Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
Page 1 of 121
COMPLIANCE PLAN Table of Contents Page No
Section 1 – GENERAL COMPLIANCE REQUIREMENTS....................................................4Plan Version Number 3.8.....................................................................................................4Maintaining the plan.............................................................................................................4
Introduction...........................................................................................................................4Definitions.............................................................................................................................5
Business Overview...............................................................................................................6Counterparties......................................................................................................................6
Adelaide Bank Limited......................................................................................................6Advantedge Financial Services Pty Limited......................................................................7
Firstmac............................................................................................................................7FAST.................................................................................................................................7
Introducers........................................................................................................................7Referrers...........................................................................................................................7
Mortgage Brokers.............................................................................................................7Appointed Credit Representatives....................................................................................8
Auditing of Trust Accounts....................................................................................................8Monitoring and Reporting.....................................................................................................8
Procedure for conducting hindsight compliance reviews.....................................................8Breach Register....................................................................................................................9
Storing of our Compliance Documents...............................................................................10Financial resources............................................................................................................10
Financial records................................................................................................................10Key Performance Indicators...............................................................................................10
Professional indemnity insurance.......................................................................................10Conflict of Interest...............................................................................................................11
Requests for assistance because of hardship by borrowers..............................................11Compliance with other laws................................................................................................11
Security of Clients Information............................................................................................12Clean Desk Policy..............................................................................................................12
Section 2 – HUMAN RESOURCES......................................................................................13Recruitment........................................................................................................................13
Training...............................................................................................................................13
Page 2 of 121
Responsible Managers.......................................................................................................13Credit Representatives.......................................................................................................13
On-going Training...............................................................................................................14Mentoring Program.............................................................................................................14
Exiting of Employees..........................................................................................................14Human Resources - Risk Management..............................................................................14
Section 3 – INFORMATION & TELECOMMUNICATIONS SYSTEMS................................18Loan Works........................................................................................................................18
Email System......................................................................................................................18Stored Electronic Files........................................................................................................18
Storage of usernames and passwords...............................................................................18Telephone System..............................................................................................................18
Facsimile Machines............................................................................................................19Emergency Evacuation of the Premises.............................................................................19
Disaster Recovery Plan......................................................................................................19Key Contacts...................................................................................................................19
Safekeeping and Access to the DRP..............................................................................20Server Backup Strategy..................................................................................................20
Information Technology (I.T) Risk Assessment..............................................................20I.T Risk Matrix Assessment............................................................................................21
What Triggers the Disaster Recovery Plan (DRP)?........................................................22Notification of an Incident...................................................................................................22
IDRP Team Objectives.......................................................................................................22Emergency Alert, Escalation and DRP Activation..............................................................23
Contact with Employees.....................................................................................................23Updates..............................................................................................................................23
Work Continuation..............................................................................................................23Personnel and Family Notification......................................................................................23
Media Contact....................................................................................................................23Insurance............................................................................................................................23
Insurance Summary...........................................................................................................24Financial and Legal Considerations...................................................................................24
Financial Assessment.....................................................................................................24Financial Requirements..................................................................................................24
Legal Actions..................................................................................................................24DRP Reviews.....................................................................................................................24
Appendix A- Disaster Checklists........................................................................................24Section 4 – CUSTOMER DISPUTE RESOLUTION.............................................................31
Page 3 of 121
Internal Dispute Resolution (IDR).......................................................................................31External Dispute Resolution (EDR) membership...............................................................32
Section 5 – RESPONSIBLE LENDING DISCLOSURE OBLIGATIONS.............................33Introduction.........................................................................................................................33
Overview ............................................................................................................................33Process...............................................................................................................................33
Disclosure Documents and brief summary of their use......................................................34Definitions – What is Customer facing and providing Credit Assistance?..........................34
When are documents provided?.........................................................................................35Type 1 - Mortgageport Acts as Mortgage Manager and is Customer facing..................35
Type 2 - Mortgageport Acts as a Mortgage Manager but is NOT Customer Facing......35Type 3 - Mortgageport acts as a Mortgage Broker (FAST) and is Customer Facing.....36
Legal advice received regarding Responsible Lending disclosure.....................................37Work Flow for Issuance of Proposal Disclosure Document and Credit Guide...................39
Credit Guide 1 (Template)..................................................................................................40Credit Guide 2A Template..................................................................................................41
Credit Guide 2B (Template)................................................................................................42Proposal Disclosure Document (Template)........................................................................45
Section 6 – CHECK LISTS AND ADDENDUMS..................................................................46Item 1 - Credit licence.........................................................................................................46
Item 2 – Copy of our EDR Membership..............................................................................47Item 3 - Compliance Summary Checklist...........................................................................48
Item 4 - NCCP Compliance Checklist.................................................................................49Item 5 – Hindsight Compliance Review Check List............................................................51
Item 6- Compliance with other Credit Laws........................................................................52Item 7 - Authorised Credit Representative Checklist..........................................................53
Item 8 – Mortgage Broker Acreditation Checklist...............................................................55Item 9 – Referrer Checklist.................................................................................................57
Item 10 - Appendix A – Loanworks Introducer Module.....................................................58Item 11 - Appointment of Company Credit Representative...............................................61
Item 12 – Appointment of Credit Representative under NCCP..........................................65Item 13 – Annual Compliance Check for an Accredited Mortgage Broker.........................68
Item 14 – Annual Compliance Check for an Authorised Credit Representative ................69Item 15 – Internal Control Procedures for Loan Approval .................................................70
Item 16 – Adelaide Bank Mortgage and Origination Agreement........................................71Item 17 – Advantedge Mortgage and Origination Agreement............................................81
Item 18 – Advantedge Deed of Variation............................................................................97Item 19 – FAST Sub-Originators Agreement....................................................................102
Item 20 – Firstmac Origination Agreement.......................................................................105
Page 4 of 121
Section 1 – GENERAL COMPLIANCE REQUIREMENTS
Plan Version Number 3.9
Mortgageport Management is required to have and maintain a compliance plan as part of our obligations under the NCCP Act to ensure we comply with our obligations as a credit licensee. This compliance plan was established on 30 September 2010 and was last updated on 30th January 2013 as part of the annual Compliance Review undertaken by the Responsible Managers.
Maintaining the plan
This plan will be reviewed at least annually in late January every year by the Responsible Managers and a copy of the revised plan is to be provided to the board of Directors with the end of February financial results.
A calendar event has been created to remind Responsible Managers of their obligation to update this plan each year on the 27th January and this item has been added to our Compliance Summary Checklist (see Section 6 Item 3). This checklist is provided to each Company Director with our end of month financial statements.
Each time the compliance plan has been updated (which includes our Disaster Recovery Plan) it will be given a revised version number and the older version will be archived for a period of 7 years by saving it in the folder created on our computer server in the O Drive Compliance Folder.
Introduction
This compliance plan addresses the key fundamentals required by Australian legislation to engage in credit activities. The plan has been designed to suit the business activity of Mortgageport Management Pty Limited and our associated companies. The plan takes into account our business size and complexity; in particular it addresses the following key points:
1. Risk management systems2. Access to adequate resources3. Adequate documented systems to monitor compliance with regulations4. Have suitable compensation arrangements in place5. Membership of an approved external dispute resolution process (EDR)6. Have an internal dispute resolution process in place (IDR)7. Ensure our Credit Representatives are adequately trained8. Maintain our competence to engage in credit activities9. Take reasonable steps to ensure our Credit Representatives comply with legislation10. Comply with the legislative framework covering regulated credit11. Comply with the conditions of our Australian Credit Licence12. Have arrangements in place to ensure that our clients are not disadvantaged by any
conflicts of interest13. Do all things necessary to efficiently, honestly and fairly engage in credit activities
Page 5 of 121
Definitions
Appointed Credit Representative – see Credit Representative
Authorised Credit Representative – see Credit Representative
Compliance Summary Checklist – a checklist which is a summary of key actions, events and checks that we do to ensure that we operate efficiently and comply with our obligations
Counterparty - the other party to a financial transaction in our case our funders, lenders, referrers or appointed representatives
Compliance Plan Review – a process that is conducted annually by the Responsible Managers to ensure that the plan is current and relevant
Credit Assistance – is a term referred to by the NCCP for a person who in the course of their business or incidental to their business suggests or assists a consumer to apply for a new loan or an increase or remain in a particular credit contract with a particular credit provider
Credit Representative – a credit representative may be appointed to engage in specified credit activities on behalf of a licensee. The appointment may be in respect of some or all of a licensee’s credit activities
Fit and Proper people – Mortgageport’s directors and the company secretary plus any other senior managers appointed who perform duties in relation to credit.
Mortgage Broker – a person who holds their own credit licence or is an authorised credit representative of another credit licensee, provides credit advice and refers mortgage loans to Mortgageport for processing and approval.
NCCP - National Consumer Credit Protection Act 2009 is legislation that is designed to protect consumers & ensure ethical & professional standards in the finance industry, through the National Credit Code (NCC). The Act is regulated & enforced by ASIC. The Act provides that all lenders & mortgage brokers are required to hold a credit license or be registered as an authorised credit representative.
Referrer – is a person or entity that refers potential borrowers to us for credit advice (but does not include Appointed Credit Representatives or persons that hold their own credit licence)
Responsible Managers – is a term defined in the NCCP legislation as the people appointed by Mortgageport who provide their skills and expertise and have the primary responsibility for managing our credit activities
Responsible Lending – is a term defined in the NCCP legislation requiring a person who provides credit assistance to make reasonable enquiries about a consumers financial situation, their requirements and objectives and to take reasonable steps to verify the consumers situation and to then make a preliminary assessment about whether the credit is not unsuitable
Representative - the term representatives includes Mortgageport’s own directors and employees as well as contracting credit representatives who are engaged in credit activities.
Page 6 of 121
Business Overview
The business is conducted by Mortgageport Management Pty Ltd (Mortgageport). Mortgageport is currently holds an Australian Credit Licence. Licence Number 386360. Mortgageport also has the subsidiary company’s Mortgageport Origination Pty Limited and MP Mortgages Pty Limited both these companies are appointed credit representatives of Mortgageport.
This business description relates only to activities relating to credit regulated by the National Credit Code (NCCP) and our activities regulated by the National Consumer Credit Protection Act.
The company primarily acts as a Mortgage Manager and should not be referred to as a Non-Bank Lender.
Registered OfficeLevel 768 Alfred StreetMILSONS POINT NSW 2061
Credit Licence No:
386360 – see Index item 1
Principal location of businessLevel 768 Alfred StreetMILSONS POINT NSW 2061
Branch OfficesUnit 2, 128 Bowen StreetSPRING HILL BRISBANE 4000
Trading NamesLoanstar Home LoansLoanstar Mortgage Management
List of Directors / Fit and Proper PeopleCedric Ross BerglundGlen Clarence SprattMichael James McKelvie
List of Representatives who are directors or Employees:Glen Clarence Spratt (Director)Michael McKelvie (Director)Lindsay Horlor (Employee)Sam Micieli (Employee)Beth Stolyar (Employee)Col Sherry (Employee)Shayne Parry (Employee)Sharon Murphy (Employee)
List of Appointed Credit Reps: (Auth Rep No)MP Mortgages Pty Ltd ( 393 904)Dream Run Syndication Pty Ltd 9 (402144)Mortgageport Origination Pty Ltd (393 899)Ziggybid Pty Ltd (402 145)Frank McDonagh & Associates Pty Ltd (403 045)Frank McDonagh (365 129)Great South Land Finance (439 547)Cathy Bell (364 477)Bassem Fares (425 627)
List of Responsible ManagersGlen SprattMichael McKelvie
Company ACNMortgageport Management Pty Ltd - 082 753 679Dream Run Syndication Pty Ltd – 112 558 620Ziggybid Pty Ltd – 127 765 628Mortgageport Origination Pty Ltd – 093 668 092
Counterparties
We have a number of counterparties with the major ones listed below:
Adelaide Bank Limited (Subsidiary of Bendigo and Adelaide Bank Limited). We have a loan origination and management relationship which allows us to market, process approve and manage residential mortgage loans with them. We are bound by a formal contract, which sets out our obligations and rights. A copy of this agreement is included in Section 6 Item 16 – Adelaide Bank Mortgage and Origination Agreement.
