Legal and Regulatory Framework for Credit Reporting
The legal and regulatory framework for credit reporting is usually governed by several laws and regulations and varies greatly around the world. Those laws include the following:
• Regulations concerning bank secrecy
• Data protection law
• Consumer protection
• Fair credit granting and consumer credit regulations
• Provisions with respect to privacy and personal or corporate secrets in existing laws
Several countries chose to pass a specific law regulating credit-reporting entities: Israel, Kazakhstan (draft version), Korea, Mexico, Peru, Russia (currently in a draft version), Sweden, Thailand, Ukraine (draft version) and United States. In almost all European countries, as well as in Australia, New Zealand, Hong Kong, Taiwan, and Argentina, the focus is on regulating the data management process rather than on credit-reporting agen
cies as institutions. In those countries, major legislation governing operation of a credit registry involves a data protection law.
Economic research shows that the registries are most effective when they are able to collect information from a wide number of sources, including bank and non-bank financial institutions, as well as from firms selling goods on credit. The legal framework should be able to support this type of a system and should not restrict the ability of some creditors to participate in a credit bureau. The Fair Credit Reporting Act (FCRA) in the United States (Federal Trade Commission 2005) and data protection laws in Europe allow information exchange among all types of creditors. There are usually no restrictions on the collection of information from public sources such as court records, bankruptcy filings, and so forth. Credit bureaus create added value by merging information from public sources with the information collected by the credit bureau and by allowing automated access to such records.
An effective legal and regulatory framework for a credit registry should encourage information sharing and should promote competition while achieving a balance between information sharing and privacy and consumer protection. It should include the following characteristics:
• The legal framework should encourage information sharing among lenders; for instance, certain laws may be established or amended to provide legal clarity with respect to acceptable information sharing practices.
• The legal framework should encourage appropriate competition in credit markets.
• The tradeoff between privacy protection and information sharing should be taken into account. Although improper sharing of credit information causes privacy issues, broad privacy or data protection laws may unduly limit credit reporting. Thus, the legal framework should be constructed to achieve a proper balance.
• Consumer protection should also be considered in the legal framework. Customer protection should be enhanced in the law through appropriate access to data and expeditious resolution of credit-reporting issues. Borrowers should have access to their own data and should be notified of adverse actions that result from a credit report. Reports should include information with respect to all the persons who have access to data. Consumer-friendly procedures should be developed to challenge erroneous information in a reasonable time frame. For example, a specific contact would be established to provide “one-stop service” for consumers to resolve credit issues.
One of the key provisions in the credit-reporting and data protection laws is the ability of the subject of the information to view his or her own record. One of the most effective mechanisms for maintaining quality and accuracy of information in the database is ensured by notifying the borrower when credit is refused. The notice informs the borrower that the decision to refuse credit was in whole or in part based on the information obtained from a credit registry, specifying the registry’s name. The notice should also state that, according to the law, the borrower can obtain a record from the credit bureau, and the notice should provide contact information for this bureau. In most countries, the consumer is entitled to obtain a free report if he or she has received this type of notice. Alternatively, the price for a report may be set at some low level. Notice of refusal of
credit also serves as a good educational tool to inform the consumer of the importance of building a good credit history and of improving one’s standing.
The subject of the credit report, whether an individual or a firm, is in the best position to know who has a valid reason for accessing that report. Subjects of such credit reports know where they have requested credit or employment and whether other firms or individuals have a valid reason to request the information. Therefore, one of the best ways to limit unauthorized use of credit information is to develop systems that record all queries for an individual’s report. Consumers can review this information if they think their data have been used in an inappropriate manner. This simple reporting tool can greatly help to detect misuse of the data by lenders and others who may request this information, as well as by the staff of a credit-reporting firm.
Procedures, particularly non-judicial dispute resolution mechanisms, should be in place to facilitate challenges to erroneous data. Again, the consumer or firm that is the object of the credit report is in the best position to know whether data in the report are correct or flawed. At the same time, the consumer or firm has an incentive to challenge negative information in the report, even if the individual person or company knows it to be accurate. Those two facts should be balanced in regulations on dispute resolution in credit reporting. Providing access to credit-reporting firms by means of the Internet and by phone can encourage consumers to review their reports and to identify reporting errors. As stated above, it is particularly important that consumers have access to reports when an adverse action has been taken. Clear procedures should be established in regulations that specify the steps in the dispute resolution process and the time frame that credit-reporting firms have to verify and respond to complaints. The regulations may include requirements that credit-reporting firms operate toll-free phone numbers to take complaints or to otherwise facilitate consumer access. If the credit-reporting firm and consumer differ over the validity of the information, the consumer should be able to add a comment to this effect on the credit report. However, consumers should not be able to effectively hamper the functioning of the system by their interaction with the credit-reporting firm. For example, requirements that all consumers get a free copy of their credit report every year, even if they have not requested it, can add great cost to the system. Similarly, allowing consumers to obtain unlimited numbers of free credit reports on themselves can lead to abuse.
Country experience shows that the regulatory framework is usually weaker than the legal framework in developing countries. The following questions should be carefully considered in establishing or improving a regulatory framework:
• Is enforcement strong enough in the regulatory framework? Can—and do—regulators effectively enforce laws and regulations by means of audits, lawsuits, and fines or by reviewing industry codes of conduct?
• Do consumers have the ability to bring complaints outside the judicial system?