+6421757269 michael@bml.net.nz

Privacy Policy

In preparation for the new financial advice regulatory regime we have updated our Declaration Form that needs to accompany loan applications sent to the lenders.

We have also produced a Privacy Policy that can be used by NZFSG advisers.  The Declaration Form makes reference to both the adviser’s and lender’s privacy policy.

These forms have been approved by the main lenders and can be used from now on.  Templates can be found in MyCRM under Resources/Important Documents (writeable PDF format for Declaration Form).

Declaration Form

 Changes made

  • It has been rewritten in plain English and is a lot easier to follow.
     
  • It provides authorisation from your client for NZFSG or anyone involved in an auditing process, and regulators such as the FMA, to access client information.
     
  • Terminology such as Financial Adviser and Financial Advice Provider (FAP) are used as these will be descriptions used in the new financial advice regulatory regime.  The FAP to be entered on the form is your Authorised Body if coming under our licence.
     
  • Having your FAP named on the Declaration Form allows the lender to provide client information to your staff directly.
     
  • It refers to the FAP’s privacy policy that is available on the FAP’s website or provided with the Declaration Form.
     
  •  It includes a reference to illion bank statements.

Questions and answers

What if I am not coming under the NZFSG licence?

  • The Declaration Form should still be used. It replaces the existing Declaration.
     
  • NZFSG still has access to client information to a limited extent when receiving commission from the lenders.  Lender commission statements generally show the outstanding loan balance.
     
  • Even if you are not under our licence, you will need to satisfy certain requirements if coming under NZFSG’s Head Agreements with the lenders.  This may involve NZFSG receiving client information as part of an independent audit certification.
     
  • NZFSG may still need access to client records in order to rectify any IT issues you are having with MyCRM.

Will NZFSG be auditing advisers under their licence prior to 15 March 2021?

  •  No, audits will commence after this date.

Can I use my own Declaration Form?

  • If you are under the NZFSG transitional licence, or intending to be so, then the new Declaration Form should be used.
     
  • If you have your own transitional licence you should still use the new form unless you have received sign off from the lenders that your substitute form is acceptable to them.
     
  • If your business requires additional privacy consents, you can choose to add these to section D of the Declaration Form, but you cannot remove the existing privacy authorisations in that section or make any other changes to the Declaration Form.  Please email any additional privacy consents you wish to include to team@nzfsg.co.nz.

We will be making some minor changes to the new form when the new regime commences on 15 March 2021.

Privacy Policy

The privacy policy applies to your overall business.  It is your responsibility to ensure that the scope of your privacy policy suits your business. 

The Declaration Form makes reference to the FAP’s privacy policy.  This should be available on your website, or in PDF format to accompany the Declaration Form.

If your business has a website

Download the privacy policy named Privacy Policy (WEBSITE) NZFSG (August 2020). Enter your company name under section 2 “Who are we.”  Set up a link to your privacy policy from the home page of your website.

This privacy policy includes information on use of your website in section 11.

If your business does not have a website

Download the privacy policy named Privacy Policy (NO WEBSITE) NZFSG (August 2020).  Enter your company name under section 2 “Who are we.”

Every time you get a client to complete the Declaration Form, you will need to provide them with a hardcopy of your privacy policy, and note in MyCRM that this has been done.

Questions & answers

Can I adapt the privacy policy to suit my business?

  • Yes, you can adapt the privacy policy we provide to you in order to suit your business operation.   It is your responsibility to ensure that the scope of the privacy policy accurately reflects the scope of information that you collect and the purposes for which you use the information. However, you must not remove references to NZFSG in the privacy policy.

Why do I need a privacy policy?

  • The purpose of a privacy policy is to comply with Privacy Principle 3 under the Privacy Act, requiring organisations collecting personal information to make individuals aware of certain points.
  • As an adviser you are collecting personal information from your clients, and storing this electronically.  Client’s need to be satisfied that you have measures in place to protect their information. 
  • By having a separate privacy policy, you are able to easily update this in relation to new regulations and digital developments (for example illion bank statements).  The new Declaration Form refers to your privacy policy.
  • If you have a website that collects prospect information, you need a privacy policy setting out what you do with that information.
  • The privacy policy covers any potential sale of your business in future and access by the purchaser to client information you hold as part of your business.
  • The new compliance regime may require other businesses to audit the advice process you use, and access by third parties to your client information enables this.

What if I already have a Privacy Policy?

  • You can continue to use this but we recommend you cross check the content of your existing privacy policy against the content of the privacy policy supplied by NZFSG to see if you have left anything out that is important.  The NZFSG privacy policy has been put together in conjunction with our solicitors so we are confident with its content but it is your responsibility to ensure that the scope of the privacy policy suits your overall business, including the scope of information that you collect and the purposes for which you use the information.

What name do I insert under “Who are we” on the privacy policy?

  • Insert your company name being the name of your FAP. If you are a multiple adviser business where advisers have their own FAPs but you operate under one website and trading name, then the trading name should be inserted.

Do I need to send my privacy policy to the lender with every loan application?

  • No, you only need to send the completed Declaration Form.

Is there anything else I should be aware of?

  • The Privacy Act 2020 will come into force on 1 December 2020, replacing the current Privacy Act.  The new Act introduces a mandatory reporting regime for ‘notifiable privacy breaches’.  Your business will be required to report privacy breaches in cases where it is reasonable to believe that a breach may cause serious harm to affected individuals (or is likely to do so).  This change does not affect the privacy policy you have been provided with. However, you should separately prepare, implement and test a breach response plan in advance of 1 December 2020 to make sure that your personnel know what to do if a privacy breach occurs.

If you have any questions, please give your Relationship Manager or the Adviser Services team a call.