of customer objectives, financial situations, and needs.
These obligations are unabashedly about protecting consumers’ interests and reducing the risk of harm caused by poor design, distribution, and marketing. They also mark a very deliberate move away from a consumer protection framework which relied heavily on disclosure as a harm mitigation, with the onus on the reader to comprehend and assess its risk.
Given the amount of time that has passed, ASIC has now shifted its focus from “facilitating implementation” to “active supervision and enforcement”.
Target market determinations (TMDs) are a vital tool because they set the product governance controls that ultimately flow through to distribution. It is important that issuers ensure their target markets are sufficiently granular, having regard to the key features and attributes of their products. With that in mind, ASIC has three specific pieces of work underway that are relevant for you all.
Our first project looks at improving credit card outcomes for consumers. We began having discussions with credit card providers last year to set expectations that they address consumer harms in their target market determinations.
We noted a key feature of the DDO requirements is to demonstrate the product features are appropriate having regard to consumers’ objectives, financial situation and needs. In addition, we would expect review triggers to reflect where the product may not be performing as expected, for example, if defaults or cancellation rates increase.
This month we will be reaching out to credit card providers to let them know that we will collect data from them around problematic debt, including any proactive steps providers are taking to prevent consumers getting into these situations. This approach is similar to two reports ASIC previously released into Credit card lending in Australia – reports 580 and 604.
In seeking such a substantive amount of data, we expect to be able to identify any poor product design leading to poor outcomes. However, this is not only an exercise for us. We expect credit card providers - with access to the same information - to use this material to better inform their design and distribution of credit cards, and – by extension – improve the quality of outcomes for consumers.
I encourage open and constructive participation in this work dedicated to the improvement of credit services for Australian consumers.
Related to this work is an initiative looking into small amount credit contracts. Prior to the introduction of DDO last year, ASIC met with issuers of small amount credit contracts to discuss these obligations and assess their preparedness for the new regime.
As with credit cards, we reviewed draft TMDs to determine if they were likely to be compliant with the new legislative requirements. Following the introduction of the obligations, we continued to monitor and liaise with SACC issuers to assess and discuss whether their TMDs are meeting expected standards.
ASIC’s intervention has already led to improvements in individual TMDs. SACC issuers continue to be under periodic review to assess whether their target market determinations remain appropriate, and whether the findings of their periodic reviews are in line with what the data demonstrates.
On a minor, but related, tangent: SACCs have been an ongoing point of interest for ASIC. Notably, throughout 2020, ASIC undertook a targeted review of small amount credit contracts market participants.
Our review examined the fees charged with these small loans and whether the fees were permitted under the Credit Act. This project was especially important during the COVID-19 pandemic, noting the high cost of these loans and the financial vulnerability of consumers who often need them.
ASIC launched civil penalty proceedings against Ferratum Australia in 2021 for allegedly charging prohibited fees and overcharging consumers who paid off loans early. These activities breach the Credit Act. We were particularly concerned that the alleged conduct harmed consumers with low incomes and low bank account balances.
This year, we took further enforcement action resulting from our review, with civil penalty action against Sunshine Loans. We allege Sunshine Loans collected over $320,000 in fees which it was prohibited from charging, such as fees when consumers sought to reschedule or amend the payments of their contracts.
ASIC has taken on both cases to ensure that credit providers comply with the Credit Act, and we will be seeking Court orders and penalties if we are successful in the proceedings.
Buy Now, Pay Later
The third of our current suite of DDO projects is our continued monitoring of developments in the buy-now, pay later industry, including new entrants offering the standard BNPL service.
We are also undertaking reviews of other alternative credit products services – such as wage advance – which I will come back to shortly.
ASIC is reviewing the product governance arrangements of a number of BNPL providers, including a review of how their target market determinations were developed, and the data and metrics that inform their review triggers. We will continue to collect data from providers to test whether their TMDs are and remain appropriate.
Further, ASIC will assess triggers to ensure they reflect product performance. Such triggers could include whether there is a particular cohort of consumers who are incurring repeated missed payment fees and for whom the product may not be appropriate.
We expect to conclude the project and finalise our findings next year. We will be making a public statement on the outcomes of this review.
Review of Wage Advance Products
Bridging the gap between buy now, pay later and small amount credit contracts is a service growing in popularity within Australia, commonly referred to as wage advance.
In addition to the DDO work surrounding BNPL, ASIC has conducted a review of the emerging wage advance, or pay on demand, industry focusing on providers who market their products directly to consumers. As this sector has emerged over the last couple of years, ASIC’s priority has been on ensuring that providers are aware of their design and distribution obligations and are complying with the terms of any licensing exemptions they rely upon.
