This page contains a Flash digital edition of a book.
In Focus Risk


Guardians of the credit file


In a continuation of last month’s article, what is the role of credit reference agencies in today’s society?


Alan Golob Experienced credit risk professional alangolob@gmail.com


As so happens when one part of government steps in to open the doors of competition, as happened with the Open Banking initiative, another comes along to ‘provide a balance’. So we now, as of 25 May 2018, welcome


the General Data Protection Regulation (GDPR). This regulation does a number of important things. It reinforces the point that all personal data, credit or otherwise, no matter where it is stored or who it is used by, is the property of the individual it relates to. That, in order to hold, store and use that


data, it requires the appropriate consents to have been obtained from the consumer. There are certain exemptions, for example if the data user can prove they have a Legitimate Interest to use the data without consent. The fines to stepping over the line in the misuse of data are of Herculean proportions. In the case of GDPR, the regulation


requires explicit consent. It does not allow companies to use such mechanisms as ‘implied consent’ or opt-out clauses. It also clamps down very firmly on the resale of consumer information, especially for marketing purposes. One of the most interesting aspects of


GDPR is that it relates to data relating to all European citizens. Irrespective of where that data is held and who is using it, the regulation must be complied with. In essence, any company wanting to target European citizens needs to comply with GDPR, no matter where in the world they are located.


Up to speed Getting up to speed to ensure GDPR is correctly complied with for any company that holds and uses consumer data is no


38


easy matter. A survey conducted by the EU, prior to the 25 May deadline, suggested that up to 50% of European companies would not have achieved compliance by that deadline. One group of organisations, for their very existence, that need to be fully compliant, are the credit reference agencies (CRA). If we take the recent Facebook/Cambridge


Analytica episode, we saw a situation where Facebook allowed Cambridge Analytica to access 300,000 correctly consented consumer records. From this Cambridge Analytica were able to target a further 50 million individuals. Put very simply, GDPR would make contacting any of those 50 million, who were resident in the EU, offside, unless they had given a prior explicit consent to be contacted. The very future of the CRAs in the UK


and, for that matter, other parts of Europe may largely depend on who consumers trust or indeed have faith in. CRAs cannot hide behind the cloak of regulation to justify their existence in the personal-data harvesting and storing world; simply because the regulations extend to any organisation that holds


and uses consumer data. Who do we, as consumers, trust to hold and manage our personal data? Clearly trust in Cambridge Analytica evaporated very quickly, as the company ceased to trade.


Trust Do we trust a small innovative fintec company that we have never heard of, when they ask us to open up our bank account details? Probably not. Would we trust a social-media company


not to misuse our data? I suspect the answer would be very different depending on the age group the questioned was being asked of. Perhaps, do you even care, would be just as much a relevant question. Do people, in general, trust CRAs not to


For those people beyond the so-called Millennial generation, who have depended on credit scores to obtain mortgages, credit cards, and loans, the answer would be a pretty emphatic yes


misuse or misappropriate their data? Again, it may be divided on basis of age. For those people beyond the so-called Millennial generation, who have depended on credit scores to obtain mortgages, credit cards, and loans, the answer would be a pretty emphatic yes, despite such episodes such as the cyber breach of Equifax in 2017. But as we see lending patterns change in society, as younger generations shy away from home ownership and mainstream banking, the need for a trusted broker of credit data, such as the CRA, diminishes. However, the CRAs do have a very


important role to play, one which can be both an advantage and a disadvantage in today’s information age. That is one as the guardian of every consumer’s credit file. When a consumer is refused credit, for


whatever reason, they turn to the CRAs. Very importantly the CRAs have a vital role when it comes to correcting and disseminating information, especially in relation to fraud. But the operation of


www.CCRMagazine.com December 2018


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52