While credit providers are currently reluctant to provide reasons for refusing a consumer credit application, from 12 March 2014 the Credit Reporting Privacy Code (paragraph 16.3) will require that when a credit provider (CP) obtains credit reporting information about an individual from a credit reporting body (CRB) and, within 90 days of
obtaining that information, the CP refuses a consumer credit application made by the individual, whether alone or jointly with other applicants, the CP must provide a written notice of refusal that amongst other things:

• meets the requirements of Section 21P(2) of the Privacy Act including stating that the refusal is based wholly or partly on credit eligibility information and which CRB provided it;
• explains the individual’s right to access their credit reporting information without charge during the 90 days following the date of the CP’s notice of refusal and how to request the relevant CRBs to provide access to that information;
• refers to the CP’s credit eligibility information access and correction processes and its complaints process.

The written notice must be given to the individual either at the time the CP notifies the individual of the refusal decision or within 10 business days of that date.

Credit providers must put in place appropriate systems to comply.