Wage advance providers generally offer loans to consumers under the short-term credit exemption in the National Consumer Credit Code.
Following targeted ASIC surveillances, two wage advance providers ceased charging fees which ASIC was concerned were being charged in excess of the cost limitation in the short-term credit exemption. One entity refunded nearly 900 consumers approximately $33,500 in default and collection fees. Another provider agreed to remove default fees from around 1900 consumer accounts.
ASIC will continue to take action where it considers consumers may be charged fees that are in excess of exemption caps or are otherwise not permitted.
Keeping with this theme of protecting vulnerable consumers and improving outcomes for consumers I would like to highlight two areas of specific interest to all of you present here today, beginning with hardship arrangements.
With rising cost-of-living pressures, some consumers may be struggling to meet repayments on their debts, including credit cards, personal loans and home loans. I would like to remind lenders of their obligations to support consumers who are finding it difficult to make ends meet.
The response we saw from lenders during the pandemic was a positive step and we encourage lenders to keep thinking about how they can better support their consumers, in particular through tailored solutions which usually start with a conversation about needs, objectives and circumstances. This is especially true as household budgets continue to feel pressure. We all share a goal of ensuring that consumers access the right support to manage their financial and other obligations. Good hardship practices include elements such as:
- Having processes to identify consumers experiencing - or likely to be at risk of experiencing - financial difficulties;
- Making at risk consumers aware of available support that may assist them;
- Having processes that are easy for consumers to navigate and understand; and
- Being flexible through the offering of tailored assistance that genuinely addresses their needs.
Also, for consumers with home loans currently fixed at a low interest rate, some may find it difficult to make changes to their household budget to manage larger mortgage repayments after their fixed term expires. It is important that home lenders:
- Engage with consumers early about the expiry of their fixed rate term so as to ready them for a change in repayments,
- Ensure communications are clear so that consumers understand their options and can make good, informed decisions, and finally
- Promote hardship assistance and support options that may be available to consumers.
Product intervention powers
I also draw your attention to ASIC’s use of our product intervention powers. In July, we reinforced consumer protections by prohibiting the provision of unlicensed short-term credit and continuing credit contracts which involve unreasonably high fees charged to retail clients, in excess of the cost caps in the Credit Act.
This latest product intervention follows a series of proceedings between ASIC, Cigno and BHF Solutions Pty Ltd. In September 2020, ASIC commenced proceedings against Cigno and BHF Solutions seeking declarations and injunctions alleging that both companies had engaged in unlicensed credit activities in contravention of the National Credit Act in relation to their continuing credit product. In June 2022, ASIC was successful in its appeal before the Full Federal Court, which reversed Cigno and BHF Solutions’ appeal to the Federal Court in June 2021.
ASIC continues to monitor the short-term credit and continuing credit contracts markets and will take further regulatory and enforcement action as necessary, to address the risk of significant detriment and harm arising from the design and operation of these or similar products.
Let me now look forward and outline our future initiatives relevant to this audience.
In July, the government announced that it will be consulting with key stakeholders on the regulation of buy now, pay later, as well as other forms of credit that rely on the same exemptions. We are working closely with Treasury and ASIC continues to monitor developments in the BNPL industry.
We encourage all interested participants in this market to engage with the consultation process where possible.
The Financial Sector Reform Bill 2022 was introduced into the Parliament on 8 September and passed through the House of Representatives on 28 September. It is currently under review by the Senate Standing Committee on Economics which is due to report on the outcome of its Inquiry in the coming weeks. Schedule 4 of this Bill proposes many reforms to the consumer credit law, enhancing protections for consumers of small amount credit contracts and consumer leases.
ASIC supports further measures to reduce harm for financially vulnerable consumers who use small amount credit contracts and consumer leases. If the proposed reforms are passed, ASIC will administer the laws including through its surveillance and enforcement activities. We will consider further guidance where we think it is necessary.
In closing, as the pandemic lifts, both its residual impact, and other geo-political and economic clouds cast a shadow over the financial system.
I would hope my address today has demonstrated our commitment to continue to use the full suite of our regulatory tools to help prevent and effectively respond to wrongdoing and harm – especially wherever it undermines trust and confidence in the financial system. For ASIC, this aspiration remains unchanged – to ensure confidence in a financial system that – even under stress – can remain fair, strong and efficient.
Your clients, and their trust and confidence in our system, is what will help rebuild our economy from the shocks of the past two years.
I encourage your ongoing, proactive and constructive engagement with us at every opportunity. We share a common desire for consumers (which includes each of us) to trust their providers, to have confidence in their products and services and to see fair value and appreciable benefits in what they receive.