Page 7 of 121
Advantedge Financial Services Pty Limited (owned by NAB) We have a loan origination and management relationship which allows us to market, process approve and manage residential mortgage loans with them. We are bound by a formal contract, which sets out our obligations and rights. A copy of this agreement is included in Section 6 Item 17 – Advantedge Loan Origination Agreement
Firstmac (non-bank lender) We have a loan origination and management relationship which allows us to market, process approve and manage residential mortgage loans with them. We are bound by a formal contract, which sets out our obligations and rights. A copy of this agreement is included this in Section 6 Item 20 – Firstmac Origination Agreement.
FAST (owned by Advantedge)Our subsidiary company Mortgageport Origination Pty Limited (Appointed Credit Representative) has a mortgage aggregation agreement which allows us to act as a mortgage broker and provide us access to sell mortgage loans on behalf of a panel of lenders. A copy of this agreement is included in Section 6 Item 19 – FAST Sub-Originators Agreement.
IntroducersMortgageport works with 3 different types of Introducer, each of which have specific regulatory requirements; Referrers, Mortgage Brokers and Authorised Credit Representatives.
ReferrersMortgageport works with a number of referral partners. A referrer is someone who refers people to us for credit advice and provided they comply with NCCP guidelines they are not required to hold a credit licence. Some examples of types of referrers Mortgageport would use include accountants, insurance brokers and lawyers. Referrers are paid commissions based on Tiers 1 to 4. See the Referral Commissions document located on Mortgageport website.
We have a procedure before we appoint a Referrer and this is set out in Section 6 Item 9 – Referrer Checklist.
Mortgage BrokersMortgageport works with a small number of Mortgage Brokers. A Mortgage Broker is differentiated from a referrer due to the fact that they provide the credit advice and then provide the application for us to process and approve.
It is critical to ensure that we only deal with reputable and trustworthy Mortgage Brokers who are compliant with all legislation and follow our lender’s procedures. It is an area that creates additional risk for the Company and our funders. Eg: documentation fraud, ID fraud, reputation risk, financial risk (claw backs and early discharge of loans).
We need to confirm at least once per annum that they maintain the credit licence, EDR membership, professional indemnity insurance and membership of the MFAA. The compliance officer will check all these items on the date the professional indemnity Insurance is due. See Section 6 Item 13 - Annual Compliance Check for an Accredited Broker.
We have strict requirements before we appoint a Mortgage Broker and these are set out in Section 6 Item 8 – Mortgage Broker Accreditation Checklist.
Page 8 of 121
Appointed Credit RepresentativesMortgageport may appoint a Credit Representative to provide credit advice and sell mortgages on our behalf. Unlike a Mortgage Broker who has their own ACL, a credit representative operates under Mortgageport ACL and therefore this creates higher obligations for us to monitor the Credit Representative and their compliance to NCCP Act.
We have very strict requirements before we would consider appointing a Credit Representative and these are set out in Section 6 Item 7 – Appointment of an Authorised Credit Representative Checklist.
They are required to hold their own P.I cover, be a member of an EDR scheme and have their own compliance program. The compliance officer will conduct an annual compliance review on or around the Credit Representative anniversary of appointment. See Section 6 – Item 14 – Annual Complaince Check for an Authorised Credit Representative.
We are also committed to ensuring Credit Representatives receive appropriate training. To ensure this they are included in our staff training programs and training hours tracked in the Training Register (saved on O Drive/Human Resources/Training/Master Training Register 2012)
Auditing of Trust Accounts
We do not take money on trust and do not maintain a trust account or have a need to have an audit. Our mortgage management deed requires us to on forward any monies that we may receive from borrowers for loan repayments directly to the lender.
Monitoring and Reporting
We have an on-going and continuous obligation to monitor the activities of our Representatives and Appointed Representatives to ensure that they comply with credit legislation and our procedures. We also have an obligation to take reasonable steps that any Mortgage Broker that is accredited with us is licenced to engage in credit activities.
Our Compliance Manager will once per quarter, supervise a review of a minimum of 10 files or 5% of total loan submissions in a hindsight review to check compliance with our systems and procedures.
These hindsight compliance reviews are conducted at the end of January, April, July and October. This task is included on our Annual Compliance Checklist. Refer Section 6 Item 5 – Hindsight Compliance Review Checklist.
Procedure for conducting hindsight compliance reviews
Each file is checked with reference to items on our Hindsight Review Checklist – see Section 6 Item 5
Generate a settlement report from Loan Works covering all loans that have settled over the period being reviewed and export to a spread sheet
Sort the loans by introducer and then select a minimum of 10 files or 5% of all files, ensuring that the selection includes at least one file for each Representative (employees who provide credit advice) and a selection from various other sources in the files to be reviewed.
Page 9 of 121
Using Loan Works conduct a review of every file in accordance with the Hindsight Compliance Review Checklist and Record the findings
If any breaches are found these are to be recorded in the breach register (see below) and reported to the person who caused the breach in writing and to all Responsible Managers, who will if necessary ask for a response or take further action
Provide a copy of the summary of the findings to all Responsible Managers and save the records of the hindsight reviews electronically in the folder on the server.
On-going monitoring of compliance is also required to be done by the Credit Manager who will provide on-going training and supervision to others.
We have deliberately separated the sales and credit processes to ensure we have a formal division between these two potentially conflicting areas and train the Credit Department to monitor compliance for each loan transaction. Refer Item
Remuneration incentives for sales staff and other selected staff are directly tied to meeting minimum compliance requirements. If they do not meet the compliance requirements no commissions are received.
In addition to this, we review monthly reports on Credit submissions from ABL and Advantedge.
Breach Register
We maintain a breach register in which we record any material breaches of compliance procedures. The Responsible Manager will review the breach register formally each year as part of the compliance plan review and include this in our annual ASIC return. Repeated offenders will be provided with warnings and if the behaviour does not improve may be removed as Representatives.
The format of our breach register appears below.
The breach register is a spread sheet and is stored on the server – O:/compliance/compliance plan/breach register
Page 10 of 121
Storing of our Compliance Documents
Not only are we required to comply with credit legislation we are required to document evidence of this compliance. Loan Works is used to store copies of loan applications, additional information, fact find sheets, credit guides, product disclosure documents, preliminary loan assessments, quotes and credit proposal documents. These are stored as attachments’ to each loan file and a quarterly hindsight sample review is done to monitor compliance.
Financial resources
Mortgageport is required to have adequate resources to engage in our desired credit activities. We prepare and review our financial position on a monthly basis at a board level to ensure the business has or has access to sufficient financial resources.
Mortgageport has built up sufficient trailing income that is recurring and provides reasonable certain cash flow to operate the business and has access to working capital in the event of new lower business volumes.
Mortgageport has a positive current asset position and is backed by shareholders who are tightly tied to the business who could (but not obliged to) provide financial support if required
Financial records
Our financial records are maintained on MYOB which is located on local computer server. We employ a full time qualified accountant who is responsible for the daily management of our accounting records, doing daily bank reconciliations and the preparation of monthly financial statements.
Our tax returns and annual accounts are prepared by an external accounting firm bdj partners at North Sydney.
Key Performance Indicators
Mortgageport prepares monthly reports that provide key decision makers with information about the key business drivers of the company, these KPI’s include monthly settlements, discharges, lending margins and revenue.
Professional indemnity insurance
We maintain Professional Indemnity insurance with Nova Underwriting Pty Limited for $2,000,000. This cover expires on the 16th October 2013. Our PI insurance does not extend to our external credit representatives - they are required to have their own cover.
PI cover for our brokers and credit representatives is checked periodically through the Loanworks database. A check is done every 3 months by the compliance officer to ensure all PI insurance is current and follow up any referrers where PI insurance is about to expire.
Page 11 of 121
Conflict of Interest
Generally we do not encounter conflicts of interest in our business. We include in our standard employment contracts a clause that precludes our employees from being persuaded because of a conflict of interest. We require our employees to sign an annual declaration confirming adherence to this policy.
We have no particular financial interests or other arrangements that are likely to give rise to a conflict of interest.
However there exists a potential conflict of interest as our Representatives have been given delegated authority to determine interest rates which in turn affects their bonus arrangements. This is an issue that is monitored by the Responsible Managers to ensure that clients are not disadvantaged.
Requests for assistance because of hardship by borrowers
Mortgageport acts in most cases as a mortgage manager or a mortgage broker, but where a borrower approaches us for assistance on the grounds of hardship the request should be referred to the lender and their procedures and decisions should be adopted.
In cases where a loan was advanced by Mortgageport this should be referred to the Managing director who will after reviewing their financial position make a judgement about the most effective way to resolve the issue with due regard to leaving the borrower in the best possible financial position while also having regard to protecting the interests of the company.
Compliance with other laws
We engage the services of Gadens Lawyers to provide on-going legal advice. There are a number of other laws that we need to be aware of such as:
The Privacy Act (see security of clients information below) Competitor and Consumer Act (all states now adopt same rules, formerly the state
based Trade Practices Act)
Through the MFAA and our continuing professional development, we are educated of basic legal requirements and the Responsible Managers and the company are members of the MFAA who provide industry updates and training programs.
From 1 July 2012 we will ensure that our licence number is stated in all documents legally required under NCCP Act Section 52. Documents which are required to display the Australian Credit Licence include:
Printed advertisements which relate to the provision of regulated credit Documents which are required to be given, created, published or produced under the
Code. This includes Credit Guides, PDD, Mortgages and guarantees. Business cards, emails and letters to customers (not advertising) are NOT required
to display the licence number. It is unclear whether websites are included but to ensure compliance Mortgageport has displayed it on the website.
Page 12 of 121
Security of Clients Information
Mortgageport is in possession of confidential financial information of our clients and keeping this information safe is a very high priority. We do this by having the following:
A firewall to prevent unauthorised access to our server Each computer terminal has a unique password and is timed to automatically lock
within 10 minutes of inactivity We have installed 4 security cameras We employ a clean desk policy Access to our work area where clients files are located requires a security clearance
and PIN Our computer server room is locked each evening along with the office doors We have offsite security monitoring and alarm system Each employee is required to sign a privacy act declaration and a code of conduct as
part of our standard employment contract We use a security bin to dispose of confidential client documents and train our staff
to destroy confidential documents by shredding or tearing We consider security measures before appointing outside suppliers and where
considered important take steps to confirm that our client’s confidential information is protected. (need assurance form LW)
Off site file policy – when staff members take client files off site for meetings any files left in the car must be locked in the boot out of sight. Only files needed for customer meetings that day are permitted to be taken out of the office.
Clean Desk Policy
A clean desk policy is where all files and associated paperwork is removed from each desk, every night and secured and that all work areas should remain free of unnecessary clutter and paperwork. It is required for privacy, security, management and brand reasons.
Leaving files on our desks unnecessarily and generally having a messy work environment could lead to the risk of misplacing client’s personal and or confidential information and / or this information being viewed, used or abused by unauthorised or authorised people who may enter our premises. As clearly outlined above, in addition to the Clean Desk Policy we employ other security measures such as PINs to enter premises and security cameras, alarms, security bins and locks.
Page 13 of 121
Section 2 – HUMAN RESOURCES
Recruitment
Mortgageport has a human resources manual which assists us in the proper management of our employees. More details can be found by referring to this policy which is stored on our server.
When we employ or appoint representatives or credit representatives, we ensure that they are fit and proper for the position. In particular we confirm that they have not committed any serious offence, been bankrupted or refused or disqualified by a professional or regulatory body. We do this by following a set procedure which is highlighted in our checklist
Recent criminal history check (AFP) Recent credit/bankruptcy check Character reference Employment contract/Origination contract Check that they are not ASIC banned or disqualified persons (see checklist) Conflict of interest declaration (which is included in our employment contract) Verification of qualifications
In particular, we ensure that all Representatives hold the required minimum education qualifications, which at present require a Cert IV in (Finance/Mortgage broking) and will confirm that from the 1st January 2013 all Representatives will have the minimum education qualification of Diploma in Financial Services.
We will insist that any Appointed Credit Representatives (sometimes referred to as an Authorised Credit Representative) is a member of an ASIC approved external dispute resolution scheme, has appropriate P.I cover and meets our other requirements and will check this each year as part of our annual compliance review.
We will set up an annual request on Loan Works to email the Authorised Representative at the anniversary of their accreditation to require them to provide updated evidence of their PI Cover, membership of an approved EDR and a copy of their credit licence renewal.
