As many would be aware, commissioner the Honourable Kenneth Madison Hayne AC QC
conducted a Royal Commission into Misconduct in the Banking, Superannuation and Financial
Services Industry. Many issues have been identified and as a result, organisations have needed
to facilitate changes. In some organisations these changes have been small and in for some,
recommended changes have been significant. In some instances, ASIC proceedings have taken
As of December 2020, ASIC commenced proceedings against the Commonwealth Bank of
Australia (CBA). The allegations against the CBA were that the organisation had stated that they
would charge customers a certain interest rate, sent account statements stating the interest
rate charged and then due to a system error, more than 2,200 customers were charged a higher
interest rate on their overdraft accounts. These extra charges are alleged to have overcharged
interest in excess of $2.9 million (ASIC, 2020).
ASIC alleges that the CBA attempted to fix the issue manually but were unsuccessful and as a
result have continued to overcharge customers. ASIC alleges that the CBA have violated
financially services laws on 12,119 occasions (ASIC, 2020).
• CBA’s management of two financial
products; Simple Business and Business
Overdrafts between December 2011 and
March 2018 are the financial products
that these proceedings will address.
• CBA have set up a program which has
compensated 2,269 customers affected
by this issue. CBA have refunded 3.74
million dollars and their remediation has
• The CBA have been previously penalised
by ASIC for $5 million dollars in relation
to their AgriAdvatnage Plus package.
Image via CBA:
“Entities must have effective systems for
detecting, containing, assessing, notifying
and reviewing data breaches” – Australian
Information Commissioner and Privacy
Commissioner Angelene Falk.
Image Via: Innovation Aus
The latest Notifiable Data Breaches Report (see link below) conducted by the Office of Australian Information Commissioner (OAIC) has found that there has been a 5% increase on the previous six months of data breaches. This means there has been 539 data breach notifications from July to December of 2020. This report has found that data breaches as a result of human error on the rise (OAIC, 2021).
In response to this high volume of data breaches being reported, Commissioner Falk urges any organisations that handle personal information to have systems in place for responding to data breaches. As a result of this report, Commissioner Falk has made it clear that organisations have a responsibility to be prepared to provide their clients with information and recommendation quickly and effectively in the event of a data breach (OAIC, 2021).
A data breach occurs where personal information has been accessed or disclosed without
proper authorisation. If your organisation adheres to the Privacy Act 1988, it is your
responsibility to notify anyone affected by a data breach in your organisation where there has
been unauthorised access/disclosure of personal information that has the potential to result in
serious harm (OAIC, 2020).
Examples of a data breach can be as follows:
• Losing a device containing personal information about a client
• Having a device containing personal information about a client stolen
• A hacker accesses personal information about clients
• An email containing personal information about a client is forwarded/ sent to the wrong
• Proper security measures weren’t taken or weren’t in place to identify a client over the
phone and then personal information was disclosed.
Where this occurs, it is the duty of the organisation to notify the individual and provide recommendations to handle the data breach (OAIC, 2020). For more on Data Breaches and the Notifiable Data Breach Scheme CLICK HERE
For many years the debt management and
credit repair services industry has been
allowed to target vulnerable Australians,
who are looking for a way to deal with their
Debt management firms, or debt repair
companies promise consumers and make
guarantees to get them a “debt free life” or
“fix their debt by:
- Cleaning, repairing or removing
away credit reports.
- Creating and managing budgets.
- Negotiating with creditors, debt
collectors, lenders or companies.
- Advising and arranging formal debt
agreements under the Bankruptcy
However instead of delivering on these promises, they charge large upfront or structured fees for little,
to no results. It is important to also note that many consumers are unaware of the actual cost of the
company’s service versus the benefit that they will receive. It is largely believed that often the poor
advice given leaves the consumer in a much worse financial position after seeing them.
On 25 September 2020, the Treasurer announced that reforms to Australia’s consumer credit laws were
coming. We are not alone in saying that these reforms are way overdue!
Currently debt management firms are not required to
hold a licence under financial services or credit
licensing regimes that ASIC administers. Whilst some
firms are regulated by the personal insolvency
regulator, majority are seen to fall inside a grey area of
law and this is where the call for tighter compliance has
The proposed legislative reforms will look to protect
vulnerable Australians by requiring debt management
firms to hold an Australian Credit License when they
are paid to represent consumers on matters related to
The consultation process for the reforms ceased on 12 February 2021. The proposed reforms will also
look to strengthen ASIC’s ability to:
- Supervise the practices of the debt management industry;
- Stop misleading and deceptive advertising;
- Prevent unfair contract terms; and
- Call for further management around fees structures.
We believe that the stronger compliance measures will prevent vulnerable Australians from
being ripped off and we look forward to seeing the changes come into effect. To learn more
about the proposed legislation reforms visit: https://treasury.gov.au/consultation/c2021-