RBI restricts access to credit data of consumers

BENGALURU | MUMBAI: The Reserve Bank of India has ordered commercial banks and non-banking lenders to stop providing unregulated entities access to consumer data held by credit bureaus, dealing a blow to scores of fintech startups that have based their business models on such information.

In a letter to banks and NBFCs, the central bank said it noticed that they had appointed agents and permitted them to access the database of credit information companies. Such actions are against the Credit Information Companies (Regulation) Act, 2005 (CICRA), it said and warned of penalties if any of the regulated entities violated its order.

The RBI also asked all lenders to inform it within 15 days of the measures they had taken to curb this practice.

Meeting with heads of credit companies
As per the Credit Information Companies Regulation Act, banks and NBFCs are mandated to report every retail loan to all the four credit bureaus and keep them updated on the repayment behaviour of the consumer. This allows other lenders to use this data and evaluate the customers before issuing any loans. Banks and NBFCs are expected to keep the data in confidence, according to RBI’s outsourcing policies for them.

As per the current practice, banks partner with fintech marketplaces and institutional agents and give them authorisation to access the data directly from credit information companies, without seeking the consent of the customers.