Australian Institute of Credit Management 2019 National Conference

A speech by Gavin McCosker, AFSA Deputy Chief Executive, at the Australian Institute of Credit Management National Conference, held on the Gold Coast on 17 October 2019.

Thank you for the warm welcome. It’s a pleasure to be here with you here at this significant event.

As per the title - I’m here today to talk about the future of the Personal Property Securities Register – or the “PPSR” for short.

The PPSR is a great example of Australian Government innovation and reform that helps both consumers and business to better manage risk – and provides the basis for businesses to grow through leveraging their assets to access capital.

 It is important to remember that the PPSR is a noticeboard of security interests. This means that there must be an underlying security agreement or contract in place and that the contract can be accessed at a later date, even if that’s years down the track.

The PPSR offers businesses credit risk protection when buying, selling or renting out goods. Lenders have confidence in the ability to reliably value and quickly on-sell goods. It is also a tool that assists in raising finance using business goods and assets.

Since becoming operational in 2012, the PPSR has played an increasingly important commercial role. Let’s take a look at the PPSR numbers.

PPSR by the numbers

Since the launch of the PPSR, over 22 million registrations have been completed.

In the June 2019 quarter, there were over 500,000 new registrations. Seventy-six percent of these registrations were for commercial property. During the same period, 365,000 registrations were discharged or removed from the PPSR, while another 500,000 were amended. This gives you a sense of how dynamic the PPSR is.

This leaves us with more than 10 million registrations currently active on the PPSR.

Each year there are over 8 million searches of the PPSR. Searches by serial number are the most common - just over half of all searches.

Clients in wholesale trade account for around 9% of new registrations each year – and this has been consistent since the PPSR commenced operation in 2012.

After eight years of operation, we are also seeing increased use of the PPSR amongst newer (and presumably) smaller businesses. In 2012, only 2% of new registrations with commercial collateral had grantors that had been in business for 5 years or less. By 2017, this had increased to 16% - a significant sign that the PPSR is being used more to assist small and medium enterprises establish and grow.

The year on year growth and general high level of activity indicates that businesses are using the register as a risk management tool to protect their business and their bottom line from nasty surprises - and that the PPSR is serving its purpose in supporting commerce.

Assets used as collateral include vehicles, livestock, plant and machinery, and lease agreements.

The PPSR provides opportunities for businesses to use a broader base of tangible and intangible collateral as security, which helps small business to use accounts receivable as collateral to secure finance for growth.

When businesses intend to purchase second hand goods, they can conduct a search of the PPSR to identify whether the goods they are purchasing have money owing on them – that could lead to the goods being repossessed.

Businesses and credit managers are using the PPSR to mitigate the risk of bad debt. If a small business has doubts about whether a new customer is creditworthy, in addition to accessing information from one of the credit bureaus, a search of the PPSR – which costs only $2 – is another good step to ensure effective due diligence is undertaken in understanding the profile of the prospective debtor.

By registering on the PPSR, businesses are protecting their security interests by defining the collateral’s priority status – meaning businesses can recover property that rightfully belongs to them when a customer becomes insolvent or defaults on payment.

However, an important point is to ensure you take action to enforce your rights. Over the course of the conference you may have heard others speak about enforcement. We recognise that this can be a complex area and we’re working to develop resources to help users navigate the process. 

It is important that you are proactive. We recognise that this can be a complex area and we’re working to develop resources to help users navigate the process.

These examples demonstrate the critical role served by the PPSR and the extent of the financial, business and consumer decisions that are made using the PPSR.

The world now runs on data and the PPSR is a piece of economic infrastructure that exists to generate and publish data. In relative terms the PPSR holds an enormous amount of data regarding financial liabilities and interests – it is an essential tool in our economy – supporting financial risk management and economic opportunities.

Data integrity

Obviously there’s a lot riding on the data held on the PPSR being accurate. And given the PPSR is a notice-based registry, which represents data entered by external users such as yourselves, data integrity is a shared responsibility with the broader PPSR user community.

For AFSA’s role in this partnership, we have a number of strategies, reactive and proactive, to protect the integrity of PPSR data.

Our reactive approach includes the amendment demand process and our complaints management system.

After considering information provided by the secured party and grantor we make decisions that ultimately improve the quality of information held on the register by removing, amending or confirming that the registration should remain as it.

