Independent Research and Policy Advocacy

The RBI’s proposed Public Credit Registry and its implications for the credit reporting system in India

Save Post

The Reserve Bank of India has initiated the creation of a Public Credit Registry (PCR) in India. This blog post discusses the proposed design of the PCR and underscores that for the PCR to be successful, it must integrate seamlessly into the existing economic, legal and regulatory framework. It discusses four considerations to be attended to at the design-stage of the PCR to preserve its potential for credit deepening and sharpening supervision: (1) the need for a framework to complement Credit Information Companies, (2) ensuring interoperability and data-quality parity with existing datasets, (3) ensuring citizens’ right to privacy and (4) a technological framework to ensure security and protection of the data collected. These considerations must be addressed for the PCR to fulfil its stated objectives of credit deepening and improving supervision.

Introduction: The RBI’s proposed Public Credit Registry

The RBI released the Report of the High-Level Task Force on the Public Credit Registry for India (the Report) in April 2018 setting out plans for the creation of a new Public Credit Registry system for India. The PCR is envisioned as a centralised and state-owned database that will aggregate financial and non-financial information from several databases. This data will be linked to create detailed uniquely identifiable borrower-level records that can be accessed by regulators, lending institutions, credit bureaus and the borrowers themselves.

Motivations for the PCR include improving the efficiency of the credit market, financial inclusion, the ease of doing business, and controlling delinquencies. This proposed infrastructure can have far-reaching implications for the Indian financial system. In this blog, we revisit the first principles that motivate the creation of credit reporting systems. We then review the Indian credit information infrastructure and the proposals for India’s PCR. Finally, we highlight four considerations that must be taken into account when designing the PCR in order to fulfil its stated objectives of financial inclusion and sharper supervision.

1. Credit reporting systems address information asymmetry in credit markets

Information asymmetry disposes markets to be inefficient and credit markets are no exception. In credit markets, information asymmetry leads to sub-optimal credit supply and stifle growth prospects. Credit reporting institutions such as the PCR and the private credit bureaus (credit information companies (CICs) in Indian legislative parlance) are important tools to address the information asymmetry in the credit market.

George Akerlof’s seminal work first underscored the economic costs of information asymmetry and uncertainty in markets. The existence of multiple ‘grades’ (or qualitative variants) of a product and the gaps in buyers’ knowledge regarding their qualitative differences creates information asymmetry. This leads to problems of adverse selection and moral hazard (Akerlof, 1970). Stiglitz and Weiss applied this to credit markets and demonstrated that due to information asymmetry, banks are not able to gauge the riskiness of each borrower. Therefore, the interest rates that banks charge only reflect the expected (or average) risk. Due to information asymmetry, banks are also not able to reduce this interest rate to disburse loanable funds that may remain idle at the equilibrium. This leads to credit rationing, i.e. applicants identical to the successful borrowers get rejected for a loan (and would not get the loan even if they offered a higher interest rate) or there are applicants who would not be given a loan at any rate of interest at the given supply of credit (Stiglitz & Weiss, 1981). Information asymmetry about the borrowers’ riskiness and willingness to pay thus leads to sub-optimal credit supply in the economy.

The information gathered by the lender on the repayment behaviour of the borrower, over the course of the credit relationship (called as relationship banking in the parlance) is an important instrument to bridge this information asymmetry ( (Stiglitz & Weiss, 1981), (Diamond, 1991) (Mitchell, & Rajan, 1994), (Miller, 2003)). This proprietary data can help individual institutions to identify good borrowers and price the risk better. However, well-functioning credit markets cannot rely on proprietary data alone. For one, it provides no information on new-to-credit population, therefore stifling financial inclusion. Secondly, the unavailability of credit information to new lenders can pose a significant barrier to entry. These can be resolved by regulated sharing of credit information. Moreover, sharing of credit information can help in painting comprehensive macroeconomic conditions and prevent systemic risks such as a rise in non-performing assets and liquidity crunch.