Training
Responsible ManagersAll Responsible Managers have completed a Diploma in Financial Services (Finance/Mortgage Broking) or have received an exemption (due to other education and experience) and have at least two years relevant problem free experience. As well, all responsible managers are required to complete 20 hours of continuing professional development (CPD) per year. This is done and tracked via the training register.
Credit RepresentativesAll Credit Representatives (internally and appointed) must have completed a Diploma in Financial Services (Finance/Mortgage Broking) or have received an exemption (due to other education and experience) and have at least two years relevant problem free experience.
Page 14 of 121
On-going TrainingEach Credit Representative and employee will undertake not less than 20 Hours of CPD (Continuing Professional Development) each year. For the purpose of what qualifies as CPD we have adopted the MFAA’s guidelines.
A record is maintained of the CPD in the following form for each Responsible Manager and Credit Representative.
Name of course
topics covered Date(s) Time
Total hours
training delivered
by CPD pointsPart of MFAA training? (Y/N)
learning method (online/classroom,
etc)
A training register is maintained and updated at least once every 6 months in January and July. The register is for all staff and details of education levels achieved and on-going achievements are recorded. The register is located on our server. Path o:/compliance/training register/master training register 2012
Mentoring Program
We may appoint Credit Representatives (internal and external) under our Mentor program, these are people who hold the minimum qualifications but lack the minimum 2 years’ experience to operate independently.
Individuals being mentored are required to work closely with a senior nominated Representative who will supervise their work and assist them with loan structuring, attending borrower interviews and reviewing files and ensuring compliance with our procedures and credit legislation. We will follow the mentor program as set out by the MFAA.
In all cases a mentor is to independently contact (as a minimum) the first 5 borrowers for loans lodged by a person being mentored to confirm that our compliance procedures have been conducted correctly. These findings are to be recorded using our hindsight review checklist. Refer Section 6 Item 5 – Hindsight Compliance review Checklist
Exiting of Employees
Employees who leave Mortgageport pose a risk to the business and the procedures set out in our Human resources manual are to be followed which include an exit check list to ensure all actions are taken.
Page 15 of 121
Human Resources - Risk Management
Description of Risk Potential Consequences
Risk Management Procedures
Severity of the Risk Insurarable Probability of the Risk
Occurring
Non-compliance with credit legislation
Loss of licence
Annual staff tests, internal hindsight
reviews and lender reviews
Extreme (5)
Unable to trade, business would
cease
High
IT RiskSee separate DRP in
section 5See separate DRP
in section 5See separate
DRP in section 5See separate DRP in
section 5
Negligence in identifying Fraudulent loan documentation
Lending loss, reputation risk with lender and financial
loss
Separation of credit and sales,
separation of verification clerk from approving
officer. Staff training and lender hindsight
audits and quality checks
High (4)
Loss of accreditation, large financial
loss which could lead to
insolvency of company
Yes Very High
Failure to properly identify borrowers in accordance with
lenders rules and AML
Loss of entire loan amount, loss of
accreditation with lender and ongoing legal dispute, loss of
credit licence
Hindsight Review, Lenders Audits and Quality Checks and
Staff Training
Extreme (5) Yes High
Non-compliance with lenders procedures and credit policy
Loss of part of the loan amount, loss of
accreditation with lender and ongoing legal dispute, loss of
credit licence
Separation of credit and sales,
separation of verification clerk from approving
officer. Staff training and lender hindsight
audits and quality checks
High (4)
Loss of accreditation, large financial
loss which could lead to
insolvency of company
High
Breach of privacy actLegal action by person affected and reputation
risk
Privacy policy, privacy consents, staff training and hindsight reviews.
Monitoring of phone calls
Medium (4)
Loss of customers,
fines, impaired reputation with
lenders and referrers –
adverse social media
High
Providing Advice we are not qualified for
Legal action by person affected and reputation
riskStaff Training, Medium (4) Medium
Victim of Financial Fraud on our own account
Loss of substantial funds
Bank signing requires 2 signatures,
electronic keys used, daily bank reconciliations
Medium (4)Moderate (2)
Page 16 of 121
Withdrawal of fundingUnable to write new
loans
Two funders and mortgage broking
model in placeHigh (4) No Low
Unable to gain professional indemnity insurance cover
Loss of licenceCompliance plan and monitoring
Extreme (5) No Low
Economic Risk
Adverse Media
Data integrity Loss of business, see IT risk
Training/ monitoring
Injury or Death of key employer/employee
Loss of morale, loss of corporate history, loss
of income
OHS, Workers Comp, Key man
insuranceMedium(3) Yes Low
Employee Fraud
Lending loss, reputation risk with lender and financial
loss
Separation of credit and sales,
separation of verification clerk from approving
officer. Staff training and lender hindsight
audits and quality checks
Compliance plan
Employee recruitment policy
Medium/High (4)
Loss of accreditation, large financial
loss which could lead to
insolvency of company
Yes Very high
Hostile Employee
Client information
Loss of business/ reputation
Exit interview, performance
reviewsMeduim
Referrers Risk (wrong advice) Loss of reputation, financial loss
Checklists for bringing on referrers
Ongoing review of qualifications etc
Medium/high
Page 17 of 121
Business Line: Risk Number:
Category:
Risk: Risk Rating
CONTRIBUTING FACTORS(What causes the risk to happen?)
MITIGATING CONTROLS(How you avoid, transfer, reduce or manage the risk?)
MEASURE:(How you monitor to alert you to any problems?)
ACTUAL EXPERIENCES CONSEQUENCES(What are the impacts of this risk?)
Control Rating (How effective are the existing management practices?)
Consequence Rating (What is the expected impact of the risk event?)
Likelihood Rating (What is likelihood of the risk occurring?)
Residual Risk Rating
RISK TREATMENT PLAN
Agreed Risk Treatment Plans Responsible GM Responsible Officer Timing Resource
Requirements
Page 18 of 121
Section 3 – INFORMATION & TELECOMMUNICATIONS SYSTEMSLoan Works
We use a loan processing and Customer Relationship Management system called Loan Works. This system has been specifically designed to cater for the mortgage management industry and holds vital company information including:
• Settled loans, including copies of scanned documents relating to each loan• List of all of our introducers• Produces Commissions Paid Reports
We use this system to manage our business which includes tasks such as, workflows for loans being processed, managing introducers, business KPI reporting, payment and receipt of commissions, loan tracking and exception reporting.
It maintains and keeps track of our referrers, mortgage brokers and authorised credit representatives. In Loan Works, they are referred to as Introducers. The system provides us with the ability to manage our introducer by diarising activities such as renewals of the MFAA, ACL, P.I insurance, etc. (Please see Appendix A for further details).
Our IT system is simple and we obtain external support from suppliers if and when required. We have available to us the following:
Remote monitoring Scheduled maintenance On-site support if needed After hours support Consulting and project services
This system is accessed using a high speed Internet connection with the data being stored on the Loan Works server at North Sydney and we have sought a copy of their disaster recovery procedures, which appear acceptable. (See attached addendum)
Email SystemOur emails are hosted on our local server MPM-SBS located in our communications room. Using Microsoft exchange, these emails can be accessed remotely using webmail and in the case of mortgage consultants these emails can be accessed on the company provided iphones.
Stored Electronic FilesOur company documents are stored on our local server in what we call our O:/drive; this separated into a number of different categories
Storage of usernames and passwordsWe have installed software called Password Safe on each person’s local pc to store passwords that are used to access our business partner’s websites. Each user has their own password database which is stored on the U drive and only they are able to access.This process allows users to only have to remember one password. We have had this software recommended to us by the IT security department of the Adelaide Bank.
Telephone SystemWe have an Avaya PABX system which requires software to run; this software is located on our server MPM-SBS.
Page 19 of 121
Facsimile MachinesWe have 2 facsimile machines which have been configured to send incoming faxes as emails, this means our capacity to receive faxes is highly dependent on our computer network system running.
Emergency Evacuation of the PremisesWhere the premises need to be evacuated, we have fire wardens nominated and all employees are required to follow that person’s direction. The evacuation plan identifies one primary evacuation assembly point, which is Bradfield Park
Disaster Recovery PlanThis section sets out our policies and procedures for technology disaster recovery, as well as our process-level plans for recovering critical technology platforms and the telecommunications infrastructure.
The objective is to ensure information system uptime, data integrity and availability, and business continuity. We will ensure that key staff members are made aware of the disaster recovery plan and their own respective roles and that the disaster recovery plan is to be kept up to date and reviewed each year as part of our annual compliance plan review.
Key ContactsInternal DRP Contacts
Glen Spratt, Managing DirectorWork 02 9466 8230Alternate 02 9466 8220Mobile 0411 858 886Home 02 9427 1010Email [email protected]
Michael McKelvie, DirectorWork 02 9466 8213Alternate 02 9466 8220Mobile 0413 156 717Home 02 9386 0567Email [email protected]
Colin Sherry, Portfolio ManagerWork 02 9466 8225Alternate 02 9466 8220Mobile 0414 187 985Home 02 9743 6084Email [email protected]
External Contacts
Strata Property ManagerCompany: Strata ChoiceContact: Derek BrienMobile: 0416 832 045
Power CompanyCompany: AGLContact: n/aAccount No: 9355 0317Work Phone: 133 835
Mobile Phone CarrierCompany: VodafoneAccount No: 712838670Password: 1234Telephone: 135 888
Telephone SystemsCompany: Voice & Coms Solutions Pty LimitedContact: Nick CrinitiAccount No: n/aTelephone: 02 8413 3500Mobile No: 0418 413 333Email [email protected]
IT Support and SupplierCompany: DancraiContact: Brad Van Der ReestAccount No: n/aTelephone: 02 8905 1400Mobile No: 0409 309 996Emergency No: 1300 30 82 30Email [email protected]
CRM/Loan ManagementCompany: Loan WorksContact Andrew Duerden Wayne McCartneyWork: 02 9436 1311Mobile Andrew: 0403 048 757Mobile Wayne: 0438 929 635Email [email protected] [email protected]
Office Supplies Office ChoiceAccount No: MOR007Telephone: 02 9906 1383User ID: [email protected]: MOR007Email [email protected]
Insurance BrokerCompany: InterRISK AustraliaContact: Mark WinwoodWork 02 9346 8086MobileEmail:[email protected]
Site SecurityCompany: Kings SecurityContact: Sally LiljeqvistAccount NumberWork 02 9310 1888Email:[email protected]
Off-Site Storage Access RecordsAccount No: 70058Work 02 9666 7744Fax 02 9666 7944
Internet and Office Phone SupplierPrimus TelecomAccount Number 9031688 5Log in: www.iprimus.com.auUser: mortgageport_int@datacenterPassword: LtWqH5XM3Work 1300 85 66 88
AggregatorFASTAccount Number Work 02 9233 8222Mobile 0437 399 096Email [email protected]
Page 20 of 121
Adelaide BankContact: Fons CaminitiAccount Number Work 08 8220 7409MobileEmail [email protected]
AdvantedgeContact: Dom Del DucaAccount Number Work 02 9560 2794Mobile 0422 391 230Email [email protected]
Banking ANZContact: Lee PedlerTelephone: 02 9329 7200Account No/s:012 366 352274953 (MPM)012 366 110694154 (MPO)012 040 185234136 (MPM CMA)
Website Hosting CompanySimplyTelephone (02) 9929 3300Contact: Dominic ProctorMobile Telephone 0410 617 418
Safekeeping and Access to the DRPThis plan is to be uploaded to the secure section of our website where it can be accessed by any staff member using their login. This server is hosted in another location. In addition to this a hard copy of the plan will be held by the Responsible Manager at their home.
Server Backup StrategyWe backup our main Server 1, which holds all of our emails and client files.
Tapes are to be removed each night at approximately 5.00pm and taken offsite each evening and stored in separate premises. This same tape is to be returned the following morning where it is stored in a locked filing cabinet. The latest monthly backup tape is stored in a fire proof safe.
We use a rotating tape system which comprises 30 tapes in total and we save tapes as follows:
Daily Tape – daily backups using tapes that are marked Mon 1, Tues 1 etc through to Fri-4.
Monthly Tape – we use this tape for the last working business day of the month and this tape is not overwritten until the end of the following year. For example in June 2012 we use the tape marked June which would be inserted into the server on the 29th June 2012. (The 30th June was a Saturday)
We record each time a tape backup is done in a register located near the computer server so that Responsible Managers can confirm the action is taking place at regular intervals.
