Broker News – CFI Tools – Application Requirements

What does that little (?) do anyway?

We're rolling out some new contextual help elements to make life a little easier for our introducers. The first one was one of our most requested features....

Every deal is different, and at CFI we’re often willing to look at those complex transactions that other lenders shy away from, things like start-ups and business acquisitions.

When it’s not the type of deal you do every day it can be tough to remember all of the things to look out for or include in your application, enter the first of our contextual help tools.


How does it work?

You’ll notice little clickable (?) symbols starting to appear in our broker portal. These provide cues to help users understand what’s being asked for (or why we’re asking).

The first one is our Application Requirements prompt. All you need to do is enter a Loan Amount and Funding Purpose, then click on the (?) to see what will be required for a typical application. 1-2-3 too easy!

What will you see?

You’ll get a pop-up window showing the typical information that we require to assess a deal of that type. Of course every deal is different, so there may be some things specific to that transaction that we can’t anticipate, but this ensures a great start to the process and translates to a smoother experience for everyone, particularly your customer.


Look out for the (?) symbol appearing in more places, providing tips and explanations to help make applications easier

Remember to enter a Funding Amount and Purpose to get help tailored to your transaction

You can email us at [email protected] with feature requests or suggestions.

Broker News – Is Your Privacy Consent Up To Date?

Is Your Privacy Consent Form
Up To Date?


Fintechs (including CFI Finance) are constantly looking for efficiencies and ways to improve speed and customer experience. One of the developments in recent years that has been adopted by many lenders is the real time checking of ID. You may have heard financiers refer to the ‘DVS’ (Document Verification Service). This service is particularly useful to lenders attempting to verify individuals as a part of their KYC processes.

The DVS is a secure, online system that allows lenders to obtain Identification from an individual, then with their consent, compare it to the original document that was issued by the relevant government agency. Examples of documents that can be verified by the DVS include passports and driver licences.

The outcome is that the identification provided by a borrower can be verified in a matter of seconds, improving the turnaround time on deals. However, (this is the bit you need to pay attention to) in order for lenders to use the DVS, they need to have received explicit consent enabling the verification of the information provided to them with the official record holder.

It is not uncommon for broker privacy consent forms to be missing this express consent and results in lenders having to issue the borrower with a copy of their own privacy consent form to be signed. This extra step can slow down the application process and remove the benefit of many of the efficiencies gained.

It is a good idea to review your privacy consent form and ensure that it complies with DVS requirements along with any other updates that may have occurred within the Privacy Act. Often it is only a minor adjustment that is required, which will make applying for finance a much smoother process for both your customer and the lender.


* CFI does not provide legal advice and this article is general in nature. Brokers should seek their own legal advice before making any changes to their documents.


Broker News – Maldives Holiday Winner

Broker Promotion Maldives Holiday Winner

Congratulations to Lucas Parker from Jade Equipment Finance on winning the CFI Finance Maldives Holiday Broker Promotion. 

We would love to share with you some pictures of Lucas and his partner soaking up the sun on some beautiful Maldivian atol, however Lucas elected to choose the $8,000 in flight centre vouchers instead so that he could visit family in the UK at Christmas time. 

Congratulations Lucas, we hope you have a great time in the UK. 

We also delivered a number of consolation prizes including Apple AirPods, Apple Watches, GoPro Hero, Sonos Speakers and Bose Headphones. Thank you to all brokers who participated in the promotion. Keep an eye out in the new year for our next big broker promotion.   

Broker News – CFI Tools – Bank Statements Request

Automatic Secure Bank Statement Collection

It's easy to get customers to complete the bank statement collection process as part of their finance application. Here's how...

CFI requests bank statements from all applicant businesses and primary individual applicants. Bank statements must be provided through our secure link to


When you submit an application via our broker portal you will be prompted to select which applicants should receive a request for bank statements. They’ll get an email from CFI letting them know you’ve submitted an application on their behalf an what to do next. The email will automatically include your contact details.


What happens if I miss somebody or want to add them later?

No problem! Just pop into the broker portal and select ‘Customer Application Request’ – Choose Bank Statements Only as the application type and you’ll be prompted to fill in a name and email address for your request.


Our online bank statement collection via Illion's is fast and secure

Just select which applicants you want to request bank statements from at the end of the application

If you need to request bank statements from a customer outside of a normal application just go to "Customer Application Request"

Broker News – CFI Tools – Playbooks

CFI's Broker Playbooks make information gathering easy....

It's often a challenge to cover off all of the questions a lender might ask, particularly with more complex transactions like start-ups and acquisitions. CFI has the answer.

