ASF - Association Française des Sociétés Financières
ASF is the representative body of all the French specialised credit institutions and financial institutions and represents 286 entities specialised in financial activities like equipment and real estate leasing, factoring, consumer credit and auto loans and leases. ASF members account for about 20% of total amount of credits to the real economy in France.
As lenders to consumers, they rely on consumer data in order to assess the creditworthiness of their customers, comply with regulatory requirements and improve their processes and services.
Specialised consumer credit providers need to collect and process a certain amount of personal data in order to comply with regulatory requirements, to adequately identify and objectively assess the creditworthiness of an applicant borrower and manage the contract.
In order to do this, they need data related to :
- identification of the consumer ;
- property ownership, revenues and professional details, used for credit
- family status
- economic data (income, employment information & aggregated savings, outstanding loans etc.)
They use also internal data mainly related to the payment behaviour of the consumer.
In reference with the types of data listed in p. 9 of the discussion paper :
- data on consumers habits as regard banking services (17-c) are not much used by the specialised lenders as they generally don’t hold the client bank account.
-data described in 16-c and 17-e are used in an emerging way.
Financial institutions rely first and foremost on data provided by the consumer himself, justified by documentary evidence as need be.
The second sources of information are the credit bureaus and other public or official registers about stolen documents, tax returns, etc…
At this stage, web based information is still used to a limited however growing extent.
Then, some third party providers emerge also as new source of data allowing to get or to check some consumer data such as addresses, bank statements (data aggregators), etc…
The decision as to what kind of data is necessary must remain that of the lender. It is the party with the close contact with the consumer and best suited to assess its creditworthiness.
1. in order to comply with the EU legislation in force, such as the Capital Requirements Directive IV (CRD IV), the Consumer Credit Directive (CCD), the Mortgage Credit Directive (MCD) and the Anti-Money Laundering Directive (AMLD). All these require consumer credit providers to collect, store and analyse data throughout their business activities.
They are used to:
- confirm an applicant borrower’s identity
- assess the creditworthiness of applicant borrowers
- evaluate risk throughout the life of the contract
- fight against fraud/financial crime/terrorism financing
2. to improve their service to their customers by understanding their needs, identifying and targeting new market segments, optimising the use of distribution channels, personalising commercial offers, adapting products and services to the latest technological changes.
An increased use of consumer data by financial institutions should greatly benefit to the consumers in several areas :
- Broader access to credit through enriched information and advanced analitycs allowing for an increased selectiveness of scoring systems
- Optimized marketing approach leading to a reduced commercial pressure and more adapted offers at the right time
- Simplified processes by decreasing the need to ask for some information and the request of documentary evidence
Consumer credit providers are continuously working on improving their IT systems and their use and analysis of consumer data.
In order to better select their risks and develop tailored products, specialised lenders need access to a wide range of data at the moment of granting and throughout the duration of the credit contract :
- external credit database,
- social media,
- commercial partners data,
- web browsing history, etc.
The use of a wide range of data should result in better access to credit while reducing the risk of default (better credit worthiness assessment).
The increased use of consumer data should also decrease the costs of financial institutions leading to a decrease of the cost of intermediation.
There is also a risk of disintermediation : the barriers to entry on the consumer credit market are lowered and we are therefore likely to see the arrival of additional market players from the digital sector (the GAFAs) and the fintech industry, which often hold vast amount of alternative data.
At last, we believe that consumers need a better understanding of the use made of their data. They should be able by a simple act to give or remove their consent. All actors will need to propose these choices at the beginning of the relationship with the consumer.
Other benefits can be added to the list :
- better relationship between lender and borrower,
- a decrease in commercial pressure, as the lenders can target more precisely their marketing efforts,
- increased credit availability, especially for borrowers who have generally no access to credit because of lack of traditional data (for example, temporary workers),
- faster and simpler processes for the consumers
- better anticipation of financial difficulties (and more efficient overindebtedness prevention)
- banking secrecy is a barrier as it prevents data sharing between lenders of the same group, even for AML or anti-terrorism purposes,
- control of data held by web operators
- an extensive interpretation of the principle of minimisation
- consumer habits
- image and reputational risk
The main barriers could be an over regulation preventing innovation and the lack of trust of consumers.
As a general comment, most of the risks listed in the discussion paper related to the use of consumer data are already addressed by general legislation, in particular by the
General Data Protection Regulation. A specific regulation in this area for financial institutions does not seem necessary and it may aggravate the risks of unfair competition with other sectors (GAFAs, Fintech).
The risks listed exist in theory, but most of them are not new and are already addressed by the financial institutions.
Moreover, many of the risks listed are taken care of by the current or future data protection legislation. It is the case of R1, R2, R3, §73, R7, §80, or AML legislation (§69).
The risks described in §71 and §72 appear to be unfounded and should on the contrary be avoided thank to a better use of data.
R5 already exists and is not specific to digital data : a consumer can refuse to give information (for example a pay slip) and he would not be excluded but the terms of the offer (amount, duration, rate) would be adjusted in a less favourable way compared to a customer providing more information.
R8 : all players on the market should be treated in the same way regarding this risk. Data protection rules must remain horizontal and there is no need for a specific treatment of the financial sector. This risk is not so much within the financial sector than between the financial sector and large internet players, sometimes in quasi-monopolistic situation, and Fintech who could take advantage of their access to personal data to develop an unfair competitive advantage. A specific regulation for the financial sector would aggravate this risk of unfair competition.
R9 and R10 are general risks, not specific to data protection.
R11 : the risk described in §87 appears quite unlikely because the development of the use of consumer data by financial institutions will be progressive and at the same speed as the growth of its acceptance by consumers. The risk described in §88 appears somewhat theoretical