On January 11, 2021 the People’s Bank of China announced the “Administrative Measures for Credit Investigation (Draft for Comment)”. This is another heavy new regulation that the credit reporting industry will usher in after the 2013 “Regulations on the Administration of Credit Investigation Industry” and the “Administrative Measures for Credit Investigation Institutions”.
The “Measures” have seven chapters and 46 articles, which stipulate the scope, collection, sorting, storage, processing, provision, use, safety, cross-border flow and business supervision and management of credit information, clearly define credit information, and emphasize the need to strengthen personal rights and protect the rights and interests of corporate information subjects to ensure information security.
“The “Measures” can be said to have come out after a lot of calls, and the market is paying great attention to it.” Su Xiaorui, a senior researcher at the Ma Dai Research Institute, said that in recent years, the Internet ecology has been enriched, and the dimensions of personal credit data have been extended, such as online shopping, social relations, travel status, financial holdings, etc., but these data are mostly controlled by internet giants, and it is urgent to regulate the collection and use of data.
The development of credit investigation industry in the era of digital economy calls for new regulations. The “Measures” are intended to better adapt to the development trend of the credit investigation industry in the digital economy era. In fact, every time the relevant laws and regulations of the credit investigation industry are released, they are closely related to the actual situation of market development.
Since the establishment of the Credit Information Center of the People’s Bank of China in 2006, the construction of the country’s credit information system has entered a stage of steady progress. After years of deliberation and research, on March 15, 2013, the country’s first credit reporting industry regulation, the “Regulations on the Management of Credit Reporting Industry,” was officially implemented. The “Regulations” apply to the collection, sorting, preservation, and processing of personal or corporate credit information within China, and credit investigation services and related activities provided to information users. The target of the regulation is mainly the business activities of credit reporting agencies and the supervision and management of credit reporting agencies.
In the same year, in accordance with the “Regulations”, the People’s Bank of China issued the “Administrative Measures for Credit Investigation Institutions”, which refined and clarified the market access of individual credit investigation institutions and their filing conditions. Since then, the People’s Bank of China has been continuously researching and looking for the right time to issue the “Credit Investigation Management Measures.”
In the era of digital economy, credit investigation is facing new challenges. The introduction of the “Measures” can better meet the needs of digital economy development under new technological conditions and increase the effective supply of credit investigation. Technologies such as blockchain, cloud computing, and big data have made it easier to collect and process a large amount of data involving credit information. Credit investigation services are gradually expanding from bank credit to commercial credit and credit-related alternative data fields in China.
It is in the above context that the promulgation of the “Measures” has begun to accelerate. On the one hand, the introduction of the “Measures” can better meet the needs of financial innovation and inclusive finance. Households without credit records, “white households” or “quasi-white households” (mainly small and micro enterprises, individuals who just worked) lacking credit records were mostly due to information asymmetry. It is difficult to enjoy normal financial services for these groups, Therefore, non-credit alternative credit data will play a greater role.
On the other hand, the “Measures” also strengthened the protection of personal information, taking into account information security and information compliance. In the development process of the credit investigation industry, some new phenomena have also attracted great attention from all walks of life. Due to the lack of clear business rules for credit investigation in new business models, problems such as unauthorized collection and inadequate protection of information subjects’ rights and interests have emerged. To fundamentally solve the above-mentioned problems, it is necessary to “correct the roots” from the legal level.
In addition, the promulgation of the “Measures” is also to meet the needs of opening up. The “Measures” clearly stipulate the overseas credit investigation business and related activities for residents of the People’s Republic of China, and the cross-border flow of credit information, which is an effective supplement to the previous regulations.
One of the highlights of the “Measures” is that it clarifies what is credit information. The understanding regarding identity, data on payment transactions, property, and whether social information and other data belong to credit information is not uniform. In addition, with the rapid development of science and technology, information has broken through traditional cognitions in terms of definition, circulation, and transactions. In practice, credit information has already broken through the scope of lending information.
