Credit Reference Checks: Australian Business Legal Guide

Offering trade credit can help you win customers and grow faster - but it also exposes your cash flow to real risk if invoices go unpaid.

That’s where credit reference checks come in. With a clear, compliant credit process, you can assess risk upfront, protect your business with smart security, and stay on the right side of Australian privacy and consumer laws.

In this guide, we’ll explain how credit reference checks work in Australia, the legal rules to follow, and the practical steps and documents that set you up for success.

What Is A Credit Reference Check?

A credit reference check is the process you use to assess whether a new (or existing) customer is a good risk to offer trade credit to - for example, 14-30 day payment terms on invoices.

In practice, this can include a mix of:

• Trade references from other suppliers (e.g. payment history, average days outstanding).
• Commercial credit reports on a company (e.g. credit score, ASIC data, court actions, defaults).
• Consumer credit reports on individual directors or guarantors (if you’re taking a personal guarantee - more on the legal rules below).
• Financial information supplied by the customer (e.g. bank statements, financials for higher limits).
• Internal payment performance if you already trade with them.

The goal is simple: confirm their identity, gauge their capacity and willingness to pay, set appropriate limits, and put the right protections in place before you ship goods or deliver services.

Can Australian Businesses Run Credit Checks Lawfully?

Yes - but there are rules. Your legal obligations depend on who you’re checking (a company vs an individual), what type of information you collect, and how you use it.

Commercial vs Consumer Credit

• Commercial credit checks focus on a business entity (e.g. a Pty Ltd company). These checks typically use publicly available information and proprietary risk models from commercial credit bureaus.
• Consumer credit checks concern an individual’s personal credit information (for example, a sole trader or a director giving a personal guarantee). Accessing and using this information is tightly regulated under the Privacy Act 1988 (Cth) and the Credit Reporting Privacy Code.

If you intend to obtain consumer credit information, ensure you have explicit, informed consent and a permitted purpose related to the provision of credit.

Consent And Collection Of Personal Information

If your application process captures any personal information (names, IDs, personal addresses, driver licence numbers, personal credit data), you’ll need clear consent and compliant notices about what you collect, why you collect it, and who you disclose it to.

That’s why businesses usually pair their credit application form with a robust Privacy Policy and an appropriate privacy collection notice. These documents explain your data practices in plain English and help you meet Privacy Act obligations.

When Do You Need A Consumer Credit Report?

Often, credit for a company customer is backed by a director’s personal guarantee. If you rely on that guarantee, you have a legitimate reason to assess the guarantor’s personal creditworthiness.

In that case, you should seek explicit written consent from the guarantor for a consumer credit check and make sure your application terms clearly state why you’re collecting this information and how it will be used.

Don’t Forget Identity And Business Verification

Before you even run a credit check, confirm who you’re dealing with. Match legal names, ABN/ACN and addresses to official records, and ensure your contracts name the correct legal entity (not just a trading name).

As a quick first step, it’s smart to confirm the entity’s registration using a simple ABN lookup - here’s a guide on how to check if an ABN is active.

Step-By-Step: Setting Up A Compliant Trade Credit Process

A good credit process is more than just running a report. It’s a system - from application to collections - that keeps you compliant and protects your downside.

1) Set Your Credit Policy And Terms

Decide when you’ll offer credit, how much, your standard payment terms (e.g. 14 or 30 days), and what happens when customers pay late. Get this down in writing via your credit application and terms of trade, so there’s no ambiguity later.

Many businesses use tailored Credit Application Terms to standardise this process across all new accounts.

2) Collect Applications, Consent And Trade References

Use a structured application form that captures the legal entity details, directors, trade references and express consent for any credit checks you plan to run, including consumer checks if relevant.

Include clear privacy disclosures and link to your Privacy Policy so applicants understand how their information will be handled.

3) Verify The Entity And Directors

Cross-check the company’s ACN/ABN, business name and registered office, and match directors to ASIC records. This reduces the risk of dealing with the wrong entity or a dissolved company - a common source of write-offs.

4) Assess Risk And Set Limits

Combine external reports, trade references and any financial information to assign a credit limit and terms. For higher limits or higher-risk industries, consider security or guarantees to back the exposure.

5) Secure Your Position: PPSR, GSA And Guarantees

If you supply goods or provide significant credit, consider taking security to elevate your recovery position if things go wrong. Two practical tools are:

• PPSR Security Interests: Registering on the Personal Property Securities Register (PPSR) can help you claim priority over certain assets (including stock you supply) if a debtor becomes insolvent. Here’s why the PPSR matters for your business.
• General Security Agreement (GSA): A General Security Agreement can secure “all present and after-acquired property” of a company, significantly improving your position compared to being an unsecured creditor.

Security only bites if it’s perfected, so make sure you also register your security interest correctly and on time.

6) Use Personal Guarantees Where Appropriate

For small or closely held companies, a director’s guarantee can be a powerful risk control. It puts a real person behind the obligation and encourages prompt payment.

Before relying on one, understand the risks and benefits of personal guarantees in Australia and ensure the guarantee wording integrates smoothly with your credit terms.

7) Approve, Document And Onboard

Once approved, issue your account confirmation with the agreed credit limit and terms. Keep copies of signed applications, guarantees and any security registrations on file. Make it easy for customers to pay you (clear invoices, payment methods, statements), and flag accounts that breach limits quickly.

