The Reserve Bank of India has ordered commercial banks and non-banking lenders to stop providing unregulated entities access to consumer data held by credit bureaus, dealing a blow to scores of fintech startups that have based their business models on such information.
In a letter to banks and NBFCs, the central bank said it noticed that they had appointed agents and permitted them to access the database of credit information companies. Such actions are against the Credit Information Companies (Regulation) Act, 2005 (CICRA), it said and warned of penalties if any of the regulated entities violated its order. The Economic Times has seen a copy of the letter. The central bank did not respond until press time Wednesday to an email seeking comment.
Meeting with heads of credit companies
As per the Credit Information Companies Regulation Act, banks and NBFCs are mandated to report every retail loan to all the four credit bureaus and keep them updated on the repayment behaviour of the consumer. This allows other lenders to use this data and evaluate the customers before issuing any loans. Banks and NBFCs are expected to keep the data in confidence, according to RBI’s outsourcing policies for them.
As per the current practice, banks partner with fintech marketplaces and institutional agents and give them authorisation to access the data directly from credit information companies, without seeking the consent of the customers.
“This was the interpretation of the CICRA under the purview of which banks and credit bureaus were operating,” said a person in the know. “This kind of outsourcing model has been prevalent for a few years. These agents include online marketplaces, IT companies, analytics firms and institutional agents.” The practice came to light during the annual audits of some banks, the person said.
The RBI sent the letter to all banks, said this person. The representatives of the central bank met the heads of the four credit information companies — TransUnion CIBIL, Equifax, Experian and CRIF High Mark — seeking information about the practice.
“The RBI sought clarity on the provisions under which the data was being shared under CICRA,” said a senior executive at one of the companies. “The practice had been happening for a few years. We made our positions clear to the RBI.”
Industry insiders ET spoke to said this move could radically affect the business models of fintech companies, since many of them were relying on the data to evaluate customers while they applied for loans through them. Online marketplaces, such as SIDBI’s PSB Loans in 59 Minutes platform, could be impacted due to the restriction, they said.
“This will be a major blow to the sector. Though we rely a lot on non-financial data sources, we do take bureau data as one of the information points. Now we will not have any visibility on the past credit behaviour of the customer,” said the founder of a lending marketplace, who did not wish to be named.
The RBI order could, however, benefit the startups that have moved away from the pure-play loan sourcing business and are taking exposure on their own books. One such company, MoneyTap, has recently secured its own NBFC lending licence, ET had reported. Several other players have also either applied or are planning to apply for lending licences.
Source: Economic Times