In accordance with the principle that substance is more important than form, the “Measures” include all types of information that provide services for financial and economic activities. Information used to determine the credit status of individuals and enterprises, including but not limited to: personal and enterprise identities, addresses, transportation, and communications., debt, property, payment, consumption, production and operation, fulfillment of statutory obligations and other information, as well as analysis and evaluation of information based on the aforementioned information on the credit status of individuals and enterprises, are all regarded as credit information. All activities that collect, organize, store, and process credit information and provide it to information users are all credit investigation services and must be included in the Chinese credit investigation supervision.
It is worth noting that some information belongs to the category of personal privacy, and even licensed credit reporting agencies cannot obtain and call relevant information at will. The information can only be collected when the information subject is fully informed of the possible adverse consequences of the collection and use, and sufficient authorization has been obtained, such as property information; including religious beliefs, genes, fingerprints, blood types, and diseases. Such personal privacy information as well as information prohibited by laws and regulations from being collected fall into the category of strictly prohibited collection, and credit reporting agencies shall not collect it.
Clarifying what is credit information will help prevent personal information from being excessively collected, improperly processed and illegally used, and will help improve the transparency of credit investigation business activities: Follow the “minimum, necessary” principle and strengthen the protection of information subjects’ rights and interests.
Profiling and evaluations of individuals using personal credit information” are all credit investigation services, which means that personal information services provided by some large internet platform companies will also be included in credit investigation.
At present, there are some big data risk control companies and data service providers under the banner of credit investigation in the market, and there are many large internet platform companies. These companies take advantage of the market and do not have sufficient authorization. These institutions wander the legal boundaries, but in fact they are not subject to corresponding supervision. With one-time authorization, infinite collection, and unlimited use, opaque processing, and the lack of objective and fairness in automated decision-making, the right to know, consent, and dissent cannot be guaranteed.
In response to the above problems, the “Measures” put forward the principle of “minimum and necessary” information collection around the links of credit information collection, sorting, storage, processing, provision and use, and clearly inform the information subject and obtain consent, and use it for legal purposes. It helps protect the legitimate rights and interests of information subjects and realize the safe, compliant and reasonable flow of credit information.
For the restricted area of information collection, the “Measures” also clearly stipulate that agencies are not allowed to deceive, coerce, induce, collect fees from individuals or companies, collect from illegal channels, or otherwise infringe the legal rights and interests of the information subject to collect credit information.
In addition to regulating the domestic credit investigation business, the “Measures” also make clear provisions on the cross-border flow of credit information. This is seen as an inevitable requirement for building an open economy. As an integral part of the modern financial system, expanding the opening up of the Chinese credit investigation industry is an important part of implementing the financial opening up strategy. Moreover, with the introduction and implementation of the “Belt and Road” initiative, the economic and trade between China and the countries along the “Belt and Road” are getting closer and closer. Chinese enterprises investing cross-border all require cross-border exchanges and cooperation of credit information.
In previous laws and regulations, there was no clear provision for this part. With the “Measures” released, cross-border credit information flow and cooperation are expected to break. According to Article 24 of the “Regulations”, the sorting, storage and processing of information collected by credit reporting agencies in China shall be carried out in China. Credit reporting agencies that provide information to overseas organizations or individuals shall abide by laws, administrative regulations, and relevant regulations of the credit reporting agency under the State Council of the People’s Republic of China.
In this regard, the “Measures” emphasize that these measures are also applicable to the credit investigation business and related activities of residents (natural and legal persons) of the People’s Republic of China outside the People’s Republic of China.
At the same time, the “Measures” have made clearer regulations on cross-border flows of credit information. For example, if a credit investigation agency provides corporate credit information inquiry services overseas, it shall ensure that the credit information is used for reasonable purposes such as cross-border trade and financing, and provide it in a single inquiry manner. It is not allowed to transmit bulk credit information to an individual user overseas. Credit reporting agencies that provide overseas corporate credit information inquiries or which are cooperating with overseas credit reporting agencies shall file with branches above the central branch of the provincial capital of the People’s Bank of China.
