Report of the High Level Task Force on Public Credit Registry for India - ആർബിഐ - Reserve Bank of India
Report of the High Level Task Force on Public Credit Registry for India
Three subgroups of the HTF studied the views / expectations of the stakeholders exhaustively while another one considered in depth the technical framework. The HTF would like to express its gratitude to all the members of the various subgroups with special thanks to Shri K Venkateswara Rao, CGM and Shri D K Mishra, GM, NABARD; Ms Prajna Ojha of ICICI Bank, and Shri Siddharth Shetty of iSPIRT. The HTF engaged actively with various stakeholders of the credit reporting ecosystem in India. The HTF would like to thank Shri Ravi Shankar, RBI; Shri Angshuman Hait, RBI ; Shri Parveen Kumar Sharma of CERSAI: Shri S Ramann of NeSL: Ms Harshala Chandorkar of TransUnion CIBIL: and Shri Prasenjit Ghosh of CRISIL for making presentations to the task force. The HTF has immensely benefitted from extended interactions through its secretariat with officials and experts from various departments of RBI; SEBI and other regulators; the four Credit Bureaus in India; and various other national and International organizations. The HTF would like to specially thank Ms Eloísa Ortega, Ms Lola Cano and the CCR team of Banco de España; Mr António Garcia, Mr Luís Teles Dias, Mr Homero Gonçalves and Ms Marta Veloso of Banco de Portugal; Ms Estela Marina and Mr Oscar A. del Rio of Banco Central de la República Argentina; Mr Loutfi Talal and his team of Bank Al-Maghrib; Mr Leonardo Gambacorta of BIS; Mr Paolo Emilio Mistrulli of Banca d'Italia; Mr Oscar Madeddu of International Finance Corporation; Dr Michael Turner of Policy & Economic Research Council; Mr Colin Raymond of the World Bank for knowledge sharing on International practice on PCR. The HTF would like to thank Shri R Ravikumar, CGM, RBI and Ms Kamala K, Group Chief Compliance & Governance Officer, Edelweiss Financial Services Limited, for their valuable contribution in the deliberations. The HTF has extensively used the facilities provided by the Department of Statistics and Information Management, RBI in its premises in Bandra Kurla Complex and it is thankful for the support and encouragement to its senior management - in particular, Dr. Anil K Sharma, Dr. O.P. Mall and Dr. Goutam Chatterjee – led by Dr Michael D. Patra, Executive Director, RBI. The HTF would like to place on record its appreciation for the valuable support extended to its work by its Secretariat, comprising Shri Indrajit Roy, Director; Dr Pulastya Bandyopadhyay, Research Officer; Shri Raja Ram Priyadarshi, Manager and Ms Jayasree G Kadkade, Assistant Manager, of the Department of Statistics and Information Management, RBI. The credit information reporting system is an institutional response to information asymmetry in the credit market. The two main types of credit reporting institutions are public credit registry and private credit bureau. By addressing the issues of ‘adverse selection’ and ‘moral hazard’, the credit information reporting system aims to bring efficiency in the credit market and benefit to both borrowers and lenders. Sharing of credit information by a credit institution to a central agency is in the public interest from financial stability, supervisory, financial inclusion and economic policy perspectives. That is why, in many countries, the task of organizing the collection and sharing of credit data through a PCR is entrusted to a public authority, mainly the Central Bank, by law. As reporting to the PCR is mandatory by law, high level of coverage of the credit market is ensured. In India, there are multiple granular credit information repositories, with each having somewhat distinct objective and coverage. Within the RBI, CRILC is a borrower level supervisory dataset with a threshold in aggregate exposure of INR 50 million, whereas the BSR-1 is a loan level statistical dataset without any threshold in amount outstanding and focus on the distribution aspects of credit disbursal. Also there are four privately owned CICs operating in India. RBI has mandated all its regulated entity to submit credit information individually to all four CICs. CICs offer, based on this unique access to the credit data, value added services like credit scoring and analytics to the member credit institutions and to the borrowers, for commercial purposes. At present, credit information is spread over multiple systems in bits and pieces. Information on borrowings from banks, NBFCs, market, ECBs, FCCBs, Masala Bonds, inter-corporate borrowings are not available in a single repository. This makes it very difficult to form a comprehensive view of total indebtedness of a borrower. Also, essentially the same information gets reported to multiple agencies in different formats leading to inefficiency in the credit reporting system and data quality issues while increasing the reporting burden on credit institutions. A comprehensive credit information repository covering all types of credit facilities (funded and non-funded) extended by all credit institutions – Commercial Banks, Cooperative Banks, NBFCs, MFIs – and also covering borrowings from other sources, including external commercial borrowings and borrowing from market, is essential to ascertain the total indebtedness of a legal or natural person. With technology acting as an enabler, this repository can make near real time monitoring of credit risk possible and also address legitimate privacy concerns of the borrowers by making all access to a borrower’s information contained in the repository dependent on the borrower’s consent. With a view to remove information asymmetry, to foster the level of access to credit, and to strengthen the credit culture in the economy, there is a need to establish a PCR. The PCR maybe the single point of mandatory reporting for all material events for each loan, notwithstanding any threshold in the loan amount or type of borrower. Thereby, the PCR will serve as a registry of all credit contracts, duly verified by reporting institutions, for all lending in India and any lending by an Indian institution to a company incorporated in India. By having a registry of all loans in the form of a PCR, and recording all material events for each loan during its life cycle, the credit delivery system can be tuned more efficiently so that the populace not having access to formal credit, or with limited or no credit history, can be brought within its ambit. The resulting increase in credit flow to the MSME sector and the underserved populace could propel the Indian economy to a higher growth path. With a PCR in place, and with full coverage of credit market ensured by mandatory reporting, the ease in getting credit and in turn the ranking of India in the World Bank’s ease of doing business index would also likely to be improved. For effective reduction of information asymmetry, the PCR should facilitate linkage to related ancillary credit information available outside the banking system, such as corporate balance sheet information, GSTN etc. subject to the extant legal provisions. The PCR, however, may not provide any service which involves elements of judgment like credit scoring services. The access to PCR data must adhere to the strictest measures of privacy and protection to sensitive information. All access to the PCR data must be on a need-to-know basis and be in sync with the extant data protection laws of the country. Any information gathered from the PCR may be used for the authorized purpose only and not for any other commercial purpose. The PCR may be backed by a suitable legal framework to ensure that it can achieve its objective. The way the PCR is being envisaged and the recommendations made may be appropriately examined from a legal point of view. The details of the legal framework, backing the PCR, including possible changes required in the extant legislation, may be formalized accordingly. In view of the envisaged benefits, the setting up of the PCR may be expedited. However, considering the broad scope of PCR, the project may be implemented in phases with maximum coverage to be achieved in the first phase itself by on-boarding all SCBs and top NBFCs which are already submitting CRILC and / or BSR-1 to RBI and all UCBs. 1.1 The Reserve Bank of India constituted a High Level Task Force (HTF) on Public Credit Registry (PCR) – “an extensive database of credit information for India that is accessible to all stakeholders – that would help in enhancing efficiency of the credit market, increase financial inclusion, improve ease of doing business, and help control delinquencies”. The HTF drew its representatives from all relevant stakeholders in the area of credit data. The memorandum for the HTF is placed in Annex 1. 1.2 This report is the outcome of deliberations within the HTF over the period October 2017 to April 2018. During this period, the HTF met eight times. 1.3 The role of staff members of the Reserve Bank was to facilitate discussions – by providing secretarial support to HTF in organizing and hosting the meetings, and contribution toward putting together the report. 1.4 This report shall not be interpreted as reflecting the position of the Reserve Bank. The analysis and recommendations of this report, as well as public opinion to this report may be taken into account by the Reserve Bank when developing its future stand point on Public Credit Registry. BACKGROUND 1.5 Credit information is essentially detailed information on borrowers’ past loan performance and is very important for the development of an efficient credit market. 1.6 In the absence of detailed and complete credit data, lenders cannot distinguish different shades of borrowers (good borrower, bad borrower etc.) and essentially can only observe the average risk of borrowers. This leads to a sub-optimum credit market, where lenders over-charge low risk borrowers and under-charge high risk borrowers -a phenomenon known as ‘adverse selection’. Also absence of comprehensive credit information leads to issues like ‘moral hazard’, which refers to the situation when the borrowers have more information about their intentions or actions than their counterparts i.e. lenders, and have an incentive to behave improperly. The credit reporting system is an institutional response to such issues through which the efficiency in the credit market is improved and both creditors and borrowers are benefited. Credit reporting system supplements the information supplied by the borrowers in their loan application which helps lenders to evaluate borrowers’ creditworthiness. 1.7 A well-established credit reporting system also helps creditors to price the loan appropriately and lend at more attractive rates when they can assess the credit risk of borrower and are confident about borrower’s ability to pay. However, borrowers with poor credit history may have to pay a premium for the credit. Fear of competition can sometimes make creditors cautious to share their borrower information. However, sharing of credit data to credit reporting system helps creditors to reduce their risk in screening the credit applications, monitoring borrowers, and also prevent the inefficient allocation of the credit. It helps creditors to acquire necessary credit information pertaining to a borrower more quickly and at a lower cost. This will also help bring more discipline among borrowers and reduce number of over-indebted borrowers (who draw credit simultaneously from many lenders) in the system. Existence of credit reporting system may also enable lenders to take objective credit decisions and may help them to shift from pure collateral-based lending policies to more information based lending policies and thus may impact the cost of credit. 1.8 The sharing of credit information is in the public interest from a financial stability, supervisory, financial inclusion as well as economic policy perspective. That is why, in many countries, by regulation, the task of organizing the collection and distribution of credit data through a public credit register is entrusted to a public authority. International experience shows that contribution to the PCR’s database is generally obligatory by virtue of national law. Mandatory reporting ensures a very high coverage of the credit market. The authority in charge of a PCR is generally endowed with the enforcement powers to ensure data quality (dealing with inaccurate data or missing data). Failure to maintain desired level of data quality can result in sanctions to the reporting institutions. Credit Information – the Indian Context 1.9 In India, there are multiple granular credit information repositories. Within the RBI, the CRILC is in operation since 2014-15. CRILC is a borrower level dataset targeted towards fulfilling supervisory requirement by focusing on systemically important credit exposures. Banks report to CRILC credit information on all their borrowers having aggregate fund based and non-fund based exposure of INR 50 million and above. Credit information to CRILC is submitted by all SCBs (excluding RRBs). There is a similar CRILC system for NBFCs with reporting of credit information by the top 70 NBFCs. RBI also has an elaborate statistical return system covering various aspects of credit and deposit. BSR-1 is a statistical dataset, maintained within RBI, with the objective of ascertaining the sectoral and spatial distribution aspects of credit and is in existence since 1972. BSR-1 does not have any borrower identification and all loans, without any threshold in the amount outstanding, get reported to BSR-1 by all SCBs including RRBs. Outside the central bank, there are four CICs in operation in India. RBI has mandated all its regulated credit institutions to submit the same granular credit information as per specified format individually to all four CICs. 1.10 In the credit decision making process, apart from pure credit history, other ancillary information are also critically important to ascertain total indebtedness of a borrower. For example, ancillary information like corporate balance sheet information, tax information, utility bill payments information, information of legal proceedings may result in efficient credit decision making. There are certain information that do not get reported currently as part of the credit information repository and hence many a times, lenders are dependent upon the borrower for providing key information. 1.11 In the Indian context, at present, it is very difficult to form a comprehensive view of a borrower’s indebtedness as credit information is currently available across multiple systems in bits and pieces and is not available in a single window. For example, information on borrowings from Banks, NBFCs, market, inter corporate borrowing, ECBs, FCCBs, Masala Bonds etc. are not available in a single repository. Also, essentially the same information gets reported to multiple agencies in multiple formats leading to inefficiency in reporting and data quality issues as well as increased reporting burden for the reporting entities. 1.12 In the Indian experience, the lack of adequate and easy access to business loans and its high cost are well-known hurdles for the growth of industry. The problem is particularly acute in the case of small industries, which are often denied timely credit due to the lack of desired credit history. Lending institutions often find it hard to service loans of smaller ticket size and higher risk. This leads to higher cost being passed on to the borrower not only in the form of high interest rates but also excessive paperwork and delays in disbursement of funds. The informal credit market also flourishes on this. This can now change, with increased use of digital payments leading to much greater availability of transactions data. The emergence of new-age lending practices is leading to the use of this data to assess creditworthiness of underserved customers and to deliver credit to them. Availability of data can therefore be considered a ‘public good’ that will enable increased credit access for smaller borrowers. Benefits of the envisaged PCR 1.13 Financial inclusion and access to credit are pre-requisites for inclusive growth. Recent reforms are targeted to bring in larger population into formal banking system. To assess the effectiveness of existing financial inclusion measures, all loans, ideally without any threshold in the loan amount, should get captured in the PCR. By having a registry of all loans in the form of a PCR, the credit delivery system can be tuned more efficiently so that the populace not having access to formal credit, or with limited or no credit history, can be brought within its ambit. The resulting increase in credit flow to the MSME sector and to the underserved populace could propel the Indian economy to a higher growth path. 1.14 PCR, as the single point of mandatory reporting of credit information, would not only reduce the reporting burden on the credit institutions, especially for the small sized credit institutions, but will automatically lead to removal of inconsistencies at the aggregate level stemming from multiple reporting, which will lead to improvement in data quality. 1.15 Since PCR will have full coverage of the credit market by mandate, including related ancillary credit information available outside the banking system, it can result in effective removal of information asymmetry. This would address the issue of ‘adverse selection’ in credit market leading to fair pricing of loans. Thus ‘good’ borrowers can be actually distinguished and rewarded accordingly. Moreover, as the information in PCR would work as ‘reputation collateral’ for the borrowers, it could prevent the ‘moral hazard’ in credit market to a great extent. 1.16 The World Bank ranks economies on their ‘ease of doing business’, where the rankings are determined by sorting the aggregate distance to frontier scores on ten topics, each consisting of several indicators, giving equal weight to each topics1. One of the ten topics considered in the exercise is ‘getting credit’, where the efficiency of the credit information systems in the country is measured by four indicators. These are strength of legal rights, depth of credit information, percentage of adults covered in public credit registry and in credit bureaus. As India does not have a PCR, performance in one of the four indicators of ‘getting credit’ stands at zero. With a PCR in place, and with full coverage ensured by mandatory reporting, performance in the ‘getting credit’ topic would improve and in turn the ranking of India in ease of doing business index would definitely improve. 1.17 From a regulation / supervision, policy making and financial stability point of view, the value of having a granular repository for the credit market in the form of a PCR is undeniable. With a PCR in place, the bottlenecks in effective transmission of policy recommendations can be identified and addressed accordingly. Transparent credit information is a necessity for sound risk management and financial stability. A PCR, with linkage to ancillary credit information systems, can help in effective supervision and help lenders to take timely corrective steps to prevent delinquencies wherever possible. Terms of Reference of the HTF 1.18 Accordingly, Reserve Bank of India constituted a High Level Task Force on 23rd October 2017 under the chairmanship of Shri Y. M. Deosthalee, ex-CMD, L&T Finance Holdings Limited, to examine the current availability of information on credit and data gaps in India that could be filled by a comprehensive and near-real-time PCR for India. The HTF had representation from various stakeholders. The memorandum constituting the HTF is placed in Annex 1. 1.19 The terms of reference of the HTF are as under:
Committee’s approach 1.20 The HTF held eight meetings during October, 2017 to April, 2018. Pursuant to deliberations in the meetings of the Committee, separate meetings with all stake holders were also held. 1.21 The HTF engaged with multiple agencies to get a view of the challenges faced by them in terms of availability of Credit data and how PCR can help to bridge the gap. In order to further crystallize views of various stakeholders, five Subgroups of the HTF were formed. Each Subgroup catered to different class of stakeholders i.e., Commercial Banks, Non-Banks and Cooperative Banks, Regulators and Information Technology. Reports of these subgroups are given in Annex II. Also meetings were held with four CICs, IU (NeSL), expert from the World Bank and other central banks and think tanks. The Committee’s views evolved based on these deliberations. The report was finalised in the meeting of the Committee held on April 3rd, 2018. Overview of chapters 1.22 In Chapter 2, an overview of the current availability of information on credit information in India is presented. Chapter 3 examines international standards and best practices. Chapter 4 lists out the information need of the lenders for effective credit decision making pertaining to the full credit life cycle, and the expectation of all stakeholders from the PCR. Chapter 5 discusses and proposes high level information architecture of PCR. Finally, Recommendations of the HTF are given in Chapter 6. 2. Credit Information Infrastructure in India – Current Status Introduction 2.1 The existing structure for collection of Credit data in the country is highly fragmented. There is a plethora of agencies collecting credit information in the country. Prominent agencies which collect credit data in the country include Credit Information Companies, Reserve Bank of India, CERSAI, Information Utility, etc. There are other agencies also collecting data important for credit decision making, e.g. MCA. 2.2 A brief description of the credit information collected by these agencies is presented in this chapter. Credit Information Companies 2.3 The CICs have the widest mandate for collection and sharing of all sort of credit information from banks, non-banks and other credit providing agencies. They are regulated by RBI under the Credit Information Companies (Regulation) Act (CICRA), 2005. According to this Act, only certain entities are allowed to be members of the CICs. They are Credit Institutions under Section 2(f) and Credit information companies under section 2(e) of CICRA, 2005. History of Credit Bureau operations in India 2.4 The TransUnion CIBIL Limited (formerly Credit Information Bureau (India) Ltd. (CIBIL)) was incorporated in 2000 and started operations in April, 2004. Three other CICs were set up following the enactment of CICRA, 2005. Equifax Credit Information Services Private Limited and Experian Credit Information Company of India Private Limited were set up in 2010. CRIF High Mark (formerly High Mark Credit Information Services) was set up in 2011. All the four CICs are currently operational in India. Reporting to CICs 2.5 All credit institutions (as given in sec 2(f) of the CICRA, 2005) have been directed by the RBI to be members of all CICs. The institutions which report credit information to CICs include all banks (SCBs and cooperative banks), NBFCs, HFCs, State Financial Corporations, AIFIs and Credit card companies. Users of credit information 2.6 Users of credit information as listed in Reg 6 of CIC Regulations, 2006 include All credit institutions, Insurance companies, Telecom companies, Credit Rating Agencies, Registered stock brokers, Trading members registered with commodity exchanges, SEBI, IRDA, Resolution professionals and Information utilities. Permissible uses 2.7 Permissible uses of the credit information stored in CICs as mentioned in Reg 9 of CIC Regulations 2006 are - For taking credit decisions, for discharging statutory and regulatory functions, to enable a person to know his / her own credit information. In addition to providing credit history, CICs employ data analytics to provide useful insights about expected credit behaviour of an entity. They provide key inputs to credit appraisal process and help in making informed credit decisions at various lending institutions. Existing CICs 2.8 The four CICs currently operating in the country are TransUnion CIBIL, Equifax, Experian, and CRIF Highmark.
