Wednesday, 11 December 2013
Credit Reporting Bill 2012: Second Stage
The Credit Reporting Bill 2012 will establish the legislative framework for the creation of a central repository of credit information to be known as the central credit register. A credit register is a database of credit information based on credit applications and agreements, which assists lenders in making informed lending decisions and the identification of high risk borrowers. The creation of a central credit register was sparked by reports produced in recent years by the Law Reform Commission, the expert group on mortgage arrears, the Central Bank and the Government’s banking inquiry, which illustrated the prevalent weaknesses in the Irish reporting system and highlighted the potential benefit of having an effective credit reporting system.
While there are privately run credit bureaux operating in Ireland, there is no central repository of credit data on a statutory basis, nor is there a statutory obligation on financial institutions to report credit data to the privately run credit bureaux operating in Ireland. Such private bureaux require their members to report credit information. However, as a number of financial institutions are not members of any credit bureau, the information gained does not represent an accurate picture of how much creditors are lending and how much an individual borrower is borrowing. Consequentially, the full extent of a borrower’s indebtedness is not apparent. The current system does not allow the Central Bank of Ireland to see the overall borrowing situation in Ireland, which may lead to lenders being unable to properly assess total borrower exposure. Moreover, the current system does not allow for the identification of systemic risk.
This unsatisfactory position resulted in the establishment of an inter-agency working group tasked with developing a strategy to put in place an effective credit reporting system. The report of the inter-agency working group on credit histories was presented to me at the end of June 2011. The recommendations contained in the report which were developed following consultation with stakeholders helped to inform the Department of Finance in drafting the general scheme of the Credit Reporting Bill published at the end of August 2012.
Following the publication of the general scheme, further consultations were held with representatives of the finance industry, the Central Bank and the Data Protection Commissioner. Their comments were taken on board in developing the general scheme in the Credit Reporting Bill published on 28 September 2012. The achieved deadline of the end of September 2012 was a structural benchmark under the EU-ECB-IMF programme for financial support. Changes made to the general scheme were in the interests of enhancing consumer protection and technical changes which were required. As the Bill progressed through the Dáil, Deputies from the Opposition parties were very supportive of the Bill and positively engaged in the debate on various proposals. The contributions from the Opposition have helped to clarify issues and by bringing forward beneficial amendments the quality of the Bill has been greatly enhanced. I am very thankful for the great support received while the Bill passed through the Dáil. I am pleased to note that we are on track to complete the passage of this important Bill through all Stages in both Houses of the Oireachtas by the end of the year.
The key elements of the Credit Reporting Bill are the establishment of a central credit register which will be maintained and operated by the Central Bank of Ireland; the creation of a statutory credit reporting system under which lenders will be obliged to report information on loan applications and loan agreements which reach a threshold in excess of €500; the Bill provides for the categories of personal and credit information to be held on the register and the purposes for which it can be used; detail is provided as to when this information can be accessed and by whom; the Bill requires lenders to check the register when considering approving credit applications of more than €2,000; the circumstances in which information on the register can be amended are provided; and the Bill prohibits the misuse of the information held on the register.
The Bill prohibits the misuse of the information held on the register.
I will now outline the main provisions of the Bill. Part 1 is the preliminary and general section. Section 1 provides for the Short Title and the commencement provisions. Section 2 is the standard interpretation provision defining the terms used in the Bill and setting out the scope of the Bill. Section 3 provides that any regulations or order made under the Act may contain incidental, supplementary or consequential provisions. Section 4 is the standard section for expenses incurred in the administration of the Act.
Part 2 pertains to the central credit register. Section 5 provides that the Central Bank of Ireland will establish, maintain and operate a database of personal and credit information to be called the central credit register. Section 6 defines the personal information relating to credit information subjects which may be held on the register. The type of personal information which can be held is determined by whether that subject is an individual, an individual carrying on a business or not an individual. Personal information includes names, addresses, place and date of birth, telephone number, PPS number, employment status and tax reference number. Power is given to the bank to make regulations to specify additional personal information which may be held on the register. The bank must consult with the Data Protection Commission and is required to obtain the consent of the Minister for Finance before specifying any additional information.
In addition to the personal information referred to in section 6, the register may hold credit information relating to a credit information subject. Section 7 provides that the type of information held will depend on whether the information is obtained in relation to a credit application or a credit agreement. Section 7 also provides details as to what constitutes credit information, which will be held in relation to a credit agreement made by a credit information subject or a credit agreement of which the credit information subject is a guarantor. The bank also has the power under this section to make regulations, following consultation with the Data Protection Commission and with the consent of the Minister, specifying additional credit information which may be held on the register.