8) Monitor And Escalate Early

Track days sales outstanding (DSO), watch for payment pattern changes, and act early if invoices go past due. A structured collection workflow - reminder notices, escalation to senior contacts, and (if needed) external recovery steps - improves outcomes and preserves relationships.

Key Laws To Consider With Credit Checks

Credit checking crosses several legal areas. Covering these from day one protects your business and your customers’ rights.

Privacy And Credit Reporting

• Collect only what you need, with clear consent (especially for consumer credit checks and ID data).
• Tell applicants how you’ll use and disclose their information via your Privacy Policy and collection notices.
• Keep personal information secure and restrict access to staff who need it.
• Respect rights to access and correction of personal information where required.

Australian Consumer Law (ACL)

Even in B2B transactions, parts of the Australian Consumer Law can apply (for example, misleading representations in your onboarding materials, or if you sell to small businesses covered by certain consumer protections).

Don’t promise “instant approvals” or “no risk” if that’s not accurate, and ensure your payment and collection practices are fair and transparent.

Unfair Contract Terms

If you supply to small businesses, be mindful that standard form terms (including your credit application and terms of trade) can be scrutinised for unfair contract terms. Clauses that cause a significant imbalance and aren’t reasonably necessary to protect your interests can be void.

Record-Keeping And Evidence

Maintain audit trails for credit decisions, consent, references received, notices issued and any changes to limits. Good records help you manage disputes, comply with privacy obligations and support recovery action if required.

What Legal Documents Will I Need?

Not every business needs every document, but most credit programs benefit from a core set of agreements and policies tailored to your operations.

• Credit Application Terms / Terms Of Trade: Set out payment terms, credit limits, late fees, security rights, suspension/termination and dispute processes. Many businesses standardise these using Credit Application Terms.
• Director’s Guarantee And Indemnity: Brings a director on the hook if a company doesn’t pay. Integrate it with the application or use a standalone guarantee where needed.
• General Security Agreement (GSA): Secures your position over the debtor’s assets. Use with PPSR registration for priority, and keep the GSA up to date if limits change.
• PPSR Registration: Essential if your terms include retention of title or other security. Diarise expiry and register security interests promptly.
• Privacy Policy And Collection Notices: Explain how you collect, use and disclose personal information, including for credit assessments and disclosures to credit reporting bodies. A compliant Privacy Policy is a must where you handle personal information.
• Credit Reporting Policy (if applicable): If you participate in consumer credit reporting, document how you manage credit information and requests (e.g. corrections, complaints).
• Internal Credit And Collections Procedures: Operational playbooks aren’t legal documents, but they help ensure you apply your terms consistently and fairly.

How To Handle Adverse Findings, Refusals And Account Reviews

Sometimes the answer is “not now” - and that’s okay. The key is to handle refusals and reviews lawfully and respectfully.

• Refusals: If you decline credit based wholly or partly on a consumer credit report, best practice is to tell the applicant and provide details of the credit reporting body you used so they can request a copy and correct errors.
• Alternative Options: Consider cash-on-delivery, smaller limits, upfront deposits, or secured arrangements (e.g. a GSA, retention of title, or a personal guarantee) to reduce your risk.
• Account Reviews: Recheck limits periodically or when risk changes (e.g. rapid growth, slow payments, industry shocks). If you reduce or suspend credit, do so in line with your documented terms.
• Dispute Resolution: Keep communication open and documented. Clear steps for disputes - and knowing when to escalate - can preserve relationships and recover more, sooner.

Common Pitfalls (And How To Avoid Them)

• No Written Consent: Running consumer checks without explicit consent can breach privacy rules. Always capture consent, purpose and authority in writing.
• Wrong Legal Entity: Onboarded the trading name, not the company? You may struggle to enforce payment. Verify and contract with the correct entity and directors.
• Unsecured Exposure: Supplying high-value goods on open credit with no security or guarantees leaves you exposed if customers default. Use a GSA and PPSR registration where appropriate.
• Vague Late Fee Clauses: If you intend to charge late fees or interest, your terms must be clear, reasonable and compliant. Drafting these properly helps you avoid disputes later.
• Poor Data Security: Storing IDs and credit data in shared inboxes or spreadsheets is risky. Limit access and secure your systems in line with your Privacy Policy.
• Inconsistent Collections: Letting debts drift without reminders or escalation causes write-offs. Use a standard timeline for reminders, holds and recovery action.

Key Takeaways

• Credit reference checks help you assess customers and protect your cash flow - but you must follow Australian privacy and credit reporting rules, especially for consumer information.
• Build a consistent process: verify the entity, get consent, assess risk, set limits, and secure your position with the PPSR, a General Security Agreement or a director’s guarantee where appropriate.
• Use strong paperwork: clear credit application terms, privacy disclosures and security documents make decisions defensible and collections smoother.
• Register security interests promptly to preserve priority, and review accounts when risk changes.
• Avoid common pitfalls like onboarding the wrong entity, running checks without consent, or leaving high exposures unsecured.
• Getting tailored legal documents and guidance early will help you stay compliant and reduce the risk of non-payment.

If you’d like a consultation on setting up a compliant credit reference and trade terms process, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.