Reserve Bank of India 2.9 RBI maintains a large repository of Credit Information in the country. The Central Bank collects credit Information through mandatory report filings from its regulated entities. RBI derives its power from RBI Act, 1934 and BR Act, 1949. While these statutes enable RBI to collect accurate credit information from the entities in its ambit, they also place restrictions on the use of the collected data - mainly on sharing of data outside the banking system. RBI also collects granular account level credit data for purely statistical purposes. From regulatory & supervisory point of view, RBI is more concerned with systemically important accounts and bank level data which enables it in efficient and effective monitoring of the system. Central Repository of Information on Large Credits (CRILC) 2.10 Central Repository of Information on Large Credits (CRILC) was set up by Reserve Bank in 2014-15 for ease in offsite supervision. The CRILC database contains information from all SCBs (excluding RRBs) on all credit instruments for borrowers having aggregate fund-based and non-fund based exposure of INR 50 million and above. Although the CRILC database captures about 60 per cent of the entire bank credit and around 80 per cent of the non-performing loans of SCBs by value, its coverage is miniscule in terms of number of accounts. The reporting used to be on a quarterly basis and the slippages were required to be reported in another format on as-and-when basis. From April 01, 2018, the reporting is mandated to be on a monthly basis with reporting on weekly basis of all borrower entities in default. The CRILC is designed entirely for supervisory purposes and its focus is on the reporting entities’ exposure to the borrower (as individual and/or as a group) under various heads, such as bank’s exposure to a large borrower; the borrower’s current account balance; bank’s written-off accounts; and identification of non-co-operative borrowers, among others. However, CRILC captures only limited detail about the borrowers such as the industry to which they belong and their external and internal ratings. The pooled information under CRILC is shared with the reporting banks but is not shared with the CICs, larger lender community, or researchers, due to legal prohibition. Genesis 2.11 CRILC was created for early recognition of financial distress, enabling prompt action for resolution and fair recovery for lenders and as part of a framework for revitalising distressed assets in the economy. It became fully effective on April 01, 2014 with reporting starting since quarter ended June, 2014. All Scheduled Commercial banks and four All India Financial Institutions (NABARD, EXIM BANK, NHB and SIDBI) report to CRILC. CRILC Main 2.12 This comprises of four sections i.e., Section 1: Exposure to Large Borrowers (Global Operations), Section 2 - Reporting of Technically/Prudentially Written-off Accounts (Global Operations), Section 3 - Reporting of Balance in Current Account (Global Operations) and Section 4: Reporting of Non - cooperative Borrowers (Global Operations). Reporting frequency for CRILC Main is monthly now. 2.13 The CRILC system started with information on SMA2 (default for 61-90 days) to be submitted on as and when basis i.e., whenever repayment for a large borrower's account becomes overdue for 61 days it is to be reported by the bank immediately. In case the borrower has funded and non-funded exposure of INR 10 million and above, formation of a Joint Lenders Forum (JLF) is compulsory in respect of a SMA 2 classified borrower. With a new framework for resolution of stressed assets, as announced by RBI on 12th February 2018, instead of only SMA2 borrowers, banks are to report all defaulted borrowers on weekly basis effective 23rd February 2018. A separate mechanism of Resolution Plan was brought into effect withdrawing earlier mechanisms / schemes. Essential Objectives 2.14 CRILC serves following purposes:
Data Items 2.15 Qualitative / Descriptive data includes PAN as unique identifier and other borrower identification data such as name and group name. It also has information on Industry, subsector code, Wilful Default, Asset Classification, Fraud, RFA, Internal rating, external rating, etc. Quantitative data like Funded Credit exposure and limit sanctioned Amount, Non-Funded Credit exposure & outstanding are also captured. Other information like formation of Joint Lenders’ Forum is also reported. Sharing of Data 2.16 The CRILC data including details of SMA 2 / defaulters reported are shared in consolidated form with the reporting entities. Section 45E of RBI Act, 1934 and section 28 of BR Act, 1949 prohibits the sharing of data outside the banking system. As per legal provision, CRILC data is treated as confidential and can be shared in the public interest in such consolidated form as RBI may think fit without disclosing the name of any banking company or its borrowers. Information relating to borrower name is commercially sensitive and there is a possibility of misuse of information. Utility to Banks 2.17 Banks get email alert on any bank reporting of any borrower as SMA2, default, RFA/Fraud. This facilitates early identification of stress in the account and enables bank to take pre-emptive steps to safeguard their interests. Aggregate exposure of a select borrower along with names of lending banks and contact details are available to all reporting entities. This gives a larger picture of the borrower’s liabilities across the banking system. Assets classification and SMA2 and default history of a select borrower is shared with banks. List of SMA2 classified / defaulted borrowers during the selected period and list of RFA/Fraud reported borrowers and Non-cooperative borrowers are available in CRILC. Basic Statistical Returns (BSR1) 2.18 It is Basic Statistical Return on credit i.e., loan accounts information from bank branches. The BSR-1 data covers loan level credit information for all SCBs. It aims to measure distributional aspects of bank credit. Coverage 2.19 Only Scheduled Commercial Banks (including RRBs) submit BSR1 return. It includes only the fund based exposure for loans granted in India. The BSR1 is collected every quarter-end from Scheduled Commercial Banks, while RRBs submit yearly (March-end only). Data pertaining to 92 SCBs (excluding RRBs) having a branch network of more than 1,40,000 encompassing about 16 crore records is collected every quarter. The number is growing at the rate of 10-15 per cent per annum. 2.20 It is a statistical return which captures some metadata for the account such as district and the population group of the place of funds utilisation; type of account such as cash credit, overdraft, term loan, credit cards, etc., organisation type such as private corporate sector, household sector, microfinance institutions, Non-Profit Institutions Serving Households (NPISH) and non-residents; and occupation type such as agriculture, manufacturing, construction, and various financial and non-financial services. The interest rate charged along with the flag for floating vs. fixed is also reported here. These details are not present in CRILC which is a borrower-level dataset rather than a loan-level dataset. Though BSR1 contains a “health code” for each account, it is not comprehensive enough to cater to the supervisory needs as it is not feasible to aggregate all accounts maintained by a borrower in the absence of a unique identifier across the reporting banks. Due to a number of reasons, even bank-level aggregation of delinquency in BSR1 will not in general match with that reported through CRILC. Aggregated statistical information with spatial, temporal and sectoral distribution from BSR1 is shared in the public domain for researchers, analysts and commentators. Account-level data is, however, kept confidential but is shared by the Reserve Bank with researchers on a case to case basis under appropriate safeguards. Challenges 2.21 Timeliness suffers due to inconsistencies and misclassifications in initial data. No borrower identification is captured and therefore BSR1 cannot be linked with other datasets like CRILC or MCA database. Due to the very nature of return covering all bank branches, any change in format/ codes takes longer time to implement/stabilize. It comprises of millions of small borrowers for whom getting common identifier (PAN/CIN) number is challenging as it may not be available in banks’ CBS. Central Registry of Securitisation Asset Reconstruction and Security Interest (CERSAI) 2.22 The Central Registry of Securitisation Asset Reconstruction and Security Interest (CERSAI) was set up by the Govt. of India on 31st March 2011 under the provisions of the Securitisation and Reconstruction of Financial Assets and Enforcement of Security Interest (SARFAESI) Act, 2002, to make available the data of all equitable mortgages in the country at one place, so that the frauds due to multiple financing against the same property may be prevented. 2.23 The objective of CERSAI is to maintain and operate a system for the registration of transactions of securitisation, asset reconstruction of financial assets and creation of security interest over property, as contemplated under the Chapter IV of the SARFAESI Act, 2002. CERSAI provides online facility for filing of Security Interest on Immovable properties, Movables and Intangibles, Factoring transactions, Securitization and Asset Reconstruction Transactions and Under Construction Properties. Information available with CERSAI 2.24 Details of the assets against which security interest has been created is available with the registry. For immovable assets, Identifiers/information issued by builder or Govt. Agencies and contained in registration documents like survey number, plot number, flat/house number, area of the unit, various fields related to address of the property is captured. For vehicles, registration number, engine number, chassis number, VIN/Serial number and for other movables/intangibles brief description of the asset, identification number (if any) is stored. Borrower’s details like type of borrower (whether Individual or Proprietorship/ Partnership Firms or Limited Liability Partnerships (LLPs) or Company/ Govt. Body or Co-operative Society or HUF or Trust) is captured. In case of individuals, their name, date of birth and provision to capture identifiers like PAN and Aadhar is present. In case of entities their name, identifiers like registration number, CIN/LLPIN are captured. And in all cases address of the borrower is captured. Details of security interest holder i.e., branch name and address is captured. For immovables, the details of the title document and the place of their registration is captured. Loan Account number, nature of loan, interest rate, loan amount, secured by asset, extent of charge also needs to be reported by the entities. Information Utility 2.25 Information Utility (IU) stores financial information that helps to establish defaults as well as verify claims expeditiously and thereby facilitate completion of transactions under the IBC in a time bound manner. It constitutes a key pillar of the insolvency and bankruptcy ecosystem, the other three being the Adjudicating Authority (National Company Law Tribunal and Debt Recovery Tribunal), the IBBI and Insolvency Professionals. 2.26 The IBC enabled the IBBI to lay down Technical Standards and thorough guidelines for the performance of core services and other services by IUs. The Technical Standards shall inter-alia provide for matters relating to authentication and verification of information to be stored with the IU, registration of users, data integrity and security, porting of information, inter-operability among information utilities etc. The Regulations require that each registered user and each debt information submitted to the IU shall have a unique identifier. 2.27 National E-Governance Services Limited (NeSL) is India’s first IU and is registered with the Insolvency and Bankruptcy Board of India (IBBI) under the aegis of the Insolvency and Bankruptcy Code, 2016 (IBC). The company has been set up by leading banks and public institutions and is incorporated as a union government company. The primary role of NeSL is to serve as a repository of legal evidence holding the information pertaining to any debt/claim, as submitted by the financial or operational creditor and verified and authenticated by the other parties to the debt. NeSL’s role is to facilitate time-bound resolution by providing verified information to adjudicating authorities that do not require further authentication. 2.28 NeSL was incorporated in June 2016 as a Union government company with equity fully held by financial institutions - public sector holds 65 per cent of the equity. There are 17 shareholders – 13 banks, 3 insurance companies and 1 depository. NADL (wholly owned subsidiary of NeSL) has received in-principle licence to serve as NBFC- Account Aggregator. A repository of financial information that is authenticated by the parties to debt and serves as legal evidence in NCLT and DRT may also be accepted in other Courts under the Civil Procedure Code. IU intends to hold legal evidence of both parties authenticating facts of debt, outstanding etc. IU report may be taken by creditor from debtor to view the exposure to credit system. MCA company finance database 2.29 The Ministry of Corporate Affairs (MCA) collects statutory information, both financial and non-financial, from registered companies on self-declaration basis. The reporting can be Annual or Event based. The key identifier is the CIN. The MCA database contains the audited or unaudited financial results of the companies submitted by them at various frequencies. Companies registered under Companies Act, 2013 are mandated to file all documents relating to incorporation, compliance, approvals, annual statutory returns, etc. electronically through MCA21 system. MCA21 an e-governance project being implemented by MCA since 2006 is now a large electronic repository of Indian corporate sector. As on September 2017, the MCA21 system has information of about 1.7million companies registered under the Companies Act. 3. Credit Information Infrastructure – International Practice INTRODUCTION 3.1 The best predictor of future behaviour is past behaviour or past performance in a similar situation. The utility of a credit information registry, which contains detailed granular information on borrowers’ past loan performances, is rooted in this principle. A country may have credit registries operated by the public sector or private sector or both2. 3.2 Jaffee & Russell3 (1991) and Stiglitz & Weiss4 (1981) demonstrated that asymmetric information between the lender and the borrower leads to problems of adverse selection and moral hazard, thus making it impossible for the price of the loan or interest rate to play a market clearing function. The more severe the asymmetric information problem, greater is the credit rationing likely to occur. 3.3 The lenders may rely on their interaction with borrowers and build a knowledge base. The importance of information developed over the course of a banking relationship is well documented in literature. However, this information is limited to one’s own borrowers only and their interaction with only one entity. Also, this proprietary information, not shared with other lenders, can lead to negative incentive in terms of higher loan prices for ‘good’ borrowers, as they cannot distinguish themselves from ‘bad’ borrowers. 3.4 Credit Registries – PCR and PCBs – makes a borrower’s credit history available for scrutiny to potential lenders. This helps lenders take better credit decisions in terms of avoiding making loans to high risk persons, natural or legal, identified based on their repayment histories. For borrowers, this acts as a positive incentive for timely repayments, as they know that their information in the credit registry works as part of their “reputation collateral”. PCR and PCB5 3.5 PCR and PCB are the two main types of credit reporting institutions across the world. In many countries, PCR and one or more PCBs coexist, whereas in others either a PCR or only PCB(s) operate. The differences in country wide practices may stem from a number of factors including maturity and size of the credit market, legal framework and so on, but primarily the practice is tuned to the particular requirement of the country. Public Credit Registries 3.6 The sharing of credit information is in the public interest from a financial stability and supervisory perspective. That is why in most countries the Credit Registries are generally owned and managed by the public sector, with the ownership mostly lying with the country’s banking sector regulatory / supervisory authority – generally the Central Bank. The terms central credit registry and public credit registry are thus used interchangeably. The PCR in turn makes the collected information about a borrower available to reporting institutions as a crucial input into making their own credit decisions. Traditionally, the PCR was tuned for assisting mainly in regulation / supervision of the credit institutions and thus, information were captured for loans above a certain threshold, in general. However, many PCR across the world have moved to a lower threshold, capturing as much of the whole information as possible, and also provide credit reports to lenders and borrowers (on their own situation) as part of their operation. PCRs however, do not generally provide additional services like credit scoring or portfolio monitoring to the lenders. 3.7 Submission of information to PCR is compulsory under national legislation. Regulations under the specific law defines the reporting institutions, the type of borrowers and the type of instruments to be covered as part of the reporting and the data fields to be provided. The authority in charge of the PCR is also generally endowed with certain enforcement powers to handle non-submission, wrong-submission or late-submission. Private Credit Bureaus 3.8 PCBs are generally owned by specialised firms and operate for profit. The PCBs also receive information from creditors, but the reporting tends to be voluntary in nature. Credit institutions enter into agreement with a PCB which specifies the data that the credit institution should contribute and can consult and also the fees for the same. PCBs augment this information with that gathered from other relevant sources like other public registries, tax authorities, utility bill payments database, legal proceedings database etc. and provide the data to creditors. Creditors and Borrowers can also get credit reports from the PCBs. Creditors can obtain the credit history of a credit applicant from a PCB on request. 3.9 PCBs offer their services to various parties, depending on the country’s law, other than the credit institutions - for example, leasing companies, utilities providers etc. In addition to this, PCBs also provide value added services like credit scoring, portfolio monitoring, fraud prevention and so on, tailored to the creditor’s need. PCR and PCB – features 3.10 As the reporting is compulsory to PCR by law, 100per cent of the population that receives credit, generally above a certain threshold, gets covered in PCR. PCBs collect information with a much lower threshold, or no threshold at all, but the voluntary nature of submission may lead to a lower coverage of the credit market. The credit information reporting ecosystem becomes more useful to creditors as the coverage of creditors reporting to the system - and hence coverage of borrowers – increases, as that would lead to near complete picture of a potential borrower’s credit activity resulting in higher confidence in taking a credit decision. Thus, better coverage of credit institutions is highly valued. 3.11 Both PCR and PCBs operate on the principal of reciprocity, lying at the core of all credit reporting system. Essentially this means that an entity can access information from a credit information database provided they contribute to the database by submitting credit information. 3.12 Both in case of PCR and PCBs, the credit institutions have to ensure the quality and accuracy of the data submitted. The borrowers in turn have the right to access their own data and review and correct accordingly. 3.13 Some of the salient features of PCR and PCBs are represented in the table below:
