Hong Kong: HKMA Requests Greater Commitment From Banks to Sharing of Consumer Credit Data
Revised Guideline on the Sharing and Use of Consumer Credit Data through a Credit Reference Agency On 18th January 2005, the Hong Kong Monetary Authority (“HKMA”) issued a revised statutory guideline, namely the Supervisory Policy Manual on the Sharing and Use of Consumer Credit Data through a Credit Reference Agency (IC-6) (“CRA Guideline”). The CRA Guideline sets out the HKMA's latest supervisory policies and practices regarding the minimum standards authorised institutions (“AIs”) are expected to attain in connection with the sharing and use of consumer credit data through a credit reference agency (“CRA”) in order to satisfy the requirements of the Banking Ordinance. Revised Provision on Comprehensive Participation - Paragraph 3.2 of the CRA Guideline The objective of the revised CRA Guideline is to enable a comprehensive database to be built up to help AIs manage their consumer credit exposure better and to try to establish a level playing field amongst all AIs for their sharing of consumer credit data. The HKMA recommends that all AIs involved in the provision of consumer credit participate as fully as possible in the sharing and use of consumer credit data through a CRA within the framework laid down by the Code of Practice on Consumer Credit Data (“Code”) issued by the Commissioner for Personal Data Privacy. (The Code deals with collection, accuracy, use, security, access and correction of consumer credit data.) At a minimum, AIs should share consumer credit data to the extent recommended by the Hong Kong Association of Banks (“HKAB”) and the Deposit-taking Companies Association (“DTCA”). Standards recommended by HKAB and DTCA HKAB and DTCA have considered the scope of consumer credit data which should be shared through a CRA. HKAB and DTCA noted, based on advice received from the HKMA, that AIs have adopted different practices in this regard. For example: • not all AIs providing residential mortgage facilities are currently reporting information regarding accounts which are in material default to the CRA; and • not all AIs are sharing information relating to all types of secured consumer credits. In view of the different practices adopted by AIs, HKAB and DTCA issued circulars on 30th July 2004 and 2nd August 2004, respectively, recommending a list of consumer credit data for sharing. All AIs are expected to adopt the HKAB and DTCA’s recommendations. The revised CRA Guideline expects AIs to share consumer credit data to the extent permitted by the Code. The HKAB and DTCA’s recommendations provide that negative mortgage credit data should be reported to and shared through the CRA. As such, all AIs should review their existing practices and ensure they contribute the full range of negative mortgage credit data to the CRA. The types of consumer credit data which should be reported to the CRA are summarised as follows: Products Loan Type Data Type Credit Cards (Personal) Unsecured Positive & Negative Installment Loans (Personal) Unsecured Positive & Negative Revolving Loans (Personal) Unsecured Positive & Negative Hire Purchase/Leasing (Personal) Secured Positive & Negative All Mortgage (Personal) incl. mortgage O/D (Note 1) Secured Negative(Note 2) Others (Personal)(Note 3) Secured Negative Note 1: This includes all types of mortgage facilities (secured on residential, commercial or industrial property, shops, car parks, etc.) granted to individuals. Note 2: Under the Code, positive data relating to mortgage loans cannot be shared through a credit reference agency. Note 3: This refers to facilities granted to individuals that are secured by cash-equivalent collateral, such as cash, stocks, mutual funds, etc. Compliance Pursuant to the minimum authorisation requirement under paragraph 10 of the Seventh Schedule to the Banking Ordinance, the HKMA must be satisfied that an AI has, inter alia, adequate systems of control. The HKMA considers that this includes adequate systems of control to enable the AI to manage its credit risk effectively, and to protect and use consumer credit data properly. In this regard, the HKMA will take into account the following factors: • the extent to which AIs make full use of all relevant information, including information obtained from a CRA, in managing their credit exposure; and • whether AIs have adequate controls to ensure that their consumer credit data are properly safeguarded. Failure to adhere to the standards and requirements set out in the revised CRA Guideline may call into question whether the AI continues to satisfy the relevant authorisation criterion under the Banking Ordinance. Deadline All AIs are expected to comply fully with the requirement specified in paragraph 3.2 of the revised CRA Guideline as a minimum standard in respect of the sharing and use of consumer credit data through a CRA by 31 March 2005. For details of the revised CRA Guideline, please see the Supervisory Policy Manual on the Sharing and Use of Consumer Credit Data through a Credit Reference Agency published in January 2005, which is available from the HKMA website, http://www.info.gov.hk/hkma.