Under Section 95 of the National Consumer Credit Protection (NCCP) Act 2009, you are obliged to retain financial records for a period of 7 years. In addition, you must also keep a record of all material that forms the basis of the assessment which has deemed a credit contract as "not unsuitable".
Using Mercury as your filing cabinet
Electronic storage of your documentation in Mercury has many benefits.
Mercury has four levels of security overlaying the system to protect the privacy of documentation. Mercury is backed up to multiple servers to ensure that there is no risk of data loss. Keeping your financial records in Mercury is sufficient to meet the NCCP requirements as long as you have stored all documentation that is required of you as a Credit Representative of Connective. Refer to Mandatory Compliance documents.
We advise you to scan documentation into Mercury during the course of the application process, rather than have a pile of scanning to do once the settlement has gone through. If the client sends you their documents as a PDF via email, then you can simply save and attach these to Mercury. Refer to How to Upload a Document Template to Mercury.
Hard copy documentation
Regardless of whether you choose to retain a hard copy of the document, an electronic copy still needs to be held in Mercury. If you choose to record customer information outside Mercury, it is vital to maintain proper data security and information handling practices.
If you choose to retain hard copy documents, ensure that they are stored in a locked filing cabinet:
Customer files must not be left on desks (implement a clean desk policy) to ensure unauthorised access to information does not occur.
If you have customer folders on your computer, you should ensure that all devices which can access the information are password protected.
If you are emailing documents from your personal email and not through Mercury, ensure you have a program which can encrypt the contents to protect the information.
Refer to Privacy Requirements for more details.
You are not required by ASIC guidelines to hold the original signed documentation, nor do Lenders require the original signed documentation to form part of the loan submission.
Some of our Credit Representatives prefer to retain the original signed declarations and consents of their clients and original copies of ID documents. As above, so long as these are retained in a secure manner then you may choose to do so, however, it is not a requirement.
You must take reasonable steps to destroy personal information when it is no longer needed for the purpose it was collected. If you have retained hard copy files in the past and are now moving to a digital device, then you need to destroy the paper files in a secure way. Common methods of destruction are to either shred the documents or dispose of them in a secure bin which is collected by a company that specialises in secure destruction.
In summary, as long as an electronic copy of the financial records is held in Mercury, the choice to retain a hard copy is at your discretion.