PCR around the World 3.14 PCR had its genesis in Europe. The first PCR was established in Germany in 1934. This was followed by France (1946), Italy (1962), Spain (1963) and Belgium (1967). The next wave of expansion was in the 1990’s where most countries in Latin America started their own PCR operation – Bolivia (1989), Colombia (1990), Argentina (1991), El Salvador (1994), Dominican Republic (1994), Costa Rica (1995), Guatemala (1996), Ecuador (1997) and Brazil (1997)6. As can be seen from Diagram 1, many African (Angola, Algeria, Libya, Morocco, Nigeria, Tunisia, Togo) and Asian (China, Mongolia, Malaysia, Indonesia, Philippines, Vietnam, Oman, Qatar, Bangladesh, Pakistan, Yemen) countries have also developed a PCR over the course of time. A survey conducted by the World Bank in 2012 reported that out of the 195 countries surveyed, 87 were having PCR. It has been observed that PCRs are more prevalent in countries with a French legal tradition (Civil Law), whereas countries with British legal tradition (Common Law) tend to have PCBs in operation. 3.15 The Western European countries have a rich tradition of PCR. 16 out of the 28 member countries of the European Union have a PCR7, mostly managed by the Central Bank. The European Central Bank (ECB) has initiated a project called AnaCredit (Analytical Credit Datasets) which is a project to set up a dataset containing detailed information on individual loans in the Euro area, harmonised across all member states8. The project was initiated in 2011, and it is scheduled to ‘go live’ in September, 2018. For compliance to the reporting requirements for this project, the countries not having a PCR are also setting up some form of a central credit registry. The countries which already had a PCR are taking two approaches for compliance – either enhancing their own PCR in the process (e.g. Spain, Portugal) or establishing a separate information system to fulfil reporting requirements to AnaCredit (e.g. Italy, Germany). 3.16 As good examples of implementation of PCR with excellent coverage of adult population in the respective countries, the PCR operations of Spain, Portugal and Argentina will be described in detail below. Spain 3.17 The main objectives of the Spanish PCR besides providing reporting entities with data on credit risk of their actual or potential clients are to help in prudential supervision of reporting entities, to produce statistics on credit and to contribute in other various legally defined tasks of the Bank of Spain. The PCR started operation in 1963 with consolidated reporting, moved to borrower-by-borrower reporting in 1995 and then to loan-by-loan reporting in 2013. The PCR was then further enhanced in 2017 to incorporate AnaCredit requirements. Spanish law defines the PCR as a public service and allows Bank of Spain to use the data in exercising its supervision and inspection role and also to provide reporting entities with data to conduct their business. All credit institutions (including branches of foreign entities operating in Spain) as well as guarantee companies report to the PCR. All loans, debt securities and financial guarantees and other off-balance sheet exposures are reported to the PCR on a loan-by-loan basis. Other than some exceptions of a specific nature, the reporting is mandated for all amounts and all type of borrowers. 3.18 There are four main categories of users with which PCR information is shared. Reporting institutions have access to PCR data which may be used only for credit risk management and assessing level of indebtedness of actual or potential borrowers. The borrowers have access to their own information contained in PCR to ensure right of access, rectification, deletion and objection. Judicial authorities and other public organizations can request access to PCR data. In-house central bank users also have access to PCR information, but on a strict need-to-know basis. The only exception to the above broad access framework applies to public administration organizations, information pertaining to whom can be made publicly available. 3.19 The reporting entities receive monthly detailed reports on all of their existing borrowers with the aggregate amount on the different types of credit risk in the whole system. The reporting entities can also request for ad-hoc reports on potential borrowers or entities which feature as bound to pay or as guarantors in bills of exchange or credit instruments which the reporting entity has been asked to acquire or discount. They have to inform the borrower in writing about the request being made. Both the regular monthly reports as well as the ad-hoc reports supplied to the reporting entities from PCR are aggregated in nature in so far as they do not disclose either the name or the number of lenders or the number of operations. The ad-hoc reports supply information pertaining to the latest reporting period and also that of six months prior to that for reference purpose. 3.20 The borrowers can obtain reports on all their data included in the PCR (breakdown of entities and by operations). They also receive the same aggregated information for themselves which is shared with reporting institutions. The borrowers can challenge wrong data on themselves by either addressing the reporting institutions themselves or asking Bank of Spain to transmit the request. The reporting institutions must reply to the borrower and the PCR within 15 working days in case of a natural entity or within 20 working days in case of a legal entity. During this interim period, dissemination of the controversial data is suspended. Portugal 3.21 The PCR in Portugal was created in 1978 by Banco de Portugal (BdP) with the purpose of providing information to the credit institutions and help them in their assessment of the risks of extending credit. It is regulated by a Government Law and all institutions granting loans in Portugal are obliged to participate in the PCR thus reporting all the loans they have granted or the guarantees they have provided. No exemptions are conceded by the BdP in this regard. The PCR contains information on actual credit liabilities of natural and legal entities as well as potential credit liabilities in the form of irrevocable commitments. The legal framework of the PCR guarantees the confidentiality of individual information and ensures it in the processing and dissemination of credit information. 3.22 The main objective of the PCR is to support the reporting entities in credit risk assessment by allowing them access to aggregated information about the indebtedness of their actual and potential borrowers. Under the law, the PCR information can also be used for essential functions of the central bank, namely banking supervision, financial stability, monetary policy, research and statistics. 3.23 The Portuguese PCR was completely rebuilt in 2009 in terms of type of credit operations covered, the participating institutions and other general rules concerning the PCR operation. At present the Portuguese PCR contains information on a borrower-by-borrower basis on all financial loans granted in Portugal and all financial loans granted abroad to residents of Portugal by branches of Portuguese banks. The reporting threshold on amount is 50 Euro. The BdP has also in place a system (BPLim) which is an onsite analytical platform where researchers / academics can query anonymised PCR data. 3.24 Each month all reporting institutions receive the credit report of all debtors that they have reported, which contains the latest information on their total indebtedness broken down by the different types of loans associated. No creditors are identified in the reports and only aggregate numbers are provided. All reporting institutions are also entitled to request a credit report regarding every new potential client applying for a loan. More than 6 million credit reports are issued annually by the PCR for this purpose. All natural and legal entity has the right to obtain its credit report for the last five years free of charge, which include a detailed breakdown by the creditor. 3.25 The PCR of Portugal is also undergoing major changes to incorporate AnaCredit requirements. The BdP has utilized this opportunity to completely overhaul and enhance the existing PCR, going to a loan-by-loan level reporting from the existing borrower-by-borrower one. The information content of the PCR has also been drastically enhanced (from existing 24 variables to 187 variables for each loan). The PCR will now contain information for all financial loans granted in Portugal and all financial loans granted abroad by branches of Portuguese banks. The new improved PCR is expected to ‘go live’ from September 2018 with the first AnaCredit reporting scheduled on November, 2018. Argentina 3.26 The Argentine PCR started its operation in 1991. The PCR covers 44.8per cent of the adult population in the country, the proportion being significantly higher than the corresponding Latin American and Caribbean proportion of 14per cent. In Argentina, submission of credit information to PCR is mandatory under law and the credit institutions also report the credit information to PCBs. The PCR covers both natural and legal entities and the credit history of the borrowers are made available over internet. Morocco 3.27 Prior to setting up of the PCR, Morocco grappled with three different “Credit Registries” (by banks, MFIs, NBFIs) leading to three “vertical silos” isolated, not integrated, incomplete and partial credit information set. This resulted in high risk of information fragmentation with quality deterioration of information/databases where no lender in Morocco would have ever had the complete picture of customers’ exposure. As no internal capacity and know-how inside banks, NBFIs, MFIs to run such projects were there, Bank Al-Maghrib (BAM), the Moroccan central bank, worked with IFC to overhaul the credit reporting system of Morocco in 2006. Under the advice of IFC, BAM took up the role of aggregator of data of all its regulated credit institutions and a private credit bureau was assigned the role of processing this raw data and provide all the services. This arrangement was operational since 2009 with minimum change in the legal framework. 3.28 The “Moroccan Model” had drawn appreciation and definite positive impact is observed on business climate (Doing Business rank). However, there were certain short-comings, notably, absence of non-traditional data from non-supervised entities to foster financial inclusion even further and scarce utilization of the Public Credit Registry by BAM to support the needs and responsibilities of the regulator. Therefore, BAM has embarked into phase 2 of its PCR project. In this phase, they plan to refocus the PCR more for the internal requirements of BAM including supervision and regulation. The Credit Bureaus may no longer get the data from the PCR and may require to compete and innovate with opening up of the credit information space. 4. Public Credit Registry in India - Expectations of Stakeholders BACKGROUND 4.1 The HTF engaged with multiple agencies to get a view of the challenges faced by them in terms of availability of Credit data and how PCR can help to bridge the gap. In order to further crystallize views of various stakeholders, three Subgroups of the HTF were formed. Each Subgroup catered to a different class of stakeholders i.e., Commercial Banks, Non-Banks and Cooperative Banks. The reports of these Subgroups are given in Annexure II. 4.2 The terms of reference of the Subgroups were set as follows:
SUBGROUP OF BANKS 4.3 The subgroup comprised of 11 members having representatives from public sector banks, private sector banks, foreign banks, small finance banks, Regional Rural Banks and Indian Banks’ Association (IBA). The Banking subgroup used the concept of use cases to approach the problem. The following three use cases were decided by the subgroup - Origination, Monitoring and Enforcement (pre and post) and Simplification/ Consolidation of reporting. The deliverables for the subgroup were creating a wish list of all necessary data fields and determining the current reporting being done by banks while identifying the data overlaps between various information systems. SUBGROUP OF NON BANKS 4.4 The subgroup also comprised of 11 members having representatives from prominent NBFCs, HFCs and ARCs. The Subgroup endeavoured to identify the key concerns that non-banking lending institutions face while collating the due diligence information about the borrower and the possible means of overcoming these challenges. SUBGROUP OF COOPERATIVE BANKS 4.5 The subgroup under the aegis of NABARD comprised of 18 members having representatives from UCBs, StCBs, DCCBs and PACs. The Subgroup made recommendations under its terms of reference. CHALLENGES IN THE CURRENT CREDIT INFORMATION SYSTEM 4.6 The challenges faced by stakeholders, as identified by the subgroups, were mostly common across commercial banks, cooperative banks and non-banks. The key challenges highlighted were as follows. Lack of comprehensive data 4.7 Credit information is currently available across multiple systems in bits and pieces and is not available in one window. There are certain key information that do not get reported currently but are essential for making effective credit decisions. Many a times, lenders are dependent upon the borrower for providing key information due to lack of a credit registry. The complete debt snapshot of a borrower is not currently available with the lenders. With financing happening from non-bank funding sources (viz. NBFCs, mutual funds, foreign portfolio investors, alternative investment funds etc.), complete debt details are not currently available in any system. Systems like MCA only have data of companies and limited liability partnerships. Data for other entities (viz. trusts, societies, AOPs, general partnerships, sole proprietorships etc.) is currently not available in any system. 4.8 The information about all individual and non-individual clients is not available at one place. While the information for companies or LLPs are available there is no central database available for verifying the structure or other constitution details for entities falling under the categories of AOPs, Partnership, HUF, Trusts etc. Further the status of the members of such entities and the updates in such status (e.g. Karta of an HUF, partners with any limitation on liability such as sleeping partner) is not available. Even verification from those separate data available in public domain is scattered and incomplete. At times, these limitations may result in inadequate and ineffective diligence of such entities. Therefore, a central repository capturing all the details including that of UBO of every constitution other than Companies or LLPs may be built and made available to all stakeholders. 4.9 However, the same is not available to NBFC e.g. information on financial delinquency like categorization as SMA 0, SMA 1 or SMA 2 etc. available in CRILC. Such information needs to be also made available through one database to all stakeholders (including NBFCs). Another challenge that lenders face at the time of appraisal is the assessment of the real beneficiary/ controlling person, associated with the complex chain of ‘shell’ entities, including companies/LLPs/Trusts etc. These entities on many occasions are controlled by the family members/associates of the main controlling person. It is a web which is very difficult to unravel through the currently available information platform/s. Information available in fragmented manner 4.10 Currently, the data is available in a scattered manner and non-uniform basis. The various sources from where such data can be accessed are CICs, CERSAI Registry, KRA registry etc. These databases provide different inputs and may be not updated on timely basis, thereby providing different information for the same client. Thus it becomes difficult to rely upon and verify the information provided by these clients. A single repository across these agencies capturing entire database of such clients, will ease out the due diligence process. Comprehensive information of borrower would help in making better credit decisions and also support sound risk management. It would also enable better governance controls through enhanced monitoring. Dependency on Self Disclosures by borrowers 4.11 Currently there is a lot of self-certified data taken from customers and relied upon e.g. client KYC, Income details, financial details (assets & liabilities), networth, contact numbers, nationality etc. These details especially financial details are important parameters for lending. In case of companies these details are available through audited financials; however the same does not provide a holistic view regarding the paying capacity of the client. With respect to the clients like individuals, HUF, Trusts, AOP, Partnerships the information is further limited with a lot of dependency on the client. Authenticity and Reliability 4.12 The various pieces of information are cross checked with the information available on MCA, Income Tax, Exchange website for listed company disclosures, Regulator’s website for regulated entities, CERSAI Portal, Judicial websites (for litigation) etc. However most of the time, the information is either not updated or inaccurate entries are passed. This leads to inaccuracy and thus affects the quality of lending. There should be a mechanism to raise queries on the observation and feedback from the other participants. There is no reliable validation tool for lender while taking credit decisions for a potential borrower. For example, in scenarios where a lender is extending fund based facilities against guarantees/letter of undertaking of other banks, the lender should be able to validate if the non-fund based facility has actually been assisted to the borrower. Inconsistencies in data cannot be easily identified and there is a high dependence on the information submitted by the borrower itself. For certain data, there exists no harmonized list leading to lack of uniformity among the lenders; for example, industry classification for a particular borrower. Time, dated information and cost 4.13 The various portals, as available today for cross verifying the information, are MCA, Income Tax, Exchange website for listed company disclosures, Regulator’s website for regulated entities, CERSAI Portal, Judicial websites (for litigation), Company website etc. However, many times the updated information is not available. For example the CERSAI portal takes lot of time lag to get the registration of collateral/security. Further at times such reports are not available in machine-readable format. Due to these limitations, lending institutions have to invest time and costs to get the same converted. 4.14 Post disbursement monitoring of the financial position of the entities is another challenge, especially in the light of change in ownership patterns/creation of new ‘shell’ structures, transfer of underlying assets including personal assets of borrowers to family members/associates/associated entities. It is virtually impossible under current system to ring-fence the personal assets from such diversion leading to situations where the borrowing entities go bankrupt, whereas promoters are virtually unaffected. 4.15 Additionally various aggregator portals like ‘world-check’, Watchout Investors, CIBIL are paid portals and each time a record is accessed, lender has to bear the cost. Multiple Reporting 4.16 Currently, multiple returns with multiple agencies are filed which contain similar information pertaining to loan amount, details of security, charge creation, borrower details etc. Such reporting is made to CIC, CRILC, CERSAI, ROC and IU. Further each agency has its own process and time lag to upload the information and make it available to the users. Due to multiple inputs and time lag there are difficulties to ascertain the up-to-date information. In the present reporting framework, banks have to provide more than 300 reports. Since there are many systems with data in bits and pieces, a lot of overlap also happens. A comprehensive data registry would not only simplify but also streamline and consolidate reporting. At the same time, it would also improve the quality of reporting. Recommendations and expectation from PCR 4.17 In view of the challenges present in the existing credit information system, following are the recommendations for PCR made by the stakeholders. Complete information 4.18 Data pertaining to entire life cycle of loan to be collected by PCR. Rationale is to make available complete information regarding loans, starting from origination of loan, its pricing, loan and security documentation, security obtained, defaults, monitoring, repayments, termination/ settlements/legal proceedings. This would enable use of data by all stakeholders whether they are banks, CICs, IUs, the regulator/supervisor etc. The PCR should capture entire banking footprint of the entity in terms of all credit relationships. 4.19 The primary focus behind designing a comprehensive PCR is to enable any stakeholder, who has access to the PCR, to obtain comprehensive information of the borrower, through a single portal. This will not only lead to sound credit decisions but would ultimately lead to development of a flow based lending. Access to credit information, including debt details and repayment history would drive innovation in lending. For example, currently most banks focus on large companies for loans and consequently the micro, small and medium enterprises are left with limited options for borrowing. With satisfactory payment history and validated debt details made available, it will increase the credit availability to micro, small and medium enterprises along with deepening of the financial markets. This will support the policy of financial inclusion. 