The Credit Reporting Act 2013 (the “CRA”) which came into force on 27 January 2014 provides for a mandatory credit reporting and credit checking system with application to a potentially far broader range of lending than that which has traditionally been reported to credit reference agencies.
A number of reports and enquiries had highlighted weaknesses in the prevailing credit reporting arrangements whereby use of private membership-based credit agencies resulted in incomplete credit profiles with the full extent of borrower’s indebtedness not always apparent. As a consequence, and in accordance with a commitment under the EU/ECB/IMF (Troika) Programme of Financial Support for Ireland, the CRA was introduced to provide for the establishment, maintenance and operation of a Central Credit Register (the “CCR”) by the Central Bank of Ireland (the “CBI”). The expectation is that the CCR will underpin and promote responsible lending and responsible borrowing whilst bolstering the CBI’s supervisory capabilities.
The range of lenders who are subject to the mandatory credit reporting obligations is potentially quite wide, with the relevant definition of “credit information provider” extending to regulated financial services providers and unregulated entities or natural persons who provide credit. Credit is also broadly defined as “any loan, deferred payment or other form of financial accommodation” but there are a number of exclusions, including credit provided:
- by one credit institution to another;
- by a company to its subsidiary or holding company; or
- without any requirement to pay interest or any other charge.
In order for a credit application or agreement to be subject to the reporting requirements:
- the borrower must be resident in the State at the time when the credit application or credit agreement is made; or,
- Irish law is (or will be) the law governing the credit agreement.
The broad scope of the CRA means that unless they fall within one of the exclusions, certain lenders previously unaccustomed to credit reporting may now be subject to the credit reporting requirements e.g. individuals engaged in private lending, purchasers of loan portfolios, SPV’s engaged in lending and lenders from outside of the State “passporting in” to lend to an Irishresident borrower.
It is worth noting that the CBI may make regulations specifying different information requirements in relation to different classes of lenders and borrowers so there is some potential for a lighter reporting regime being applied to certain lenders.
Personal and credit information in respect of individuals and corporates must be reported to the CCR where the qualifying credit application or agreement is €500 or more. Personal information for individuals and corporates will include:
- name, address, date of birth, PPSN, telephone number, employment status, trading name and CRO number (as applicable).
Credit information for individuals and corporates will include:
- loan details i.e. type, size, currency;
- repayment details i.e. term, frequency of repayments and interest rate;
- collateral details;
- performance status including details of any arrears, rescheduling or default; and
- any proposal or arrangement with respect to debts.
The inclusion of PPSN as one of the data fields is notable as its use has been heavily controlled to date by the Department of Social Protection. The CBI will have to consult with the Data Protection Commissioner (the “DPC”) and obtain the consent of the Minister for Finance if it wishes to specify additional fields of information. Additional data protection safeguards are included in the CRA such as a requirement for the CBI to notify the DPC of any systemic problems in relation to obtaining, keeping, processing or use of information held on the CCR.
The CRA provides that lenders must access the CCR when a consumer or business makes an application for a loan in excess of €2,000, in order to ascertain their creditworthiness. It remains to be seen whether this will form part of the assessment of suitability which is required under the provisions of the Consumer Protection Code 2012.
It is expected that CBI regulations will clarify the precise mechanism for access by lenders to the CCR e.g. whether it will be necessary for a lender to register with the CBI prior to receiving access and how such access will be controlled having regard to the personal financial data it will hold.
The CBI has responsibility for ensuring compliance with the CRA. The CRA is a designated enactment which means that the CBI has the power to administer sanctions in respect of any contraventions of it. The CBI may also issue directions to credit providers to take specified steps to comply with the CRA and may make an application to the High Court where it considers that a credit provider has failed to comply with a direction.
It an offence for a credit provider to:
- knowingly provide false or misleading information to the CCR; or
- knowingly use information held on the CCR for a purpose other than one permitted by the CRA.
Current Status of the Central Credit Register
The CCR is not yet operational and the CBI has yet to publish the regulations which will, inter alia specify:
- the information that is to be provided in respect of different classes of lenders and borrowers;
- the form in which, and when, that information is to be provided; and
- the requirements as to verification by credit providers of information provided by applicants for credit.
What should Credit Providers do now?
In advance of the CCR becoming operational, credit providers should determine whether the reporting requirements apply to their business. If the reporting requirements do apply, the credit provider should:
- identify the credit applications and credit agreements in respect of which information will have to be provided; and
- position themselves to supply the relevant information both before credit is approved and during the lifetime of the credit agreement.