Using this rotation system ensures that we have daily backup but also provides a safety net so we can retrieve data at the end of any of the previous 12 months or at any point of time over the past 30 days.
Backup logs are kept and reviewed by our outsourced IT providers on a regular basis. All backup failures and restorations from a backup are noted in the log.
Information Technology (I.T) Risk AssessmentWe have considered a range of potential I.T threats and the results are included in this section. This only includes I.T related risks as other business risks are dealt with in another section of the compliance plan.
The focus is on the level of business disruption and the severity that this disruption would have on the business. We have used two main categories external and internal risks.
Page 21 of 121
External Risks Example Internal Risks ExampleNatural Disaster Flood, earthquake Data NetworkHuman Caused Terrorism, sabotage Phone systemCivil Risks Transport strikes ServerSupplier Risks Receivership of IT Computer VirusFacility Risks Power or Internet down,
building unable to be accessedData backup
Unauthorised Access
I.T Risk Matrix Assessment
Description of Risk Consequences Probability Action taken Time to
RecoverRisk
Mitigation Impact
Flood
Unable to access building, potential for destruction of all files and computers. Could
be caused by fire sprinklers.
Low (1) due to being on Level 7
and office location
Enact Category A DRP plan
Over 1 month and
up to 3 months
Insurance Severe (5)
Fire
Unable to access building, potential for total destruction of all files, data and business
records fire investigations could be prolonged. Safety of
staff immediate priority.
Low (1) due to construction of building, fire
alarms, smoke detectors non-smoking policy
and proximately to Fire Station
Evacuate Building using pre-existing
plan and Enact
Category A DRP Plan
Over 3 months and
up to 24 months
Fire alarms, smoke
detectors non-smoking policy
Severe (5)
Act of Terrorism
Unable to access building, or local area, potential for total destruction of all files, data
and business records. Safety of staff immediate priority.
Low (1)
Co-operate with
authorities Evacuate
Building using pre-existing
plan and Enact
Category A DRP Plan
Over 12 months
Very Low Severe(5)
Act of sabotage a
person deliberately damages
systems or property.
Loss of data or misappropriate use of data. This could cause reputation
risk and the inability to service clients and protracted investigations by regulators and long periods of repairs.
Unlikely (2)
Enact Category A DRP plan or DRP Plan depending
upon severity
Less than 1 month but
longer term non critical disruptions
Security cameras, PIN
number access, after
hours security, building
secured after hours.
Thorough screening
conducted on all employees
Moderate (3)
Total Loss of Power
Air Conditioning would stop, telephone system would fail,
computers would fail with potential loss of data and lifts
would not work. Unable to continue to work.
Likely (4)
Divert office phone and fax to alternative number, work
form alternative
location until restored.
Less than 1 day provided
power is only lost for minor period
of time
Pay power bills and used
a power interruption device on
server
Minor (1)
Loss Of Office Phones -
Interruption to business, unable to effectively
communicate with customers and suppliers
Likely (4)
Contact to be made using
company mobile
phones, message to be placed on our
line by Telephone
carrier
Less than 1 day provided phones are only lost for minor period
of time
Pay power bills on time and engage
reliable phone service
technician
Minor (1)
Loss of Data Systems /
Virus
Interruption to business, unable to effectively
communicate with customers and suppliers, downtime for
Likely (4) Contact Dancrai, Revert to using our
Less than 7 days
Moderate, we have access
to local servers and off
Minor (1)
Page 22 of 121
staff and unable to meet service standards
paper based files, consider
using alternative
locations and consider DRP
Plan B
site servers and employ
virus software and computer
backups.
Computer / Data Supplier fails to provide
service
Unable to assist in the data recovery Unlikely (2)
Seek alternative supplier
Less than 7 days
Keep records of systems
and maintain and monitor
relationships.
Minor (1)
What Triggers the Disaster Recovery Plan (DRP)?The disaster recovery plan describes what action we will take given a certain set of circumstances and who is responsible for managing the DRP.
We have categorised events into two major sections the first is Category A and is for major disasters that would take a long time to recover from and have a major effect on the business, while category B would be for events that have a lower impact on the business and may only affect a small part of our operations or last less than one day.
Key trigger issues at office premises that would lead to activation of the DRP are listed above:
Category A - Critical Total loss of power Flooding of the premises Loss of the building Fire Act of terrorism
Category B - Moderate Total loss of all communications Evacuation of the building Bomb Scare Break and Enter
Notification of an IncidentWhen an incident occurs the person who has identified the issue should immediately refer the incident to any one of the Internal DRP Contacts (IDRP) and any one of these people are authorised to decide to what extent any DRP must be invoked.
Responsibilities of the IDRP Respond immediately to the incident and if required call emergency services (000)
and ensure staff safety Assess the extent of the disaster and its impact on the business, data centre, etc; Decide which elements of the DRP should be activated; Establish and manage employees to maintain vital services and return to normal
operation; Ensure employees are notified and allocated responsibilities and activities as
required.
IDRP Team ObjectivesThe team will be contacted and their responsibilities include:
Page 23 of 121
Establish facilities for an emergency level of service within 2.0 business hours; Restore key services within 4.0 business hours of the incident; Recover to business as usual within 8.0 to 24 hours after the incident; Communicate with staff, affected clients, referrers and other business partners Coordinate activities with disaster recovery team, first responders, etc.
Emergency Alert, Escalation and DRP ActivationThe IDRP will rely principally on key members of management and staff who will provide the technical and management skills necessary to achieve a smooth technology and business recovery.
Contact with EmployeesManagers will serve as the focal points for their departments, while designated employees will call other employees to discuss the crisis/disaster and the company’s immediate plans. Employees who cannot reach staff on their call list are advised to call the staff member’s emergency contact to relay information on the disaster.
Contact with our borrowers and referrersThe IDRP will take action to notify customers that are affected by the incident, if the incident is likely to affect them for a period of more than 24 hours. This will include:
Asking our website hosting company to make an announcement on our website Sending an email to all customers and referrers who have subscribed to our email
database Asking employees to call customers who have lodged an application that has not
settled but is in process ( this data may need be be recovered from their calendars or server backup, or iphones)
Ask our telephone provider to divert calls to another number or to a call centre
UpdatesFor the latest information on the disaster and the company’s response, staff members can call their reporting line manager for information on the nature of the disaster, assembly sites, and updates on work resumption.
Work ContinuationIf necessary, employees will work from home and continue business as usual until the office premises is re-established. Our daily business processes are conducted via web based applications which all employees can access by using their secure usernames and passwords.
Personnel and Family NotificationIf the incident has resulted in a situation which would cause concern to an employee’s immediate family such as hospitalisation of injured persons, it will be necessary to notify their immediate family members quickly.
Media ContactOnly a Responsible Manager is to coordinate with the media in the event of a disaster.
Insurance
Page 24 of 121
As part of the company’s disaster recovery and business continuity strategies a number of insurance policies have been put in place. These include workers compensation, professional indemnity, contents insurance and business interruption.
If insurance-related assistance is required following an emergency out of normal business hours, please contact: Mark Winwood on 02 9346 8086.
Insurance Summary
Policy Type Insurer Sum Insured Renewable Date Policy Number Contact
PersonContact Number
Professional Indemnity Nova $ 16/10/2013 190527 Mark
Winwood (02) 8251 0000
Fire and Peril (Contents) Business
InterruptionPublic Liability
CGU $ 30/09/2013 SYBP00026371 Mark Winwood (02) 9346 8086
Workers Compensation
Employers Mutual $ NSW 09/10/2013
QLD 13/02/201420W0109897122WAD130212514
Financial and Legal Considerations
Financial AssessmentThe emergency response team shall prepare an initial assessment of the impact of the incident on the financial affairs of the company. The assessment should include:
• Loss of financial documents• Loss of revenue• Theft of cheque books, credit cards, etc.• Loss of cash• Loss of clients files and personal information
Financial RequirementsThe immediate financial needs of the company must be addressed. These can include:
• Cash flow position• Temporary borrowing capability• Upcoming payments for taxes, payroll, commissions, taxes, etc.• Availability of credit cards to pay for supplies and services required post disaster• Insurance policy claims
Legal ActionsThe company management will review the aftermath of the incident and take advice on whether there may be legal actions resulting from the event; in particular, the possibility of claims by or against the company for regulatory violations, etc.
DRP ReviewsWe simulate a DRP exercise whenever it is thought appropriate by the Responsible Managers; this is expected to be when there have been significant staff changes or when a refresher exercise is thought appropriate due to the lapse of time.
Plan exercising ensures that emergency teams are familiar with their assignments and, more importantly, are confident in their capabilities.
Page 25 of 121
Appendix A – Disaster Checklists
Disaster action checklist
1. Plan Initiationa. Notify senior managementb. Contact and set up disaster recovery teamc. Determine degree of disasterd. Implement proper application recovery plan dependent on extent of disastere. Monitor progressf. Contact all necessary personnel both user and data processing and establish
schedulesg. Contact vendors--both hardware and softwareh. Notify users of the disruption of service
2. Follow-Up Checklista. Review the entire DRP b. List teams and tasks of eachc. Create temporary office if requiredd. List all personnel and their telephone numberse. Establish user participation planf. Set up the delivery and the receipt of mailg. Rent or purchase equipment, as neededh. Determine applications to be run and in what sequencei. Identify number of workstations neededj. Check out any off-line equipment needs for each applicationk. Check on forms needed for each applicationl. Set up primary vendors for assistance with problems incurred during emergencym. Check for additional magnetic tapes, if requiredn. Take copies of system and operational documentation and procedural manualso. Ensure that all personnel involved know their tasksp. Notify insurance companies
Page 26 of 121
1. Disaster Recovery Plan for Server (provide copy to Dancrai)
System Details
System Name: mpm-sbs.mortgageport.loc
OVERVIEW: Physical system for SBS 2008 – FSMO, Exchange 2007, Backup, File, DNS, DHCP
PRODUCTION SERVER Location: Communications Room
Server Model: Dell PowerEdge R710Operating System: Windows SBS 2008CPUs: Intel (R) Quad Core E5530 Xeon(R) CPU, 2.40 GHz, 8M CacheMemory: 12GB Memory (3x4GB) 133MHz Dual Ranked RDIMMsTotal Disk: 2 x 146 (15k SAS); 4 x 450(15k) SASService Tag: 2z9p62sSystem Serial #: 6486171652Gateway: 10.1.1.254IP Address: 10.1.1.5Other: DRAC 10.1.1.6Purchase Date: 13/09/2010Warranty Date: 13/09/2013Warranty Type: 4HR (24x7), 4 hours response on-site 24x7
Key ContactDancrai
Offsite Storage Becky Wang
System Recovery ProcedureThe recovery procedure would be managed by our outsourced supplier Dancrai who hold copies of all system requirements.
Scenario 1- Total Loss of DataRestore data from previous working day from the backup tape
Scenario 2 - Total Loss of HardwareContact Dancrai to order new server, estimated delivery time is 1 week. Partially restore mission-critical data from previous working day from the backup tape to mpm-svr2 in the interim.
Page 27 of 121
2. Disaster Recovery Plan for Desktop Environment
SYSTEM: OtherOVERVIEW & EQUIPMENT: 19 Staff including 6 laptop/mobile users
APPLICATIONS IN USE:
• MS Office, Excel, Word, and Outlook• RFS – Online Banking – Adelaide Bank (private WAN linked to Adelaide Bank – requires that VPN to be established with their hardware)• Utilise the O drive for company files• Avaya phone manager – used by Client services/receptionist to manage internal phone extensionsIphones in use with Active Sync for emailDesktop Anti-Virus is ESET NOD32MYOB19.5, 3 users, data files on serverANZ Online – 1 user, internet banking
AD Domain: mortgageport.locDHCP Settings: GW 10.1.1.254DNS: 10.1.1.1, 10.1.1.4
BACKUP STRATEGYAnytime Spare desktop for immediate use if one desktop fails, otherwise we will need to contact IT provider to order several new desktops
DISASTER RECOVERY PROCEDURE
Scenario 1Total Loss of DataAny business data is saved on O drive, no business information is stored on hardware so no recovery option needed.
Scenario 2Total Loss of HWUse spare workstation but if not available order new workstation and rebuild.
