National Credit Code in Australia: Essential Insights and What You Need to Know

If you offer credit to consumers in Australia - whether that’s personal loans, credit cards, store finance, buy-now-pay-later style arrangements, or residential mortgages - the National Credit Code (NCC) likely affects how you operate.

The NCC sits inside the National Consumer Credit Protection Act 2009 (Cth) and sets the rules for credit contracts, fees and interest, disclosure, hardship, enforcement and more. Getting it right isn’t just about compliance - it’s about building trust with your customers and reducing the risk of costly disputes.

In this guide, we’ll break down what the NCC covers, when it applies, what your obligations are, and practical steps to get compliant. We’ll also highlight the key contracts and policies that help you manage risk from day one.

What Is the National Credit Code (NCC)?

The National Credit Code is a schedule to the National Consumer Credit Protection Act 2009 (Cth). It regulates most “consumer credit” - credit provided wholly or predominantly for personal, domestic or household purposes, and certain residential investment lending secured by a mortgage over residential property.

In plain English, if you’re providing credit to an individual (not a company) for non-business purposes, or lending for residential property in specific cases, the NCC likely applies. The Code sets rules for how credit contracts must be structured and disclosed, how interest and fees can be charged, what happens if a borrower is in hardship, and how enforcement and repossession must be handled.

The Australian Securities and Investments Commission (ASIC) administers the regime. In most cases, businesses who engage in credit activities must hold an Australian Credit Licence (ACL) or be an authorised representative of an ACL holder.

When Does the NCC Apply - and When Doesn’t It?

The starting point is whether your arrangement is “credit” and whether it’s for a “consumer” purpose. The NCC applies if all of the following are true:

• There’s a deferral of payment of a debt or a charge for providing credit (for example, instalments or line of credit).
• You charge interest or fees for providing that credit (or a higher price for paying later).
• The debtor is a natural person (or strata corporation).
• The predominant purpose is personal, domestic or household; or in some cases, for residential investment property where secured by a mortgage.

Common scenarios that are typically covered

• Personal loans and credit cards provided to individuals.
• Store finance and interest-free “pay later” plans that include fees or higher prices for delayed payment.
• Residential mortgages and certain investment property loans secured by a mortgage over residential real estate.
• Small Amount Credit Contracts (SACCs) and Medium Amount Credit Contracts (MACCs), which have extra NCC requirements.

Scenarios that are generally outside the NCC

• Genuine business-purpose lending to a company or to an individual solely for a business purpose (often documented with a business-purpose declaration).
• Short-term invoices without a credit charge (for example, 14-day invoice with no fee or price differential for paying later).
• Leases and other arrangements that are specifically carved out (though many consumer leases are regulated under the Credit Act - get tailored advice).

Grey areas do exist - especially where fees, surcharges or pricing models may amount to a “charge for providing credit.” If you’re unsure, it’s wise to get early advice before you launch or scale your credit product.

Key Obligations Under the NCC

Once you’re in NCC territory, a set of core obligations kick in. The details vary depending on your product, but most credit providers should be across the following.

1) Pre‑contract disclosure and form requirements

• You must provide a pre‑contractual statement and an information statement that sets out key terms, costs, interest rates, repayment details, comparison rates (where applicable), default fees and enforcement rights.
• Credit contracts must include prescribed information and be in writing, with copies provided to the debtor.
• For some products (e.g. credit cards), extra disclosure like key facts sheets apply.

2) Interest, fees and charges

• Interest must be calculated and disclosed in the manner required by the Code.
• Certain fees are restricted or prohibited, and unconscionable or penalty-like fees can be challenged.
• SACCs and MACCs are subject to additional caps and rules.

3) Variations and notices

• You may be able to vary interest rates and fees if your contract allows, but you must give written notice in the timeframe required by the NCC.
• Periodic statements must be provided (e.g. at least every 6 months, or more often for some products).

4) Hardship and payment difficulties

• If a debtor tells you they can’t meet their obligations due to illness, unemployment or other reasonable cause, the NCC provides a pathway to request a hardship variation.
• You must consider hardship requests and respond within the statutory timeframes. Reasonable temporary arrangements (like reduced payments or term extensions) are common outcomes.

5) Default notices and enforcement

• Before enforcing, you generally need to give a compliant default notice (usually 30 days) with details of the breach and what’s required to fix it.
• There are strict rules around repossession and enforcement, including protections for essential household goods and entry to premises.

6) Advertising and customer communications

• Promotions must not mislead or deceive. The Australian Consumer Law (ACL) operates alongside the NCC, covering pricing, comparisons, discounts and claims.
• If your marketing includes price or savings claims, make sure they align with your credit contract and disclosure obligations and avoid false or misleading representations under the ACL.

Licensing, Conduct And The Bigger Regulatory Picture

Most businesses that engage in credit activities must hold an Australian Credit Licence (ACL) or be an authorised representative. ACL holders must meet ongoing conduct and compliance obligations, including training, dispute resolution (AFCA membership), compensation arrangements and breach reporting.

In parallel, consumer protection rules under the ACL apply to your sales practices, advertising and customer communications. Statements about interest rates, zero-interest offers, “no fees”, or “approved in minutes” must be accurate and not misleading.

You’ll also need to consider payments and collections infrastructure. If you accept recurring payments, make sure your processes align with direct debit laws and that your authorisations are clear and verifiable.

Finally, credit regulation continues to evolve - including reforms to bring more products within the credit framework. If you provide innovative credit or BNPL-style features, keep a close watch on regulatory updates and plan for change.

Practical Compliance Steps For New And Growing Credit Providers

Compliance is manageable when you build it into your product from the start. Here’s a practical pathway many credit businesses follow.

