AFCX – Privacy Policy

The Australian Financial Crimes Exchange Limited (AFCX, we, us or our) is a not-for-profit company, and its shareholders are Australia and New Zealand Banking Group Limited, Commonwealth Bank of Australia, National Australia Bank Limited and Westpac Banking Corporation. We take your privacy seriously and will take reasonable steps to ensure the personal information we collect, use, hold or disclose is done so in accordance with the Privacy Act 1988 and the Australian Privacy Principles. This policy sets out how we manage personal information.

What is personal information?

Personal information is information or an opinion about an identified individual, or an individual who is reasonably identifiable whether the information or opinion is true or not, and whether the information is recorded in a material form or not.

About AFCX

AFCX’s core function is to assist in the prevention, identification and response to financial fraud affecting the member banks and their customers. AFCX provides an information and intelligence sharing service which aims to:

  1. ensure governance, security and risk mitigation measures are applied to the sharing of fraud and fraud-related information and intelligence;
  2. foster collaborative intelligence sharing to reduce losses associated with certain types of fraud;
  3. facilitate more timely intelligence sharing as the financial services industry moves toward the introduction of real-time payments under the New Payments Platform program; and
  4. to provide greater protection to the Australian public by strengthen Australia’s stand on fraud and fraud related activity.

We maintain a national database of fraud related information which, to the extent to which it is relevant to achieving our objectives, is accessible by participating organisations, being subscribers of the
Company’s services.

What kinds of personal information we collect

Consistent with the provision of our services, the types of personal information we may collect and hold include an individual’s name, address, telephone number, date of birth, email address, credit card information, and transaction details.

Why we collect your personal information

In accordance with our aim of the detection and prevention of cyber fraud, we collect and hold personal information directly from Australian financial institutions for the provision of our services and for purposes connected to those services.

The purposes for which we collect, hold, use and disclose information include:

  1. the detection and prevention of financial crime including fraud and cybercrime;
  2. the provision and dissemination of fraud and fraud related information to and between third party subscribers including Australian financial institutions and, in some circumstances,
    government enforcement agencies and authorities;
  3. conducting our business, for example providing services to our subscribers; and for our internal administrative, research, planning, and product development.

We won’t use or disclose your personal information for any secondary purpose, unless:

  1. that secondary purpose is related to the primary purpose for which we collect that information and you would reasonably expect the disclosure in the circumstances; or
  2. you have given us your consent.

How we collect and hold information

Typically, we collect and hold personal information which is provided to us by Australian financial institutions. Ordinarily, we don’t collect information directly from individuals. If we deal directly with individuals, we will collect and hold personal information you provide us through our website, by email or over the phone. For example, when you send an email to us or give us information over the phone, we may retain this in order to respond to your inquiry. Personal information is held only for as long as the information remains relevant to the purpose for which it was collected.


Our website uses “cookies”. A cookie is a very small text document, which often includes an anonymous unique identifier. When you visit a Web site, that site’s computer asks your computer for
permission to store this file in a part of your hard drive specifically designated for cookies. Each Web site can send its own cookie to your browser if your browser’s preferences allow it, but (to protect your privacy) your browser only permits a Web site to access the cookies it has already sent to you, not the cookies sent to you by other sites. If we use cookies in connection with your visit to this website, we typically will do so to increase our functionality and service. You can edit your preferences in relation to cookies in your web browser settings.

How we make sure your personal information is protected

We take appropriate security measures to protect against unauthorised access to or unauthorised alteration of your personal information. These include IT security measures in respect of information held electronically and physical security measures for any hard copy personal information we hold.

Access and correction

We will take all reasonable steps to ensure any personal data we collect, use or disclose is up to date and accurate. If you believe personal information we may hold about you is not up to date or accurate, you may ask us to correct it. You may ask us to provide you with details of the personal information we hold about you, and copies of that information. We will respond to your request and, unless we are not required to do so under any relevant legislation, attempt to provide you with the data within 30 days of receipt of your request. If we provide you with copies of the information you have requested, we may charge you a reasonable fee to cover the administrative costs of providing you with that information. Please direct all request for access and correction to This policy will be maintained on the website and a copy in a particular format can be requested by contacting us at

Overseas disclosure

We are unlikely to disclose personal information to overseas entities. However, if we do, we will take reasonable steps to ensure those overseas entities comply with the Australian Privacy Principles or equivalent privacy legislation in the relevant country.

Changes to this policy

Please note that this Privacy Policy may change from time to time. The most recent version is published on our website.
This policy was last amended on 30 June 2016.


If you consider a breach of the Australian Privacy laws or your rights in relation to privacy has occurred, please direct your complaint to We will respond within 30 days of receipt of your complaint and will attempt to resolve it. If you do not consider our response satisfactory, you may complain to the Office of the Australian Information Commissioner (OAIC). Information on how to make a complaint to the OAIC is available on its website:, or you may also call the OAIC Enquiries Line on 1300 363 992.