Page 28 of 121
3. Disaster Recovery Plan for Firewall
SYSTEM: Cyberoam CR25iaOVERVIEW:EQUIPMENT Location: Communications Room
Model No: CR25iaSystem Serial #: C047500604-8JJOF3IP Address (internal): 10.1.1.254/24
IP Address (external): 211.26.160.155/29
Gateway: 211.26.160.153Purchase date: 18/11/2010Warranty date: 18/11/2013Web Management (internal): http://10.1.1.254:8080 (HTTP) https://10.1.1.254:10443 (HTTPS)
Web Management (external): https://211.26.160.155:10443
Key Contact is: Dancrai
Backup StrategyDaily when a change is implemented, the new configuration is backed up Monthly When a change is implemented, the new configuration is backed up
Quarterly when a change is implemented, the new configuration is backed up
DISASTER RECOVERY PROCEDURE
Scenario 1Total Loss of NetworkNone
Scenario 2Total Loss of HWIn case of hardware failure, another device could be ordered with the same configuration and loaded with the backed up configuration of the failed firewall.
Page 29 of 121
4. Disaster Recovery Plan for Voice Communications
SYSTEM: Avaya IP OfficeOVERVIEW:EQUIPMENT Location:
Communications Room
Device Type: PABXModel No.: IPO 500Network Interfaces: ISDNIP Address: 10.1.1.11KEY CONTACTS Nick Criniti – Mobile: 0418 413 333Hardware Vendor: AVAYASystem Owners: MortgageportDatabase Owner: MortgageportApplication Owners: MortgageportSoftware Vendors: AvayaOffsite Storage: FonecomNetwork Services: Primus
Backup StrategyDaily Database on mpm-svr2Monthly Database on mpm-svr2Quarterly Database on mpm-svr2
Disaster Recovery Procedure
Scenario 1Total Loss of Switch Carrier Provider to divert all calls to either Call Centre or selected mobile phones
Scenario 2Total Loss of NetworkNone
Page 30 of 121
5. IT infrastructure
Photographs of our Hardware Infrastructure
MPM-SBS server Modems for Connections Server Room (modem)
Phone Switch Board Gigaswitch Board General User Desktop
Client Services Desktop General User Desktop General User Desktop
6. Software Infrastructure
All software configurations and licences are held by Dancrai – please refer to Dancrai for further information on this list.
Page 31 of 121
Section 4 – CUSTOMER DISPUTE RESOLUTION
Internal Dispute Resolution (IDR)
As part of our licensing and compliance practices we are required to have in place an Internal Dispute Resolution Process (IDR.) We review this procedure annually to ensure it remains appropriate for our business. Our customers are informed of our dispute resolution procedure and information about the process appears on our web site.
Our appointed credit representatives are also required to have their own IDR procedure and to provide evidence of this each year upon their review.
Our complaints register is established and held on our computer server saved in O drive: /Compliance/Registers/Internal Complaints Register and is maintained by the Client Services Manager and checked annually by the compliance manager. We also have created a separate account in MYOB to keep track of any moneys refunded as a result of disputes.
It is preferable to Mortgageport that we attempt to resolve a complainants issue through our IDR process. There is a cost to us if the complaint is lodged to the Office of the Ombudsman. It is Mortgageport’s general approach to resolve issues in a friendly way that maintains positive relations with our borrowers wherever possible without compromising on our core values.
Our Internal Dispute Resolution Process
Making Customers Aware of the IDRWe make customers aware of our IDR by providing them the information in the Credit Guide which is provided to each borrower at settlement as well as publishing the information on our web site.
Methods by which a borrower can lodge a complaint
Borrowers may lodge a complaint by any of the following methods: Telephone Email to [email protected] Letter to our PO Box Speaking with any staff member who may then refer the matter to our Complaints
Officer – Gloria Lawrence
What to do when a complaint is received
Step 1 – Record the complaintAny internal complaint that we receive, by any of the above methods, is to be recorded in our IDR complains register. The register records the following information:
Date of Complaint Name of Complainant Type of Complaint Acknowledged Receipt Date Result of the Investigation
Page 32 of 121
Complainant Advised Date ( of outcome )
Step 2 – Review the complaintOnce the complaint has been registered it will be reviewed by our complaints officer who will investigate the merits of the complaint and then document the findings, provided the complaint is not against the complaints officer.
Step 3 – Decide on ActionThese written findings will be then passed onto one of Mortgageport’s Responsible Managers for a decision on what action (if any) Mortgageport should take to address the borrowers concerns.
Step 4 –Notify the Person who lodged the complaintOnce a decision has been made the borrower will be advised in writing that we have investigated their complaint and tell them what action we are taking. We will also advise them of their right to refer the complaint to our External Dispute Resolution Process if they are still unsatisfied with our decision.
If the dispute is not resolved under our internal dispute resolution process (IDR), then the complaint may be lodged to the Office of the Ombudsman as an external dispute. Before a complaint can be lodged with the Ombudsman it must first have gone through our internal dispute process.
Notifying ASIC of Complaints Register ActivityEach year we are required to formally notify ASIC and provide them with a record of complaints received as part of our annual renewal
External Dispute Resolution (EDR) membership
We are members of the Credit Ombudsmen Service Limited (COSL). Our credit representatives are also required to be members of COSL.
Mortgageport Management Pty Ltd membership number is 400245. This is renewed annually in July (see Item 2)
Page 33 of 121
Section 5 – RESPONSIBLE LENDING DISCLOSURE OBLIGATIONSIntroduction
The National Consumer Credit Protection (NCCP) was introduced in October 2011 to provide a National set of rules and regulations for the consumer credit industry.
The NCCP Act implements new compliance obligations for businesses and people who engage in credit activities and includes:
Registration with ASIC Holding an Australian Credit Licence An obligation to engage in responsible lending Membership of EDR; and Complying with the National Credit Guide
Visit the ASIC website at www.asic.gov.au for further information on these requirements.
In order to fulfil the requirement to engage in responsible lending, certain disclosure documents must to be provided to borrowers at different stages throughout the credit process. This section of the compliance plan sets out the way in which Mortgageport deals with these disclosure requirements. We have sought advice from Gadens lawyers regarding these procedures.
Overview
The general intent of this legislation is to protect consumers and to make Mortgage Mangers, lenders or other industry participants responsible for ensuring that a lending product is NOT unsuitable.
This involves a number of steps, which now places a responsibility on Credit Advisors to NOT turn a blind eye to the facts and:
Make inquiries about the borrowers financial position and objectives Make an assessment about whether a lending product is Not Unsuitable Take steps to verify the borrowers financial position Make disclosures to the borrower
Process
Page 34 of 121
Disclosure Documents and brief summary of their use
Credit Guide 1 This is required when Mortgageport is not customer facing regardless of the loan source. Although we are not required to provide this document where we are client facing (Credit Guide 2A complies with this obligation) we are required to provide it when we act as a Mortgage Manager and are NOT Customer facing. In order to simplify our procedures we have decided to provide this with our settlement letter in every instance.
Credit Guide 2AThis is required when Mortgageport is customer facing and acting as a Mortgage Manager through our lenders Adelaide Bank, Advantedge or Firstmac.
Credit Guide 2BRequired to be used by our Appointed Credit Representative when customer facing regardless of whether providing a managed loan or a loan through another lender (FAST)
Mortgageport QuoteRequired to be used where Mortgageport charges a fee for service (eg: brokerage or arrangement fee) which would be rare. Note: The charging of an application fee or the charging of a loan establishment fee is which is noted on the credit contract is NOT regarded as charging a fee for arranging credit and therefore a quote is not required to be provided if these are the only types of fees applicable.
Proposal Disclosure DocumentRequired to set out the terms of any loan agreement. This document explains what commissions we are receiving or paying to introducers (if applicable). This document is required to be sent out to the borrower at the time we lodge an application.
From the 1st October 2013, all Product Disclosure Documents along with the relevant credit guide are to be emailed to the borrower from Loan Works by the Credit Team so that there is an audit trail available. (Note: prior to this the PDD and Credit Guide were sent via email and cc’d to Compliance mail box as proof the borrower had received them).
Definitions
What is providing Credit Assistance?A person is considered to be providing credit assistance if, in the course of or incidentally to a business, the person:
Suggests or assists a consumer to apply for a particular credit contract or a lease with a particular credit provider
Suggests or assists a consumer to apply for an increase to the credit limit of a particular credit contract or a particular credit provider
FACT FIND Includes the
Application form and other relevant
information
PRELIMINARY ASSESSMENT
Involves considering both the
Current situation and Excepted future events to make sure they are unlikely to encounter financial
hardship
VERIFICATIONIncludes verifying
borrower information and keeping records of each step in the
process
DISCLOSURE DOCUMENTATION
provide Documentation to
the borrower throughout the
process
Page 35 of 121
Suggests that the consumer remain in a particular credit contract or lease with a particular credit provider
What is Customer Facing?The term customer facing is where we are providing credit assistance – this is where a member of the Mortgageport team is dealing directly with the borrower either face to face, by telephone or email.
We are not customer facing when the customer deals with an external mortgage broker and that broker completes the application and submits it to us as the mortgage manager.
NB: If a mortgage broker refers the customer to us and we complete the application with the borrower, i.e. the broker acts as a referrer and not as a broker, Mortgageport becomes customer facing.
When are documents provided?
There are a number of circumstances where the documentation required to be provided by Mortgageport varies, these are explained below.
Types of Client Interactions
Type 1 - Mortgageport Acts as Mortgage Manager and is Customer facing
Where Mortgageport is acting as a mortgage manager (not a mortgage broker using Mortgageport Origination Pty Limited) and is customer facing. Under these circumstances we are required to provide:
Credit Guide 2A Proposal Disclosure Document (PDD) Quote (if required) Credit Guide 1 (as noted above this is not strictly required but we provide it on all loans
to simplify our processes)
Steps (Time Line) for a typical customer facing managed loan
1. Talk to borrower about a potential loan and complete a fact find to comply with responsible lending requirements.
2. Give to each borrower Proposal Disclosure Document at the time application is lodged. As noted above from 1st October 2013 this is emailed to the borrower from the Loanworks system.
3. Provide credit recommendation.
4. When ready to apply for a loan provide Credit Guide 2A to the borrower – this would typically be before but at the same time we complete the application form. This is sent with the PDD via Loanworks by the Credit Team.
5. Provide Quote (if we are charging fees) which would be rare. This must be handed over before submitting the loan application, must be signed by each borrower and dated. Each borrower must be given their own copy to keep.
Page 36 of 121
6. Provide a copy of Credit Guide 1 with the ‘welcome letter’ after loan settlement
Type 2 - Mortgageport Acts as a Mortgage Manager but is NOT Customer Facing
(E.g. Appointed Credit Representative or broker introduced business)
Where Mortgageport is acting as a Mortgage Manager and has been provided with the application from a Mortgage Broker we are only required to provide the borrower with a copy of Credit Guide 1 at the time of settlement, because we assume that the Mortgage Broker would have provided the customer with required documentation as they are deemed to be customer facing. (As mentioned in the section above we comply with this our part of our obligations by sending out Credit Guide 1 in all instances at settlement).
For an appointed credit representative the disclosure documents must be provided from the credit representative. It is Mortgageport’s responsibility to ensure that any representative complies with the credit legislation. In order to do this our credit representatives use the Meteor System to provide disclosure documents to the customer and we monitor and track this through Loanworks in the same way we do when Mortgageport is customer facing. (see Monitoring and Reporting Section - hindsight compliance review for details)
Type 3 - Mortgageport acts as a Mortgage Broker (FAST) and is Customer Facing
When we act as a mortgage broker we use our subsidiary company Mortgageport Origination Pty Limited. This company is an Appointed Credit Representative of Mortgageport Management Pty Limited.
Under these circumstances we are required to provide:
Credit Guide 2B (as a broker) Proposal Disclosure Document (PDD). Quote (if required) Credit Guide 1 (as noted above this is not strictly required but we provide it on all loans
to simplify our processes)
Steps (Time Line) for a typical customer facing brokered loan
1. Talk to borrower about a potential loan and complete a fact find to comply with responsible lending requirements
2. When ready to apply for a loan provide Credit Guide 2B to the borrower – this would typically be before but at the same time we complete the application form. This is sent with the PDD via Loanworks.
3. Provide Quote (if we are charging fees) which would be rare. This must be handed over before submitting the loan application, must be signed by each borrower and dated. Each borrower must be given their own copy to keep.
4. Give to each borrower Proposal Disclosure Document at the time application is lodged. As noted above from 1st October 2013 this is emailed to the borrower from the Loanworks system.