Step 1: Define your product and map the legal perimeter

• Document how your product works from application to repayment, and identify whether you charge interest, fees, or a higher price for paying later.
• Decide who your customer is (consumer or business), and confirm whether the NCC applies to your use cases.
• If unsure, get a short scoping assessment so you don’t design around the wrong assumptions.

Step 2: Set up your compliance foundations

• Confirm ACL requirements and responsible governance (e.g. policies, AFCA membership, compliance training).
• Build your pre‑contract disclosure, credit contract templates and customer communications in line with the NCC.
• Prepare processes for hardship requests, variations, notices and complaints handling.

Step 3: Design the right contracts

• Create a consumer credit contract template that reflects your product logic and meets NCC content rules.
• Use upstream and downstream agreements to manage risk - for example, Credit Application Terms with merchants or introducers, and Terms of Trade that dovetail with your credit processes.
• If you rely on recurring payments, prepare clear direct debit authorities and customer consent flows that align with your contract wording.

Step 4: Protect your security interests

• Where appropriate, secure repayments using a General Security Agreement or specific security over financed goods.
• Register those interests on the PPSR to protect priority - it’s quick to register a security interest and crucial if a customer becomes insolvent.
• If PPSR is new to you, this primer on why the PPSR matters explains how registration can reduce credit risk.

Step 5: Embed privacy and data governance

• If you collect personal information during applications, you’ll need a compliant Privacy Policy and clear collection notices.
• Only collect what you need, secure it appropriately, and ensure your customer consents and disclosures match your actual practices.

Step 6: Test for clear, fair customer journeys

• Walk through your onboarding, approval and repayment flows as if you were a customer.
• Check that key terms, costs and consequences are presented prominently and in plain English (not buried).
• Sense-check marketing claims against your contract and disclosure wording to avoid issues under the ACL (e.g. claims that could amount to false or misleading representations, including those captured by Section 29).

How The NCC Interacts With Other Laws You Need To Know

NCC compliance doesn’t happen in a vacuum. Several other legal frameworks sit alongside it and often apply to the same customer journey.

Australian Consumer Law (ACL)

The ACL prohibits misleading or deceptive conduct and false representations about price, interest, finance approval or “no fee” claims. Your ads, website and sales scripts should match your actual product design and disclosures. If you’re not sure where the line is, it can be helpful to get guidance from a consumer law specialist.

Privacy and credit-related information

You must handle personal information in line with the Privacy Act 1988 (Cth). If you access credit reports or share data with credit reporting bodies, extra credit reporting rules will apply. Ensure your Privacy Policy accurately reflects your practices and the types of information you collect.

PPSR and secured lending

If you take security over financed goods or a customer’s personal property, registering that interest on the PPSR is essential to protect your priority position. Use the right security documentation (for example, a General Security Agreement) and make timely registrations to avoid losing the benefit of your security.

Payments and direct debits

Recurring payments need clear customer authority, easy cancellation processes, and transparent fees. Your processes should align with direct debit rules and your credit contract terms so customers aren’t surprised by deductions.

What Legal Documents Will You Likely Need?

The exact set of documents depends on your product. However, most credit providers will benefit from having these core documents, tailored to their offering and technology.

• Consumer Credit Contract: Sets out the essential terms required by the NCC - interest, fees, repayment schedule, default processes, and required notices and disclosures.
• Credit Guide and Disclosure Pack: Pre‑contract information statement and other mandated disclosures that you must provide before entering the contract.
• Hardship and Complaints Policy: Internal policy and customer-facing information that reflects how you manage hardship requests and complaints, including AFCA details.
• Direct Debit Authority: A clear, compliant authority for recurring payments, aligned with your contract and payment processor requirements.
• Security Documents: A General Security Agreement or specific security agreement over financed goods, plus PPSR registration processes.
• Merchant or Partner Terms: If you rely on introducers, platforms or retailers, use Credit Application Terms or partner agreements that allocate risk and compliance responsibilities.
• Website and Customer-Facing Terms: Your Terms of Trade or platform terms that align with your credit documentation and customer journey.
• Privacy Suite: A current Privacy Policy and collection notices that cover credit checks, data sharing and retention.

Not every credit business will need every document listed above, but many will need several. The key is consistency across your contracts, disclosures, website content and operational processes - customers should get the same message everywhere.

Common Pitfalls To Avoid

We see similar issues arise for new credit providers. Being aware of these early can save a lot of pain later.

• Inconsistent disclosures: Marketing promises that don’t match your contract or the real cost of credit can trigger ACL and NCC problems.
• Missing notices or timing errors: Forgetting to provide periodic statements, or sending default notices late or in the wrong format, undermines enforcement and creates compliance risk.
• Unclear hardship pathways: If customers can’t find or use your hardship process, complaints escalate quickly and may attract regulator attention.
• No PPSR registration: Taking security but failing to register can leave you unsecured if a customer becomes insolvent.
• Privacy gaps: Collecting more data than necessary, or having a generic policy that doesn’t reflect your credit checks and data flows, can lead to privacy complaints.

Key Takeaways

• The National Credit Code applies to most consumer credit in Australia and sets mandatory rules on disclosure, fees and interest, hardship and enforcement.
• Check early whether your product is captured by the NCC - the presence of fees, interest or higher prices for paying later can bring you within the Code.
• Build compliance into your product design: clear pre‑contract disclosures, compliant contract templates, hardship and notice processes, and aligned customer communications.
• Manage risk with the right documents and registrations, including security documents and PPSR registrations for secured lending.
• Make sure your marketing and website content align with your credit terms and obligations under the Australian Consumer Law.
• Privacy, direct debits and data governance are essential parts of the credit lifecycle - ensure your policies and practices are consistent and transparent.

If you’d like a consultation on setting up a consumer credit product under the National Credit Code, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no‑obligations chat.