Therefore, well-functioning credit markets need institutionalised mechanisms to share credit information. Globally, all jurisdictions have created credit reporting systems of varying depth and efficiency to complement their credit markets. “Credit reporting systems form a critical component of the credit infrastructure and are comprised of the institutions, rules, procedures, standards and technologies that enable the exchange of credit and other relevant information”  (The World Bank, 2015). Both the CICs and the public credit registry (PCR) are integral to the credit reporting system.

2. The credit information infrastructure in India

2.1. The existing credit information infrastructure in India: The credit information infrastructure is an integral component of the credit reporting system. It is the collection of all databases that capture credit-related information. The credit information infrastructure in India currently comprises four CICs, at least three databases maintained by the RBI for different regulatory objectives, the Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI), the Information Utilities (IU) and the database maintained by the Ministry of Corporate Affairs (MCA). The table below presents a snapshot of the existing credit information infrastructure in India.

Table 1: The Credit Information Infrastructure in India

Credit information database/ institution Host institution Authorising Act Objective Reporting entities Nature of data collected Data-use
Credit Report (and Score) Credit Information Companies (CICs) Credit Information Companies (Regulation) Act, 2005 To accurately predict credit behaviour of consumers and businesses. All credit disbursing institutions including banks and NBFCs. Contains Data on:
(i) Loan repayment,(ii) Demographic & identity including income.
Data is used for:

(i) taking credit decisions;

(ii) discharging regulatory functions;

(iii) allowing individuals to know their credit information.

Central Repository of Information on Large Credits (CRILIC)

 

The Reserve Bank of India The RBI Act, 1934 and the BR Act, 1949 To monitor systemically important accounts to detect early signs of financial stress and enable a prompt resolution and fair recovery plan for lenders. All Scheduled Commercial Banks (SCBs) (except Regional Rural Banks (RRBs)) It includes the following data on borrowers having fund or non-fund-based exposure of Rs. 5 crore or above:

(i) Qualitative / Descriptive data including identity information and PAN.

(ii) It also has data on Wilful Default, Asset Classification, Fraud, RFA, Internal rating, external rating. (iii) Quantitative data include Funded Credit exposure and limit sanctioned Amount, Non-Funded Credit exposure & outstanding amount.

Data is shared with reporting entities only.
Basic Statistical Returns 1 The Reserve Bank of India The RBI Act, 1934 and the BR Act, 1949 To measure the distributional aspects of bank credit. All SCBs including RRBs. The data type includes:

 

(i) Demographic data such as district, population group, type of account organisation type, & type of occupation type;

(ii) the interest rate charged.

Aggregated statistical information with spatial, temporal and sectoral distribution from BSR1 is shared in the public domain for researchers, analysts and commentators.

 

Account-level data is generally kept confidential.

Central Registry of Securitisation Asset Reconstruction and Security Interest of India (CERSAI) CERSAI Securitisation and Reconstruction of Financial Assets and Enforcement of Security Interest Act, 2002 To make data of all equitable mortgages available at one place and to prevent multiple financing against the same property. Banks, Non-Banks, and Cooperative Banks (i) Details of assets including registration no, etc

(ii) Borrowers’ details

(iii) Details of the loan including the amount, the extent of the charge etc.

Data shared with credit institutions and public for a fee.
Information Utility National e-Governance Services Limited (NeSL) Insolvency and Bankruptcy Code (IBC), 2016 and IBBI (Information Utiltiy) Reguations, 2017 To facilitate completion of transactions under the IBC in a time bound manner. Banks, Non-Banks, and Cooperative Banks Financial information that helps establish defaults and verify claims, including records of

(i) the debt

(ii) liabilities, (iii) assets,

(iv) balance sheet &

(v) cash flow statement.

Data will be shared with registered users and insolvency professionals for a fee.
Master Data, Ministry of Corporate Affairs (MCA) The MCA The Companies Act 2013, the Companies Act 1956, the Limited Liability Partnership Act, 2008 & other allied Acts and rules & regulations framed there-under To supervise the corporate sector in India All Companies registered under the Companies Act, 2013 The MCA database contains the audited or unaudited financial results of the companies submitted by them at various frequencies Some data is available publicly.