4.20 An exhaustive dataset design was recommended by one of the subgroups (Refer report of the Banking Subgroup in Annex 2). Additionally, it was suggested that Non fund based data to be furnished by banks to PCR to track guarantees and other such off-balance sheet liabilities of banks. Information with respect to security valuation/LTV to be captured for secured loans. PCR should also capture details of guarantee provided by borrower group entities / third party including details of guarantees that are collateralised. Loan assignments including loan assignment to ARCs to be reported to PCR. Validation of Data 4.21 The members were of the view that a repository of data which is not validated cannot be relied upon. Hence, it is essential that whatever data goes into the PCR should be validated to ensure its accuracy. It was also proposed that additional validations be done for critical data – e.g. the total operating income of a company can be validated by checking the GST or income tax data. In certain data sections like news, litigation, it was suggested that no filters should be applied by PCR for deciding which data is material in nature. It should be a landing page which provides all information and it should be the responsibility of the entity accessing the data to apply their own criteria to the data repository in PCR. 4.22 Few of the data fields to be included in the PCR, viz. sector/sub-sector code and group code require harmonization. A harmonized list can help in removing inconsistencies in classification of customers, given that presently there is multitude of different lists maintained by different agencies/departments. Similar harmonization should be done for other data fields, wherever required. Unique Identifier 4.23 Unique borrower ID across all financing agencies along with unique account ID must be ensured. Aadhaar may be considered as unique ID for individuals. Portability of IDs across all financial institutions would enable quick and accurate retrieval of borrower information and facilitate swift credit decisions. 4.24 Another key challenge is to assess the real beneficiary/ controlling person, associated with the complex chain of ‘shell’ entities, including companies/LLPs/Trusts. In the current scenario, there is dependency on self-certification by borrower. There is a need to extend the uniform KYC requirements to non-individual entities specially non-individuals non-corporate customers in a structured format across regulators and products. The Legal Entity Identifier (LEI) may be considered to be extended and mandated for all types of non-corporate customers. LEI should be assigned on application from the legal entity and after due validation of data. For the organization, LEI will serve as a proof of identity for a financial entity, help to abide by regulatory requirements and facilitate transaction reporting to Trade Repositories. This will enable PCR to comprehensively integrate its database with other sources of information. Confidentiality and Privacy 4.25 In many countries, privacy laws have no provision for credit reporting or, in some cases, prohibit the disclosure of vital information to third parties altogether. PCR would be a registry of very sensitive and confidential data. Hence, the design and architecture of PCR should ensure that the data is not compromised at any point of time. Issues regarding confidentiality of data and privacy principles should be adequately addressed. Declaration should be made to customers regarding disclosure of data in PCR. PCR shall be responsible for electronically storing, safeguarding and retrieving the data-base and records. Robust technological infrastructure with adequate checks should be in place to ensure borrower authorization for accessing PCR platform by lending institution. It is proposed that access rights be given with adequate firewall so that separate stakeholders have access to requisite information only. Also, confidential information may be masked, wherever required. 4.26 Generally, the access to the information in PCR should be based on borrower's consent/ authorization. However, certain information providing negative credit flags such as payment delays/ defaults with lenders, encumbrances, judicial orders, FIU sanction list etc. should be available for access to regulators and lenders without specific borrower/ prospective borrowers' consent. Also, certain information may be required throughout the life cycle of a loan for monitoring purpose. Hence, a provision for one-time consent from the borrower valid for the lifetime of the loan should be made in the PCR. Standardization and Consolidation of Information 4.27 Currently, information is being sourced or verified by lending institutions through multiple platforms e.g. information pertaining to the Company or LLP is available on MCA portal, information pertaining to regulatory status or regulatory actions/orders is available on regulators’ website i.e., RBI, SEBI, IRDA, NHB etc., basic KYC data, for individual clients, is accessed through CERSAI. The regulators also keep on issuing various lists like wilful defaulter list (RBI), shell companies lists (FIU), struck off companies list (MCA), high risk NBFCs (FIU), etc. There is a need for financing institutions to have a common access at a single platform across all available public data-base of their customers/ customer groups. PCR should capture/access information in a standardized format through various existing platforms such as Credit Information Bureau, MCA, CERSAI, Exchange Website for listed corporates (both equity and debt listed), CRILC, FIMMDA, Income Tax for PAN / TAN database, Judicial database, etc. 4.28 PCR should have access / data feed from various regulatory websites and databases to have consolidated view of customers on tax compliances, regulatory orders and sanctions, credit defaults etc. This information would serve as early alert / warning system to financing entities in the process of their loan appraisal / loan monitoring. This platform should have access / data feed from following sources:
Single point of reporting 4.29 Currently, multiple returns with various agencies are filed which contain similar information pertaining to loan amount, details of security, charge creation, borrower details, etc. Such reporting is made to CICs, CRILC, CERSAI, ROC and IU(s). Further each agency has its own process and time lag to upload the information and make it available to the users. Due to multitude of inputs and presence of multiple versions of the same data it is difficult to ascertain the up-to-date information. 4.30 PCR should be single point for reporting of data by credit institutions in a standard format agreed upon by all stakeholders. It could be evolved to serve as a common reporting platform and data warehouse managed by a central agency that can be accessed by other stakeholders for their relevant data needs. Upon stabilisation, filing of information with PCR would also dispense with the mandatory requirement of filing information under various enactments. This would reduce multiple reporting requirements of similar data as well as ensure data consistency. It would enable PCR to cater to all classes of institutions whether credit providers, IU(s) or credit rating agencies. Data which is currently being submitted to CICs by their members need to be collected by PCR. Supplementary data can be collected by other agencies, if required. No minimum threshold 4.31 Loans issued by Cooperative Banks barring UCBs are generally small ticket loans. In order to have a 360 degree view, all credits regardless of size may be captured by the credit registry. It would also provide data on extent of financial inclusion. Alternate credit data 4.32 Certain data fields can act as surrogates for assessing the credit quality of a potential borrower; these include utility bills payment, provident fund payment, tax/statutory dues payment, etc. Linking of these individual systems with the PCR for capturing such data is thus recommended. Further, access to data such as GST etc. can be effectively used to validate financials of the borrower. 4.33 To begin with, data pertaining to utility payments e.g. mobile, internet, electricity bills, etc. in respect of societies/corporate entities to be collected, followed by information related to individual borrowers above a certain threshold to be incorporated in PCR. This would give pointers regarding the borrower’s financial situation and enable lenders to make informed credit decisions Legal Framework 4.34 A comprehensive legal framework including a parliamentary law, if required, to provide for regulation of Public Credit Registry and to facilitate efficient distribution of credit information and for matters connected therewith or incidental thereto, to be prescribed. Central Regulator may be mandated to oversee implementation and ensure compliance with PCR laws. Necessary amendments may be effected in the applicable acts, laws and regulations to make the Public Credit Registry an efficient and effective platform for all stakeholders. Default Reporting 4.35 Default by borrower being an important credit event would be captured and information to be available in PCR on real time basis. Alerts regarding other negative behaviour to be thrown up in data made available to PCR on real time basis. To alert loan delinquencies on real time basis:
Ease in Reporting 4.36 Uniform format to be adopted for furnishing of data by Commercial Banks, Cooperative Banks and NBFCs. Suitable coding to be introduced for BSR returns. All types of financing by Cooperative Banks to also have BSR codes, to enable uniformity in data reporting to the PCR and ensure quality of data. Data reporting process needs to be simplified, keeping in view the ground level realities at the district level where connectivity and quality of electricity is poor. PACS 4.37 Primary Agricultural Credit Society (PACS) and other Societies which lend to its members out of credit availed from higher tier i.e., DCCBs or out of its own resources should be treated as one borrower, initially. As PACS are not yet fully computerised, it would not be possible to draw data regarding individual borrowers of PACS through CBS of DCCBs. They should be treated as one borrower at least during initial few years till they are computerised. Borrowers of PACS should be covered in PCR over a period of 3-5 years. Computerisation of PACS should be accelerated to enable seamless flow of data from PACS to PCR and to reduce any additional workload on Cooperative Banks and PACS which have skeleton staff strength. Finally, all PACS are to be computerised in a manner to be compatible with CBS of DCCBs concerned so as to enable free flow of data from PACS to PCR as and when PACS are computerised. Technical compatibility 4.38 PCR technology to be compatible with all types of CBS platforms. CBS platforms are designed to suit the individual requirements of each bank and may vary across banks. Hence PCR should be compatible with all types of platforms. Implementation 4.39 A phased approach is recommended to be taken for the implementation of PCR. PCR should be implemented with minimum disruption to the existing system and processes. An appropriate legal framework to make data submission a statutory obligation is desired to ensure full compliance by reporting entities. Steering committee of stakeholders and PCR may be constituted to discuss and sort out issues as and when they emerge, and to monitor the objectives and functioning of PCR. SUMMARY of Stakeholder’s Expectation 4.40 Based on the expectations of the major stakeholders and the preceding discussion, some outline regarding the data to be captured within PCR may be formulated. 4.41 The PCR must receive credit information from all credit institutions in operation in India and the Indian credit institutions’ overseas branches. The submission of information should be mandatory, timely and accurate. The PCR will capture information for both natural and legal entity borrowers and without recourse to any threshold in loan amount. Comprehensive and exhaustive coverage will be key to PCR in terms of usefulness in determining total indebtedness of a borrower and also to monitor financial inclusion and credit flow to priority sector. 4.42 The borrowers must be identified uniquely in the information system. Unique identification of borrowers is vitally important as once the borrower is uniquely identified the identification key can then be used to link the PCR information with other databases where the borrowers financial information are stored. This would be most useful for legal entities as the PCR information can be linked with the balance sheet information available in MCA database. For unique identification of entities, a combination of PAN, Aadhaar, CIN and LEI may be used, as most of the existing reporting systems are based on either of these identification codes. It is also important to assign a PCR identification code to each loan reported to the PCR as it will be helpful to track a loan’s life cycle. For example, if a credit instrument gets sold to some other entity, then the reporting will continue by the new owner of the instrument, whereas the original owner will report the closure to PCR. Using the PCR ID of the loan the continued life cycle can then be tracked. 4.43 The PCR should capture all the information currently being captured within CICs, CRILC and BSR-1 for each loan. The specific data structure to be received in PCR may be decided upon by the Governing Council of the PCR. This core information may be submitted by the banks at a regular interval, preferably on a monthly basis, and information for new loans granted and all repayments as well as overdue repayments may be submitted on a daily basis. In due course, the PCR should strive for near real time reporting by enabling lenders to submit information to PCR at the time of capturing the same in their own system. 4.44 For a comprehensive coverage, however, the PCR need to capture more data beyond the core credit information reported by the lenders. The PCR should capture information on all overseas lending facilities (ECBs, FCCBs, Masala Bonds etc.) enjoyed by a borrower. The PCR should determine the total indebtedness of a borrower and in order to do that may capture data on all borrowings from market (commercial papers, corporate bonds, NCDs etc.) and inter-corporate borrowings. 4.45 In addition to this, as discussed before, the PCR must be able to link with assorted ancillary credit information – security interest information in CERSAI, balance sheet information in MCA, caution / advisory lists of regulatory agencies, other financial information databases – so that a comprehensive picture is available for decision making. 4.46 The PCR essentially could act as an enabler for regulators to achieve their objectives and mandate. Capturing all material events for a loan and including information on all borrowings besides those from the banking system are essential for this. One such example may be highlighted as follows. All listed entities are required, under the SEBI Listing Obligations and Disclosure Requirements (LODR) Regulations, 2015, to disclose delay / default in payment of interest / principal on debt securities, including listed NCDs, FCCBs etc. Similar disclosure requirements have been under the consideration of SEBI with respect to loans from banks and financial institutions. Notwithstanding the mandated timings of disclosure in any such case, with near real time capturing of all material events for a loan, the PCR could enable SEBI to validate all such default disclosures. 5. Public Credit Registry – Information Architecture INTRODUCTION 5.1 The report on the General Principles for Credit Reporting by the World Bank Group9 discusses various information models showing how a PCR can play an important role in the credit information reporting ecosystem. These models may act as the basis of countries own information system with appropriate modifications as per the special needs of the said country. Features of two possible models based on the international best practice are briefly discussed below. 5.2 Model 1: A public credit registry and one or more private credit bureaus can coexist without any type of formal interaction between the PCR and PCB(s). In this case, credit institutions supply data to both PCR and PCBs. Whereas the PCR uses the information for supervisory and statistical purposes and shares data with the reporting entities, the PCBs may collect data from a variety of other sources besides the regulated credit institutions and provide a range of value added services including credit scoring to a wide range of users including the reporting entities and the borrowers. 5.3 Model 2: Another possible way a PCR and PCB(s) could coexist involves interaction between them. In this model, the PCR acts as the single point of mandatory data receipt from all credit institutions. Credit institutions may optionally report credit information to PCBs. The PCR may also supply limited credit information to the PCBs. The PCBs may augment this core information with information gathered from other sources and provide services to credit information users based on it. Regulators may primarily depend on the PCR for information to be used for supervisory and statistical purposes. 5.4 When the objective behind setting up a PCR is primarily to fulfil the regulatory / supervisory needs of the Central Bank, Model 1 may work well. If we consider CRILC to be a working version of a credit registry in its most basic form, then it is evident that in India we are at present essentially following Model 1, covering a subset of credit institutions, with an imposed reporting threshold in loan amount and a separate granular credit information flow for statistical purposes (BSR-1). The obvious drawback of this model is that multiple reporting increases the burden on the reporting entities as wells as affects the data quality. Model 2 addresses this by centralising the credit information reporting to PCR. PCR thus becomes the backbone of the credit information reporting ecosystem, gathering information suitable to address the diverse needs of various users. 5.5 In this chapter, some of the aspects peculiar to India will be discussed based on which a suitable model of the credit information ecosystem will be proposed. Also, suggestions on the governance aspect, access control, data quality and types of data to be captured within PCR will be made. THE INDIAN CONTEXT 5.6 India is among the world’s fastest growing major economies, with an estimated growth rate between 6-7 per cent in real GVA for the year 2017-18. The long term growth prospect of Indian economy is positive due to administrative reforms like the implementation of GST, which is likely to boost corporate investment, productivity and growth, and also due to the unique demographic dividend in terms of presence of a large young population, healthy savings and integration into global economy. With recovery in economic growth, credit demand is expected to pick up in turn leading to a virtuous circle. 5.7 For inclusive growth, creation of jobs and financial inclusion is vitally important. For job creation and uplifting the people falling below poverty line (BPL), the MSME sector is critical in India. The MSME sector has around 63 million units in the country employing approximately 111 million people across all sectors, contributing 31.6 per cent to the GVA at current prices10. The share of the MSMEs in the exports of the country stands at 49.86 per cent11. Specific administrative reforms are focussing more and more toward strengthening the MSME sector. The PMMY, a scheme launched in April, 2015 for providing loans up to INR 1 million to the non-corporate, non-farm small / micro enterprises, is a prime example of these reforms. The loans are to be classified as MUDRA loans under the PMMY and are to be extended by Commercial Banks, RRBs, Small Finance Banks, Cooperative Banks, MFIs and NBFCs. 5.8 Evidence based targeted policy making and then monitoring the effectiveness of the policy reforms requires a sophisticated decision support system backed by a comprehensive information system. However, from existing credit information perspective, there is lacunae in comprehensive data in terms of comprehensive debt snapshot, coverage of all borrowing entities and all lending entities in the system, validated key credit data and harmonized information. Also, there is inefficiency in the reporting system in terms of multiple reporting to various agencies leading to data quality issues and inconsistency across platforms. The regulated credit institutions are mandated to report credit information as per a specified format to all CICs. But in practice, the coverage in terms of reporting entities as well as types of instruments is far from complete. It is very important to capture all key credit information (debt facilities, collaterals, guarantees etc.) of a particular borrower from multiple stakeholders. Capturing data on overseas lending, such as External Commercial Borrowings (ECBs), Foreign Currency Convertible Bonds (FCCBs) and Masala Bonds, in the same platform is also equally important. It may be mentioned here that the ECBs outstanding at the end of June, 2017 stood at USD 183.6 Billion12, and this information has not been integrated in any of the existing granular credit information repository. Debt products like loans from NBFCs, borrowing from market via CPs, NCDs etc. is assuming more significance with each passing day, but the coverage of this information in a single place is not available. A comprehensive and exhaustive credit information repository covering all types of credit facilities (funded and non-funded) extended by all credit institutions – Commercial Banks, Cooperative Banks, NBFCs, MFIs – and also covering borrowings from other sources including external commercial borrowing and borrowing from market, is essential to ascertain the total indebtedness of a legal or natural person. This repository, in the form of PCR, may keep track of a credit through its entire life cycle – from origination to maturity – enabling near real time monitoring and assessment of credit. 