Regulatory update at 33rd Annual Credit Law Conference

Check against delivery

Good afternoon everyone. It’s a pleasure to be here with you at the 33rd Annual Credit Law Conference.

As Australia’s conduct regulator for consumer credit, this forum is an important opportunity to speak to representatives from across the sector. So, I thank you for having me and look forward to any questions you may have at the end.

Before I begin, I would like to acknowledge the traditional owners and custodians of the land on which we meet today, and to pay my respects to their elders past, present and emerging. I extend that respect to Aboriginal and Torres Strait Islander people present today.

The organisations represented in this room play an important role in our economy – and in the lives of everyday Australians. Yet, as we are all acutely aware, among the many millions who benefit from credit, an increasing number are struggling to keep their debts under control.

This is not a situation any of us want to see. Not regulators. Not lenders. Least of all, borrowers.

In light of this, your sector – you, your colleagues, your peers and your competitors – have a critically important challenge in hand. But a challenge you have risen to before – and in the recent past.

Just as, during the pandemic, we saw banks and lenders stepping up to support customers in need, you are once again being called on to do the same.

This is as much ASIC’s challenge as it is yours. And I will talk more about our approach to financial hardship shortly – as one of a number of priorities for us in the coming year. I will also touch on some of the work ASIC is doing to achieve these priorities. Along with related regulatory developments and initiatives relevant to this audience.

What are ASIC’s priorities within the consumer credit sector?
Improving consumer outcomes is an enduring objective for ASIC. In particular, over the coming year, this will mean sharpening our focus on protecting financially vulnerable consumers, especially those in hardship. And, ultimately, preventing more consumers from falling into hardship in the first place.

A focus on financial hardship
First to financial hardship. Just under two months ago, ASIC published an open letter calling on lenders to ensure they are adequately supporting customers experiencing financial hardship. In it, we set out several areas that lenders should focus on to ensure they meet their obligations.

These include:

Proactively communicating how and when customers can seek assistance – and making it easy to do so,
Ensuring customer-facing staff are trained and have procedures in place to help them identify when a customer might be experiencing hardship,
Genuinely considering a customer’s individual circumstances to develop sustainable solutions, where possible, and
Communicating regularly with customers throughout the assistance period.
The letter was also sent to the CEOs of 30 of the nation’s largest lenders. We will also be collecting information from these lenders relating to financial hardship applications.

Additionally, we have begun a review of 10 large home lenders to understand their approach to financial hardship. We expect to publish our findings in early to mid-2024.

As well as reminding lenders of their hardship obligations, we will not hesitate to take enforcement action where we find non-compliance.

In September, ASIC commenced civil penalty proceedings in the Federal Court against Westpac for allegedly failing to respond to customers’ hardship notices within the required 21-day timeframe. In February, ClearLoans was fined $6 million for financial hardship misconduct and other beaches of the Credit Act, during the pandemic.

Financially vulnerable credit consumers
In today’s uncertain economic environment, more people may become the target of predatory lending practices, especially those on lower incomes.

ASIC will take action – including enforcement action – to protect vulnerable consumers from this form of misconduct and other poor practices across the credit sector. From the unlicenced, fringe operators to the established entities.

This month, we commenced civil penalty proceedings against Cigno Australia and BSF Solutions for allegedly providing credit without a licence. This follows our successful action against the two companies in July – in relation to a different lending model – in which the Federal Court found they had engaged in credit activities without holding an Australian credit licence.

In these challenging times, we also know that those under financial pressure are more likely to turn to higher-cost and/or higher-risk products. Such as small amount credit contracts, consumer leases, short-term credit facilities, continuing credit contracts – and buy now, pay later.

We will be closely monitoring compliance with consumer protections for small amount credit contracts and consumer leases. We are also seeking to extend our product intervention orders for some short-term credit facilities and continuing credit contracts.

I will discuss these in turn. But, first, to one of the year’s headline developments: the regulation of buy now, pay later products.

Buy now, pay later
In May, the Australian Government announced it will regulate buy now, pay later services as credit products. ASIC will work closely with Treasury to implement its regulatory framework – which is expected to come into force in 2024.

The new regulations will require providers to hold a credit licence and comply with the Responsible Lending Obligations, under the Credit Act.

They will also need to adhere to statutory dispute resolution and hardship requirements. These are two issues of concern, identified through the Government’s consultation – and borne out in our research.

Based on data ASIC collected between January 2020 and March 2022, one in five buy now, pay later users surveyed reported experiencing financial stress. Given there are an estimated 7 million active buy now, pay later accounts in Australia, this is not an insignificant figure.

The new regulations will give ASIC strong enforcement powers – and expand the range of actions available to us.

This will allow us to take more targeted action in a wider range of scenarios where consumers are at risk of harm. This includes suspending or cancelling licences, banning individuals, and commencing civil and criminal proceedings for a wider range of poor conduct.

