Association of Consumer Credit Information Suppliers (ACCIS)
ACCIS members - Credit Reference Agencies - are organisations that collect information on individuals and / or legal entities to help a creditor decide whether they should grant credit to a customer. All experience of ACCIS members with innovative uses of consumer data comes from their activities in their capacity as Credit Reference Agencies providing services to their customers - financial institutions and other creditors. Credit Reference Agencies do not collect information directly from consumers, but obtain such information from their customers - financial institutions and other creditors, based on a principle of reciprocity and according to strictly defined rules and procedures compliant with EU and national legislation, including EU and national data protection rules.
Credit Reference Agencies hold information on consumers such as identification data (name, date of birth, address and a unique identification number if this is legally allowed) and data concerning their credit history. The credit history of a consumer can consist of positive and / or negative information, depending on the credit bureau’s system and the national laws. The national laws and EU law, such as the recently adopted General Data Protection Regulation, define the legal environment in which the Credit Reference Agency operates. The laws may define what kind of data and the degree of details that can be stored. In addition, data protection issues, banking laws and other consumer regulations have to be respected, depending on the national legal systems and on EU law as well.
Examples of negative information are the non-repayment of a credit or the non-payment of invoices from a mail order business or bankruptcies and / or insolvencies. Positive information includes data on outstanding or settled credit agreements, invoices from a mail order business that have been paid according to the contract; the possession of a bank current account or of a credit card by a consumer, etc. The precise type of data which is stored also varies and depends on the bureau’s system and the applicable legislation.
Based on the experience of ACCIS members in sharing data with financial institutions, the following are the main categories of data requested from Credit Reference Agencies by financial institutions (as reflected in the Report on the ACCIS 2015 Survey of Members 
• Consumer/borrower identity data (name, taxpayer or other unique identification number, date and place of birth, gender, address)
• Consumer/ borrower bankruptcy/insolvency and court judgments data
• Data on financial and other credit products used by consumers:
o Consumer loans
o Credit and store cards
o Credit line on current account
o Education loans
o Point of sale credit
o Telecoms bills - mobile
o Telecoms bills - fixed line
o Payday loans/SMS loans
o Mail order
o Energy and utilities bills
o Internet bills
o Satellite/cable TV bills
o Insurance premium payments
o Home rent
o Health insurance
The sharing and use of these types of data in different EU countries depends on national regulations and market practices. While some types of data, such as identity data, consumer loans and credit card data, are shared by Credit Reference Agencies with financial institutions in almost all EU Member States, the sharing of other types of data, such as energy, telecoms and utilities bills, insurance data, is less common and is allowed only in a limited number of EU jurisdictions. The new EU General Data Protection Regulation, which will become applicable in 2018, may harmonise the usage of personal data in the future.
 Report on the ACCIS 2015 Survey of Members (2016), available at:
As regards the sources of data used by financial institutions, ACCIS can comment that Credit Reference Agencies are one of the most important sources of consumer credit data for financial institutions. ACCIS does not have the full knowledge of other sources of consumer data used by financial institutions.
Based on the experience of ACCIS members in sharing data with financial institutions, the following are the main purposes of the use of consumer data, obtained from Credit Reference Agencies, by financial institutions (as reflected in the Report on the ACCIS 2015 Survey of Members):
It is important to note that EU and national regulations impose strict obligations on financial institutions to carry out anti-money laundering screenings of customers, fraud prevention and creditworthiness assessment (including the EU Anti-Money Laundering Directive, EU Consumer Credit Directive and Mortgage Credit Directive). Data provided by Credit Reference Agencies represents a very important tool helping financial institutions in their compliance with such regulatory obligations.
Financial institutions have already today a broad variety of consumer data. Based on their direct interactions with their customers they have account information, transactional data, behavioural and historical data. All this data can help to improve efficiency and cost-reduction. The important question today is therefore about certain boundaries of those data usages due to data protection and privacy issues and also reliability of consumer data.
According to the report produced by Data Analytics IQ, who surveyed over 100 professionals in the financial services industry in order to gauge the latest trends and activity when it comes to implementing big data programmes , while most organisations are yet to start production of their big data programmes, there is keen interest from most to seize the benefits of the tools and services that are becoming increasingly available.
Big data is not a shortcut to success but is, according to those involved in the business, set to be a leading enabler for improved efficiency, cost-savings and customer engagement which are the main objective in the use of data in financial services.
Every financial institution possesses a data universe of customer interactions, transactions, behavioural quirks and purchase history which can provide very valuable insights on customers' problems, opportunities, and goals  . In other words, it is not about the data, it is about what you do with it.
