Lawyer says lenders have been overwhelmingly focused on COVID-19 response
With the finance sector facing a raft of regulatory changes, more and more lenders are seeking legal advice – however, Buddle Findlay partner Scott Abel says a significant chunk of his work has been dedicated to COVID-19 response, and that the primary concern of most clients has overwhelmingly been around their borrowers.
Abel noted that the government’s overhaul of the Credit Contracts and Consumer Finance Act (CCCFA) has been a key area of focus for financial institutions, however, he says it is also a change they were expecting and prepared for. However, he says lenders now need to turn their attention to other incoming legislation – most notably, the new Privacy Act 2020.
Read more: FMA CEO “heartened and impressed” by adviser response to COVID-19
“If I think back across the year, there’s been some talk about the CCCFA, and the advisers are facing their own changes under the FSLAA,” Abel said.
“But people saw those things coming, so a lot of the requests for advice we get are very much around responding to COVID-19. There aren’t so much regulatory concerns as recovery concerns in terms of lending, and dealing with borrowers and keeping them comfortable.”
“The one thing we’ve been stressing to our clients to be aware of is that there will be a mandatory obligation to report privacy breaches, which currently isn’t the case,” Abel explained.
“You have to understand where the data is in your organisation and how it moves, and you need to have a data breach policy. You need to know how you react and respond to it, what your timeframes are, and who you can consult with and talk to.”
Abel says the other key change will relate to sending data overseas – something which won’t be allowed, except under specific circumstances.
Read more: Credit contract and loan complaints have risen – IFSO
“You’ll be required to ensure that client information is not transferred to foreign entities unless that client has authorised it, or unless the foreign entity will be holding that information under the same safeguards as New Zealand privacy legislation,” Abel explained.
“That means you’ll probably need to look at any data processing agreements that you have with third parties – data hosting services, cloud services, etc. If they’re in Europe, for example, then that’s not a problem – they have stricter controls than we do.
“However, with others you may need to check above and beyond your usual process. Now is really the time to do some housekeeping around your privacy of information.”