 

2.2. The limitations of the existing credit information system in India: Table 1 catalogues the different credit information-databases that currently exist in the country. As is evident from the table, they are maintained by different institutions to fulfil different objectives. The multiplicity of datasets, the heterogeneity in their reporting formats and the duplicity of reporting efforts, together, have been cited as the rationale for the PCR. More specifically, the Report notes the following limitations in the functioning of the existing information infrastructure:

  • Lack of Comprehensive Data: There is no unified platform to access all kinds of credit information.
  • Fragmented Information: Currently, credit information is collected and stored in different formats which is a challenge to both interoperability and data-triangulation.
  • Dependence on Self Disclosure by Borrowers: Currently there are no mechanisms for supplementing self-reported data including that on income details, nationality etc.
  • Authenticity and Reliability: Though the data is cross-checked with information available on regulator’s website, CERSAI, income tax portals and others, the information on such portals are at times inaccurate. Currently, there are no mechanisms to validate the information.
  • Time-lag, Dated Information and Cost: Different portals go through a time lag in updating the information and have different formats of data collection. Lenders incur costs to convert the data into a useable format.
  • Multiple Reporting: The system is currently inefficient as it obliges reporting agencies to file similar information in multiple reports with multiple institutions.

The PCR seeks to remedy these redundancies in the current credit information infrastructure by creating a unified platform for all reporting entities to report to. The PCR will incentivise compliance and timely reporting of updated information by making reporting mandatory by the law. Moreover, the PCR is also likely to contain more diverse information sets than CICs, which should potentially make them both richer in information and deeper in coverage than the CICs (Reserve Bank of India, 2018). The Report recommends that the PCR should capture the following datasets:

Table 2: Proposed data to be captured in the PCR

Database Data Contained
Core Credit Information in the Proposed PCR
CRILC Information from all SCBs (excluding RRBs) on all credit instruments for borrowers having aggregate exposure of INR 50 million & above
BSR1 Fund based exposure for loans granted in India by SCBs and RRBs; some metadata for the account (such as district, place of utilisation).
Information from banks/NBFCs/other regulated FIs Reported information on exposures and credit cycles, domestic borrowings, ECBs, all contingent liabilities
Secondary Information Base in the Proposed PCR
SEBI Promoters, shareholdings, market borrowings
GST Network GST details
Tax and utility Arrears, payment cycles
IBBI IBBI listing status
Fraud databases RBI Wilful Defaulter list, RBI Caution list, CFR, ECGC
Legal databases Litigations against promoters or debtors
CERSAI All equitable mortgages
Information Utilities Legal evidence holding the information pertaining to any debt/claim, as submitted by the financial or operational creditor
MCA company finance database (MCA21) Financial and non-financial statutory information,

from registered companies

 

As demonstrated in Table 2, the PCR intends to cast its net far and wide to also incorporate datasets maintained by other regulators. This will be extremely valuable in validating users’ self-reported data such as that on income.  It will also help in gauging creditworthiness for new-to-banking users and can potentially prevent over-leveraging borrowers by considering information from both funds-based and non-funds-based lending. Close to 97% of the MSMEs in India fall in the ambit of the informal sector and their access to formal and institutionalised sources of credit are hindered by the lack of proper documents and credit history records (Behera & Wahi, 2018). The absence of credit histories and credit scores from CICs has been a barrier to assessing creditworthiness. Data points such as utility payments and tax arrears equip the lender to gauge the borrowers’ creditworthiness and help them price credit in an efficient manner. With the aggregation of alternative data points, alternative credit scores can be extrapolated for those with no prior credit histories and can be provided suitable credit options.

Moreover, by providing credit and closely related information, the PCR can also better-equip the regulator to surface emerging risk and mitigate it before it becomes systemic. It can help piece the macroeconomic picture of the system and help in designing sharper policies based on real-time evidence (Reserve Bank of India, 2018).

