In its submission on the draft legislation on the new Comprehensive Credit Reporting reforms, the Australian Banking Association has called on the Government to ensure banks are able to properly explain a customer's credit history in detail, particularly if the customer has encountered financial hardship and missed a payment. Banks often come to arrangements with customers when they experience periods of financial difficulty. This should not be seen as a red flag for a bad credit history, but rather a common occurrence that can happen to any customer through no fault of their own. APRA, concerned over cybersecurity threats, has issued a new draft cross-industry prudential standard (Draft CPS 234) on that subject, which the prudential regulator proposes to apply to authorised deposit-taking institutions, insurers, superannuation entities and authorised or registered non-operating holding companies. Draft CPS 234 covers: roles and responsibilities; information security capability and policy framework; information assets and controls, including incident management; testing and internal audit; and APRA notifications. Submissions on the package are open until 7 June. APRA intends to finalise the proposed standard towards the end of the year, with a view to implementing CPS 234 from 1 July next year.