Broker Support Services Outsourcing Policy

Under the NCCP Act, functions relating to credit activities may be outsourced, however you remain responsible for ensuring that all legislative obligations are satisfied. 

If you wish to engage staff through an outsourced provider (outside of Brokerforce) you must complete the Google form checklist here which will be sent through to the Compliance Inbox. You must receive confirmation from the Compliance team that you can proceed with that provider before using their services.  

If you outsource functions that relate to your credit activities, you must:  

  • ensure that care is taken in choosing suitable service providers and take reasonable steps to ensure your business and customer information are protected. For example, service providers must be ISO27001 certified or have equivalent robust information security processes in place. ISO27001 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system;  
  • monitor the ongoing performance of service providers to ensure that their conduct is not exposing you to non-compliance risk; and  
  • take appropriate action if service providers breach any of your obligations or Loan Market’s obligations as an ACL holder.  

You must not outsource regulated credit activities, like credit assistance or introducing consumers to credit providers.  

Risks of sharing your password with a third party app or service

It’s important you keep your MyCRM password and any other passwords confidential. This includes never sharing your password with anyone - such as third party apps or services.  Potential risks of sharing your login details include placing yourself and your customers’ data at risk, which can lead to fraud and identity theft. If in doubt, reach out to the compliance team for guidance.

For more information please email