ANZ gets tough on data security

Yes, I think this is long overdue for banks to look into this, with cloud-based systems it’s never been a more important time to make sure customers personal data is safe.
But as equally important is the customer being told where their personal banking information is going and who is in receipt of it?
In the mortgage industry do we have the “disclosure” part correct?
I would say no we don’t.
For some reason banks and aggregation groups continue to overlook the fact that a large number of advisers still do not even disclose to the customers that their personal banking information is being loaded up on cloud based CRM system and as in lot of cases a system owned by overseas real estate agents.
This disclosure is a basic requirement under the FMA and the privacy Act.
So how many advisers that operate under overseas owned dealer groups do not disclose to the customer in their disclosure statements that the customers person banking data is being loaded on these cloud-based systems? and confirming who owns these systems?
I would estimate a large portion of these advisers do not and could be in clear breach of the FMA rules and Privacy act in NZ.
But who really cares where their person information go’s in the cloud anyway?

I do, and in talking to most people I know and asking them “how would you feel if your mortgage application and full banking data was being loaded on cloud base system in say Australia , and that that system was owned by a real estate company and then sent via this system to bank in NZ “
100% said absolutely no way would I be happy with that and the fact it was not disclosed to me prior is a breach of my personal privacy.
Why do some dealer groups push for their CRM’s to talk direct to the banks systems?
Obviously the groups will say “this will improve the quality of the applications and save time “, but this is a myth as most loan assessors will tell you these group generated CRM applications are the worst to assess and prefer a quality application sent direct to the bank from a quality adviser any day of the week.
Some large groups are struggling to “add value” and justify membership fees ( which are unfortunately compulsory as belonging to a group was made compulsory by banks ) so feel the need to “lock in and control advisers “and push the fact that their CRM use is compulsory and must be used , and that “”the bank said so as well.” ‘
This is also a myth, only BNZ have made a group CRM use compulsory and I believe they arguably have some of the poorest turnaround times and rework in the industry.

Banks need to be very careful in how they “connect “to these overseas owned CRMs especially when it comes to consumer privacy, and just a little advice to the advisers working under these groups, get your disclosure statement updated asap.
Banks need to invest in their own loan portals where advisers still send applications “direct to the bank “cutting out any third party.
“” In California they just passed a law around how companies must disclose what they are basically doing with your personal data, who they want to sell it to, and the must delete it at your request or face large fines. “”




Yes, I think this is long overdue for banks to look into this, with cloud-based systems it’s never been a more important time to make sure customers personal data is safe.

But as equally important is the customer being told where their personal banking information is going and who is in receipt of it?
In the mortgage industry do we have the “disclosure” part correct?
I would say no we don’t.
For some reason banks an aggregation groups continue to overlook the fact that a large number of advisers still do not even disclose to the customers that their personal banking information is being loaded up on cloud based CRM system and as in lot of cases a system owned by overseas real estate agents.
This disclosure is a basic requirement under the FMA and the privacy Act.
So how many advisers that operate under overseas owned dealer groups do not disclose to the customer in their disclosure statements that the customers person banking data is being loaded on these cloud-based systems? and confirming who owns these systems?
I would estimate a large portion of these advisers do not and could be in clear breach of the FMA rules and Privacy act in NZ.
But who really cares where their person information go’s in the cloud anyway?

I do, and in talking to most people I know and asking them “how would you feel if your mortgage application and full banking data was being loaded on cloud base system in say Australia , and that that system was owned by a real estate company and then sent via this system to bank in NZ “
100% said absolutely no way would I be happy with that and the fact it was not disclosed to me prior is a breach of my personal privacy.
Why do some dealer groups push for their CRM’s to talk direct to the banks systems?
Obviously the groups will say “this will improve the quality of the applications and save time “, but this is a myth as most loan assessors will tell you these group generated CRM applications are the worst to assess and prefer a quality application sent direct to the bank from a quality adviser any day of the week.
Some large groups are struggling to “add value” and justify membership fees ( which are unfortunately compulsory as belonging to a group was made compulsory by banks ) so feel the need to “lock in and control advisers “and push the fact that their CRM use is compulsory and must be used , and that “”the bank said so as well.” ‘
This is also a myth, only BNZ have made a group CRM use compulsory and I believe they arguably have some of the poorest turnaround times and rework in the industry.

Banks need to be very careful in how they “connect “to these overseas owned CRMs epically when it comes to consumer privacy, and just a little advice to the advisers working under these groups, get your disclosure statement updated asap.
Banks need to invest in their own loan portals where advisers still send applications “direct to the bank “cutting out any third party.
“” In California they just passed a law around how companies must disclose what they are basically doing with your personal data, who they want to sell it to, and the must delete it at your request or face large fines. “”

You have a legal requirement as an adviser to safeguard your customer’s personal data. All mortgage advisers who are currently using their dealer group’s CRM must disclose to their customers all the third parties who are in receipt of their personal & financial information, this includes the lender/s been approached for finance.

Failure to do so as an adviser means you are in breach of your existing obligations under the Privacy Act & the new Code of Professional Conduct coming into law this year. You are legally required to inform your customers that your dealer group is now the recipient of their personal data if you use a group owned CRM. Your customers must give their consent to this.

In terms of breaches under the Privacy Act the maximum fine has now increased from $360,000 to $420,000.

Oh dear, pity any dealer group that has it's own in-house CRM software. This should put their licence costs for users through the roof. Yet another unforeseen cost Advisers will have to burden.