Further valuable insights regarding future evolution of the use of consumer data are provided in a recent study by Experian, one of the leading credit reference agencies . In 2014, Experian commissioned a survey of 255 key decision makers responsible for managing consumer and/or SME credit risk portfolios, including 195 decision-makers from financial institutions. The survey covered the Northern and Southern Europe, as well as other jurisdictions (Russia and CIS, South Africa, Turkey and Middle East). The results of the study demonstrated, that the vast majority of the respondents (95%) see data as providing the means to successfully integrate the customer experience across the organisation. Internal data, such as CRM and marketing data (76%); negative data, such as poor credit history (54%) and socioeconomic data, such as lifestyle and demographic data (47%) are the most popular sources of information used to inform customer decisions today. The survey also demonstrated that a significant minority (41%) use unstructured data, such as social media, to help inform their decisions on customers, a source more widely used in Telecoms (45%) than Financial Services (39%).
As regards future developments, the study by Experian concluded that With more data becoming available every second of every day, the use of data in informing decisions is set to rise over the next five years. By 2020, organisations intend to use more internal data (77%), negative data (56%) and transactional data (52%) to help make key decisions across the customer lifecycle (see Figure 3). Transactional data is likely to be used more within the Telecoms sector (60% compared with 49%), with the use of fraud data more likely to increase within Financial Services over the next five years (33% compared with 25%).
In a nutshell, ACCIS believes that financial institutions will concentrate their internal efforts to use traditionally available data (both internal and external data) for the purposes of bettering customer engagement, improve efficiency (e.g.: reducing time to market), improve timeliness of services (e.g.: instant payments and instant credit) and reduce costs (e.g.: more innovative information services and analytics techniques, efficient back office processes). In parallel, they will most probably leave to fintech companies the exploration of if and how new data sources (e.g.: social media data) could provide better understanding of the customer behaviour and increase the predictive power of scoring and rating models. This will allow financial institutions to concentrate on their core informative systems while leaving to newcomers the piece of innovation that constitutes the highest reputational risk.
 Market Report 2016: Big Data & Analytics for Financial Services - Trends, Challenges and Priorities.,The Data Analytics IQ, , 2016
 How Big Data Can Build Trust in Banking, David Sosna, Personetics, available at: http://thefinancialbrand.com/47900/big-data-banking-trust-experience/
 The New rules of customer engagement - EMEA Research Report for Financial Services and Telecoms Organisations, Experian, April 2015. For a copy of the Report please contact the Secretariat of ACCIS at: firstname.lastname@example.org."
ACCIS agrees with the benefits of using consumer data listed in the Discussion Paper (at least when it comes to the use of data which are shared by Credit Reference Agencies with financial institutions).
In particular, as regards the benefits of more accurate creditworthiness assessments and lower costs of financial services for consumers, numerous reports and studies by reputable institutions confirm the positive impact of the use of credit data on reducing the cost of credit and improving the access to credit.
For example Professor Michael Staten, from Georgetown University, in his study of 2001 found that credit bureaus are critical in the expansion of credit and access to finance for both individuals and SMEs. 
The positive impact of the use of adequate breadth and depth of data to reduce lending discrimination and contribute to the democratisation of credit is demonstrated by a study of the Political and Economic Research Council (PERC). The study shows how in Brazil the share of women among the pool of borrowers has consistently increased when switching to a full-file credit reporting system . PERC also produced a different study elaborating on the importance of comprehensive databases, finding that alternative data, if widely incorporated into credit reporting can bridge the information gap on financial risk for millions of people". 
The positive impact of CRAs in improving access to credit is further confirmed by the International Finance Corporation (IFC), an international financial institution that is a member of the World Bank Group, who launched the Global Credit Bureau Program with the objective of supporting the development of credit bureaus in developing countries as a means to encourage private sector developments. In its "Credit Reporting Knowledge Guide" from 2012, the IFC reported its experience with credit bureau markets and provided best practices. In their words, "Credit reporting systems help ensure financial stability by enabling responsible access to finance and can also play an instrumental role in expanding access to credit and other services on credit to the underserved and unbanked. (…) By doing so, credit reporting systems, enable lenders to expand access to credit to creditworthy borrowers including individuals with thin credit files, micro entrepreneurs, and small and medium enterprises". 
A more recent study carried out by Deloitte in 2013 shows the beneficial impact of CRAs on credit availability and quotes the findings of a recent study conducted in Latin America according to which "full population coverage of full-file CRAs increased the ratio of credit availability to GDP by 47.5% compared to a situation without any CRA presence in the country". 
An additional benefit, related to improved creditworthiness assessment, ACCIS would like to highlight is the impact of the use of consumer credit data by financial institutions on reducing consumers' over-indebtedness. The importance of the use of consumer credit data provided by Credit Reference Agencies has been confirmed by recent studies. For example, the study conducted by Civic Consulting for the European Commission's Directorate General for Health and Consumers, which affirms that the use of Credit Reference Agencies' data can contribute to prevent households from over-indebtedness by recording positive credit information, thus providing a more accurate picture of an individual’s financial situation. The same study also highlighted that breaking down overall arrears into specific categories, the proportion of people in arrears on utility bills in the EU (at 8.8%) was the highest among the overall arrears on key commitments. Keeping track of utility bill commitments is thus key for an efficient prevention of over-indebtedness. 
