Banks have sought indemnity from credit information companies (CICs) for any legal issue that might arise over the latter sharing bank customer information with fintech firms. This is understood to have been conveyed to the four CICs — TU Cibil, Equifax, Experian and Highmark — by a senior official of the Indian Banks Association (IBA) in a meeting on Thursday.
Earlier this month, representatives of banks had a meeting to discuss the issue of fintechs getting unbridled access to bank borrower information. Lenders had raised their concerns at the IBA and some wanted to take this up with the RBI. However, it was decided that a formal view would be sought from CICs through the IBA.
In Thursday’s meeting, the CICs are understood to have conveyed to the IBA representative that laws do not forbid them from sharing information with fintechs if the customer so desires. Also, since the customer has the right to call for his own information, he can share this with CICs. According to CICs, sharing of information has greatly helped in financial inclusion.
However, banks feel that this is a grey area. As fintech companies acquire customers remotely, the customers could turn around and claim that no explicit consent was obtained. CICs have, in turn, asked banks time till January 4 to respond.
In developed markets like the US, personal credit information is shared with utilities and even landlords who do credit checks on potential customers.
CICs are governed by the Credit Information Companies (Regulation) Act, 2005, which gives the RBI powers to specify to whom the CICs can disclose information about individuals. The central bank’s recent changes to CIC guidelines have been around making an individual’s credit record available to him, free of charge, once a year.
For fintechs, particularly those engaged in lending, restrictions on credit information availability could hurt. Fintechs have already received a setback on customer acquisition following the SC order restricting access to the Aadhaar data base, which makes customer authentication difficult.