Page 37 of 121
Legal Advice Received Regarding Responsible Lending
Disclosure of Commissions by a Mortgage Manager
According to legal advice obtained from Gadens lawyers on the 3rd August 2012 (by email) we are exempted from disclosing commissions we are entitled to receive in this document provided we meet all of the following:
commission is worked out on the difference between the interest rate charged to the mortgage manager by the credit provider or lessor and the interest rate payable by the consumer
the mortgage manager has day to day management of a loan
the mortgage manager gives credit assistance in relation to a managed contract (ie the mortgage manager is customer facing and is not marketing through brokers)
the mortgage manager told the consumer:
o about the written management agreement; and
o that the mortgage manager is not acting for the consumer in relation to the managed contract;
the maximum cost and the maximum interest rate are published on the credit provider’s or lessor’s website [Treasury has indicated that this will be changed to the manager’s website], and
the mortgage manager cannot increase the interest rate above the interest rate published on the web site.
Proposal Disclosure Document Issuance
The following legal advice was received from Gadens on 12th November 2013 from Amy Ciolek (via email).
Timing of issuing a PDDA credit assistance provider (broker or customer facing MM) must give a Proposal Disclosure Document at the same time as providing credit assistance (NCCP s121). This would be either when the application form is being completed, or when you suggest to the borrower a particular loan with a particular lender.
It would be acceptable to give the PDD before you process the application fee.
When a PDD needs to be reissuedThe objective of a PDD is to disclose commissions and third party fees. So, there is no need to reissue the PDD when the loan terms change, although the borrower should be informed of change. As the PDD has to be given when credit assistance is given, you can’t issue another after credit assistance is given. It will no longer be a complying PDD. So a PDD should only be reissued if there is a new different credit assistance activity occurring. For example, assistance is provided in relation to a different product with the same or a different
Page 38 of 121
lender. Changes to information specified in the PDD should be advised by email or similar, but not in a replacement PDD.
We do not know when in your process LW system sends the PDD, but in general, in respect to your examples, we would think that a PDD is only issued when you first assist the borrower lodge their application form. If any of the following information changes, you should probably inform the borrower with an email or letter.
Interest rate goes down Loan value goes down Mortgageport commissions change (these are not disclosed on PDD) Interest rate increases Loan value goes up Fees change (eg. Mortgage insurance now payable) Referrer commission rate changes
You may make a commercial decision not to inform the customer if the change is in their best interest, for example, the interest rate goes down.
Additional follow up advice received 15th November 2013
Thanks for calling on Wednesday. Just to summarise the call and respond to your email, credit assistance can be defined as when you submit the loan application to the lender. Prior to this time, the borrower has not committed to going ahead with any loan, they may change their mind, or change product. Collecting the information prior to providing credit assistance can be administrative, and the information can probably be used to apply for any credit product. You said The Sales team are arguing that the credit assistance has already been given at this stage (particularly with the transfer of information to the credit team) and therefore we are not meeting our obligations. We are not sure of Mortgageport’s precise process, but if all the sales team are doing is collecting information so that the credit team can conduct a suitability assessment, the sales team are not providing credit assistance. The credit assistance cannot occur until a suitability assessment has been conducted. If the sales team are conducting the preliminary suitability assessment, and do determine that the credit is not unsuitable, then anything after that will be credit assistance. If the consultant accidently fails to disclose commission in the proposal disclosure document, the PDD breaches the NCCP. The breach should promptly be remedied by issuing a correct PDD.
Page 39 of 121
Work Flow for Issuing PDD and Credit Guide
Changes advised to customer by email or approval letter NO new PDD
Credit Team advises Sales Consultant to
amend PDD
PDD IncorrectPDD Correct
Credit team emails the PDD and credit Guide to the customer via LW
Meteor sends an email to Processing inbox with PDF file
attached
Processing upload PDF file containing PDD and Credit guide
into LW
Sales consultant hits CREATE button in Meteor
Sales consultant completes PDD and Credit Guide in Meteor
Credit team reviews PDD to ensure details are correct
Loan product changes with the same or different borrower
Information changes in respect of the loan (refer legal advice for examples)
Page 40 of 121
Mortgageport Management Pty Limited ACN 082 733 679Level 7, 68 Alfred Street, Milsons Point NSW 2061
Credit Guide 1 (Template)
Welcome to Mortgageport. We are one of Australia’s leading and longest operating mortgage managers. We provide specially designed finance for our customers. We are a member of the MFAA (Mortgage and Finance Association of Australia), Australia’s peak industry body for the mortgage and finance industry.
We are licensed to arrange loans and leases under the National Consumer Credit Protection Act 2009 (NCCP Act). The NCCP Act regulates the activity of lending, leasing, and finance broking. Our Australian Credit Licence number is 386360.
We will be managing the loan you have taken out. You should contact us about your loan, including issues relating to repayments.
Our internal dispute resolution schemeWe hope you are satisfied with our services. If you have any complaints regarding our conduct you should notify us by contacting our Complaints Officer by:
telephoning (02) 9466 8200 e-mailing [email protected] writing to PO Box 51, Milsons Point NSW 1565 speaking to any representative of our business who will refer you to the Complaints
Officer, details of whom are shown above.
You should explain the details of your complaint as clearly as you can. You may do this verbally or in writing.
When we receive a complaint, we will attempt to resolve it promptly. We hope that in this way we will stop any unnecessary and inappropriate escalation of minor complaints.
Our external dispute resolution schemeIf we do not reach agreement on your complaint, you may refer the complaint to an ASIC Approved External Dispute Resolution (EDR) Scheme. Our external dispute resolution provider is COSL (Credit Ombudsman Services Limited) phone 1800 138 422, www.cosl.com.au. External dispute resolution is a free service established to provide you with an independent mechanism to resolve specific complaints. You can request further details about our dispute resolution procedures and obtain details of our privacy policy.
Questions?If you have any questions about this credit guide or anything else about our services, just ask at any time. We’re here to help you.
Page 41 of 121
Credit Guide 2A Template
Saved as a pdf: O:\APPLICATION FORMS\Credit Guides
Page 42 of 121
Credit Guide 2B (Template)
[INSERT CREDIT REPRESENTATIVE’S NAME AND ACN][INSERT ADDRESS]Phone: 02 9466 8200 E-mail: [email protected] Representative Number XXX
CREDIT GUIDE
Thank you for contacting [INSERT CREDIT REP NAME]
[INSERT CREDIT REP NAME] is a credit representative of Mortgageport Management Pty Limited ACN 082 733 679 Australian Credit Licence number is 386360. Mortgageport Management structures, markets and manages the Mortgageport range of loans and also arranges loans from third party funders.
As a credit representative, we are authorised to arrange loans and leases under the National Consumer Credit Protection Act 2009. The NCCP Act regulates the activity of lending, leasing, and finance broking.
We will need information from you
Under the NCCP Act, we are obliged to ensure that any loan or principal increase to a loan we help you to obtain is not unsuitable for you. To decide this, we may need to ask you some questions in order to assess whether the loan is not unsuitable. The law requires us to:
make reasonable inquiries about your requirements and objectives;
make reasonable inquiries about your financial situation;
take reasonable steps to verify that financial situation.
Credit will be unsuitable if at the time of the assessment, it is likely that at the time the credit is provided:
you could not pay or could only pay with substantial hardship;
the credit will not meet your requirements and objectives.
For example, if you can only repay by selling your principal place of residence, it is presumed that the loan will cause substantial hardship unless the contrary is proved. For this reason we must ask you to provide a significant amount of information. It is therefore very important that the information you provide us is accurate.
We must provide you with a copy of our preliminary credit assessment of your application if you ask within 7 years of when we assist you. We are only required to give you a copy of the credit assessment if we give you credit assistance.
Page 43 of 121
If we arrange a loan for you to purchase or refinance real estate, remember you must make your own enquiries about the value of the real estate and its potential for future growth. Although we may obtain a valuation, that is for our own use and you should not rely on it.
Fees payable by youWe usually do not charge you for our services because we are paid commission by the financier. However, you may need to pay the financier’s application fee, valuation fees, and other fees.
Commissions received by usWe may receive commissions or management fees from the lenders who provide finance for you as our customers. These fees may be shared between Mortgageport and the credit representative. These are not fees payable by you. You may obtain from us information about a reasonable estimate of those commissions and how the commission is worked out.We have a volume bonus arrangement in place with under which those financiers may pay us additional commission depending on the total volume of business we arrange with them.
Commissions payable by us We source referrals from a broad range of sources. For example, we may pay fees to call centre companies, real estate agents, accountants, or lawyers for referring you to us. These referral fees are generally small amounts and accord with usual business practice. These are not fees payable by you. You may, on request, obtain a reasonable estimate of those commissions and how the commission is worked out.
Our internal dispute resolution schemeWe hope you are delighted with our services, but if you have any complaints you should notify us by contacting our Complaints Officer by:telephoning (02) 9466 8200e-mailing [email protected] to PO Box 51, Milsons Point NSW 1565or by speaking to any representative of our business who will refer you to the Complaints Officer.
You should explain the details of your complaint as clearly as you can. You may do this verbally or in writing.
When we receive a complaint, we will attempt to resolve it promptly. We hope that in this way we will stop any unnecessary and inappropriate escalation of minor complaints. Our external dispute resolution scheme
If we do not reach agreement on your complaint, you may refer the complaint to an ASIC Approved External Dispute Resolution (EDR) Scheme. Our external dispute resolution provider is COSL (Credit Ombudsman Services Limited) phone 1800 138 422, www.cosl.com.au. External dispute resolution is a free service established to provide you with an independent mechanism to resolve specific complaints. You can obtain further details about our dispute resolution procedures and obtain details of our privacy policy on request.
Things you should knowWe don’t make any promises about the value of any property you finance with us or its future prospects. You should always rely on your own enquiries.
Page 44 of 121
We don’t provide legal or financial advice. It is important you understand your legal obligations under the loan, and the financial consequences. If you have any doubts, you should obtain independent legal and financial advice before you enter any loan contract.
Questions?If you have any questions about this credit guide or anything else about our services, just ask at any time. We’re here to help you.
Page 45 of 121
Proposal Disclosure Document
Page 46 of 121
Page 47 of 121
Section 6 - CHECK LISTS AND ADDENDUMS
Item 1 - Credit licence
This is a copy of our credit licence and the conditions; this is stored as an image on our server with the original document displayed in our reception area.
