The Credit Contracts Legislation Amendment Bill (the Bill) was introduced to Parliament on 9 April 2019. It proposes a number of significant changes to the Credit Contracts and Consumer Finance Act 2013 (the CCCFA), as well as some minor changes to other consumer credit laws. These laws affect all entities providing credit (loans) to consumers, from banks to finance companies to pay-day lenders.

Some of the key changes to the CCCFA include:

  • A new obligation on creditors to keep records of enquiries relating to responsible lending obligations and how credit and default fees are calculated
  • An expansion of the circumstances in which creditors need to verify information provided by borrowers
  • A requirement to be able to verify the reasonableness of any credit fees charged
  • Amendments relating to how disclosure is made
  • New special rules for "high-cost consumer credit contracts" (those with an interest rate of at least 50% per annum).

Most of these changes will be implemented via improvements to systems and practices on the 'shop floor'. However, the CCCFA is proposing one change in particular which will directly affect creditors at the governance and management level. It proposes the imposition of a new, positive obligation on the directors and senior managers of creditors to exercise due diligence to ensure that the creditor complies with its duties and obligations under the CCCFA.

The concept of director due diligence in the financial markets is well established under legislation such as the Financial Markets Conduct Act 2013 (FMCA), driven in large part by the personal liability regime in the FMCA for directors and (more recently) senior managers of issuers. Due diligence can be quite a discrete task for an offer of financial products, particularly where the offer opens and closes within a defined period. However, the process of issuing financial products is quite different to the process of offering credit. Offers of financial products rely on carefully constructed and heavily prescribed disclosure materials and (in the case of exemptions), the receipt and consideration of exclusion certifications. Assuming that compliant disclosure is given, if the issuer is not giving financial advice or operating a DIMS (discretionary investment management service), there is limited opportunity or cause for most issuers to ask questions and receive/interpret data specific to the investor. By and large therefore, due diligence in that context focuses on disclosures.

By comparison, creditors under the CCCFA are required to ask borrowers a number of questions (which are increasingly personal and lateral), receive and interpret data from borrowers, complete (whether manually or electronically) otherwise incomplete disclosure documents and manage ongoing disclosures and breaches in hugely variable circumstances. As such, due diligence under the CCCFA will focus far more on the systems and processes in place for achieving those tasks. Of course, ensuring the creditor's template disclosure documents are compliant will be very important. But that aside, the exercise of due diligence under the CCCFA will look quite different to the equivalent exercise under the FMCA.

The Bill does not prescribe exactly what due diligence will look like (nor could it), but it does provide that due diligence will include taking reasonable steps to ensure that the creditor:

  • Requires its employees and agents to follow procedures (or has implemented automated procedures) that are designed to ensure compliance
  • Has in place methods for systematically identifying deficiencies in the effectiveness of the procedures for compliance
  • Promptly remedies any deficiencies.

The court will be able to order the payment of pecuniary penalties (up to $200,000) and/or compensation to affected borrowers following a breach by a director or senior manager. The creditor will also be specifically prohibited from insuring or indemnifying directors and senior managers for breaches of the due diligence provisions.

There were a number of submissions made on this proposed change, ranging from broadly supportive to submissions against the imposition of such a duty. Some (particularly larger) creditors were concerned that the nature of the provision of credit to consumers, being a day to day activity which is highly tailored to each borrower and highly dependent (in most cases) on human interactions, is not a process which can be adequately overseen in real time by directors/senior managers (at least at an individual borrower level). They argued that there were other adequate measures already in place, or proposed, which incentivised creditors to comply (such as prohibiting a creditor from enforcing the contract or recovering the 'costs of borrowing' where the creditor has not complied with disclosure requirements). There were also concerns raised about the potential negative effects such changes might have on the ability of creditors to find quality and willing board appointees.

Other (particularly smaller) creditors thought it was appropriate that directors and senior managers be intimately familiar with the creditor's obligations under the CCCFA and, therefore, the creditor's systems and procedures used to ensure compliance. Accordingly, they submitted that it was appropriate that directors and senior managers be personally liable.

There are merits in both arguments.

Most creditors will already have in place the kind of due diligence practices contemplated by the Bill, at least as relates to obligations pertaining to requirements such as responsible lending and disclosure. These practices may include internal devices like questionnaires, decision trees, tick-box confirmations and electronic alerts to help staff execute the creditor's obligations, audits of systems and processes, and regular meetings and reporting. Methods for systemically identifying and remedying deficiencies may require some further development for a number of creditors and may rely initially on staff or customer reporting and the results of audits. We would expect these processes to become increasingly automated.

It remains to be seen whether imposing personal liability on directors and senior managers will drive more widespread and consistent compliance with the CCCFA. Ultimately, directors and senior managers are simply required to ensure the creditor has the appropriate systems in place and to monitor those systems. Provided that occurs, a breach by an individual staff member which is not a result of a systems/process failure, should not trigger a breach of the due diligence obligations.

Boards and senior managers of creditors should begin thinking about how these changes would impact their organisation, if passed. The Bill has reached the Select Committee stage and submissions on the proposed changes are again being called (closing 14 June).