Sunday, December 10, 2023

View: Privacy rules around credit information companies need tightening

Must read

The recent RBI circulars on customer service rendered by Credit Information Companies (CICs) and Credit Institutions (CIs) and the framework for compensation to customers for delayed updation have come not a day soon and reflect RBI’s focus on customer issues in a critical area. Customer service issues which plagued credit information reporting arose out of multiple reasons, the most important being the multiplicity of entities involved and the absence of effective time-bound customer grievance redressal functionalities.Credit information companies like TransUnion CIBIL, Equifax, CRIF Highmark and Experian maintain the database of credit information received from credit institutions like commercial banks, non-banking financial companies (NBFCs) and others. Based on the credit information received, credit scores are developed by the CICs using algorithms, which are in turn consumed by credit institutions to make credit decisions.

A credit score is a reflector of a borrower’s credit habits, and ability to repay a loan and it assumes tremendous significance due to instant loan sanctions and burgeoning retail loans.

Section 19 of the Credit Information Companies (Regulation) Act, 2005 and Sections 19 and 20 of the Credit Information Companies Rules, 2006 prescribe that CICs and CIs shall take steps to ensure that the data relating to the credit information maintained by them is accurate and complete. The Act envisages that the CICs and CIs will take steps within thirty days after being requested by a borrower to make appropriate corrections or additions.Undoubtedly, the volume of data that flows into a CIC is humongous. All the CICs are expected to receive credit information from all CIs as per RBI stipulations. However, gaps seem to exist in reporting and in ensuring that the information is accurate, which results in inaccurate credit scores in some cases.

Since multiple institutions are involved in this pipeline, the root cause may lie with more than one institution, the resolution of which would have required coordination across these institutions. That is where the chinks in the armour lay. The customer had to approach multiple institutions, often to faceless grievance redressal processes, without timely assistance and redressal. While CIs like banks have robust customer grievance redressal mechanisms with adequate escalation matrix, CICs relied on online dispute resolution methods to handle complaints. Moreover, the customer had little clue about what was happening with her data at the backend of this pipeline between CIs and CICs. The regulator has rightly addressed these issues through the new dispensation.Another laudable step is RBI has made it mandatory for CIs and CICs to inform the customer when her credit data is reported or accessed, thus bridging the information gap in the process. This would bring in a sea change in the credit culture as the customer becomes aware on a real-time basis when her credit score is used or reported. The availability of such timely information would act as a reminder to pay back, making collections easier and preventing accidental slipping to a poorer credit score, especially for customers who could have made the repayment in good time.A correction request made by a customer will have to be responded to with reasons by the credit information companies if the request has been rejected. The rules had provided a similar dispensation in rule 25(3), the implementation of which left a lot to be desired.

A significant change now is the introduction of compensation for delayed action on the part of the CICs and CIs. ₹100 per day compensation beyond 30 days may not sound large enough but is expected to bring urgency in resolving correction requests. The compensation scheme has been tailored by fixing accountability in the case of multiple credit institutions apart from CIC. However, the mechanism needs to be tightened to ensure incontrovertible digital log-based functionality to register and acknowledge the complaint without which the delay cannot be correctly quantified.

The instructions on root cause analysis and review of search and match logic by CICs can improve the robustness of the system. With the increasing number of card users and burgeoning retail portfolios, it is also time to see whether free credit information should be provided more than once in a year, which will trigger self-correction mechanisms among consumers who tend to slip into deviant borrower behaviour and resort to excess credit. This will also enable many a customer to get back to formal credit rather than depending on money lenders and fly-by-night unregulated digital apps.

As credit information assumes growing importance, the legislative framework would also require further refinement. Since disputes often have monetary implications for the customer it is essential to specify the duration of storage of complaints-related data at the CIC end, thus avoiding litigation. The Regulator should also be provided the power to impose penalties in case of a violation of the regulations made under the Act. The privacy principles outlined under Section 20 of the Act would also need to be tightened to draw boundaries around data sharing with group companies of CICs and CIs. Data defined under the Rules covers credit information. It needs to have a wider connotation to cover other associated information about the borrower reaching the CICs.

Credit information is an ingredient yet to be tapped to its full potential in a credit-starved country like India and the regulator has done well to institutionalise a system for redressing grievance issues. The impact of these measures would contribute greatly to developing a robust credit culture in the country.

(The author is a former executive director of RBI)

Source link

More articles

Leave a Reply

Latest article