Page 48 of 121
Item 2 – Copy of our EDR Membership
Page 49 of 121
Item 3 - Compliance Summary Checklist
This is an overview document and a reminder to the Directors to check that Responsible Managers are discharging their responsibilities correctly. It is provided each month to the Company Directors with the financial statements and KPI’s. It is saved on our server path o:/compliance/checklist
Compliance Summary ChecklistCO
MPLIANCE SUM
MARY REG
ISTER
Review PeriodNext Due Date
Date Last Completed
Next Due DateDate Last Com
pletedNext Due Date
Date Last Completed
COM
PANY LODG
EMENTS
Annual Tax ReturnAnnually
31-Mar-14
14-Dec-12
31-Mar-14
14-Dec-12
31-Mar-14
14-Dec-12
ASIC Annual Company Return
Annually26-M
ay-131-Jun-12
7-Jul-1323-Jul-12
30-Jun-1317-Jul-12
Australian Credit LicenceAnnually
6-Dec-13
16-Jan-13
BAS Q
uarterly returnQ
uarterly28-Feb-13
25-Oct-12
28-Feb-1325-O
ct-1228-Feb-13
25-Oct-12
Change of Address of Companies
As Required
28 Days
28 Days
28 Days
Change of company nam
eAs R
equired14 D
ays14 D
ays14 D
aysChange of Details of O
fficersAs R
equired28 D
ays28 D
ays28 D
aysChange to Share Structure
As Required
28 Days
28 Days
28 Days
Days of Notice to Annual General M
eetingsAnnually
1-Aug-13-
--
-FBT Annual Return
Annually21-M
ay-1321-M
ay-12
Final Dividend Declared
AnnuallyIs this needed
Payroll Tax Annual Reconciliation
Annually21-Jul-13
23-Jul-12Statutory Accounts
Annually1-O
ct-1314-D
ec-121-O
ct-1314-D
ec-121-O
ct-1314-D
ec-12
MANAG
EMEN
T REVIEW
S
Car Park LevyAnnually
before 1/9/20131-Sep-12
Company Budgets
Annually31-M
ay-1329-Nov-11
Human Resources M
anual ReviewAnnually
31-Jan-1301-Nov-12
IDR Register ReviewAnnually
6-Dec-13
14-Dec-12
Monthly Accounts
Monthly
15th of each month
15-Nov-1215th of each m
onth15-Nov-12
15th of each month
15-Nov-12M
onthly Financials and KPI's
Monthly
3rd Thurs of every month
3rd Thurs of every month
3rd Thurs of every month
3rd Thurs of every month
3rd Thurs of every month3rd Thurs of every m
onthO
ccupational Health and Safety (Internal Review)Annually
Sept of each year18-O
ct-11Sept of each year
18-Oct-11
Sept of each year18-O
ct-11Staff Perform
ance ReviewsSem
i- Annually31-M
ar-1301-Sep-12
Training RegisterQ
uarterly31-M
ar-1331-D
ec-12
INSURANCE REVIEWS
Business General Insurance
Annually30-Sep-13
1-Oct-12
30-Sep-131-O
ct-1230-Sep-13
1-Oct-12
Key Man Insurance (G
len Spratt)Annually
15-Feb-1315-Feb-12
Managem
ent Liability InsuranceAnnually
08-Oct-13
9-Oct-12
8-Oct-13
9-Oct-12
8-Oct-13
9-Oct-12
Pofessional Indemnity Insurance
Annually16-O
ct-1316-O
ct-1216-O
ct-1316-O
ct-1216-O
ct-1316-O
ct-12W
orkers Compensation - NSW
Annually01-Jul-13
9-Oct-12
Workers Com
pensation - QLD
Annually01-Jul-13
13-Feb-13
COM
PLIANCE REVIEWS
Appointed Credit Representative ReviewSem
i- Annually30-Jun-13
16-Jan-13Breach Register Review
Annually30-Jun-13
16-Jan-13Brokers Review
Semi- Annually
30-Jun-1316-Jan-13
30-Jun-13Com
pliance Plan ReviewAnnually
31-Jan-1430-Jan-13
COSL Renewal
Annually30-Jun-13
30-Jun-1222-Jul-13
22-Jul-1220-Jun-13
20-Jun-12Disaster Recovery Plan review
Annually31-Jan-14
16-Jan-13Hindsight File Com
pliance ReviewQ
uarterly31-Jul-12
27-Jul-12M
FAA RenewalAnnually
30/08/201331-Aug-12
NCCP Compliance Review
Semi- Annually
31-Jul-13In progress
Privacy Policy ReviewAnnually
31-Jan-14R
eviewing w
ith Gadens
MP M
ortgages Pty LtdM
ortgageport Managem
ent Pty LtdM
ortgageport Origination Pty Ltd
Task
Page 50 of 121
Item 4 – NCCP Compliance Checklist
This checklist is used every 6 months for the Responsible Managers to confirm we are complying with our credit licence requirements. Once completed the form is saved on our server.
Path: o:compliance/compliance plan/NCCP Compliance Checklist
Item Comments Date Completed
1) Is our licence appropriate to our Business activities?a) Has there been any change to our business
activities since the last review date?2) Is the Compliance Plan up-to-date and saved on the
Mortgageport website?a) Does the plan correctly list the fit and proper
people in the business?3) Have appropriate checks been carried out before
hiring key people (responsible manager or mortgage consultant) and do we review these checks from time to time?
Checks includei) Educational qualificationsii) Previous employers referencesiii) Police Check (not more than 12 months old)iv) Credit history report (not more than 3
months old)v) No conflict of interest declared (signed
annually)vi) No disqualification/problems in the last 10
years or an adequate explanation obtained4) Have credit representatives complied with credit
legislation including:a) COSL renewedb) PI Insurancec) MFAA membership or equivalentd) Adequate training completed and monitored
5) Has the training register been maintained for all representatives (employees and reps)?
6) Have Hindsight compliance reviews been carried out and breach register maintained and reviewed by a responsible manager?
7) Has the IDR scheme been reviewed and register of disputes maintained?a) Has a responsible manager reviewed the
register and how disputes have been resolved?8) EDR Membership renewed?9) Professional indemnity insurance maintained and
renewed?10) Do we have a process for ensuring we deal only
with licensees or credit representatives in relation to credit activities?
Page 51 of 121
11) ASIC reporting – have we ensured that all changes have been reported to ASIC as required?a) Appointment of or changes to credit
representatives (28 days)b) Lodgement of Annual compliance certificate
(ACL) within 45 days of anniversary of the grant of licence
12) Have our Credit representatives been properly appointed?a) Relevant checklist used for all appointments
13) Have our Mortgage Brokers been properly appointed?a) Relevant checklist used for all appointmentsb) Signed origination agreement on file
14) Does the business have adequate resources?a) Monthly financial resourcesb) ITc) Human resources
15) Are processes in place to retain records (other than financial) for 7 years?
16) Are procedures in place to ensure compliance with responsible lending requirements (ie. Not make unsuitable loans)?
17) Are procedures in place to ensure we comply with disclosure requirements when writing loans?a) Credit Guideb) Proposal disclosure documentc) Quote
18) Have we included our ACL number on all necessary correspondence?a) Responsible lending disclosure documentsb) Print adverts that relate to the provision of
regulated creditc) Documents required to be created by a
provision of the NCCPd) Documents lodged with ASIC that relate to the
provision of credit
Reviewed by …………………………………………
Signed ………………………………………………. Date………………..
Page 52 of 121
Item 5 – Hindsight Compliance Review ChecklistHindsight Compliance Review Check List
Date of Compliance Review
File No. (Dealing No.)
File Surname
Mortgage Consultant (Sales Consultant)
Credit Assessor (Owner)
Referrer Name
Referrer Category
Documents Reviewed Yes/No Follow Up / Comments
Section One - NCCP ComplianceFact Find(Filename: FF Surname XX & XX MMYY)Preliminary Assessment Form(Filename: PAF Surname XX & XX MMYY)Proposal Disclosure Document(Filename: PDS Surname XX & XX MMYY)Correct Credit Guide Issued(Filename: CG Surname XX & XX MMYY)Application Form & Privacy Act Signed(Filename: AF Surname XX & XX MMYY)Conflict of Interest Declared (if applicable)(Filename: COI Surname XX & XX MMYY)
Section Two – Credit File100 point ID properly executed(Filename: 100PT Surname XX & XX MMYY)
Loan Contract(Filename: LC Surname XX & XX MMYY)Valuation(Filename: VAL Surname XX & XX MMYY)
Section Three – OtherCorrect Calculation of Commission ReceivedCorrect Calculation of Commission PaidReferral /Broker/Credit Rep agreement in placeCommission Payable Disclosed in PDSOn Boarding Procedures Followed
I confirm that I conducted a hindsight audit of this file and the above observations were made and that my audit was not influenced by any other employee, referrer, Company Director of related party.
Signed…………………………
Page 53 of 121
Item 6- Compliance with other Credit Laws
This checklist is used each year in late January to confirm that a Responsible Manager has reviewed the below
ITEM STATUS
Privacy Act Rules for retaining information Rules for release of information Privacy consent for our own use
Is privacy policy up to date?
Ensure comparison rate disclosure in advertisements?
Ensure no unfair contract terms in our documents?
Compliance with MFAA Code of Practice?
Do we comply with ‘door to door sales’ legislation?
Do we undertake any activities for which an AFSL is required?
Are our AML/CTF(Anti-Money Laundering and Counter Terrorism Financing Rules) procedures appropriate?
I......................................................................confirm that I have completed this checklist honestly and completely with the information I had available to me.
................................................................................ / /Signature
Countersigned by Director................................................................................ / /
Page 54 of 121
Item 7 - Appointment of an Authorised Credit Representative ChecklistThis document is saved in O/Compliance/
Page 55 of 121
Page 56 of 121
Item 8 - Mortgage Broker Accreditation ChecklistThis document is saved in O/Compliance/
Page 57 of 121
Page 58 of 121
Item 9 – Referrer Checklist
Page 59 of 121
1Item 10 - Appendix A – Loanworks Introducer Module
When an Introducer (regardless of whether they are a referrer, broker or authorised representative) has agreed to introduce loans to Mortgageport, we need to enter their details via the Introducer module on Loanworks. Only certain authorised Mortgageport employees have access to the introducer module (i.e., finance/accounting and the administrator) to maintain the integrity of the data.The following information must be added:
Introducer Details – the entities full name that we have a contract withContact Details – the primary contact person for the IntroducerPersonal Details* (*indicates not mandatory)General Details Introducer Group (these are grouped by the state they are in)Introducer Status (active or inactive, a pre-determined date can be set for when they will be active or inactive)Business AddressPostal AddressIndustry Membership Details +ASIC Registration Details +AML Accreditation Details +Certificate IV Details +Insurance DetailsGeneral Accreditation DetailsExternal Dispute Resolution Scheme +Banking DetailsAccount Code DetailsWeb Broker Details +Commission Details
On the left hand side of the screen we have a sub-menu consisting of ‘Details’, ‘Notes’ and ‘Attachments’.
+ indicates not required for referrers of business ( a referrer is someone who does not give credit advice – eg: an accountant who refers their client to Mortgageport)
1
Page 60 of 121
Once we have entered in all the relevant details for the new introducer, we can click on the ‘Notes’ button which will bring us to this screen.
To make sure that we are aware of the anniversary dates of renewals we can ‘Add new introducer note’ where we can set email reminders to a nominated person in finance/accounting. This person will follow up on the renewal and make sure that we obtain an up-to-date certificate or renewal information and update the record accordingly on LoanWorks.
Page 61 of 121
We can also upload copies of their certificates for our records and for ease of access onto LoanWorks. We do this by clicking on ‘Attachments’ on the left hand side sub menu.
Page 62 of 121
Item 11 - Appointment of Company Credit Representative Agreement
APPOINTMENT OF CREDIT REPRESENTATIVES - COMPANIES
Under this document we appoint your company as our credit representative.
You should check all the information in this document is correct, have it fully signed, retain a copy, and return it to us. We will notify ASIC of the appointments.
Information Schedule
Our details (us/we): [NAME] [ADDRESS] [ACN] [REGO/LICENCE NUMBER]
Your details (you): [NAME] [ADDRESS] [ACN] [CREDIT REP NUMBER]
EDR Scheme: Membership number:
PI Insurer: [if covered by licensee’s insurance insert “N/A – covered by licensee’s policy”] Policy No:
Amount of cover: Expiry date:
Loan writers who areDirectors: [NAME] [ADDRESS]
Employees: [NAME] [ADDRESS]
1. Appointment of you as our credit representativeWe hereby appoint you to engage in the credit activities specified in Schedule 1 on our behalf. You accept this appointment and agree to the terms of this document by signing and returning this document. Your appointment commences on a date we notify you after we have received this document which has been signed by you, any other credit representatives, and any guarantors. We may terminate or amend your appointment at any time.
2. Information about you
You and each Delegate represent and warrant to us that you:
are not subject to a banning order or disqualification order in relation to any credit activities
are a member of the ASIC approved EDR scheme specified in the Information Schedule
are not banned from engaging in a credit activity under a law of the state or territory
if a company, none of your directors, secretaries, employees or senior managers who perform duties in relation to the credit activities are subject to any order under the Crimes (Criminal Organisations Control) Act 2009 (NSW) or the Serious and Organised Crime (Control) Act 2008 (SA)
Page 63 of 121
are not registered, licensed, or appointed (other than pursuant to this document) as a credit representative under the National Consumer Credit Protection Act 2009 Cth).
3. Conduct as a credit representative
You:
must conduct business as our credit representative in accordance with procedures specified by us from time to time
upon our request, must provide any information or documents requested by us regarding activities as our credit representative
are liable for any breach of any law including the National Consumer Credit Protection Act 2009 (Cth) arising from your or your conduct or inaction
must not accept appointment as a credit representative of any other licensee or obtain an Australian Credit Licence without our prior written consent
acknowledge that the appointment as our credit representative does not make you our employee or general agent
acknowledge that as our credit representative you will provide services to our panel lenders and other members of the public as authorised by us from time to time
authorise us to lodge any returns at ASIC regarding your apppointment, termination, change to particulars, or otherwise connected with any appointment as our credit representative.
4. Claims and breaches
You must promptly inform us of:
any claim that is made or threatened against you; and
any breach of any law, including in particular the National Consumer Credit Protection Act 2009 (Cth)
in respect of the conduct of your business as our credit representative.