3. The proposed PCR framework: Some considerations

For the PCR to deliver on these promises, it needs to integrate seamlessly with the existing credit information infrastructure. The PCR is going to be an integral but one component of the bigger credit reporting system which comprises several institutions, rules, technological standards which govern the flow of credit information in the country. Further, this credit reporting system must confirm with the existing legal, economic system and the regulatory framework to be able to carry out its functions in a legal and meaningful manner (Miller, 2003). Therefore, in order to preserve coherence at the system’s level, the design of the PCR should be sensitive to the following:

3.1. Implication for the emerging private market for credit information: Though the CICs in India have been functioning since 2004, their take-up has begun to increase only recently. This is evidenced in the two distinct indicators captured by the World Bank’s Ease of Doing Business Project, namely the (i) coverage of adult population by private credit bureau and (ii) the depth of credit information covered.

The coverage of adult population by private credit bureaus is rising steadily since 2016 (The World Bank, 2018 (a)). The four CICs in India together cover close to 60 percent of the adult population in the country. While examining the cause of this secularly rising trend (as depicted in Figure 1) is beyond the scope of this post, these rising trends indicate the increasing integration of CICs in the credit information infrastructure.

Similar trends are observed in the depth of the information covered. India’s depth of credit information received a score of 7 (on 8), indicating a high depth of coverage of credit information (The World Bank, 2018 (b)).

Credit scoring services are also proving crucial for bringing new-to-credit borrowers in the fold of formal lending. In recent years, both public sector banks and private banks in India are increasing their reliance on credit scores to determine the creditworthiness of borrowers, where previously these determinations were driven by relationships with individuals (Mishra, Prabhala, & Rajan, 2019). The CIC’s services are therefore beginning to have an impact on expanding credit access and making credit decisioning more robust.

Given that the usage of credit bureaus and better credit information is in its nascency in India, the impact that the PCR would have on these developments is unclear. The design of the PCR should be intended to complement this progress of the CICs and be mindful of the potential to disrupt the progress that has been made. The effects of any potential disruption for financial inclusion are unclear and we do not yet fully understand how the Indian credit markets will respond to the data from the PCR. The impact on existing channels of credit information and the effects on lending institutions should form a core consideration when designing the PCR.

3.2. Harmonising reporting standards with other regulators: Currently, the Report envisages to incorporate datasets including the GSTN and Utility Payments within the scope of the PCR. It raises the concern around disparities in data-quality standards across regulators. The Central Know Your Customer (C-KYC) Registry serves as an important learning in this regard. The uptake of the C-KYC has been marred by different problems including the technological incompatibility between the C-KYC and the SEBI led KYC and the mismatch of monetary incentives between KYC Registration Agencies and the C-KYC (Business Line, 2018). This slowed the implementation process, increased the costs of the project and inconvenienced the consumers. The PCR’s ambitions to include data from non-financial regulators such as Utility Payments could exacerbate these disparities even further since those sectors’ data collection practices may vary from those of the financial sector. Embedding interoperability with different datasets at the design stage, streamlining reporting formats and ensuring consistent data-quality across datasets can offset some of these issues. Negligence to these could compromise the functionality of the PCR.

3.3. Reconciling with the users’ right to privacy: The PCR could intervene with users’ right to privacy on both operational and principles’ level. On the level of the principle, the fundamental right to privacy of Indians in Justice S Puttaswamy v. Union of India, WP (C) 494 of 2012 [Puttaswamy] sets out a three-prong test for the state’s use of peoples’ personal data:

  • backed by a law,
  • needed for a legitimate state aim,
  • and proportionate to the aim i.e. there cannot be unbounded access to such personal information unless directly connected to the purpose of use.

The PCR will have to be backed by a suitable legislation justifying the creation of a dataset of potentially sensitive personal information as necessary and proportionate. The Report (on page 39) states that regulators can access sensitive borrower-level records on the PCR information without access-control restriction. This design could potentially fall foul of the three-pronged test as well, as it may be difficult to prove proportionality. A comparable determination by the Supreme Court in the 2018 Aadhaar judgement, where the compulsion of linking the Aadhaar with new and existing bank accounts to prevent money laundering has been considered grossly disproportionate vis-à-vis the purpose cited (Misra, Sikri, & Khanwilkar, 2018). The judgement recommends that the state address this concern by means of a more targeted study of such persons and their means, instead of mass surveillance. Therefore, a rethinking of these features at an early stage will enable the creation of a PCR which serves its regulatory objectives and confirms with the law of the land.