5.9 The inefficiency in the existing system in terms of multiple reporting – reporting essentially the same information in different forms to different reporting agencies – can be removed by making PCR the single point for receiving granular credit information. All credit institutions may be mandated to submit timely and accurate granular credit information as per a specified format to PCR. All major stakeholders – reporting entities, the borrowers, CICs, IU(S)(s) and Regulators – can then access the information as per their specific requirement and as per a formulated data access policy. The agencies with access to PCR data should not collect the same information from the reporting entities. This will not only reduce the reporting burden on the credit institutions, especially for the small sized credit institutions, but will automatically lead to removal of inconsistencies at the aggregate level stemming from multiple reporting, which will lead to improvement in data quality. From the regulators’ and policy makers’ perspective this repository will give the holistic picture of the credit situation at a single place – invaluable in decision making. 5.10 The design of PCR should be modular in structure so that it can link with other existing databases and the full potential of the linked information can be harnessed. For example, the securitised asset registry maintained by the CERSAI, is a critical unit of credit information. CERSAI allots unique asset IDs to each asset on which security interest gets created. The credit institutions can report to PCR the unique CERSAI asset ID, as part of the collateral information, based on which the credit information in PCR can be linked with the collateral information in CERSAI. 5.11 Unique identification of borrowers is also vitally important. Once the borrower is uniquely identified the identification key can then be used to link the PCR information with other databases where the borrower’s financial information is stored. For unique identification of entities, a combination of PAN, Aadhaar, CIN and LEI may be used, as most of the existing reporting systems are based on either of these identification codes. However, it is essential that one kind of unique identifier (a single key or a combination of keys), and only that one kind, should be allowed to be used for one class of borrowers (natural or legal person)13. It is also important to assign a PCR identification code to each loan reported to the PCR as it will be helpful to track a loan’s life cycle. For example, if a credit instrument gets sold to some other entity, then the reporting will continue by the new owner of the instrument, whereas the original owner will report the closure to PCR. Using the PCR ID of the loan the continued life cycle can then be tracked. 5.12 The CICs may continue sourcing credit information from credit institutions, but this should be based on mutual agreements and be optional for the credit institution. PCR may share credit information on a need-to-know basis and backed by explicit consent of the borrowers, as deemed fit by the RBI. The CICs may continue providing credit scoring and other value added services to a range of users. The CIC membership norms for the credit institutions may be suitably amended so that it will not be obligatory for the credit institutions to provide credit information to the CICs. The membership to CICs thus may be driven by the quality of the service provided and the originality of the analysis / innovation offered, rather than by a mandate and unique access to granular credit information. This would lead to healthy competition and promote innovation. 5.13 IU(S)(s) may also access information from PCR as per their need and as deemed fit by the RBI. As PCR will store near real time information pertaining to the credit life cycle to facilitate credit decision making during its various phases – origination, monitoring and enforcement –, and IU(S) is primarily a repository of legal evidence, IU(s) may source the primary credit information from PCR, authenticate the same externally from all parties involved in the debt and store it for possible use in judiciary proceedings. With the objective of reducing reporting burden, the RBI may suitably amend the regulation for credit institutions for submission of core credit information to IU(s) and decide on how much information the IU(S)(s) can source from the PCR and how much they should receive directly from the credit institutions. DATA PRIVACY & ACCESS CONTROL 5.14 Access to PCR data must adhere to strictest measures of privacy and protection to sensitive information and be based on explicit consent from borrowers. This will help alleviate the legitimate data privacy concerns present now and also foster data privacy. Any information gathered from the PCR may be used for the authorised purpose only and not for any other commercial purpose. 5.15 For all new loans to be granted, the loan agreement between the lender and borrower should include borrower’s consent giving access to her credit information in PCR to the lender with the consent remaining valid till the maturity of the loan. For all existing customers, such consents may be gathered by the credit institutions. The consent should be digital in nature and must fit in the technological framework for data sharing between the PCR and the credit institution. The credit institutions may choose to query PCR database before extending any loan to a new customer for the credit history of the customer, in which case the request must be accompanied by the digital consent artefact. 5.16 No lender should have access to information with identification of other lenders so as to avoid possible un-ethical business practice. If a borrower approaches any CIC for her credit history report, the CIC may access that borrowers’ information from the PCR. This access must be based on the explicit consent from the borrower and accordingly detailed granular data may be shared. However, to ensure the right to privacy of the borrowers, for any other requirement, the CICs may have access to granular data from PCR, with the identities of the parties to the credit instrument appropriately masked. RBI may have full access to the granular PCR data with deemed (implicit) consent of the borrowers. All other regulators may have access to PCR through RBI. 5.17 With these broad considerations in place, the overall access control can be summarised based on the possible users as follows:
5.18 A detailed access control policy with more granular details on the sensitive fields and the access thereof for various parties may be drawn out by the PCR authority in sync with the broad outline presented above. OVERSIGHT OF ORGANIZATION AND OPERATION OF PCR 5.19 As outlined earlier, the PCR would be the single point of mandatory reporting for all granular credit information. The regulators should strive to achieve rationalization of granular credit information reporting so that the information reported to PCR may not be needed to be reported elsewhere, thus reducing the reporting burden on credit institutions. The PCR would function on the principal of reciprocity and the credit institutions submitting data to PCR would receive in turn regular report in a fixed interval with the system wide exposures of all their existing borrowers along with defaults made, if any. The PCR would not provide any credit scoring services or any service which involves subjective inputs. The borrowers can approach PCR for their own credit history reports. 5.20 As a repository of most granular level credit information at transaction level, the PCR system should include a grievance redressal mechanism so as to address the legitimate concerns of borrowers regarding their credit history. The grievance redressal may be centralized to PCR system, wherein the requests received would be forwarded to credit institutions for necessary action. 5.21 As the envisaged PCR would collect credit information from all resident credit institutions, majority of which are under the sole regulation of the RBI, it is desirable to have the PCR set up within RBI. In due course, with the maturity in the credit information reporting ecosystem, RBI may consider setting up a fully owned subsidiary to host PCR. 5.22 The PCR may be backed by suitable legal framework, in terms of a separate legislation, making it mandatory for credit institutions to submit timely and accurate credit information, as is the International practice. It is essential to maintain both timeliness and accuracy of the information being reported to PCR. The PCR authority may accordingly be endowed with enforcement power to take action against non-submission, late submission and wrong submission of information. Necessary modifications in extant legal provisions may be made accordingly after due consideration. HIGH LEVEL INFORMATION ARCHITECTURE OF THE PCR 5.23 The PCR information architecture can be thought of as consisting of 4 primary layers:
5.24 With regard to the linking of information available within other information systems, it should be noted that whereas this would be one of the key strengths of the envisioned modular PCR structure, the sources to link to, the information to be linked and the related arrangements may be worked out in collaboration between the regulators and the stakeholders under the aegis of the RBI. 5.25 The idea is to centralise all credit information reporting to PCR and then allow all stakeholders to access the information as per the allowed access level (and thus moving toward a ‘star’ topology instead of the existing ‘mesh’ topology). The long term view for the PCR would be to establish itself as a single window for the lenders to access all factual credit information stored within PCR and other linked sub-systems. With this view the high level information architecture is presented in the following diagram. Implementation of the PCR 5.26 The existing data warehouse infrastructure and the in-house expertise available in RBI may be leveraged and suitably be enhanced for a quick rollout of the PCR. However, from the beginning it needs to have a strong technical team and systems and processes in place. The PCR should be structured as an independent unit within the RBI so that it may be hived off to a separate non-profit entity at an appropriate time. It should eventually achieve an autonomy and agility to move with the evolving environment and cater to the changing demands. 5.27 Considering the broad scope of PCR, the project may be expedited by phased implantation (12 months + 12 months) as described below. At the time of implementation, these two broad phases may be accomplished in multiple sub-steps. Phase 1: On-boarding all SCBs and top NBFCs which are already submitting CRILC and / or BSR-1 to RBI and all UCBs. Establishing linkage with important ancillary credit information systems. Phase 2: Continue on-boarding NBFCs, and rural cooperative banks (StCBs and DCCBs at first, PACs with requisite computerization of systems). Establishing linkage with other ancillary credit information systems. Based on the HTF’s active engagement with all stakeholders of the credit information reporting ecosystem in India and considering the prevalent best international practices while keeping in mind the unique scenario of the Indian credit market, the HTF would like to make the following recommendations in relation to its terms of reference. R1: With a view to remove information asymmetry, to foster the level of access to credit, and to strengthen the credit culture in the economy, a PCR should be set up by RBI. In due course, RBI may consider to move the PCR to a separate non-profit entity. R2: The PCR should be the single point of mandatory reporting for all material events for each loan without any threshold in amount. Thereby, the PCR will serve as a registry of all credit contracts, duly verified by reporting institutions, for all lending in India and any lending by an Indian institution to an Indian natural or legal person. R3: The PCR should be backed by a suitable legal framework to achieve its objectives. R4: Considering the broad scope of PCR, the project may be implemented in a phased manner. R5: Data quality of information reported to PCR will be the responsibility of the reporting entities. The authority in charge of the PCR may be endowed with appropriate enforcement power to take action against any violation of rules and regulation. R6: The borrowers may access their own credit history report from PCR. Access to PCR data to all stakeholders must be on a need-to-know basis only and adhere to the strictest measures of privacy and protection to sensitive information. R7: The PCR should capture both positive and negative information for all loans. R8: With the objective of making credit available to those without a recorded credit history and to enable flow based lending, the PCR would collect / facilitate linkage to ancillary credit information, such as utility / statutory / insurance payments data, GSTN data etc. subject to the extant legal provisions. R9: To capture a holistic picture of the borrower’s total indebtedness, the PCR should include data such as ECBs, market borrowings, and all contingent liabilities. R10: The PCR should include linkage to available caution / advisory / defaulters’ lists such as RFA, wilful defaulters’ list, CFR, ECGC defaulters’ list etc. The PCR should ensure interoperability and linkages with other information systems. ______________________________________________________________________________________________________________ 2 From now on, we use the term Public Credit Registry (PCR) to identify the public sector operated and Private Credit Bureaus (PCB) to identify the for profit, private sector operated credit registries. 3 Jaffee, D. M. and Russell, T. 1991. “Fairness, Credit Rationing and Loan Market Structure”. University of California, Berkeley, Haas School of Business. 4 Stiglitz, J. E. and Weiss, A. 1981. “Credit Rationing in Markets with Imperfect Information”. American Economic Review, 71(3): pp 393-410. 5 This section draws from the material in “Report of the Expert Group on Credit Histories” submitted to the European Commission in May, 2009 6 Miller, M. 2000. ”Credit Reporting Systems Around the Globe: the State of the Art in Public and Private Credit Registries” 7 “Should the availability of UK credit data be improved”? Bank of England Discussion Paper, May 2014. 8 https://www.ecb.europa.eu/stats/money_credit_banking/anacredit/html/index.en.html 9 General Principles for Credit Reporting. The World Bank, 2011. 10 Annual Report, 2017-18. Ministry of Micro, Small and Medium Enterprises 11 Press Release, Ministry of Commerce & Industry 12 India’s External Debt as at the end of June 2017, RBI Press Release dated Sep 29, 2017. 13 Ref 2.6, Report of the Working Group on Information Utilities, 2017. Memorandum of the High Level Task Force (HTF) on Public Credit Registry (PCR) for India It has been under active consideration of the Reserve Bank of India to set up a transparent and comprehensive public credit registry (PCR) – an extensive database of credit information for India that is accessible to all stakeholders – that would help in enhancing efficiency of the credit market, increase financial inclusion, improve ease of doing business and help control delinquencies. The Statement on Developmental and Regulatory Policies, issued on October 04, 2017 as part of the fourth Bi-monthly Monetary Policy Statement 2017, had announced the constitution of a High-level Task Force on Public Credit Registry for India. The Task Force comprises:
The Task Force may invite any experts from World Bank / ECB etc. if required, with the permission of the chairman. The terms of reference of the Task Force are:
The Task Force would have its secretariat at Department of Statistics & Information Management and it will submit its report within six months from the date of its constitution, i.e., by April 04, 2018. (Dr Viral V. Acharya) The High Level Task Force on PCR formed three subgroups for Banks, Non Banks and Co-operative Banks. Further, suggestions and feedback was sought from other regulators and various regulatory departments of Reserve Bank of India. A technical subgroup was formed to assess the possible Information & Technology architecture of PCR. Terms of reference of the Subgroups (Banks, Non Banks & Co-operative Banks) were as follows:
Subgroup of Banks The constitution of the Subgroup was as under:
Subgroup of Non Banks The constitution of the Subgroup was as under:
Subgroup of Cooperative Banks The constitution of the Subgroup was as under:
Technical Subgroup Terms of reference of the Subgroup were as follows:
The constitution of the Subgroup was as under:
2(a) Report of the Banking Subgroup Report of the Banking sub-committee of the High-level Task Force on Public Credit Registry Executive summary ‘Information is power’ is a widely recognized and well-accepted adage. For proper functioning of any financial sector in an economy, the supply and dissemination of information is a pre-requisite. The financial sector in a developing economy like India would certainly benefit through development of a system which aims to fill the information gaps. With an eye on this objective, the idea of a Public Credit Registry (PCR) is being conceptualized. Such a registry is expected to be a comprehensive registry of all key credit information, made available from all relevant stakeholders; such information being accurate/validated, complete and updated.PCR is expected to bring in transparency and reliability in the financial sector. With this background, the Banking sub-committee was formed by High-level Task Force of PCR which identified the following key challenges currently faced by the lenders:
In order to work towards its terms of reference, the work approach of this sub-committee was guided by certain objectives; these being:
With the above approach, the Banking sub-committee adopted the concept of use cases for designing the PCR. As a lender, any information that forms part of PCR, can be utilized in three scenarios viz. at the time of origination of credit, monitoring of credit and for enforcement (pre and post), in case of any irregularities in credit. Hence, the following three use cases were identified by the sub-committee:
To streamline the requirements, two deliverables were considered for the use cases. The first was to create a list of data requirements for origination, monitoring and enforcement use cases. The second was to streamline and simplify/ consolidate existing reporting After its various meetings, the sub-committee made certain recommendations as follows:
The sub-committee also recommended a phased approach for the implementation of PCR by first implementing the same for corporate borrowers above a certain threshold (aggregate debt of₹ 50.0 million and above) and later for retail borrowers. The two should finally converge to make PCR more comprehensive. The sub-committee hereby submits its report detailing out the work approach, the deliverables along with the recommendations. Background Access to information is critical for making effective credit decisions in any financial sector. Such access not only translates into effective credit assessment, thereby resulting in sound risk management, but also helps in removing information asymmetry amongst various key stakeholders of a financial sector in an economy. It helps both the lenders in taking effective credit decisions and the regulators to supervise effectively, decide on early intervention and understand the impact of their key monetary policy decisions. Access to information, by assisting in sound risk management, would help the lenders to improve the quality of their asset portfolio. Lenders would have the opportunity to identify clients with good credit histories while they would be able to avoid delinquent clients. PCR would also caution borrowers against making any delays in their payments as it will affect their credit worthiness. At present, though credit information is available in bits and pieces across multiple systems, what is essentially lacking is a consolidated platform, with the necessary credit information, which is accessible to all the stakeholders. Development of such a public credit registry, thus becomes essential, especially in a developing economy like India. With this objective, Reserve Bank of India (RBI) constituted a 10-member High-level Task Force (HTF) in October 2017 to develop a roadmap for Public Credit Registry (PCR) in India. PCR is a widely recognized concept globally and countries such as Germany, Portugal, Spain, Brazil etc. already have fully functional public credit registries. On similar lines, PCR in India is expected to be a repository of all key credit information (viz. debt facilities, collaterals, financials etc.)of a particular borrower collected from multiple stakeholders. The proposed PCR would be expected to track a credit from its origination to maturity, keeping a record of all material events including timely repayments and defaults, if any. With other debt products likes CPs, NCDs, loans from Non-Banking Financial Companies (NBFCs) having assumed significance in recent times, it is important to have information of all debt obligations, and not just bank loans, be it in rupee or in foreign currency. Hence, PCR would be expected to cover all types of credit facilities (fund and non-fund)availed by a particular borrower from domestic as well as overseas lenders (including external commercial borrowings (ECBs) from recognized lenders, masala bonds, foreign portfolio investment etc.). PCR can also act as a validation tool for any lender while taking credit decisions for a potential borrower. For example, in scenarios where a lender is extending fund based facilities against guarantees/letter of undertaking of other banks, the lender can validate from PCR if the non-fund based facility has actually been assisted to the borrower. Access to credit information, including debt details and repayment history would finally enable automated lending in the future by way of ‘flow based lending’. For example, currently most banks focus on large corporates for loans and consequently the micro, small and medium enterprises are left with limited options for borrowing. With satisfactory payment history and validated debt details made available, it will increase the credit availability to micro, small and medium enterprises along with deepening of the financial markets. This will also support the RBI policy of financial inclusion. The HTF has the following scope of work:
To understand the expectations and requirements of various segments, HTF has further constituted the following sub-committees:
The Banking sub-committee, chaired by Ms. Vishakha Mulye from ICICI Bank, consists of eleven members and has representations from Indian Banks Association (IBA), public sector banks, private sector banks, foreign banks, small finance banks and regional rural banks. The list of members is provided in Annexure I. The terms of reference of the Banking sub-committee are as follows:
Current key challenges The committee discussed the current challenges faced by various lenders in the Indian financial system. The key challenges highlighted by the committee were as follows: Lack of comprehensive data: Firstly, credit information is currently available across multiple systems in bits and pieces and is not available on one platform. Secondly, there is certain key information which is essential for making effective credit decisions but is not reported currently. Thirdly, many a times, lenders are dependent upon the borrower for providing key information. Lack of comprehensive debt details: The complete debt snapshot of a borrower is not currently available in any system for the use of the lenders. With financing happening from non-bank funding sources (viz. NBFCs, mutual funds, foreign portfolio investors, alternative investment funds etc.), details of credit facilities from banks alone do not provide comprehensive debt information. Lack of comprehensive coverage of borrowing entities: Systems like MCA only have data of companies and limited liability partnerships. Data for other entities (viz. trusts, societies, AOPs, general partnerships, sole proprietorships etc.) is currently not available in any system. Lack of validation: Certain data if not validated, may give incorrect information. Many a times, there is a high dependence on the information submitted by the borrower itself, which may contain inconsistencies to the borrower’s advantage. Lack of harmonization: For certain data, there exists no harmonized lists that lead to lack of uniformity among the lenders; for example, industry classification for a particular borrower. It was observed by member banks that lending in the retail space was more streamlined with better access to information due to presence of credit bureaus as compared to information for corporate borrowers. Work Approach The Banking sub-committee deliberated on the approach to be taken for the design of PCR. It was agreed by all member banks that in the current scenario, with banks struggling with poor credit quality of portfolio, PCR with its 360-degree view of borrower would provide comprehensive credit information and would help in making better credit decisions and also support sound risk management. It would also enable better governance controls through enhanced monitoring. While discussing the PCR design, members were of the view that many of the current systems from where the data is currently fetched, like MCA, CERSAI, CRILC, etc. should be made interoperable with PCR so that there is not much disruption to the existing systems and processes. It was also discussed that CRILC has been a very useful tool and hence, PCR can build upon it further. Another point deliberated at length by the member banks was validation of data. The committee was of the view that a repository of data which is not validated cannot be relied upon. Hence, it is essential that whatever data goes into the PCR should be validated to ensure its correctness for acceptability. With PCR being a one comprehensive window for all credit data, it would drive innovation in lending. With application of analytics to PCR data, automated lending applications would soon come up. Also, innovation in products like short term loans based on cash flows would take place. The committee believed that PCR would also drive inclusive banking by increasing the reach of credit to micro, small and medium enterprises. Currently, most banks lend to medium or large corporates while there are very limited options for the smaller players. With PCR providing credit history and validated data for borrowers, more options would be available for the smaller players. The committee also discussed the reporting framework currently in practice wherein banks have to provide more than 300 reports. Since there are many systems with data in bits and pieces, a lot of overlap also happens. With PCR being a comprehensive data registry, it would not only simplify but also streamline and consolidate reporting. At the same time, it would also improve the quality of reporting. With the above approach, the Banking sub-committee used the concept of use cases for designing the PCR. As a lender, any information that forms part of PCR, can be utilized in three scenarios viz. at the time of origination of credit, monitoring of credit and for enforcement (pre and post), in case of any irregularities in credit. Hence, the following three use cases were decided by the sub-committee:
Three working groups were formed in order to prepare the data sets for each of these use cases. The first two working groups had the following actionables:
For the use case of reporting, another working group was formed which had the actionables to determine the current reporting being done by banks and identify the data overlaps between various information systems. The group had to then present recommendations on simplification/consolidation of multiple reporting. The list of members of each working group is provided in Annexure II. The output of each of the working group is detailed herein. Deliverables Creating a list of data requirements The essential list of information for any borrower, both retail and corporate, that PCR should effectively capture, should include basic details of the borrower as well as certain key information that play an important role for taking a credit decision. Such information should, inter-alia, include details of debt facilities of the borrower from all lenders, conduct of these facilities and the collateral provided to secure such debt facilities, if any. The primary focus behind designing the universe of data fields to go into the PCR is to enable any stakeholder, who has access to the PCR, to obtain a 360-degreeview of the borrower, through a single portal. This will not only lead to taking sound credit decisions but would ultimately lead to development of a flow based lending since the PCR will be a repository of all key credit information. Keeping in mind these parameters, data fields were created for each of the three use cases of origination, monitoring and enforcement. While enumerating the data fields, suggestions have also been made for:
Origination use case Before taking decision to extend credit, a lender needs certain basic information as well as certain additional information to make effective credit decisions. While the proposed PCR may not contain the entire universe of all such information (the requirement of which may also vary from lender to lender), it is endeavored to include all necessary information that will be required across the entire universe of lenders for extending any credit facility. A list of data fields has been created for the Origination use case keeping in mind such requirement; the information includes, inter-alia, information pertaining to
Monitoring and Enforcement (Pre and Post) use case Once a credit is originated and disbursed, the lender needs to monitor the same till the facility gets repaid in full. Regular monitoring helps a lender to identify early warning signals that could warn the lender much before default occurs in debt servicing. This can help the lender to take proactive steps to either reduce exposure or to secure their facilities in a better way, if possible. In case a loan becomes non-performing for any reason, PCR, with its information on debt, collaterals and prior restructuring of the borrower or other companies in the same industry can help the lender to restructure the account more effectively as well as promptly. Since, the information for Monitoring use case and Enforcement (Pre and Post) use case would essentially overlap, it was agreed that a common working group would work on both the use cases. A list of data fields has been created for Monitoring and Enforcement (Pre and Post) use case to include all such necessary information; the information includes, inter-alia, information pertaining to:
The final list of the data fields for the use cases is provided in Annexure II. Simplification/Consolidation of existing reporting This working group started its work with the approach to identify the universe of reports being submitted by Banks to regulatory/ quasi regulatory bodies. Once the PCR data design was prepared by the other working groups, the reporting working group recommended steps for simplification/ consolidation in order to remove duplication of submissions. During its various meetings, the working group studied the data elements of all customer level/ deal level reporting being carried out by Banks either to RBI or other regulatory or quasi regulatory bodies including (but not limited to)
The working group mapped the list mentioned above with fields/ data elements required/ recommended by the working groups of origination, monitoring and enforcement. Basis this, the group gave its recommendations for simplifying and consolidating reporting by lenders. On the basis of current fields finalized for these use cases, recommendations have been made for simplification/ integration of current reporting in Annexure III. Recommendations Dataset design is being recommended by the banking sub-committee, as detailed in Annexure II. In addition, the following recommendations have been given by the banking sub-committee of PCR: Universe: To have a 360-degree view of the borrower, it is important that all debt instruments be covered by including all lending institutions (banks, NBFCs, mutual funds, insurance companies, etc.). For the category of borrower, it was recommended that PCR should take a phased approach and first implement for corporates with exposures above a threshold amount (aggregate debt of ₹ 50.0 million and above) and later for the retail borrowers. Finally, the registry for corporate borrowers and retail borrowers should converge to make PCR more comprehensive. Frequency of Updation: In order to develop PCR as a source of real time information, details of debt, conduct of account, collateral, bank accounts, control & monitoring parameters, etc. need to be updated either on a monthly or a weekly basis. On the other hand, information regarding background details, financials, etc. may be updated either on a quarterly or an annual basis. Security: PCR would be a registry of very sensitive and confidential data. Hence, the design and architecture of PCR should ensure that the data is not compromised at any point of time. Access rights: The PCR is expected to contain confidential and sensitive information. It is proposed that access rights be given with adequate firewall so that separate stakeholders have access to requisite information. A pragmatic data acquisition model may be implemented such that each stakeholder would have to submit only its relevant data. Further, confidential information may be masked, wherever required. Data validation: PCR should contain valid and correct information. To ensure this, all data submitted to PCR should be validated. It was also proposed that additional validations should be done for critical data. For example, the total operating income of a company can be validated by checking the GST or income tax data. Harmonization of data: Few of the data fields to be included in the PCR, viz. sector/sub-sector code and group code require harmonization. A harmonized list can help in removing inconsistencies in classification of customers, given that presently there exist multitude of different lists maintained by different agencies/departments. Similar harmonization should be done for other data fields, wherever required. Credit surrogates: Certain data fields can act as surrogates for assessing the credit quality of a potential borrower; these include utility bills payment, provident fund payment, tax/statutory dues payment, etc. Linking of these individual systems with the PCR for capturing such data is thus recommended. Further, access to data such as GST etc. can be effectively used to validate financials of the borrower. Standardization: Currently, for monitoring purposes, banks require various periodical reports such as stock statements, unit inspection reports, FFR etc. However, the formats of each of these reports vary from bank to bank and from borrower to borrower. In order to ensure consistency, it is recommended that standardization of such reports should be carried out by IBA. These reports can be integrated with PCR in future. Also, apart from these periodical reports shared by borrowers with the lenders, certain other documents which are exchanged between lenders like resolution plans, no-objection certificates, minutes of consortium meetings etc. can be integrated with the PCR. Interoperability: Most of the credit information is currently available in multiple systems. Interoperability between these systems with PCR should be assessed. Also, certain data can be sourced directly from government/quasi government sites such as CRILC, MCA, NSDL, CERSAI, SEBI, etc. into the PCR. Simplification and consolidation of reporting: Post finalisation of the design and data attributes of PCR, an analysis should be done of the current reporting done by lenders to regulators. There is a need to rationalize and streamline reporting by financial institutions. We understand that RBI has already undertaken this project; other regulators should also take up this exercise. On the basis of current dataset design of PCR, recommendations for simplification of reporting is given in Annexure III. Application of analytics: It was discussed that the PCR would be a registry of all credit data and that analytics would sit on top of PCR. Each bank or agency can separately apply analytics to ask queries, generate reports etc. Even industry benchmarking can be done with the application of analytics. Materiality: In certain data sections like news, litigation, the committee was of the view that no filters should be applied by PCR for deciding which data is material in nature. It should be a landing page which provides all information and it should be the responsibility of the entity accessing the data to apply their own criteria to the data in PCR. 2(b) Report of Non Bank Subgroup Report of the Sub-group of Non-bank Abbreviations used
Executive Summary: Recent developments in the financing space shows that there are new sources of financing are springing up. Many businesses/individual borrowers are increasingly turning to the nonbanking lending institutions to meet their funding needs, thus these institutions have emerged as key financiers to businesses. These institutions seek information from the varied sources during the entire loan cycle about the borrower. Hence a common registry has been conceptualized i.e. Public Credit Registry, which can provide the accurate, complete and updated information to lending institutions in one platform. Given this background, the Subgroup endeavoured to identify the key concerns that non banking lending institutions face while collating the due diligence information about the borrower and the possible means of overcoming these challenges. Accordingly, following are the major challenges faced:
Further, the sub-group submits that the key policy recommendation and expectation from the PCR, listed as below: 1. Public Credit Registry should source information from various public platforms To have a common access at a single platform across all available public data-base of their customers / customer groups including platforms providing negative or reg flag information such as regulatory action, enforcement proceeding, defaults, etc. 2. Common KYC {including Non-Individual (non-corporate) } Uniform KYC requirements for all types of customer specially non-individuals non-corporate customers in a structured format across regulators and products. This will enable PCR to comprehensively integrate its database with other sources of information. 3. Strengthening of Scoring mechanism A scoring mechanism that may be developed basis the information available with PCR which would include parameters such as payment history, payment default of statutory dues, litigation convictions, enforcement actions, negative remarks by regulators etc. On the similar lines, early warning signals may be provided so that effective decisions may be made. 4. Credit Information Bureau For PCR to be more effective data repository it is essential that the sources of such information are updated, hence CIC should be made more robust with near real-time data updation, query resolution mechanism, details of collaterals, guarantees, etc. 5. CERSAI (mortgage) CERSAI Platform to be enhanced to include updates on initiation of any enforcement of security, efficient reporting of priority of charge, introduction of common identifier for mortgage assets, capturing the information regarding NOCs from existing lenders, Takeover cases, pari-passu charges may also be included in PCR. This would ensure that updated information is available through PCR to prospective lender and in turn help lending institution in taking informed calls. 6. PCR to serve as Common Reporting Platform PCR could be evolved to serve as a common reporting platform and common data warehouse managed by PCR can be accessed by other agencies for their relevant data purpose. This would reduce multiple reporting requirement of similar data as well maintain data consistency. 7. Other Recommendations (key ones)
The sub-group hereby submits its detailed report and requests for making necessary amendments in the applicable acts, laws and regulations to make the Public Credit Registry an efficient and effective platform for all stakeholders. Background: The RBI constituted a High Level Task Force (HTF) which is working towards setting up a Public Credit Registry (PCR) – an extensive database of credit information of India that is accessible to all stakeholders. The HTF has been actively engaging with major constituents in this regard. To further crystallize the views of the Non Banking Finance Companies (NBFC), a sub-group has been constituted with the objective of ascertaining the information needed by the lending institutions while deciding whether or not to lend, the current sources of getting such information and recommendations for creating a common platform to gather such information at one place. In this respect, it is also important to identify the missing information and how it can be gathered and integrated with PCR. Constitution & Terms of References of the Sub-Group: The following persons are the members of the Sub-Group.