Section 8 provides for the period for which information may be held on register. Section 8(2)(a) specifies that data retention for this information is linked to the closure or discharge of a debt arrangement, rather than that arrangement's entry on the register. Section 8(2)(b) specifies that data retention for this information is linked to the date of its entry on the register not to any specific credit agreement. Section 8(2)(c) clarifies that this kind of information should be retained for five years after the closure of an account not immediately upon closure. Section 8(2)(c) provides that personal information be treated separately and not linked to a specific credit agreement but rather to a credit information subject more generally. In relation to anonymised information, this section permits the information to be held on the register indefinitely.
Section 9 illustrates the application procedure to make an amendment to the information held on the register. Applications from credit information subjects or credit information providers to amend information held on the register must be made on the basis that the information is inaccurate, not up to date or incomplete. Where the Bank makes the decision to amend the credit information held on the register, a number of parties must be advised of this decision as provided for in section 10. Notice of the decision must be given to the borrower, the credit information provider and any person who is party to an ongoing credit agreement. Where the bank decides not to amend the register it must, if requested to do so by the subject, enter on the register a record of the amendment sought.
Section 11 obliges credit information providers to supply certain information to the bank, which the bank will then hold on the register. This section also allows the register to impose some minimum standards around the data to be reported and the verification procedures with which credit information providers must comply. Finally, this section also provides that the bank may, with the consent of the Minister, make regulations specifying the information and the form in which it is to be provided. Those regulations may differentiate between classes of applications, agreements, providers and subjects.
Section 12 obliges a credit information subject who makes a credit application to give notice to the credit information provider of any aggregate foreign debt in excess of €5,000 outstanding. This refers to credit agreements not covered under section 2(2). Section 13 permits a credit information subject to add to the register, a short explanation of no more than 200 words, about the subject’s credit information held on the register. The bank is obliged to include this information on the register. Section 14 obliges a credit information provider to access information on the register which relates to a credit information subject when that subject makes a relevant credit application. The threshold for access can be amended by regulation but as a default is set at €2,000. The register does not have to be accessed where the credit information provider has previously accessed information relating to the subject in question within seven days before the credit application is made. Information accessed under this section may only be used for purposes specified in section 16 of this Act.
Under section 15, a credit information provider may apply to access information on the register where a person has made a credit application for an amount less than €2,000 or is proposing to give a guarantee or indemnity in connection with a credit application made to a credit information provider. This section also provides access for a lender beyond the performance of credit agreements it has entered into with a particular credit information subject, to the performance of credit agreements entered into by that credit information subject with other credit information providers, where there is a change or a breach of terms of a credit agreement. This will allow a credit information provider a fuller picture of a person’s indebtedness resulting in more responsible lending.
Information accessed in accordance with this section may only be used for purposes specified in section 16 of this Act. Section 15 allows a credit information subject or any person who has the consent of the credit information subject to access information relating to that subject. This section also permits the bank to use the information held on the register for the performance of its functions.
Section 16 details the specific reasons for which information on the register can be accessed by credit information providers. The reasons include verification of information provided; evaluating risk from the affording or extending of credit to or the taking of a guarantee or indemnity from a credit information subject; evaluating any risk arising from any changes to the credit agreement or guarantee; monitoring failures to comply with any obligation under a credit agreement; evaluating whether to make any proposal or arrangement with respect to the debts of a credit information subject in circumstances in which a credit information subject has made a request for such an evaluation to be made; and analysing the nature of the credit information provider’s portfolio of credit agreements.
Under section 17 the bank may, having consulted the Data Protection Commissioner and with the consent of the Minister, make regulations relating to applications to access information to which the bank is required to give access in response to such an application, when access to the information is to be given and the manner in which such access is to be given. A credit information provider is required to keep a record of each application made to access information on the register for a period of five years. If required to do so by the bank, a credit information provider is obliged to provide information about any occasion on which that provider has been given access to information on the register. The bank is required to keep a record for five years of all occasions on which access to the register was granted. Section 17 allows for a credit information subject to request from the bank a report detailing each occasion access has been given to information relating to that subject within the previous five years, the identity of the persons who applied for access and the dates on which those applications were made.
Section 18 allows credit information subjects to place pre-emptive flags on their register accounts notifying any prospective lenders in respect of their identity being compromised. This enhances consumer protection on the register.
This enhances consumer protection on the register. Where a notice of suspected impersonation is entered on the register, the bank is required to notify the credit information subject, at least within 48 hours, if any application is made to access information on that subject or if information is provided for the bank in connection with a credit application made by that subject.
Section 19 applies the provisions of the Data Protection Acts 1988 and 2003 to credit data held on the register for individuals and bodies corporate with an annual turnover of not more than €3 million. The Data Protection Commissioner will, therefore, be able to deal with complaints from microenterprises and SMEs in respect of their data held on the credit register. The section provides that the bank may make regulations, with the consent of the Minister, specifying how and by reference to what year annual turnover is to be calculated. The bank must also notify the Data Protection Commissioner of any systemic problem identified and take action to eliminate or minimise any such systemic problem.