3.4. Building a robust technological framework to protect users’ personal data: On the operational level, the PCR should be able to protect the users’ personal data collected by law. The PCR will aggregate and cross-link enormous quantities of very sensitive and confidential personal information of individual borrowers. This could risk consumers’ privacy, cause them harm (Prasad, 2019) and could create potential risks for the financial system if there is a breach of the PCR or a misuse of the personal data within it (BCBS (Basel Committee on Banking Supervision), 2018). The risks of aggregation of such information will need to be addressed through a range of robust technological and institutional safeguards.

The current architecture of the PCR envisions a consent-based access control mechanism to mitigate these risks. Limitations of users’ consent as a tool for safeguarding their personal data are well established. Users suffer from bounded rationality and prone to behavioural biases. This leads them to consent to other parties’ data-use without completely understanding its implications for them ( (Acquisti & Grossklags, 2007), (Solove D., 2012)). When combined with financial products, people are less likely to read the terms of conditions governing the use of their personal data. Our primary study underscored that privacy-self management is hard for individuals who may not be well-versed with the working of digital platforms and not have a nuanced understanding of their personal data (CGAP, Dalberg, Dvara Research, 2017). This offers insufficient protection to consumers and the system as a whole.

Given the Indian context, consent should remain as one safeguard, but be supported by other overarching access control and purpose regulation architecture to ensure that the sensitive information of Indians in the PCR is robustly protected. Our future research will continue to work on aligning technological designs with legal imperatives. The Indian experience with personal datasets underscores the need of the PCR to resonate with the country’s legal framework for privacy and the society’s view on privacy. Credit information to banks is reputation collateral for their clients and must be accorded the importance and respect it deserves (Miller, 2003). Both technical deployment and policy development need to happen simultaneously for the PCR to have an enduring impact on the Indian credit market.

Conclusion: The need to solve for financial inclusion objectives in the PCR design

In order to fulfil its mandate of financial inclusion, the PCR should consider important datasets that move the needle on credit access for the underserved. For instance, information about individuals who are members of Self-Help Groups (SHGs) where available, could be an important data point to build out their credit histories. Though the RBI had made it mandatory for banks to report member-level data of SHG participants (Reserve Bank of India, 2016),  the reporting of this data is patchy. Data capturing issues make it hard to track the repayment behaviour of individual borrowers and therefore currently not adding to their credit history (The Hindu Business Line, 2018).

Another dimension crucial to the PCR’s objective of financial inclusion is its ease of access at the last mile. If the user interface is mediated exclusively through smartphones this might exclude a significant proportion of the population of individuals and MSMEs. The estimates of proportions of Indians with access to smartphones vary, however most peg that 25-40% Indians have access to smartphones (Pew Research Centre, 2019), (Statista, 2019). The use of computers and the internet among MSMEs is also very low with only around 5% of all MSMEs using the computer and approximately 4% using the internet (Chaudhary, 2019) Similarly, the PCR’s technological architecture should be compatible with the architecture and digital capabilities of the smaller, regional and rural reporting institutions.

To conclude, the success of the PCR will hinge on the (i) technological robustness it can afford to the regulatory guarantees it proposes, and (ii) its ability to integrate with the existing credit reporting system.  Its founding principles, regulatory objectives and commercial incentives will have to align with other institutions operating in the system. The PCR’s ability to incorporate regulatory thinking and legal guarantees at the stage of technical design will be crucial for its success.

[1] The authors would like to thank Anubhutie Singh and Lakshay Narang for their valuable research inputs. Anubhutie is a policy analyst with Dvara Research and Lakshay interned with Dvara Research in February 2019.

References:

 

Authors :

Tags :

Share via :

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts :