What Private Lenders Must Fix Before the 2026 AFIA Finance Industry Code of Practice20 min read

Introduction

The Australian Finance Industry Association (AFIA) has published its first non-bank lending Finance Industry Code of Practice, establishing new standards of integrity, transparency, and fairness for the sector. This new code of practice applies to lenders providing business finance and consumer credit and will become effective from 1 October 2026.

For any non-bank lending firm, the transitional period requires a careful review of current operations to ensure compliance before the deadline. This article provides a practical implementation roadmap for private lenders, outlining key document updates, a remediation checklist, and operational changes needed to meet the new industry codes.

Interactive Tool: See If the 2026 Finance Industry Code Applies & Check Your Readiness

Scope & Application of the AFIA Finance Industry Code for Private Lenders

Understanding Which Business Finance & Consumer Products Are Covered

The Australian Finance Industry Association (AFIA) Finance Industry Code of Practice applies to credit, finance, and novated lease products that member lenders offer to Consumer and Small Business customers in Australia. Ultimately, this finance industry code sets new standards for the non-bank lending sector.

The code of practice encompasses a wide range of financial products for both individuals and businesses. The covered products include:

• Consumer Finance: This applies to both secured and unsecured finance options. It includes credit cards, personal loans, lines of credit, vehicle finance, and mortgages for residential and investment properties.
• Business Finance: The code covers secured and unsecured business finance products. These include lines of credit, cashflow finance, asset and equipment finance, and fleet vehicle finance.
• Novated Leases: These arrangements involving an employee, their employer, and a lender are also governed by the new industry codes.

Identifying Key Exclusions for Commercial Property & Large Corporate Customers

The Finance Industry Code of Practice has specific limitations and does not extend to all types of financing or customers. Therefore, it is important for a lender to recognise these exclusions to understand where the code does not apply. Several categories of customers and financial arrangements fall outside the scope of these industry codes, as follows:

• Specific Customer Groups: The code does not apply to products offered to large corporate customers, government bodies, or semi-government agencies.
• Certain Financial Products: Finance for commercial property is not covered. In addition, bailment facilities are explicitly excluded from the code.
• Specialised Asset Finance: The code does not apply to AFIA members that predominantly provide commercial finance for large vehicles and equipment, such as trucks or farming machinery, manufactured by the member’s own company or an associated entity.
• Members with Equivalent Code Coverage: Lenders who are already signatories to an equivalent industry code, like the Banking Code of Practice, are not subject to this code.

Clause-by-Clause Remediation Checklist for Non-Bank Lenders

Assessing Part B Commitments to Transparency & Customer Focus

To align with the Australian Finance Industry Association (AFIA) Finance Industry Code of Practice, non-bank lenders should review and update their processes. Part B of the finance industry code focuses on core commitments to customers, requiring a shift towards greater transparency and fairness. Therefore, your internal audit should confirm that your operations meet the following standards:

• Fair and honest dealings: All customer interactions must be conducted honestly, fairly, and with integrity. Communications should be clear and responsible, avoiding complex legal or technical jargon wherever possible.
• Customer-centric service: You must provide various channels for customers to make contact, such as by phone or through a website or app. The goal is to deliver a positive experience throughout the product lifecycle.
• Clear product information: Before a customer enters a contract, you must provide them with clear information about the product. This includes terms and conditions, all applicable fees and charges, and interest details.
• Competent staff and representatives: Ensure all employees, agents, and authorised representatives are adequately trained and competent. They must understand their obligations under the law and this code of practice.
• Disclosure of intermediary remuneration: You must make information available about any commissions or other benefits paid to an intermediary, such as a broker, for distributing or referring your products. For consumer products, the amount must be disclosed if it is ascertainable.
• Complaint handling: Establish and maintain a process for handling complaints promptly and fairly. Information on how to make a complaint must be readily available to customers.

Implementing Part C Requirements for Fair Treatment & Vulnerability Support

Part C of the finance industry code of practice outlines specific obligations for treating all customers fairly, with a strong emphasis on supporting those in vulnerable situations. As a result, a lender must implement systems and policies to address these requirements effectively. Ultimately, your implementation plan should cover these key areas:

• Accessibility: Your communication methods, including websites and apps, must be reasonably accessible. You must also take sensible measures to support customers who need extra help due to disability, or communication or language barriers.
• Use of technology: If you use customer-facing artificial intelligence (AI), you must have risk management processes to identify and mitigate potential risks associated with its use.
• Privacy and data protection: All personal information must be handled in accordance with the Privacy Act 1988 (Cth) (‘Privacy Act’) and your company’s privacy policy, which must be publicly accessible. You are required to take reasonable steps to protect customer data from misuse, loss, and unauthorised access.
• Scam and fraud prevention: Implement measures to help protect customers from scams. This includes a commitment not to ask for sensitive information like passwords in unsolicited communications and providing clear guidance for customers to verify legitimate contact.
• Financial hardship support: You must have a clear process for assisting customers who are experiencing financial difficulties. This involves working with them to identify supportive solutions in line with your policies.
• Support for vulnerable customers: Develop and implement policies for helping customers experiencing vulnerability, which can arise from circumstances like family violence, mental health issues, or serious illness. Staff must be trained to engage with sensitivity, respect, and empathy.
• Debt recovery practices: Ensure any debt recovery process—a key area for legal enforcement and recovery action—is conducted in accordance with all legal obligations. According to the code, you must only use agents or sell debts to collectors who comply with the ACCC and ASIC Debt Collection Guideline.

Comparing the Code Against Existing NCCP AFCA & Internal Dispute Resolution Obligations

Aligning Internal Dispute Resolution with New Industry Codes

The AFIA Finance Industry Code of Practice requires members to establish an internal dispute resolution (IDR) process for handling complaints related to their products. This process is designed to resolve most issues directly with the customer, meaning lenders must ensure their complaint handling is prompt and efficient.

Under Part D of the code of practice, these IDR processes must be consistent with existing legal obligations and regulatory guidance, including:

• adhering to standards set out by the Australian Securities and Investments Commission (ASIC), such as those in Regulatory Guides 271 and 277; and
• making information about how to make a complaint and the timeframes for a response available on the lender’s website, app, or other platforms.

Evaluating External Dispute Resolution & AFCA Membership Requirements

If a complaint cannot be resolved through a lender’s IDR process, the Finance Industry Code of Practice outlines that customers generally have access to an external dispute resolution (EDR) scheme. Ultimately, the primary EDR body for the finance industry is the Australian Financial Complaints Authority (AFCA).

A lender must inform customers if they are an AFCA member and explain the customer’s right to escalate a complaint, provided it falls within AFCA’s jurisdiction. Furthermore, for consumer finance products regulated under the National Consumer Credit Protection Act 2009 (Cth) (‘NCCP Act’), Schedule 1 of the code of practice confirms that membership with AFCA is a requirement.

The code of practice also acknowledges other avenues for dispute resolution available to specific customers, as follows:

• The Australian Small Business & Family Enterprise Ombudsman (ASBFEO): can assist small business customers with disputes.
• State-based Small Business Commissioners (SBCs): offer mediation and impartial assistance to help resolve disputes.
• Farm debt mediation: processes must be followed if requested by an eligible farmer, in line with relevant state legislation.

Practical Document Updates Required for Your Finance Industry Code Package

Revising Loan Terms & Pre-Contractual Disclosures

To comply with the Australian Finance Industry Association (AFIA) Finance Industry Code of Practice, you must update your loan agreements and pre-contractual disclosure documents, a process that often requires expert legal review of your loan structuring and documentation. These materials need to be clear, fair, and provide customers with all necessary information to make an informed decision, forming part of durable private lending structures. Furthermore, the finance industry code requires communications to be in plain language, avoiding unnecessarily complex legal or technical terms.

Before a customer enters into a contract, Part B of the code of practice mandates that you provide them with key information. For Small Business customers, Schedule 3 outlines similar requirements. As a result, your updated documents should clearly detail:

• Terms and conditions: The product’s full terms and conditions.
• Fees and charges: A comprehensive list of all applicable fees and charges.
• Loan and repayment amounts: The total loan amount and the specific repayment amounts.
• Interest details: Interest details where applicable, or the total amount payable.
• Early repayment: Any early repayment fees that may apply.
• Intermediary commissions: Information on any commissions or benefits paid to an intermediary for the referral.
• Legal disclosures: Any other pre-contractual disclosures required by law.

In addition, your fee and charge schedules must be kept accurate and up to date. According to Schedule 3 of the industry codes, any fees charged after the loan has been disbursed, such as late payment fees, must be reasonable and justifiable to protect your legitimate interests.

Updating Privacy Policies & Hardship Assistance Forms

The Finance Industry Code of Practice introduces specific requirements for handling customer data and providing support, necessitating updates to your internal and external documents. Therefore, your privacy policy must be revised to align with Part C of the code and be made publicly accessible on your website or app.

These privacy updates should confirm that your organisation will:

• Compliance: Handle all customer information in accordance with the Privacy Act and your company’s privacy policy.
• Data protection: Take reasonable steps to protect customer data from misuse, loss, and unauthorised access or disclosure.
• System reviews: Regularly review the security and reliability of your information systems.

You must also develop and document clear processes for assisting customers experiencing financial difficulty or vulnerability. This involves creating accessible forms and clear guidelines on your website or other platforms explaining how customers can request assistance. Ultimately, your documentation should outline the process for customers to provide information about their circumstances and explain how they can appoint a representative, such as a financial counsellor, to act on their behalf.

A What Changes First Roadmap for Private Lender Operations

Prioritising Staff Training & Competency Frameworks

To comply with the Australian Finance Industry Association (AFIA) Finance Industry Code of Practice, a lender must ensure all authorised individuals are properly trained. Furthermore, Part B of the finance industry code requires that employees, agents, and authorised credit representatives are competent to engage with customers about your products. Ultimately, this training should cover all obligations under the law and the new industry codes.

Your training program should equip staff to:

• Understand and apply the principles of fair and honest dealings with all customers.
• Communicate clearly using plain language, avoiding complex legal or technical terms.
• Recognise and support customers experiencing vulnerability or financial hardship with sensitivity and respect.
• Follow the correct procedures for handling complaints promptly and fairly.
• Adhere to all privacy and data protection requirements when handling customer information.

Upgrading IT Systems for Data Protection & AI Safeguards

The finance industry code of practice introduces specific technological requirements that may necessitate upgrades to your IT systems. Specifically, Part C of the code focuses on fair treatment, which extends to data security and the responsible use of technology. As a result, lenders must take reasonable steps to protect customer data and review the security of their information systems regularly.

Key system upgrades to consider before the October 2026 deadline include:

• Data Protection: Your systems must protect personal information from misuse, loss, and unauthorised access, in line with the Privacy Act. This includes implementing appropriate security measures such as password protection or multi-factor authentication.
• AI Safeguards: If you use customer-facing artificial intelligence (AI), you must have risk management processes in place as part of your broader regulatory compliance framework. These processes are needed to identify and mitigate potential risks associated with the technology’s use.
• Scam Prevention: You must implement measures to help protect customers from scams. This involves ensuring your systems do not ask for sensitive information like passwords in unsolicited communications and providing clear guidance for customers to verify legitimate contact from your business.

Part E – Code Compliance & The Finance Industry Code Compliance Committee

The Role of the Independent Finance Industry Code Compliance Committee

The Australian Finance Industry Association (AFIA) has established the Finance Industry Code Compliance Committee (CCC) to monitor adherence to the Finance Industry Code of Practice. Although appointed by the AFIA Board, this committee operates as an independent body, separate from the industry association itself. Its primary function is to oversee compliance with the industry codes.

The CCC operates under a formal Terms of Reference and is responsible for investigating alleged breaches of the code of practice. These investigations can be initiated in two main ways:

• External reports: based on reports from customers or any other party; or
• Internal monitoring: through the committee’s own monitoring activities.

It is important to note that the CCC does not handle individual complaints or resolve disputes between customers and lenders. Instead, customers with a specific complaint about a product or service should first use the lender’s internal dispute resolution process. However, if the CCC finds that a lender has breached the finance industry code, it has the authority to require corrective measures and impose sanctions.

Managing AFIA Finance Industry Code Compliance & Breach Reporting

Under Part E of the Finance Industry Code of Practice, customers and other parties have a formal channel to address non-compliance. If you believe a lender has not acted in a way that is consistent with the code of practice, you can report the matter directly to the Finance Industry Code Compliance Committee.

When the CCC undertakes its monitoring or investigation activities, lenders are required to cooperate fully. This includes complying with all reasonable requests made by the committee, which ensures that the CCC can effectively carry out its oversight function.

If an investigation concludes that a breach of the industry codes has occurred, the CCC can take specific actions. The committee has the power to enforce outcomes such as:

• Corrective measures: requiring the lender to implement steps to address the non-compliance; and
• Sanctions: imposing a range of penalties depending on the seriousness of the breach.

Conclusion

The Australian Finance Industry Association’s first non-bank lending Finance Industry Code of Practice introduces significant new standards for transparency and fairness, requiring a complete operational review before the 1 October 2026 deadline. To comply, lenders must update everything from loan documents and internal policies to staff training and IT systems, ensuring they meet the new industry codes for customer support and dispute resolution.

To ensure your business is prepared for these changes, contact our private lender and non-bank finance lawyers at GRM LAW. Our team specialises in guiding private lenders through the complexities of the new finance industry code of practice, helping you implement the necessary updates efficiently and with confidence.

Frequently Asked Questions