Terms of Reference of the Sub-group: The terms of reference of the Su-group as under: A. Challenges in efficient decision making during various phases of the credit life cycle due to lack of credit information; B. Expectation from PCR; outline of information desired to be captured within PCR; C. Consolidation/Simplification of multiple reporting currently being done; and D. Suggestions for simplified on-boarding/minimum disruption to stakeholders Meetings of the Sub-Group The Sub-group along with RBI officials met on February 26, 2018 at Edelweiss’s office, where the members deliberated on the issues outlined in the terms of reference. Based on the deliberations, the Sub-group hereby presents the Report. Life Cycle of Loan, Information nature and Current Sources of Information A loan passes through various stages, from the moment it is proposed to be given till the time it is repaid. The process begins with a loan application form, in which the customer is asked to furnish their basic details and the kind of lending facility requested. Next is the detailed due-diligence including credit appraisal of the application, and taking a decision whether the applicant is eligible for the loan asked and whether loan can be extended to that customer. There may be various internal parameters in arriving at this decision. Assuming that the loan is sanctioned, lending institution gives a commitment and stipulates terms and conditions governing the same including the collateral which will be provided by the customer against the loan. The due diligence of such collateral is another important aspect. The loan amount is then disbursed and credited to the account of the customer, who draws the amount, uses it for the purpose for which it was taken. The account is continuously monitored for the repayment of interest and the principal loan amount. If the loan is not repaid or there is a delay, the loan asset’s status is changed to reflect its deterioration. The lending institution may also charge penal interest or interest on interest in such a scenario or take other necessary measures to recover money. On the other hand if the loan account is conducted well, it will close on the date the last instalment is due and paid. On closure, lending institution will return or lift the collaterals which it had taken. The loan cycle is now complete. Accordingly following are the important stages for loan cycle where lending institution would need to perform due diligence and would need to use various sources to confirm the accuracy and completeness of the information available to it for effective lending. Client on-boarding The following are the information to be sought, its sources and challenges in getting the same: Client level:
Due Diligence: Client based, Promoter group
Transaction based
Sanction/Pre-disbursement
A. Ongoing Monitoring
Current Challenges in Data Sourcing: As provided in above there are different information required at different stages. The effectiveness of lending will be dependent upon the quality, accuracy and completeness of the information whether provided by client or gathered through the public sources. Following are the current challenges which NBFC face while handling these information and its sources: Inadequacy of Information The information about all individual and non-individual clients is not available at one place. While the information for companies or LLPs are available there is no central database available for verifying the structure or other constitution details for entities falling under the categories of AOPs, Partnership, HUF, Trusts etc. Further the status of the members of such entities and the updates in such status (Eg. Karta, partners with any limitation on liability such as sleeping partner) is not available. Even verification from those separate data available in public domain is scattered and incomplete. These limitations may result in inadequate and ineffective diligence of such entities, at times. Therefore, a central repository capturing all the details including that of UBO of every constitution other than Companies or LLPs can be built and made available to all stakeholders. Further, certain information is made available to banks, however the same is not available to NBFC e.g. Information on financial delinquency like categorization as SMA, SMA I or SMA II etc. available in CRILC or database on willful defaulters. Such information need to be also made available through one database to all stakeholders (including NBFCs). Another challenge that lenders face at the time of appraisal is the assessment of the real beneficiary/ controlling person, associated with the complex chain of ‘shell’ entities, including companies/LLPs/Trusts etc. These entities in many occasions are controlled by the family members/associates of the main controlling person. It is a web which is very difficult to unravel through the currently available information platform/s. Information available in fragmented manner Currently, the data is available in a scattered manner and non-uniform basis. The various sources, from where such data can be accesses are CIC, Cersai Registry, KRA registry etc. These data base provide different inputs and may be not updated on timely basis, hence providing different information for the same client. Thus it becomes difficult to rely upon and verify the information provided by these clients. A single repository across these agencies capturing entire database of such clients, will ease out the due diligence process. The access can be made available through separate registration process for access through USER ID and password. Dependency on Self Disclosures by borrowers Currently there is a lot of self certified data taken by customer and relied upon e.g. client KYC, Income details, financial details (assets & liabilities), networth, contact numbers, nationality etc. These details especially financial details are important parameters for lending. Incase of corporates these details are available through audited financials, however the same does not provide a holistic view regarding the paying capacity of the client. With respect to the clients like individuals, HUF, Trusts, AOP, Partnerships the information is further limited and a lot of time there is dependency on the client. Authenticity and Reliability The various pieces of information are cross checked with the information available on MCA, Income Tax, Exchange website for listed company disclosures, Regulator’s website for regulated entities, CERSAI Portal, Judicial websites (for litigation) etc. However most of the time the information is either not updated or inaccurate entries are passed. This leads to inaccuracy and thus affects the quality of lending. Further, records available with CIC, there is no mechanism to raise queries on the observation and feedback from the other participants. Time, dated information and cost In the various portals, as available today for cross verifying the information, are MCA, Income Tax, Exchange website for listed company disclosures, Regulator’s website for regulated entities, CERSAI Portal, Judicial websites (for litigation), Company website etc. However many times the updated information is not available. For example the CERSAI portal takes lot of time leg to get the registration of collateral/security. Further at times such reports are not available in machinereadable format. Due to these limitations lending institution has to invest time and costs to get the same converted. Post disbursement monitoring of the financial position of the entities is another challenge, especially in the light of change in ownership patterns/creation of new ‘shell’ structures, transfer of underlying assets including personal assets of borrowers to family members/associates/associated entities. It is virtually impossible under current system to ring-fence the personal assets from such diversion leading to situations where the borrowing entities go bankrupt, whereas promoters are virtually unaffected. Additionally various aggregator portals like ‘world-check’, Watchout Investors, CIBIL are paid portals and each time a record is accessed, lender has to bear the costs. Recommendations and expectation from PCR Since the PCR will be an extensive database of all credit information belonging to the customers at one place, the below outline of information and mechanism are desired to be captured within PCR. 1. Public Credit Registry should source information from various public platforms: Currently, information is being sourced or verified by lending institution through multiple platforms e.g. information pertaining to the Company or LLP is available on MCA portal, information pertaining to regulatory status or regulatory actions/orders is available to regulators’ website i.e. RBI, SEBI, IRDA, NHB etc., basic KYC data, for individual clients, accessed through CERSAI. The regulators also keeps on issuing various lists like wilful defaulter list (RBI), shell companies lists (FIU), strike off companies list (MCA), High risk NBFCs (FIU), etc. There is a need for financing institutions have a common access at a single platform across all available public data-base of their customers / customer groups. Recommendations: a. PCR to capture / access information in a standardized format through various existing platforms such Credit Information Bureau, MCA, CERSAI, Exchange Website for listed corporate (both equity and debt listed), CRILC, FIMMDA, Information Utility, Income Tax for PAN / TAN database, Judicial database. b. Data-feed from Goods and Services Tax Network (GSTN) The Goods and Services Tax Network (GSTN) is a non-profit, public private partnership company. Its primary purpose is to provide IT infrastructure and services to central and state governments, taxpayers and other stakeholders, thereby facilitating the implementation of the Goods and Services Tax (GST). The GST platform is a unique and complex IT initiative as it establishes a uniform interface for the taxpayer and a common and shared IT infrastructure between the center and states. It thereby integrates multiple tax department websites, bringing all the tax administrations (center, state, and union territories) to the same level of IT maturity, with uniform formats and interfaces for taxpayers and other external stakeholders. For taxpayers, GSTN provides common and shared IT infrastructure and cater to functions facing taxpayers, such as filing registration applications, filing returns, creating challan for tax payment, settling IGST payment (like a clearing house), and generating business intelligence and analytics. The platform also serves repository turnover transaction at tax-payer level. PCR should have relevant access / data feed from GSTN platform in respect of tax-payer in respect of turnover, tax filing status, over tax status, etc. which are critical data inputs from customer due diligence and loan appraisal and monitoring process. c. Defaulters / blacklisted client data base PCR should have access / data feed from various regulatory website and data-base to have consolidated view of customers on tax compliances, regulatory orders and sanctions, credit defaults etc. These information would serve as early alert / warning system to financing entities in the process of their loan appraisal / loan monitoring. This platform should have access / data feed from following sources:
All data-base or customer list issued by various authorities should be in standardized machine readable formats and have minimum client identifiers such as PAN, Aadhar, TAN, CIN, etc. d. This platform should additionally have access / data feed from following sources :
2. Common KYC {including Non-Individual (non-corporate) } Currently, source information for entities like Partnership firms, Trust, HUF, AOP etc. which are not regulated anywhere, is either not available or available to respective registrar’s offices. Hence, large dependency is on self-certification of borrower. Further, CKYC via CERSAI is capturing KYC data only for individual customer. There is need to extend the uniform KYC requirements to non-individual entities specially non-individuals non-corporate customers in a structured format across regulators and products. This will enable PCR to comprehensively integrate its database with other sources of information. As stated earlier, another key challenge is to assess the real beneficiary/ controlling person, associated with the complex chain of ‘shell’ entities, including companies/LLPs/Trusts. Recommendations: 1. Non-individual customers to be allotted unique identifier. The Legal Entity Identifier (LEI) may be considered to be extended and mandated for all types of non-corporate customers. The LEI is a global reference number that uniquely identifies every legal entity or structure that is party to a financial transaction, in any jurisdiction. LEI will be assigned on application from the legal entity and after due validation of data. For the organization, LEI will serves as a proof of identity for a financial entity, help to abide by regulatory requirements and facilitate transaction reporting to Trade Repositories. 2. CKYC to be mandated as Centralized KYC database for all types of borrower. 3. Further, KYC database with KRA, CERSAI (CKYC), Income Tax (PAN) and UIDAI (Aadhar) may be integrated with most recent updated information basis common PAN / Aadhar number. 4. PCR to have access / data feed on common KYC database for all types of borrowers both individual as well as non-individual customers viz. corporate, LLPs, AOPs, Trusts, FPI etc. 5. PCR to provide navigation mechanism into the common persons behind many judicial entities like companies, LLP, Partnership firms etc in the capacity of directors or partners. 6. Commonly designed product based application form across all the entities or sharing of other credit related information which is self-declared by Customer while availing loan can be part of PCR. This will enable access to self-disclosures information (which cannot be referred from other sources) which can be useful for credit assessment 3. Strengthening of Scoring mechanism At present, CIC provides for a report and scoring for creditworthiness of the client. Since there is dependency on client or other stakeholders for evaluating the payment history of the client, CIC may provide a scoring mechanism that may be developed basis the information available with PCR. Rating mechanism should include parameters such as payment history, payment default of statutory dues, litigation convictions, enforcement actions, negative remarks by regulators etc. On the similar lines early warning signals may be provided so that effective decisions may be made. Recommendations: 1. PCR may provide various data inputs to CIC to assign scores to entities (both individual and non-individual) basis parameters like payment history, payment default of statutory dues, litigation convictions, enforcement actions, negative remarks by regulators etc. Basis the change in status of information such scoring may be revised periodically. 2. In CKYC (for individual) , once customer registration is done through an institution , any changes in the customer information is shared by the CKYC through notifications to the institution. To some extent, the consumption of this information by the institution is also ensured by CKYC. Since PCR is expected to deal with critical/negative information, similar approach should be replicated by PCR. PCR may provide alerts/caution advisory for early warning signals like not paying the statutory dues like Provident Funds or Income Tax etc. 4. Credit Information Bureau CICs collect and analyses credit and loan related data about individuals and companies and generates its products and services on the basis of this data. This data is provided to CICs by their member banks and other financial institutions. When an individual applies for a loan/credit with a lender such as a bank or NBFC etc., the lender contacts their CIC to get the credit score and credit information report of the applicant-borrower. A credit score and a credit information report about the borrower helps the lender in deciding whether to grant the borrower the loan or not as these reports predict the ability of the borrower to repay their loan/credit back to the lender. However while relying upon such reports it is essential that the information is updated on real-time basis and there is effective query resolution mechanism with the entity who has submitted the information to CIC. Further certain information like security valuation, Loan to Value (LTV) in case of secured loan may also be captured as there are important data inputs for effective lending. For PCR to be more effective data repository it is essential that the sources of such information are updated, hence CIC should be made more robust. Recommendation: 1. Near real-time database updation and query resolution mechanism to be built in for the information flowing through CIC. 2. Information with respect to security valuation/LTV to be captured for secured loans 3. Member institutions to also capture details of guarantee provided by borrower group entities / third party including details of guarantees that are collaterised. 4. Loan assignments including loan assignment to ARCs to be reported to credit information bureau. 5. CERSAI (mortgage): CERSAI is a central online registry maintaining the records of all mortgages/charge, details of FI extending lending facility and borrower’s details. This registry can be accessed online by lending institutions to access information related to the mortgages/charge. This allows prospective lenders to check the registry to ensure that the property against which they are extending a loan to a borrower is not encumbered by a pre-existing security interest created by another lender. Even if it is, with details of the previous loan available to them, they can examine if the value of the collateral is sufficient for them to extend another loan, given the existing liability on the property. However, the registry is not capturing any information with respect to initiation of enforcement actions against such security under Insolvency and Bankruptcy Code or SARFAESI Act. The centralized registry should have mechanism to update collateral records incase any enforcement action is initiated. The centralized registry forms and system to have necessary field, which lenders can keep on submitting and updating on periodical basis. This is an important for another lender, for the due diligence of the entity/collateral, subject to such enforcement actions. Recommendation: 1. The centralized registry should capture not only the details of charge but also updates on initiation of any enforcement of security such as notice under Insolvency and Bankruptcy Code or SARFAEISI Act, Sec.138 proceedings under NI Act, or any other legislation including recovery suits. This would help ascertain the status of these proceedings before initiating any lending and to take informed calls. This would ensure that updated information is available through PCR to prospective lender. 2. Since, priority of creation of charge / mortgage plays a crucial role and since security creation is a time-consuming process, reporting of information in CERSAI database by lending institution may be segregated in two parts i.e. Provisional registration of transaction with basic information by lenders and Final registration on actual security creation. This will ensure updated information flow to PCR and in turn, other lending institution would get an early indication of security creation, in process, in respect of assets of borrower. 3. Currently, there is no common identifier in respect of assets being mortgage resulting risk of similar asset / property being mortgaged and reported by multiple lending institution as well as cumbersome search process. Hence, there is a need for unique identifier for properties/collaterals, which should be common across asset-class / lending institution. This would eliminate duplicate reporting of same property and also make search process efficient for lending institution. 4. Further, capturing the information regarding NOCs from existing lenders, Takeover cases, pari-passu charges may also be included in PCR. 6. Common Reporting Platform Currently, there are multiple returns with multiple agencies are filed which contain similar information pertaining to loan amount, details of security, charge creation, borrower details etc. Such reporting is made to CIC, CRILC, CERSAI, ROC and IU (NeSL). Further each agency has its own process and time leg to upload the information and make it available to the users. Due to multiple inputs and time leg there are difficulties to ascertain the up-to-date information. Recommendation Reporting done to CICs, CRILC, CERSAI and IU to be made under one common platform which can be accessed by all members. PCR could be evolved to serve as a common reporting platform and common data warehouse managed by PCR can be accessed by other agencies for their relevant data purpose. This would reduce multiple reporting requirement of similar data as well maintain data consistency. 7. Other Recommendations (a) A comprehensive legal framework including a parliamentary law to provide for regulation of Public Credit Registry and to facilitate efficient distribution of credit information and for matters connected therewith or incidental thereto to be prescribed. Central Regulator may be mandated to oversee implementation and ensure compliance with PCR laws. (b) PCR shall be responsible for electronically (i) storing (ii) safeguarding and (iii) retrieving the data-base and records and making such records available online to reporting entities. (c) Adequate checks in place to ensure borrower authorization for accessing PCR platform by lending institution. Generally, the access to the information in PCR should be based on borrower's consent/ authorization. However, certain information providing negative credit flags such as payment delays/ defaults with lenders, encumbrances, judicial orders, FIU sanction list etc should be available for access without specific borrower/ prospective borrowers' consent. Also, certain information may be required through put the loan cycle for credit monitoring, hence, a provision for one-time consent from borrower valid for longer term should be made in the PCR. (d) All information in PCR to be time-stamped. (e) Information updated about a customer in PCR shall be disseminated by PCR, on request, to any reporting entity / member institution that avail the services of PCR in respect of the customer. (f) MCA may prescribe reporting of all forms of borrowing by corporate. This will enable to access near real-time data relating to inter-corporate borrowing (through PCR platform). (g) The PCR should capture entire banking footprint of the entity in terms of multiple bank accounts besides other credit relationships. (h) Near real-time database updation and query resolution mechanism to be built in for the information flowing through PCR. (i) Some of CIC have aggregation tool – wherein the ratings from multiple rating agencies are aggregated and any rating action is update immediately. PCR should have links to reflect such ratings and rating actions (j) RBI to share database available on CRILC, willful defaulter, frauds, etc. across banks, NBFCs, HFCs and ARCs. Existing regulations may be amended to enable sharing of data across financing institution. (k) Common borrower rating parameters across lending institutions may be advised. (l) In last one decade, Credit Bureau services are evolved and helping to all stakeholders. The independence and private management are key factors in this evolution. Post 2010, Competitive environment in Bureaus have also helped in usage of cutting edge technology at all bureaus. In case of PCR, we suggest proper governing body needs to be constituted to monitor the objectives & functioning (m) Guidance value in case of immovable properties from the state government portals can be made part of PCR. (n) Restructured loans of a customer can be a separate indicative point (with score differentiation compared to normal loan) 2(c) Report of Cooperative Bank Subgroup Recommendations emanating from the second meeting of Sub Group on Cooperative Banks including UCBs held on 26 February 2018