My colleague Nathan Bourne will be discussing this topic in more detail at tomorrow’s buy now, pay later roundtable.

Small amount credit contracts and consumer leases
Consumers entering into small amount credit contracts and consumer leases are often experiencing financial hardship – and poor conduct compounds that hardship.

New consumer protections relating to these products received Royal Assent in December last year.

These reforms strengthen existing consumer protections including by:

Establishing a cost cap on consumer leases, and
Introducing separate protected earnings regimes, limiting repayments to a maximum of 10% of a consumer’s net income.
We have been engaging with industry to help them understand the new laws and will take action to address non-compliance.

In September, the Federal Court found that Ferratum Australia – now in liquidation – charged prohibited fees and overcharged customers on small amount credit contracts.

ASIC pursued this matter because of the clear harm to consumers, many of whom were vulnerable. In ASIC’s view, there should be a reduction over time in the level of lending to these consumer cohorts.

To do that, lenders should be clear about their target market. But, critically, they should also be clear about who is excluded from that target market. Such as those who are likely to default on their contract or have recently defaulted on other debts or made consistently late payments – and those in a debt spiral, who repeatedly use these loans to supplement their income or meet everyday expenses.

Short-term credit facilities and continuing credit contracts
When provided in conjunction with high-cost services, these products can – and have – resulted in significant detriment to retail customers.

On that basis, ASIC issued product intervention orders for two products in July 2022. With these orders due to expire in January 2024, we are now seeking an extension – and have recently consulted on our proposals.

In ASIC’s view, these product intervention orders provide important protection from predatory lending practices – by preventing credit providers and associates from charging retail customers unreasonably high fees. Fees which exceed the caps imposed by the National Credit Code.

We will provide public updates on the result of our consultation in the next couple of months.

Product design and distribution
Moving now to product design and distribution. As well as our immediate focus on protecting financially vulnerable consumers and those in hardship, ensuring compliance with the design and distribution obligations remains critical to promoting responsible lending.

These obligations require clear consideration of customer objectives, financial situations, and needs – and this has been a game-changer.

DDO is now well established, and ASIC will move to more quickly to disrupt poor practice and prevent poor consumer outcomes.

In December, we commenced proceedings in the Federal Court against American Express in our first civil penalty case alleging breaches of DDOs. Our concerns relate to the distribution of American Express credit cards through David Jones stores.

The DDO stop orders are now a go-to regulatory tool for ASIC – and, in the last financial year, we issued close to 80. Importantly, this year, we have expanded our DDO focus to include ‘credit-like’ products. In February, we issued an interim stop order on One Card Credit’s Scorebuilder and Safetynet loan product, a credit for rent product, because of deficiencies in its target market determination. In May, we issued a further interim stop order preventing Humm from issuing a buy now, pay later product.

Target market determinations
Target market determinations (TMDs) are a key component of the DDOs. These documents describe what products are suitable for which consumers – and set the governance controls for their distribution.

Businesses should be updating their TMDs on a regular basis – and there is a need for improvement in a number of areas. As such, lenders can expect closer scrutiny of their TMDs in the coming year.

We will also increase our surveillance focus on compliance with the ‘reasonable steps’ obligations. That is, the actions taken to ensure products are distributed in line with the TMDs.

In December, we outlined the findings of our sector review of small amount credit contracts. These findings, together with the DDO guidance we issued, are critical tools for industry to better understand ASIC’s DDO focus areas. We are pleased to see that many small amount lenders have improved their target market determinations, in response to our interventions.

We also reviewed the product governance arrangements of a number of buy now, pay later providers, in which we identified four key areas for improvement.

These included the need for:

Clear descriptions of the key attributes of products and how they are appropriate for consumers; and
Setting review triggers that are specific and based on objective measures.
We will publish similar guidance for credit card issuers next year. Alongside this, we have been collecting data from credit card issuers to assess compliance with their DDO obligations and identify opportunities for improving consumer outcomes, including through a focus on problematic debt.

One area where we have seen TMDs fall short is in the retail banking sector.

Through our Better Banking for Indigenous Consumers Project, ASIC reviewed the TMDs for both high-fee and low-fee basic accounts offered by some major and regional banks.

Our review focused on fees charged to customers in areas with higher-than-average proportions of Indigenous people and customers receiving AbStudy payments.

We found that over 110,000 of these customers were in high-fee accounts, despite being eligible for a low-fee basic account. Some of those individuals are paying up to $3,000 in overdraw fees a year.

We also found that banks were aware of large numbers of customers eligible for low-fee accounts. But that, in most cases, the processes to transfer them were ineffective. The migration rates in the majority of cases were as low as 0.5% to 3%.

ASIC wrote to the banks with our findings and expectations, along with a number of suggested actions to prevent future harm of this type. We continue to engage with these institutions as part of this project and expect to release a public report later this financial year.

Banking
Staying on the banking sector briefly. I want to quickly highlight one piece of work in the pipeline: our upcoming consultation on the ABA Banking Code of Practice. There is also the passage of the Financial Accountability Regime Act. And, before I conclude, I will also share some of the insights from our review into the four big banks’ approach to scams.

The Banking Code of Practice
In August, the ABA applied to ASIC for approval of a number of changes to the code. ASIC has reviewed the code and will publish a consultation paper shortly.

We see it as vitally important that consumers and small businesses are represented in the consultation. Key issues include responsible lending, scams, de-banking, and co-borrowers and guarantors.

We will review feedback and provide our decision to either approve the new code or to request further drafts. Depending on the number of responses we receive, we expect to announce our decision in the first quarter of 2024.

Financial Accountability Regime
ASIC welcomes the recent passage of the Financial Accountability Regime Act – or FAR – which will apply to the banking sector from March 2024.

The FAR imposes a strengthened responsibility and accountability framework for APRA-regulated entities in the banking, insurance and superannuation sectors – and their directors and senior executives.

It will ensure their most senior and influential personnel are held accountable for their decisions and conduct.

The FAR will be jointly administered by APRA and ASIC. We will continue to work together to implement it, while engaging with industry to ensure a smooth transition. To support this, we have recently released a joint information paper for the financial services sector. In the near future, we also intend to publish the Regulator Rules and Transitional Rules for ADIs and the Key Functions Descriptions that we consulted on recently.

Scams
Finally, to scams. Like it or not, there is a scam out there for every one of us. In the unscrupulous marketplace of digitally enabled misconduct, we are all vulnerable consumers.

In 2022, Australians lost a record $3.1 billion to scams. That’s $1 billion up on the previous year.

Disrupting scams is a whole-of-ASIC priority – across all the sectors we regulate. But we cannot achieve this alone. A problem of this scale and complexity requires a whole-of-economy response – and banks, in particular, have a critical role to play.

In April, we published analysis of our review of the scam prevention, detection and response activities of the four major banks. We have commenced a similar review of the next tier of banks, as well as superannuation trustees.

The results of our review should give us all pause for thought – both in our professional capacities and, perhaps more particularly, as customers.

In summary, the major banks’ approach to scams strategy and governance was variable. But, overall, less mature than we expected. We also found that scam victims are not always well supported by their bank.

In FY 2021/22, over 31,700 of the banks’ customers lost a total of more than $558 million through scams. The reimbursement and/or compensation rate ranged from 2 to 5%.

Collectively, the banks detected and stopped around just 13% of scam payments made by their customers. Though this excludes scams that were attempted but prevented by the bank before the transaction took place.

Through our review, ASIC identified a number of improvement opportunities.

Each bank should have a bank-wide scams strategy.
Their boards and senior management should have oversight of their scam prevention, detection and response activities. This includes regular reporting to support effective oversight.
These activities should be reviewed regularly to ensure they remain effective in a rapidly changing threat environment and that they support fair customer outcomes.
For banks to effectively report on scammed customers’ experiences and outcomes, their systems need to enable analysis of cases from start to finish.
For ASIC’s part, we will use all the tools at our disposal to detect and disrupt scams. Importantly that includes identifying ways our regulated population can strengthen their anti-scam practices.

We are also contributing to whole-of-government initiatives, as well as the establishment of the National Anti-Scam Centre in July – in which we are a key partner.

Over the coming three years, the National Anti-Scam Centre will build capability and data-sharing technology. This will ultimately enable it to:

Receive a report of a scam from any institution (private or government) and centralise this intelligence,
Distribute data to those who need it most – such as banks to freeze an account, telcos to block a call, digital platforms to take down a website or account, and
Analyse and act on the trends sourced from this data to disrupt scams and educate consumers.
Cyber and operational resilience
It’s impossible to mention scams without also considering cyber and operational resilience. While no organisation can entirely eliminate cybersecurity risk, they can materially reduce it.

This will be a key focus area for ASIC for the foreseeable future.

We will continue to conduct surveillances to monitor cyber and operational resilience among our regulated entities. Where there are egregious failures to mitigate the risks of cyber-attacks, we will take enforcement action.

In particular, ASIC expects directors to ensure their organisation’s risk management framework adequately addresses cybersecurity risk, and that controls are implemented to protect key assets and enhance cyber resilience.

Failure to ensure adequate measures are in place exposes directors to potential enforcement action by ASIC based on the directors not acting with reasonable care and diligence.

Conclusion
For the time being, it seems likely our financial system will remain under pressure. I have every confidence – though little joy in expressing it – that when we reconvene for the 34th Annual Credit Law Conference, the subject of discussion will follow along similar lines.

However, through the actions and interventions I have highlighted today, it is my hope that, when we return in 2024, we will at least have a positive story to tell about the role your sector played in its customers’ time of need.

That, by working together to improve consumer outcomes, regulators and businesses maintained confidence in a financial system, which – despite these pressures – remained fair, strong and efficient.

Latest News

For Firms

For Consumers