This is obviously a very important means of dealing with discreet PPSR data problems.

Something that is perhaps a little less obvious that flows from our management of amendment demands, is the visibility it gives us of issues beyond the individual dispute. This is because it helps identify areas where people are making simple mistakes due to a lack of understanding about what they need to do prior to making a registration, through to identification of behaviour that suggests intentional misuse of the register that requires further investigation.

This intelligence supports some of the proactive, preventative measures we have put in place.

We have a number of guidance documents—or ‘practice statements’ on our website. These tend to be fairly technical documents. We selected one of these practice statements—the one on the amendment demand process and we developed a new, shorter plain English version – and we are now progressively updating all of these to ensure they are presented in much more user friendly language.

Following on from that we’ve also published a ‘help sheet’ that outlines seven tips on disputing a registration, how to send a valid amendment demand and what can be done to help achieve a quick resolution.

A key part of us helping users to publish reliable data on the PPSR is making sure that we know our stakeholders and understand how they are using the PPSR; or in some cases failing to use it at all. We can have all the information in the world available to help users, but if that information does not engage the relevant audience, it provides little to no value.

We also recognise that we are vulnerable to making assumptions about what users want and need. It’s for that reason that events like this are important, as they provide an opportunity for us to hear things that we might not necessarily want to hear about ourselves, but ultimately need to know, if the support we provide to users to accurately and effectively register, is going to work. Hopefully many of you have already seen the booth which is attended by a number of our staff.

PPSR guidance for business

One of the early examples of what we did to try to make our content as engaging as possible was the creation of the PPSR business guide. What I found interesting as we tested the business guide with different users, was that we quickly realised that to effectively engage people who needed to use the guide, we needed to avoid the use of the term PPSR. It’s for that reason the term does not appear on the front page. Rather the guide poses the question – are you in business?

The other take away for us – based on user feedback – was that the guide needed to be sequenced from basic high level information through to complex detailed information. This was in recognition that for many potential users, the key thing was to recognise that they needed to use the PPSR. Once they had done this they would hand it onto someone else to look at the question of how to do it.

The business guide has been a useful product. Surprisingly it is really the only product of its type we have come across internationally and as a result it has been used as a template in a number of other jurisdictions.

So we are proud of it – and we are currently working on developing the 2nd edition – so watch this space – but we recognise that we need to do more to support users to improve how they make and manage their registrations over the longer term, which will be the focus of the last part of my presentation. Before I get to that though I will talk about a couple of other pro-active measures.

AFSA’s proactive approach

An important one over the past few years has been the Data Integrity Working Group within AFSA. This is a multi-disciplinary group of staff who meet regularly to monitor, analyse and make recommendations on data integrity issues.

The work of that group has enabled us to make significant inroads to address the burden of redundant registrations. We see redundant registrations to be an issue that must be actively managed, as we know from talking with other jurisdictions that failing to identify and work with secured parties to remove registrations that create clutter, will overtime, undermine confidence in search results. This is because we know it’s hard enough to sift through legitimate results, let alone have the burden of dealing with results that may no longer be relevant.

Our aim in this area is to be as transparent as possible about what we are doing to keep the data on the register as tidy as possible. For those of you who are interested, the PPSR compliance framework and the approach we are taking to data integrity are both published on our PPSR website. You will see from those documents that in the first instance our focus is on working with secured parties to help them help themselves rather than taking a hard line, as we work on the assumption that the majority of users want to do the right thing; it’s often that they just don’t understand how to do it.

That said, we have very little tolerance for those who seek to use the PPSR to annoy or harass others by making inappropriate registrations. Therefore we are now regularly removing registrations where we have formed the view that they are frivolous, vexatious or not in the public interest.

Last December we released a practice statement that sets out situations in which we may prevent a user from having standard business rules apply to them when making a registration. This is intended to provide a level of supervision of users who have serially misused the PPSR to annoy, harass or harm others.

What it means in practice is that an application can be made, however, it is considered by AFSA staff prior to the registration making its way onto the register itself.

Currently we are also looking at what data we can capture to more readily identify users that may have a propensity to misuse the PPSR – and broadening our regulatory approach to enhance our capability to address those currently doing so. Its early days, so I would value any observations you might have regarding the characteristics of secured parties you have come across that are potentially misusing the register.

