Lenders develop a Code of Conduct requiring Twenty Principles for sharing credit information
Lenders in Kenya have taken the bold and responsible step of putting their house in order to minimise unethical practices that have dented the credit information sharing (CIS) mechanism over the years. Following the challenge directed at them by the Central Bank of Kenya (CBK) and the public, lenders have developed an industry Code of Conduct that is closely aligned to the expectations of the consumers, regulators and international best practices. Development of the 20 Principles of an Effective CIS mechanism has been spearheaded by the Credit Information Sharing Association of Kenya (CIS Kenya) using its wide experience in CIS matters and involvement of various stakeholders. The Code has also benefited from the expert review and input from Mr. Eliud Ogutu, a distinguished lawyer with wide experience in corporate, commercial and banking and finance law practice as well as the KIM/USAID Financial Services and Investments Advisor, Mr. Eric Kingori. A dissemination workshop on Wednesday, 23rd June 2020 was attended by about 50 delegates across the credit market in Kenya.
The Code is founded on the CRB Regulations 2020 which were published by the Cabinet Secretary to the National Treasury on 8th April 2020. Specifically, Regulation 24(8) requires all third-party credit providers in the CIS mechanism to subscribe to an industry Code of Conduct approved by the CBK. The Code also draws guidance from CBK directives and press releases. It therefore seeks to strengthen CIS standards by improving the quality and reliability of data held by the CRBs so as to promote risk-based pricing and protection of borrowers. This draft Code will now be presented to the CBK for approval, in line with the new Regulations.
Going forward, players who are not regulated by the CBK and the Sacco Societies Regulatory Authority (SASRA) will have their conduct on CIS matters supervised under this Code of Conduct. This Code will address the numerous concerns raised by the Central Bank, and which led to the suspension of various non-regulated credit providers from participating in the CIS mechanism pending fresh vetting. These concerns include failure to:
- Share data with all CRBs, leading to data disparities.
- Submit positive data thus disadvantaging consumer’s credit scores.
- Update or correct erroneous customer data, which lowers its predictive value.
- Make monthly submissions.
- Respond to customer queries and resolve customer disputes.
- Have physical offices or operational telephone numbers.
- Submit accurate data
The new CIS Code of Conduct sets out obligations and responsibilities captured under the following 20 general guiding principles that will ensure preservation of a good reputation, honesty and integrity in the CIS mechanism:
1. Lawfulness Customer information must be shared in accordance with applicable laws and regulations and international best practice 2. Minimality Sharing of credit information must be adequate, timely, relevant, and not excessive in relation to the purposes for the sharing. Information use Consumer credit information must not be used by a member or reported by a credit bureau in any way incompatible with the purposes for which it has been collected, and more particularly as provided under the CRB Regulations. 3. Consent and purpose specification Where the law does not mandate credit information sharing, members are required to obtain clear and specific consents from their customers to share their credit information. 5. Data retention periods -Credit information shall be retained by the bureaus for the minimum period stipulated in the CRB Regulations. No Member will seek to have information expunged from credit reports before the stipulated period without lawful reason. 6. Information quality – Consumer Credit Information must be accurate, complete and up-to-date. CRBs and members are both responsible for the quality of consumer credit information. Members must update customer records as stipulated in the Regulations and the CRBs must undertake steps spelled out in the Regulations to enhance data accuracy, reliability and predictive value. 7. Notification to consumers – Members must issue customers with specific pre-listing, post-listing and adverse action notices as well as any other notice stipulated in the CRB Regulations. 8. Full file sharing – Members undertake to share full file information with all licensed CRBs. They also undertake to update credit information as soon as any change occurs and to correct any errors as soon as they are noticed. 9. Full Records – Members undertake to share their full loan portfolio and avoid selective listing that is discriminative and against the Kenyan law, the spirit and letter of the CRB Regulations and the standards of this Code. 10. Security and confidentiality – Credit information must be protected against, accidental, unlawful destruction, unlawful intrusion, loss and wrongful alteration, unauthorized disclosure and access by an unauthorized person. 11. Access to credit information – Members will provide consumers with credit reports under all circumstances stipulated under the Regulations. 12. Risk Based Pricing – Members commit to implement risk-based pricing based on consumer credit scores. The consumer’s credit score will not be the sole basis for denying a customer a loan facility and will only be applied in line with the CRB Regulations. 13. Respect for competition – Members are required to comply with the Competition Act No. 12 of 2010 and any anti-trust laws and regulations so as to allow customers to make informed decisions on choice of credit providers. They will also avoid statements and behavior that may cause unfair competition. 14. Fair treatment of customers – Members shall act in a manner that does not discriminate unfairly against any customer on grounds such as marital status, gender, age, disability or race in the provision of services and in the quality and terms of services they provide. 15. Customer complaints and dispute resolution – Members undertake to maintain functional and efficient dispute resolution processes and to educate customers on their rights including the right to refer disputes not resolved to their satisfaction to Tatua Center, an Alternative Dispute Resolution Center established by the Association which exclusively handles CIS disputes. 16. Data standardization – Members undertake to share data using the most current Data Specifications Template and through the industry Data Validation Tool provided by the Association in line with the CRB Regulations. 17. Oversight – Members agree that the Association will have an oversight role on matters relating to CIS except that which is expressly and exclusively reserved for CBK in the CRB Regulations, for purposes of self-regulation. 18. In the event of a breach by any Member of their obligations under this Code, the party against whom the breach was committed or any other member aware of the breach may refer the matter to the Association for investigation. The Association may also, on its own motion or through its DQCS department investigate any suspected breach by any member. Sanctions will be applied in line with this Code. 19. In the event that the Association makes a finding that a breach has been committed by a member bound by this Code, the Association, through its Technical Committee (TC) may apply the disciplinary procedure stipulated in this Code. 20. Members are singly and jointly responsible for giving effect to the agreed information protection principles as described in this Code in addition to what is provided in any relevant law. |
By applying sanctions available under the Code, CIS Kenya, with the backing of CBK, will help strengthen the credibility of the CIS framework. Speaking at the workshop, lawyer Eliud Ogutu lauded the industry for their commitments to the Code of Conduct as a key development in the credit sector as it sets customer rights protection as paramount. He said that it complements the CBK regulation and oversight mandate.
CIS Kenya has invested heavily towards building internal capacity to monitor and intervene where customer protection and data quality aspects are compromised.
Jared Getenga is CEO of CIS Kenya, the industry association that is charged with the responsibility of developing a robust CIS mechanism in Kenya.