Creditors, including both regulated and unregulated lenders, will have to start reporting personal and credit information relating to certain credit applications and agreements to the Central Bank by 31 December 2017. This follows the recent publication of five new Regulations under the Credit Reporting Act 2013, which set out in more detail the scope and content of the credit reporting requirement as well as other matters.
As set out in our previous briefings (here and here), the Credit Reporting Act 2013 ("CRA") provides for the establishment of a Central Credit Register ("CCR") as well as a mandatory credit reporting and credit checking system for lenders. The CCR's purpose is to provide a comprehensive "Single Borrower View" showing a borrower's total exposure. It is intended to assist creditors in making lending decisions, protect borrowers from incurring excessive debt and facilitate the identification of systemic risk in the credit system. CRIF Ireland Ltd is contracted to build and operate the CCR.
The CRA applies to credit applications/ agreements where:
- the applicant or the person for whom credit is provided under the credit agreement is resident in Ireland at the time the application/agreement is made; and/or
- Irish law governs the credit agreement or would govern the credit application.
The CRA refers to a credit applicant, borrower and guarantor as a "credit information subject" ("CIS"). It defines credit broadly to include a loan, deferred payment or other form of financial accommodation. However, this definition is subject to a number of (limited) exceptions, including for interbank and intragroup loans.
The CRA imposes two principle obligations on credit providers, which it refers to as "Credit Information Providers" ("CIPs"), as well as a number of associated obligations. The two principle obligations are to:
- report specified personal and credit information relating to certain credit applications and agreements to the Central Bank for inclusion in the CCR ("reporting obligation"); and
- access information on the register where the CIP receives a relevant credit application ("access obligation").
The obligations apply both to the original lender and any person who acquires rights from a CIP, including purchasers of loan books. Notably, a person can be a CIP even if that person is not a regulated financial service provider.
One of the recently adopted Regulations, the Credit Reporting Act 2013 (Section 6) (Additional Personal Information) Regulations 2016, specifies additional information as personal information, in order to facilitate the accurate identification of CIS. The other recent Regulations provide further detail on the content of the obligations imposed on a CIP under the CRA.
The Reporting Obligation
Under the CRA, a CIP must provide to the Central Bank personal and credit information relating to any "qualifying" credit application/agreement. A qualifying credit application/agreement is one where the amount of credit applied for or agreed to be provided is in excess of 500.
The Credit Reporting Act 2013 (Section 11) (Provision of Information for Central Credit Register) Regulations 2016 provide for the phased commencement of the reporting obligation ("Section 11 Regulations"). CIPs (excepting a local authority or moneylender) must first report personal and credit information for:
- a consumer, before 31 December 2017;
- a guarantor, before 30 September 2019 or such date as the Central Bank may specify; and
- any other CIS (including corporates), before 30 September 2018.
Periodic reporting requirements will be imposed by the Central Bank on a phased basis after these dates. The reporting requirements apply to all loans outstanding at the above dates as well as loan applications and loans drawn down after those dates.
The Section 11 Regulations contain two schedules setting out the personal and
credit information to be provided by a CIP. It also requires a CIP to take all reasonable steps to ensure the accuracy of credit information provided to the Central Bank, and to inform it of any changes to the credit information provided, of which it becomes aware.
The CRA requires each CIP to include on its forms for qualifying credit applications, a notice stating that it must report certain information to the Central Bank. The Credit Reporting Act 2013 (Section 24) (Notices) Regulations 2016 set out the form of the notice which a CIP must include on its forms, for the purpose of complying with this duty.
The Access Obligation
Each CIP must apply to access information held on the CRR which relates to a person who has applied to the CIP for credit in the amount of at least 2,000. A CIP has the option of accessing information relating to a credit application/agreement for less than this amount. It also has the option of accessing information when a CIS is seeking to amend an existing credit agreement/guarantee or has failed to comply with an obligation under any credit agreement.
Under the Credit Reporting Act 2013 (Section 17) (Access to Central Credit Register) Regulations 2016, ("Section 17 Regulations"), applications to access information relating to a CIS may be made, for the most part, after 31 December 2017. However, according to the Central Bank, this timeline may need to be revised if the quality of data submitted is insufficient.
An access request must be made electronically and in accordance with any applicable Central Bank guidelines. The Section 17 Regulations also specify the information which the Central Bank is required to provide in response to an access request.
The CRA imposes a number of other requirements on CIPs. These include a requirement to:
- keep records;
- verify the identity of a CIS and the accuracy of credit information;
- inform a CIS of suspected impersonation; and
- ensure a CIS is aware of its rights and duties under the CRA.
The Credit Reporting Act 2013 (Section 20)(Verification of Identity of Credit Information Subjects) Regulations 2016 prescribe in more detail the steps that a CIP is required to take to verify a CIS' identity.
All persons lending or providing credit to Irish resident individuals or companies will need to be aware of their obligations under the CRA. While many regulated financial service providers operating domestically
will be accustomed to the types of controls required under the CRA, as well as to accessing credit registers, this will not necessarily be the case for others providing credit to Irish resident individuals or companies. In this respect it is noteworthy that the CRA has a very broad scope and applies to an extensive range of entities. While there is an exemption for intragroup lending, there are no exemptions for wholesale lending activity or for foreign providers of credit. This broad scope may be of concern to businesses operating in Ireland who rely on credit obtained from providers of cross-border finance and nontraditional credit providers. It may also be of concern to those providers themselves. Each credit provider who cannot avail of an exemption will need to give prompt consideration to the measures it will need to put in place to ensure compliance with the CRA's requirements and to take the steps necessary to implement these measures over the coming months.