It can be a challenge to remember all of the questions to ask when trying to pull a deal together, particularly if it’s in a space you don’t operate in often. At CFI we recognise we’re a little different, we don’t have a ‘matrix’ and the way a deal is packaged can often make a signficant difference to approvals (both in terms of time and whether the deal is approved at all).

Enter CFI Finance Playbooks

Playbooks present questions that are relevant to different types of deal in a logical order, helping you and your customer to build a picture of the deal. To access the Playbooks, login to the CFI Broker Portal and select Broker Resources – Playbooks…


Our Playbooks are resources for you, so they don’t automatically send the notes to us, we’ve done this deliberately as we understand people might go a little ‘short-hand’ when they’re on the phone to the customer, and then flesh out the details later, perhaps after receiving some supporting information…


Once you’ve finished your call and your notes, just click the “Email Details” button and all of your notes are sent to you. It couldn’t be easier.



Playbooks are a great help when it comes to putting together deals and extracting the story from a customer, whether in person or on the phone.

They also make great training aids for staff that don't deal with transactions of this type often.

Playbooks are for you, so they don't automatically send CFI the info. You have chance to flesh out notes and decide when and how to submit transactions.

If you have ideas for improvements to playbooks, our broker portal, or the resources we provide, please email [email protected]

Broker News – Data Security

How are you handling the challenges of data security?.

Privacy and Cyber Security are hot topics right now. Attacks on Optus, Medibank, and now Latitude have customers reeling, and plenty of people asking “what next?”

It’s easy to think that criminals only target big businesses and holders of large amounts of sensitive data, and that smaller organisations simply aren’t worth the time trying to breach, unfortunately the reverse is often true. Smaller organisations often have less robust policies and procedures when it comes so cybersecurity and data management, they may have less sophisticated software for detecting and blocking attacks, and they can often be seen as a weak ‘back-door’ into information held by larger companies.

It’s also worth noting that it’s not usually all about flashing lights and whizzing bits of Matrix code as these ‘hackers’ bash away at the cyber-doors of their targets. We just need to look at some of these recent high profile breaches to say that an alarming number come from something as simple as stolen login credentials. When the burglars have the keys it’s easy to get through the door.


  • The Optus data breach occurred from someone finding a door that didn’t even have a lock on it. It should have, but it simply didn’t, an unsecured API (effectively a data portal) requiring no username or password at all.
  • Medibank’s breach was the result of someone getting hold of a Medibank username and password from one of Medibank’s IT service providers.
  • Latitude’s breach also appears to have been caused by stolen login credentials, which then allowed the person to pose as that employee and access other third-party systems.

It’s perhaps not hard to understand why so many emails are received trying to get you to ‘click here’ or to open an attachment. These emails are baited hooks fishing for login details to anything and everything. (In fact, whilst writing this I received an email purporting to be a saved voicemail, all I need to do is click the link to hear the message….)

So, what are some of the things brokers can be doing to safeguard themselves and their customers from potential breach?

  1. Use strong passwords and two factor authentication. If your password is the same, or close enough, over a variety of sites then you’re only as secure as the very least of those places. Consider how many times a user might use the same password just changing a number or adding a ‘!’ to the end. If their password is breached on Spotify or Facebook, your network could easily be next.*
  2. Use archives that are less accessible. It might be necessary for a large number of staff members to access information when a deal is in progress, but once it has settled it may pay to lock big chunks of customer information away in less accessible storage areas.
  3. Have a written policy round information retention. Consider what information is required from customers, where and how that information is stored, and how long it should be kept for. It’s easy to say ‘we keep everything’ but that significantly increase the damage that could arise from a breach.
  4. Keep software up-to-date. Hackers work by finding a small opening and then working to widen it or squeeze through. The fewer openings you have, no matter how small, the lower your risk.
  5. Continually educate your employees. It’s not enough to write ‘use strong passwords’ in your employee handbook and forget about it. Employees should be warned regularly about the risks of attacks and shown examples of things like phishing emails. Ensure that your staff members are aware of best practices for data security and train them on how to identify and report potential security breaches. This will help prevent accidental data leaks or breaches due to human error.

Finally, consider engaging a data security expert. A good specialist will look at all of the items above and much more. They’ll try to break into your systems in ways you can’t imagine, and whilst they may cost a little, consider it no different to an insurance premium; a necessary expense to protect against much larger consequences.

* This is not to suggest in any way that either of these platforms have lax security.


Plenty of people manage security by adding a number or exlamation mark to passwords used elsewhere. Don't do that.

An alarming number of data breaches are caused by indavertent disclosure of staff passwords.

Consider what information you need to keep, how long you need to keep it for, and who should have ready access to it.

The Attorney General’s recent review of the Privacy Act is available here: – There are over 100 recommendations contained in the report, many of which will impact smaller businesses that collect and manage information.