As I keep mentioning, data integrity is a shared responsibility. So now I want to talk about what you should be aware of to help ensure the data is as reliable as possible.

What should you do?

What we realised following the release of the PPSR Business Guide, was that once you get people to realise that it might be in their interest to use the PPSR, we needed to help users to make certain decisions and give them visibility of certain issues that pose a threat to data integrity.

For that reason we worked closely with stakeholders (including the AICM) to develop some key principles of creating and managing PPSR registrations and to help prevent unlawful, misleading, unnecessary or redundant registrations—and encourage action to ensure registrations are accurate and effective. Those principles are contained in this new booklet – called ‘Responsible PPSR Registration Management’.

The booklet discusses the steps to responsible management, including:

  • What should be registered
  • Are the details of the registration accurate?
  • Ensuring the registration is—and remains—current
  • Getting the timing right—including a timely discharge of the registration
  • Ensuring you have appropriate security measures in place
  • Monitoring the registration and activity on the PPSR.

Building a shared understanding of the PPSR and how to most effectively use it, is key to maintaining data integrity. These guidelines presented in the booklet are for anyone making a registration on the PPSR—or supporting others to.

At this point I want to reiterate that the PPSR is a noticeboard of security interests, not a record of ownership. We continue to find registrations that are not appropriate.

If data is incorrect or out of date, the registration can be ineffective and may be unable to be enforced.

As an aside, you might be interested in some work we are doing with the Behavioural Economics Team of the Australian Government, BETA for short. We are working with BETA to firstly understand some of the reasons people will tend to choose an incorrect identifier. This is important work as currently 300,000 new registrations are created on the PPSR through our web user interface using an organisational grantor.

Based on what the research tells us about the barriers, the BETA team will then look at how we might influence behaviour to nudge users to choose the correct option. Once this project is complete, a report will be published on the PPSR website.

The Responsible PPSR Registration Management booklet then discusses the importance of keeping registrations current as circumstances change. Therefore we urge everyone with registrations to have a timely and BAU process for reviewing registrations and updating them or removing them if required.

For example, secured parties need to think about keeping the address for service up to date when they move or change their mailing address. Failing to do this may mean that you end up not receiving notice of an amendment demand from the grantor.

There are also times when the underlying security agreement gets extended, but the registration is not extended on the register. This obviously exposes the secured party to the risk of the registration lapsing while the security agreement is still in place.

It also poses the threat of another secured party registering and getting a higher priority if you fail to realise the registration has been discharged. This will put you lower down the priority list, if the grantor goes insolvent.

Another thing we found when we worked with stakeholders on the booklet, was that people were not always clear about the flow on effect of failing to do certain things in relation to their registrations.

A common situation is a secured party’s failure to discharge a registration in a timely manner—delaying the ability of the grantor to sell the car after the finance has been paid out.

At the opposite end of the spectrum, there is the issue of not getting the registration onto the PPSR before someone else claims priority or before an unscrupulous grantor on-sells the vehicle and then disappears.

A topic that is close to my heart is security, as we spend a lot of time and resource investing in cyber-security controls designed to protect the data held on the PPSR. This work is ongoing as the threat landscape is continually changing.

Despite our best efforts, something that is less well understood is that one of the greatest threats to data on the PPSR is from those who make registrations. It’s for that reason we spend a bit of time in the booklet talking about how to guard against malicious activity on the user side of the equation.

We want users to think about the implications of a disgruntled employee discharging or amending a large number of registrations, or what could happen if passwords and tokens are in areas that others can see—and record them or store them on unsecure devices. We know it happens and we have had some reliable sources tell us of instances where they have seen tokens and passwords written on whiteboards.

The Responsible PPSR Registration Management booklet emphasises the importance of monitoring activity in relation to your registrations. We talked with various stakeholders who highlighted various practices that they had found helpful, such as putting in place alerts that might help them identify unusual activity, the importance of monitoring system permissions, especially those with high level access. The latter is particularly a message for those who are providing PPSR services on behalf of others. Where there is monitoring and auditing happening, stakeholders told us that making people aware of this was also a highly effective control.

So, as you can see - data integrity is critical in sustaining the PPSR now and into the future.

Thank you.