2(d) Expectations of Regulatory departments of RBI Various departments of Reserve Bank of India expressed their views as under: (i) As a Regulator, RBI requires aggregated data only. As PCR is presumed to be individual / micro level data, it is supposed to be more useful for supervisory purpose. (ii) A thorough assessment of incremental/ additional benefits of the proposed PCR vis-à-vis existing credit bureaus is necessary. A cost-benefit analysis should be attempted. The burden of multiple reporting needs to be addressed. (iii) Like UCBs, NBFCs are also not in favor of high spending for existing credit registries (CICs). If PCR becomes cost effective focal point for collecting and disseminating the credit information of the entire country then it would be beneficial for the NBFC sector as a whole. ARCs also should be part of PCR. (iv) The PCR should be cost effective and low cost technology should be used from the perspective of UCBs. Since the customer base of UCBs is very limited, it seems that UCBs are not in favor of high spending for accessing such registries. There is also requirement of awareness among UCBs, MSMEs and Small borrowers about benefits such a credit registry. (v) Information on all possible attributes should be captured such as community, caste, gender, government schemes, impact assessment (credit flow) etc. The coverage of banks should be all types of lenders rather than only SCBs. Limited access should be provided to public. (vi) PCR can provide information on each borrowing at borrower/firm/company level, the corresponding lending rate and credit history. Hence, availability of such data will help in examining the effectiveness of transmission of monetary policy at a granular level, i.e., borrower/firm/company level and also in assessing effectiveness of macro-prudential tools and their interaction with monetary policy. (vii) Data on ECBs, can be sourced both from the banking system and other recognized lenders to make the information available with the PCR more complete. 2(e) Other Regulators Expectations The High-level Task Force, in its 4th meeting held on November 27, 2017, desired that while taking a view on Public Credit Registry (PCR) – it’s need, structure, utility and other related issues, it is necessary to know and collate the expectations / views of various stake holders from / in relation to such a PCR. In that context it was decided to consult with major regulators and to get regulators’ / supervisors’ wish list from / in relation to a PCR. 2. Accordingly, a meeting was arranged inviting representatives from SEBI, IRDA, PFRDA and NABARD on 20th December 2017 to understand and gather the expectations and wish-list of these regulators. Shri R. Ravikumar, CGM, RBI, DBS briefed the HTF, in it’s 5th Meeting held on 15th January 2018, on the submissions received from major regulators. In the 5th Meeting it was decided that the regulators’ feedback may be consolidated with further interactions, as needed, and submitted to the HTF. 3. All the above regulators were consulted once again for consolidating the wish-list from PCR. Following is a summary of feedback received from the respective regulators: PFRDA Rather than mentioning specific expectations / wish-list from PCR, it has mainly provided it’s feedback on the challenges/ need for setting up a new PCR. Keeping in view that multiple existing entities gather credit information and adding one more in terms of PCR will have cost and compliance considerations, it has suggested to enhance the role of an existing entity to attain desired objective of PCR. [“Since there are multiple entities which are engaged in gathering credit information at present, creation of additional entity/ institution for the same purpose should be avoided due to cost and compliance considerations for the customers and banks/ lending institutions. Instead, the role of an existing institution or system may be enhanced/ increased to attain the objectives behind setting up Public Credit Registry (PCR).”] NABARD While acknowledging the usefulness of a PCR type system for lenders in gathering system-wide status of a borrower, during the meeting, in the feedback, it has mainly emphasised on the challenges for DCCBs and RRBs in participating in such PCR. All of these banks should be in CBS in order to provide desired data to PCR in a timely manner and also higher the manual intervention in data preparation – higher will be the chance of data quality related issues. Few of the DCCBs not being in CBS and for many CBS not being implemented fully along with degree of manual intervention in data preparation, participation of DCCBs and RRBs in PCR will be a challenge. [“As the long term objective of the PCR is to capture the borrower-wise granular level credit information on a day to day basis on relatively high frequency, timely transmittal of correct data would be possible only if all the banks are on CBS platform. At present, there are few DCCBs which are not on CBS and for many others, the CBS is not fully implemented. This may create bottleneck in data collection process. Manual intervention in data preparation may result with higher chance of data quality related issues. Considering the man power constraints with the StCBs/DCCBs and RRBs, it is necessary that the CBS platforms of the individual banks should be in a position to directly produce the required data for the PCR.”] IRDA IRDA has provided the following as its expectations from PCR: (i) Detailed information of issuances in the primary market such as term sheets, information memorandum, rating rationale (with regular updating), details of trustees, security creation dates, etc. should be available. (ii) Information about classification by any of the lenders/bond subscribers into default/substandard category. (iii) Any other bond/debenture/other forms of borrowing of the issuer whether being classified as default/sub-standard, etc. should be made available. (iv) The details of downgrades of credit ratings of bonds/debentures/commercial papers by SEBI approved rating agencies. (v) Details of delay/default of principal/interest on bonds and debentures of the issuer be made available. (vi) Issuers/borrowers who have approached the financial institutions for financial restructuring/ debt restructuring should be made available. (vii) Adverse comments of the auditors should be made available. (viii) Apart from Banks, the Joint Lenders’ Forum (JLF) should include NBFC, life insurance companies, general insurance companies, mutual funds, FII’s and other participants in the debt market. This may help in improving the knowledge bank. (NB: The JLF mechanism has been discontinued by RBI) (ix) Central Registry may have the details of outstanding debt/loans issuer-wise similar to the share capital details in stock exchange (x) Insurers may also be permitted to access data, apart from contribution of data, for making prudent investments. Any legal hurdles may be removed to operationalize the same. SEBI Expectations from PCR, as provided by SEBI are: (i) Credit rating Agencies (CRAs) should be provided access as it will enable them to enhance the efficacy of the rating. (ii) The stock exchanges also should be provided access to PCR as it will enable them to track delay in repayment of listed companies. (iii) Data on defaults/debt servicing status by corporates related to Non-convertible debenture (NCDs) may be procured from the Debenture Trustee to the Issue. 2(f) Report of Technical Subgroup Public Credit Registry (PCR) Approach: PCR Technical Sub-Committee Report 1 PCR Information Architecture
1. Cash-flow Loans: This is a new category of lending that is expected to grow dramatically in the coming years. It is unsecured, short tenure, and low-value.
2. Term Loans: This covers a broad range of lending and includes project financing, asset financing, housing financing, etc. It may be secured or unsecured.
3. Open Credit: This includes Credit Lines, Bank Guarantees, Letter of Credit, etc.
4. Regulatory Oversight: This involves analysis of monetary policy and data for banking supervision.
Analysis of these use-cases reveals three high-level needs from the PCR: • Prevent Over-Indebtedness
• Better Monitoring
• Minimize Adverse Selection
There are two categories of information: 1. Credit Information a. Credit Events
b. Credit File
2. Non-Credit Information a. This covers data from Credit Decisioning Information Providers (CDIPs) like matched invoices data from GSTn, MCA filings, CERSAI submissions, utility bills, etc. 1. Electronic Registry of all verified credit instruments and their corresponding contracts in India. Electronic Registries are shared digital infrastructure onto which authorized issuing agencies publish digitally signed and verified data about users, entities, or other assets/resources allowing consented and fine-grained controlled access. This includes the following data: a. Credit Information
2. Consent Manager will facilitate consented access to Credit Information and Non- Credit Information. It will generate consent to access credit information present in the PCR Electronic Registry and consent for non-credit information present in other data sources (for Active Borrowers). 3. Credit Data Dictionary: A shared data dictionary of the vocabulary for all credit information in India must be created. It must cover entities, relationships between entities and actions, and must easily be extended through a well-documented extension model. Thus, this dictionary is treated as a resource surfaced by the PCR API. It’s usage has been defined in the Technology Architecture (Section 3.5.4). 1.6 New Information Reporting Concepts 1.6.1 Reporting to Electronic Registry
1.7 New Information Access Concepts Typically, a Data Aggregator sits between the Financial Information User (for example, a creditor) and the primary data sources. India is moving to a new regulatory system based on user consent. In alignment with the MeitY Electronic Consent Framework2, an Electronic Data Consent will mediate information sharing between a Financial Information User and a primary data source. Therefore, one of the core building blocks of PCR will be that of a Consent Manager. It would:
The NBFC-Account Aggregator acts as a Consent Manager for all asset-related financial information and not a data aggregator. It is only a pass through entity for data. Therefore, we propose that the PCR integrates with the Account Aggregator to facilitate consented data access to all credit-related financial information. 2.1 Information Architecture Summary 2.1.1 Types of Use-Cases for Information Access
2.1.2 Accessing Credit Information and Credit Lifecycle Events
2.1.2 Privacy-Enhancing Methods of Information Access The PCR information architecture establishes the key underlying principles - regulatory and cultural - that need to be addressed while designing it. Following this the functional and non-functional platform requirements need to be articulated to base the technical architecture on. These need to be sufficiently precise and detailed so an engineering design is possible. 3.1 Technology Architectural Design Principles These are the principles being followed by India Stack and we could use them as a starting point for PCR. The guiding architectural philosophies that influence the design are outlined as follows: 1. User-Centric and Universal Identities: The framework should be designed by placing the user in the centre, thus only adopting approaches that are convenient and easy for doing business. The technical framework should leverage universal, authenticable, non-repudiable, and digital identities to allow interoperability across all actors in the system. 2. Open APIs for Interoperability and Layered Innovation: People and systems should have programmatic interfaces for sharing and accessing the information available to them. The specifications for these interfaces should be published and made available and accessible to everyone. This would allow for an ecosystem driven approach and the partners to build on top of standard APIs and deliver services that are designed to work with any device, any form factor, any network. 3. Open Platform and Open Standards Based: The framework should use open technology and legal standards available in the country. It should be agnostic to applications, programming languages, and platforms and must be vendor neutral (using of commodity computing and open source). 4. Security by Design through a Trust No One Architecture: The software and systems must be designed from the ground up to be secure. A zero trust approach must be adopted for all internal and external systems. There must be end-to-end security of data (PKI, DSC, tamper detection) and it must be network agnostic and data centric. 5. Privacy by Design through Electronic Consent Framework3: User data needs to be protected from abuse and compromise. The PCR framework needs to define data sharing mechanisms, using the MeitY Electronic Consent Framework4, that gives the user explicit control of their data and ensures privacy of user data ground-up and through generated non-repudiable audit trails. Tools to protect privacy of data must be in-built in the framework and best-practice guidelines should be in place for the framework users to ensure privacy of data. 6. Minimalist and Evolutionary Design: The design should be simple and minimalistic. It should not present adoption barriers for the ecosystem. The design of the systems should be evolutionarily - their capabilities should be built incrementally while allowing for rapid adoption. 7. Transparency and Accountability through Data: The verified registry of all credit transactions and the non-repudiable transaction trails shall lead to higher trust and stronger accountability. PCR will be data-driven and will use data generated through transactions for reporting and analysis. Public Open Data5 shall be made available via APIs for transparency. The access to open data will ensure high-quality analytics, accurate fraud detection, shorter cycles for system improvement and, most importantly, high responsiveness to user needs. 8. Design for Scale: The PCR must be able to scale horizontally to hundreds of millions of users and to handle trillions of data records. All components including computer, network and storage resources must be capable of scaling horizontally: it should be possible to add new resources as and when needed to achieve required scale. Being cloud-ready and using commodity hardware will ensure that capital investments on the PCR will be minimal. This will also give a choice of infrastructure to the implementers and enable systems to evolve heterogeneously. Finally, the scale of use of the PCR should be measurable and demonstrable. 9. Trustable and IT Act Compliant: Use digital signatures to guarantee integrity of access permissions given by users in permission flows. This avoids security issues faced by existing approaches and also makes the framework fully legal under the IT Act. 10. Granular Control and Digital Enforceability: The framework should allow users to set permissions and rights for information access at a granular level and the same must be enforced digitally, thus generating verifiable audit trails. 3.2 High Level Technology Architecture Diagram 1. Functional requirements: Detailed platform requirement document that define its functionality based on the PCR Information Architecture. 2. Non-functional requirements: Detailed product requirement document that define its non-functional use-cases. These specifically consist of: a. Latency
b. Capacity: 100 qps c. Error rate: API error rate should not exceed 0.1% of calls d. Uptime: Should be 99.99% e. Caching: If requirements are not able to be met can banks cache (probably not) and if yes then what is the cache security and refresh requirements f. Security requirements:
g. Consent framework h. Privacy i. Versioning: Sequence based versioning scheme6 3.4 Architectural Specification Based on the functional and non-functional product specifications at least the following details of the architecture will need to be fleshed out: 1. Capacity estimation: Estimates of capacity that PCR needs to support and might limit PCR architecture or infrastructure it runs on
2. API definitions: Detailed API definitions for Create, Read, Update, Delete (CRUD) and any algorithmic or analytical interfaces needed. 3. Data model and Database design: Fleshed out low level design corresponding to PCR use-cases summarized by: 4. Algorithms: Detailed API definition for any algorithmic interfaces needed 5. Credit key generation and sharing methodology: This may be chosen from one of the two options in the appendix or an alternate not outlined there. 6. Recommendations for data partitioning and replication: This needs to identify which aspects of CAP theorem need to be emphasized and by how much7. 7. Recommendations for caching 8. Load balancing and scaling 9. Criterion for purging and DB clean up: How long is the information about a loan held in the database and when does it get purged. In addition to being sensible it is further needed to adhere to IT Act 2000. 10. Telemetry and analytics: Detailed API definition for any algorithmic interfaces needed. This was a key requirement for RBI - they wanted to slice the data by caste, gender, category etc. 11. Electronic Consent Framework8 12. User Security Framework 13. Testing framework 14. Monitoring POST /user - Create User POST /borrower/{userId} POST /instrument/{userId} The primary use cases for the API are to GET and POST borrower and instrument information along with the associated support and bookkeeping APIs. This information can be requested at 4 levels of granularity:
3.5.4 Usage of Credit Data Dictionary
4. Phases of PCR Implementation The PCR may be built over a period of time and the following approach is suggested:
5.1 Approaches to Key Generation for PCR Assigning unique identifiers to instruments and associated counterparties is critical to proper functioning of the Public Credit Registry (PCR). While the options for unique identifiers for counterparties already exist in form of Goods and Services Tax identification number (GSTIN) and PAN number each loan instrument and contract will need to be assigned a number at origination. In this document we discuss 2 different approaches for key generation with appropriate stakeholders who would own the process with the aim of getting feedback as to the preferred architecture. 5.1.2 Approach 1: PCR infrastructure manages key generation and distribution In this approach every time a loan request is to be approved the creditor in question will connect to PCR infrastructure and request a universally unique identifier (UUID) which will then be assigned to the loan contract at their end. Considerations:
5.1.3 Approach 2: PCR assigns a prefix to each bank which is prepended to a UUID generated by the bank In this approach each lender will be assigned a permanent unique prefix. The bank will be responsible for generating a UUID. This UUID will be prepended by the unique prefix to form an instrument ID at the time of loan origination. PCR will also provide a set of best practices that the banks can follow to implement UUID generation Considerations:
5.1.4 Conclusion: Fundamental constraint Good architecture and infrastructure solutions are possible in both options. The fundamental question that needs to be answered is who should bear the burden of implementing and maintaining the UUID infrastructure - PCR or the banks. __________________________________________________________________________________________________________________ 2http://dla.gov.in/sites/default/files/pdf/MeitY-Consent-Tech-Framework%20v1.1.pdf 3Reference to MeitY Electronic Consent Framework 4Reference to MeitY Electronic Consent Framework 5This is well-aligned with the National Data Sharing and Accessibility Policy (NDSAP), 2012. 6https://en.wikipedia.org/wiki/Software_versioning#Sequence-based_identifiers 7http://robertgreiner.com/2014/08/cap-theorem-revisited/ 8MeitY’s Electronic Consent Framework: dla.gov.in/sites/default/files/pdf/MeitY-Consent-Tech-Framework v1.1.pdf 9https://github.com/project-sunbird/open-saber/wiki/Design
|