Review of Australia's Credit Reporting Framework

The Australian Government has undertaken an independent review of Australia’s credit reporting framework. The review examined the effectiveness and efficiency of the credit reporting provisions in the Privacy Act 1988 (Privacy Act) and the National Consumer Credit Protection Act 2009 (Credit Act) in enabling credit providers to make effective lending decisions while ensuring the personal information of consumers is adequately protected.

Under the National Consumer Credit Protection Amendment (Mandatory Credit Reporting and Other Measures) Act 2021, parallel requirements were introduced requiring the Attorney-General and the Assistant Treasurer to cause independent reviews of Australia’s credit reporting system. The government appointed the independent reviewer Ms Heidi Richards to conduct a single, holistic review of Australia’s credit reporting framework to satisfy both of these statutory requirements. To conduct the review, Ms Richards, a former Australian Prudential Regulation Authority senior executive, reviewed the credit reporting provisions in Part IIIA of the Privacy Act and the mandatory credit reporting provisions in Part 3-2CA of the Credit Act.

The report is now publicly available.

Read the report to the Review of Australia’s Credit Reporting Framework

Consultation on Australia's credit reporting framework

Public consultation on Australia’s credit reporting framework closed on 31 May 2024.

Read the Issues Paper and the submissions on the Attorney-General’s Department Consultation Hub.

Terms of Reference

1. The review will consider the overall efficiency and effectiveness of Australia’s credit reporting framework with regard to Part IIIA of the Privacy Act and Part 3-2CA of the Credit Act, related provisions in those Acts, and supporting regulations.
2. With regard to the overall operation of the credit reporting framework, the review should consider:
   
   1. the roles, responsibilities, powers, and obligations of credit reporting framework participants, including credit providers, credit reporting bodies, regulators, consumers, and other relevant participants;
   2. contemporary community expectations about the ongoing role and function of the credit reporting framework, including:
      
      1. ensuring the privacy and security of credit information;
      2. facilitating access to finance and supporting financial inclusion;
      3. supporting responsible lending obligation assessments and reducing the risk of financial hardship;
      4. technological developments and other innovations in the financial system;
   3. relationship between the credit reporting related provisions in the Privacy Act and the Credit Act.
3. With regard to credit reporting provisions in the Privacy Act, the review should consider:
   
   1. whether Part IIIA continues to meet relevant objects of the Privacy Act;
   2. whether the key definitions relating to credit reporting in Part II are fit for purpose;
   3. whether comprehensive credit reporting is achieving its policy objectives;
   4. whether reforms to address financial hardship have achieved their policy objectives;
   5. other matters addressed by Part IIIA including, but not limited to, retention periods, disclosure, integrity and complaints.
4. With regard to the mandatory credit reporting provisions in the Credit Act, and in particular Part 3-2CA, the review should consider:
   
   1. whether mandatory credit reporting has achieved its policy objectives, including improving overall credit provider participation in credit reporting;
   2. the benefits for consumers, small businesses and credit providers, from mandatory credit reporting;
   3. the scope of mandatory credit reporting, including the number and type of eligible licensees and the data they are required to contribute.
5. The review should also have regard as appropriate to the following:
   
   1. The relevant recommendations of the independent review of the Privacy (Credit Reporting) Code 2014;
   2. The Australian Law Reform Commission's review of the Legislative Framework for Corporations and Financial Services Regulation;
   3. The Australian Competition and Consumer Commission's (ACCC) Digital Platform Services Inquiry 2020-2025, and the 2023 Data Broker Review;
   4. The Attorney-General's Department's 2022 Privacy Act Review;
   5. The 2023-2030 Australian Cyber Security Strategy and government commitments relating to datasets and data brokers;
   6. The Consumer Data Right and related reviews.
6. The government has appointed Ms Heidi Richards as the independent reviewer.
7. The independent reviewer is being supported by a secretariat in the Attorney-General's Department (AGD) which includes officials from the Treasury and AGD.
8. The government expects the independent reviewer's report to satisfy the statutory requirements in the Privacy Act and Credit Act. This report is to be supported by stakeholder engagement during 2024.
9. The legislation requires the report to be provided to the relevant ministers before 1 October 2024 and to be tabled in each House of the Parliament within 15 sitting days of that House.