Under section 20, a credit information provider is required to take steps to verify the identity of a credit information subject who makes a credit application or credit agreement with that provider or proposes to give a guarantee or indemnity in connection with a credit agreement to which that provider is a party. The bank has the power under this section to make regulations, following consultation with the Data Protection Commissioner and with the consent of the Minister, specifying the steps credit information providers must take to verify a subject’s identity. These regulations may make different provisions for different classes of credit information provider or different classes of credit information subject.
Section 21 obliges a credit information provider to take reasonable steps to verify the information it obtains from credit information subjects. Under section 22, a credit information provider shall notify a credit information subject where that provider reasonably believes the subject has been impersonated by any person. Section 23 imposes an obligation on credit information providers to ensure credit information subjects are made aware of their rights and duties under the Bill. Section 24 stipulates that credit information providers are required, at the application stage, to notify applicants that the Bill requires information on qualifying credit applications and agreements to be supplied to the bank for inclusion on the register.
The register will not be set up to generate profit. However, section 25 allows for a levy to be imposed on credit information providers to meet the expenses of the bank in performing its functions under the Bill. The levy will be set with the consent of the Minister. The regulations will determine the parameters of any levy to be introduced. The regulations may also differentiate between different classes of credit information provider. This will assist in ensuring smaller lenders are not disproportionately affected by a levy. The section also provides that any party engaged by the bank to operate any aspect of the register is able to recover levies owing to it by way of court proceedings, instead of requiring the Central Bank to bring such proceedings.
Section 26 instructs that the bank may make regulations, with the consent of the Minister, to set out the fees to be paid for accessing information kept on the register or being provided with a record of occasions on which access has been given. The regulations will determine the parameters of any fee to be introduced. However, regulations under subsection (1) may not prescribe a fee for access to information by an individual under section 15(5) if the access is pursuant to the first application made by the individual in any year.
Section 27 outlines how the bank may compel credit information providers to comply with their obligations under the Bill. If the bank considers a credit information provider has failed, or is failing, to comply with any imposed obligation, it may direct that the credit information provider take specific steps to comply with its obligations. If necessary, the bank can apply to the High Court to make an order requiring the credit information provider to comply with the direction.
Section 28 outlines the provisions of a direction under section 27. Section 29 provides for a number of offences. It is an offence for a credit information provider to knowingly supply false or misleading information required to be supplied under the Bill and it is an offence for a credit information provider to knowingly use information, accessed by the provisions of the Bill, for a different purpose than those set out in the Bill. The penalties for the offences provided for in the section are a class A fine and a term of imprisonment not exceeding six months following summary conviction or a fine or imprisonment for a term not exceeding five years, or both, following conviction on indictment.
Section 30 provides that the bank may produce credit scores of credit information subjects and also general reports, analyses and statistics which contain anonymised data only. This means data that cannot be used to identity credit information subjects. The section also allows the bank to publish and sell items produced under this section, including to potential market entrants.
Section 31 requires certain staff of the bank to attend before the relevant Oireachtas committee and provide the committee with information on the performance of its functions under the Bill, if so required. Section 32 prohibits the unauthorised disclosure of confidential information received by the bank in connection with the performance of its functions under the Bill. The disclosure of confidential information constitutes an offence.
Section 33 provides that summary proceedings for offences under sections 29 and 32(4) may be brought and prosecuted by the bank. Section 34 is necessary in circumstances where the Central Bank engages third parties to carry out specific tasks. Consequently, section 33AK should include a reference to an agent of the bank, in line with the proposed section 32 of the Credit Reporting Bill 2012.
Section 39 is an amendment of section 5 of the Central bank (Supervision and Enforcement) Act 2013. It amends section 5(2) and (3) of the Central bank (Supervision and Enforcement) Act 2013 to change “to 3” to read “to 4” and ensure it shall be treated as always having had that effect. It corrects a technical error relating to a cross-reference.
The Credit Reporting Bill aims to support the removal of the deficiencies in the Irish financial services industry by establishing a statutory credit reporting system. This aims to support the promotion of responsible borrowing and lending. It will also aid the supervisory functions of the bank and enhance consumer protection measures in respect of lending. The legislation will assist in providing a tool to produce an overall picture of the level of indebtedness in Ireland. The establishment of a mandatory credit reporting and credit checking system, regulated and operated by the Central Bank of Ireland, will ensure lenders have access to the most accurate and up-to-date information on a borrower's total exposure. The provision will benefit both borrower and lender and ensure lenders are in a position to make informed lending decisions. The establishment of a central credit register will also help to support policies to combat over-indebtedness. The Bill achieves this and I commend it to the House.