5. PI insurance
If the Information Schedule indicates that you are to take out professional indemnity insurance:
you warrant that the insurance details specified in the Information Schedule are correct
you must maintain the professional indemnity insurance for six years after you cease to be our credit representative
Page 64 of 121
you must not change the terms of the professional indemnity insurance without our prior written consent.
6. EDR membership
You must maintain membership of the ASIC external dispute resolution scheme specified in the Information Schedule (if any) throughout the term of appointment as our credit representative and for at least one year after termination of appointment.
7. Notification of change
You must inform us promptly and in any event within two business days of any change to your name or business address.
8. Indemnity
You hereby indemnify us on a continuing basis against all or any actions, suits, claims, demands, losses, damages, liabilities, costs and extensions of any nature (including without limitation civil and criminal penalties) suffered or incurred by us at any time actually or contingently arising directly or indirectly out of your conduct as our credit representative. This indemnity continues despite the termination of your appointment as our credit representative.
9. Additional obligations
The obligations set out in this appointment are in addition to any obligations arising under any other documents or arrangements between us. For example, if there is an origination agreement between us, the obligations in this document are in addition to those set out in the origination agreement.
Signed on behalf of LICENSEE:
Date Authorised officer
Print name
Signed on behalf of BROKER COMPANY:
Secretary/Director Director
Print name Print name
Page 65 of 121
Schedule 1 – Authorised credit activitiesYou are authorised to provide credit services as defined in s 7 of the National Consumer Credit Protection Act 2009 (Cth).
Page 66 of 121
Item 12 - Appointment of Credit Representatives under the NCCP Act
Updated 30 August 2011
A business which is registered or licensed under the NCCP Act can start appointing credit representatives straight away. .Representatives of licenseesDirectors and employees (but not secretaries) of licensees are automatically representatives authorised to undertake credit activities on behalf of the licensee. There is no need for any further formal appointment or notification to ASIC.For the technically minded, this derives from s29(3) NCCP Act, which provides that employees or directors of a licensee or a related corporation of the licensee don’t need a licence to act on behalf of the licensee.Appointment of credit representativesHowever, when a company is appointed as a credit representative, the directors, and employees of the credit representative company are not authorised to conduct credit activities. Licensees will need to appoint both the company and its loan writers. This differs from the AFSL regime where normally only the natural person advisers are appointed. This is because the NCCP Act requires ‘intermediaries’ to be licensed or be appointed as credit reps as well as the person undertaking the work.Directors, employees, and any subcontractors of a credit representative company need to be sub-authorised by the corporate credit representative. The corporate credit representative requires consent from the licensee to do this. Only natural persons can be sub-authorised. The sub-authorised credit representatives become credit representatives of the licensee and not of the credit representative.If a subcontractor loan writer of the credit representative operates through a company, the licensee will need to appoint the corporate subcontractor directly, as credit representatives can’t sub-authorise companies.Instead of the credit representative sub-authorising its directors, employees, and any subcontractors, a licensee could appoint those people directly. Licensees may prefer to keep control over the appointment of credit representatives by not consenting to any sub-authorisations and appointing all credit representatives directly.The licensee is responsible for notifying ASIC about appointments and variations to credit representatives directly appointed. However, the credit representative company is responsible for notifying ASIC of appointments and changes to sub-authorised credit representative. If a licensee wants to notify ASIC of sub-authorisations by its corporate credit representatives, the licensee will need the ASIC key of the credit representative in order to file notifications for the corporate credit representative. It’s obviously easier for licensees to use their own key and appoint credit representatives directly, but this will result in the individual credit representatives having to take out their own EDR membership because they cannot come under the membership of their company.Sub-authorised directors and employees of a credit representative company can rely on the company’s EDR membership. However, contractors who are sub-authorised will need their own EDR membership. This derives from section 65(6) of the NCCP Act, which provides that a sub-authorisation is void unless the natural person is a member of an EDR scheme. However, regulation 16 of the NCCP Regulations adds the proviso that the natural person doesn’t need to be a member of an EDR scheme if the natural person is an employee or director of the credit representative.Credit representatives (including sub-authorised credit representatives) can be covered by the licensee’s PI insurance, or effect their own insurance so long as the credit repo has given an indemnity to the licensee for the conduct of the credit rep. – see RG210.27.All this is explained diagrammatically in the diagram at the end of this article.
Page 67 of 121
What about appointment of credit representatives before a licence is granted?Once a business is registered, it can proceed with appointing credit representatives (i.e. both before and after 30 June 2010). The appointment only takes effect from 1 July 2010 when the NCCP Act commences.When the registration converts to a licence, the credit representatives appointed while registered automatically become credit representatives of the licensed business.For the technically minded, the authority for the appointment of credit representatives at any time after registration is effected appears in section 32A and s33(1) of the NCCP (Transitional and Consequential Provisions) Act.Notices of appointment can only be lodged with ASIC on 1 July 2010, and so businesses will have 15 business days from 1 July 2010 to notify ASIC of pre-1July 2010 appointments. This means that the register of credit representatives will not be ‘complete’ for some time after 1 July 2010.Notifying sub-authorisation of credit representativesMany aggregators will appoint many credit reps. ASIC have said that this can be done in batches of 200. However, in most cases brokers operate through companies. Aggregators will want to notify both the broker company and the sub-authorisation of the individual broker. Section 71 of the NCCP Act provides that the credit rep company must notify sub-authorisations. Aggregators can arrange to notify those sub-authorisations on behalf of their members.There seems no difference in the legal or commercial risk of making a direct appointment instead of a sub-authorisation but if the licensee directly appoints a credit representative company’s employees or directors, those directors and employees cannot rely on their company's EDR. .
Using the MFAA credit representative appointment documentsThere are three key situations.1. Licensee appoints Broker Company as credit representative. Company sub-
authorises loan writers who can be:
employees of Broker Company (covered by Broker Company 's EDR)
directors of Broker Company (covered by Broker Company 's EDR)
natural person contracting with Broker Company (must have own EDR).Alternatively, the licensee could appoint the employees, directors, and contractors directly instead of a sub-authorisation, but in this case all would need their own EDR membership.
2. Licensee appoints a company which is a sub-contractor of Broker Company as its credit representative. This is a direct appointment because Broker Company cannot sub-authorise companies. Sub-contractor Company can sub-authorise loan writers in the same way as para 1, namely:
employees of Sub-contractor Company (covered by Sub-contractor Company 's EDR)
directors of Sub-contractor Company (covered by Sub-contractor Company 's EDR)
natural person contractors (must have own EDR) 3. Licensee appoints a natural person as a credit representative. Individuals cannot
sub-authorise. It's better to avoid appointing individuals because of the risk of them being classified as employees.
Page 68 of 121
Note that if in case 1 the licensee directly appointed Broker Company's employees or directors, those directors and employees cannot rely on Broker Company's EDR.A separate report is available dealing with sub-authorisations by credit representatives, EDR membership, and credit representatives who are partnerships.
NATURAL PERSON (C)
Sub-origination
Direct appointment
Must be a natural person.Operates as a CR of the licensee A.
If the person is a director or employee of B, and the person has been sub-authorised by B rather than being appointed directly, the person will be covered by B’s EDR membership.
Sub-authorisation needs
Directors and employees are NOT automatically authorised. Need to be either sub-authorised by B with A’s consent, or directly appointed by the licensee A
Appointment ascredit representative
Directors and employees automatically authorised
COMPANY (D)
LICENSEE (A)
COMPANY CREDIT REPRESENTATIVE
(B)
D needs its own EDR membership. D’s directors and employees will need to be sub-authorised by D with the consent of A, or appointed as credit representatives direct by D
Page 69 of 121
Item 13 – Annual Compliance Check for an Accredited Mortgage Broker
All Accredited Brokers are listed in LoanWorks as part of our obligations under the NCCP to keep a mortgage broker register.
The checklist below is to be followed annually for a Broker on or around the date the Mortgage Broker professional indemnity Insurance is due.
All updated documents must be scanned into LW and the details in LW updated to reflect changes.
Expiry dates can be checked by running a query in LW specifying an expiry date for the PI Insurance. It is advisable to conduct this review periodically (quarterly) to identify Brokers whose review date is coming up. Item Comments Date
Done
Verify that the Mortgage Broker ACL is current ASIC search to check ACL is active Note a new review date (for 12 months time usually in line
with PI Insurance) under ASIC Registration details in LW. Put in the expiry date box even though not actually an expiry date.
Check that the PI insurance is current or has been renewed Copy of certificate of currency on file in LW
Check that MFAA membership is being maintained Copy of Membership certificate on file in LW
Check that EDR membership is current Copy of membership certificate on file in LW(Note ACL is not valid if there is no EDR membership)
Ensure a signed Origination agreement is in place Agreement must be in current format. The standard
Origination Agreement is located on the server atO:\Introducers\Brokers\Origination Agreements\Origination (Broker) Agreement Template.docx
Page 70 of 121
Item 14 – Annual Compliance Check for an Authorised Credit Representative
All Accredited Authorised Credit Representatives are listed in LoanWorks as part of our obligations under the NCCP to keep a Credit Representative register.
The checklist below is to be followed annually for a Credit Representative on or around the date the Credit Representative professional indemnity Insurance is due.
All updated documents must be scanned into LW and the details in LW updated to reflect changes.presentatives whose review date is coming up. Item Comments Date
Done
Verify that the Credit Representative appointment is still current: ASIC search to check Credit Representative number is still
active. Also check whether they have been appointed as credit representative of any other ACL holder and that we have been notified of any such change.
Note a new review date (for 12 months time usually in line with PI Insurance) under ASIC Registration details in LW. Put in the expiry date box even though not actually an expiry date.
Check that the PI insurance is current or has been renewed Copy of certificate of currency on file in LW
Check that MFAA membership is being maintained Copy of Membership certificate on file in LW
Check that EDR membership is current Copy of membership certificate on file in LW(Note Credit Representative appointment is not valid if there is no EDR membership)
Ensure a signed Origination agreement and Authorised Credit Representative document is in place
Agreements must be in current format. The standard Origination Agreement is located on the server:
O:\Introducers\Brokers\Origination Agreements\Origination (Broker) Agreement Template.docx
The standard Authorised Credit Representative Appointment document is located on the server:O:\Introducers\Credit representatives \Credit Rep Appoint-company.docx
Ensure the Credit Representative is included on our training register and is recording adequate training hours:
Mentoring hours by a responsible manager should be included here
Page 71 of 121
Item 15 – Internal Control Procedures for Loan Approval
Internal Control Procedure for Loan Approval
CREDIT VERIFICATION
SALES SUPPORT
RM Funder Valuations
Valuations
Glen SprattMichael McKelvie
Mortgage Consultants
Credit RepsMortgage Brokers
Loan Increases
Val LMI Credit
Funder
(never approve own loans)
DIRECTOR SALES
INTERNAL SALES
EXTERNAL SALES
CLIENT SERVICES
Approve
Page 72 of 121
Item 16 – Adelaide Bank Mortgage and Origination Agreement
Page 73 of 121
Page 74 of 121
Page 75 of 121
Page 76 of 121
Page 77 of 121
Page 78 of 121
Page 79 of 121
Page 80 of 121
Page 81 of 121
Page 82 of 121
Item 17 – Advantedge - Loan Origination Agreement
Page 83 of 121
Page 84 of 121
Page 85 of 121
Page 86 of 121
Page 87 of 121
Page 88 of 121
Page 89 of 121
Page 90 of 121
Page 91 of 121
Page 92 of 121
Page 93 of 121
Page 94 of 121
Page 95 of 121
Page 96 of 121
Page 97 of 121
Page 98 of 121
Page 99 of 121
Item 18 – Advantedge Deed of Variation and Consent
Page 100 of 121
Page 101 of 121
Page 102 of 121
Page 103 of 121
Page 104 of 121
Item 19 – FAST Sub-Originators Agreement
Page 105 of 121
Page 106 of 121
Page 107 of 121
Page 108 of 121
Page 109 of 121
Item 20 – Firstmac Origination Agreement
Page 110 of 121
Page 111 of 121
Page 112 of 121
Page 113 of 121
Page 114 of 121
Page 115 of 121
Page 116 of 121
Page 117 of 121
Page 118 of 121
Page 119 of 121
Page 120 of 121
Page 121 of 121