Finally, ACCIS would like to highlight another benefit of the use of consumer data by various financial institutions - the positive impact it has on competition between financial services providers. In the past, the UK's Office of Fair Trading and the Competition Commission have highlighted the lack of information about the creditworthiness of SMEs as potential barrier to competition in the SME lending market.  The same is true not only for SME lending market, but also for other retail financial services, including consumer lending and other retail financial services and products.
 Michael Staten, The Value of Comprehensive Credit Reports: Lessons from the U.S. Experience in Making Small Business
Lending Profitable, Proceedings from the Global Conference on Credit Scoring, IFC, Washington DC, 2001, p. 29-36.
 Michael Staten, The Value of Comprehensive Credit Reports: Lessons from the U.S. Experience in Making Small Business
Lending Profitable, Proceedings from the Global Conference on Credit Scoring, IFC, Washington DC, 2001, p. 29-36.
 Michael Staten, The Value of Comprehensive Credit Reports: Lessons from the U.S. Experience in Making Small Business Lending Profitable, Proceedings from the Global Conference on Credit Scoring, IFC, Washington DC, 2001, p. 29-36. (http://www1.worldbank.org/finance/assets/images/confproceedings.pdf).
 The International Finance Corporation (IFC), Credit Reporting Knowledge Guide, 2012, p. 5.
 Deloitte, Economic impact assessment of the proposed European General Data Protection Regulation, December 2013, p. 30. (http://www2.deloitte.com/content/dam/Deloitte/uk/Documents/about-deloitte/deloitte-uk-european-dataprotection-
 Civic Consulting of the Consumer Policy Evaluation Consortium (CPEC), Over-indebtedness of European households: updated mapping of the situation, nature and causes, effects and initiatives for alleviating its impact, December 2013, p. 206-207.
 HM Treasury, Consultation Outcome: Competition in banking: improving access to SME credit data, 15 December 2014, available at: https://www.gov.uk/government/consultations/competition-in-banking-improving-access-to-sme-credit-data/competition-in-banking-improving-access-to-sme-credit-data."
From the perspective of Credit Reference Agencies, as the main obstacle to the use of relevant consumer data by financial institutions for the purposes described in our response to Question 4 above and to reaping the full benefits that can be brought to consumers and financial institutions by such use of consumer data, ACCIS would like to highlight existing regulatory barriers and uncertainties regarding the use of consumer data in EU Member States.
There remain discrepancies between EU Member States and internal barriers regarding the nature of creditworthiness data collected and on the contributors of the data participating to the Credit Reference Agencies.
As described in our response to the Question 2 of the Discussion Paper, there are still considerable differences between national regulations and market practices when it comes to the question of whether and to what extent data can be used for creditworthiness assessment and who is allowed to contribute information to/get information from Credit Reference Agencies.
As an example, in some Member States, only traditional banking and financial lenders can contribute credit data to Credit Reference Agencies thus preventing a wider and cross-sector level playing field. In such Member States innovative providers of financial services do not have access to Credit Reference Agency data available to traditional banks, and as such are not able to achieve the benefits that can be derived from the use of such data, including better services and easier access to finance to consumers and regulatory compliance.
Among the main regulatory barriers to the use of consumer data, in the ACCIS 2015 Survey of Members, ACCIS members identified the very diverging national implementation of EU Data Protection Directive in EU Member States, which results in restrictions on the use of certain types of consumer data and in particular of positive data.
Besides Data Protection rules, signifcant barriers and restrictions come from national regulations or codes limiting the access to and the use of consumer data. As the examples of such national regulatory barriers, ACCS would like to highlight the following:
• In Italy, the national Data Protection Authority adopted the “Code of conduct and professional practice applying to information systems managed by private entities with regard to consumer credit, reliability, and timeliness of payments” which provides a restrictive definition of the credit lines and of categories of participants to the credit reporting system . As a result of such restrictive definitions, only limited types of data (mainly on loans) can be shared with a limited list of players (mainly banks). In addition, the Italian Code of Conduct restricts the purpose of processing of personal data contained in credit information systems to credit risk control. This prevents other legitimate and beneficial uses of such data, such as identity checks and fraud prevention.
• Similarly, In the Czech Republic, the Consumer Protection Act and the Act on Banks restrict the purpose of the use of data shared by Credit Reference Agencies to credit risk control, which prevents other legitimate and beneficial uses of such data.
• In Slovakia, the Act on Consumer Credit and Other Loans Credit and Loans to Consumers requires consumer credit providers to share data on consumer credits. However, such data sharing may include only data on consumer credit, which prevents data sharing on consumer loans and other financial products not falling into the definition of consumer credit".
• In Hungary, the Act on Central Credit Information System provides a restrictive list of data that can be collected and shared, largely including identity and loan data. This restricts the use of consumer data by financial institutions - for example, no income data can be collected and shared. Furthermore, the data in the Central Credit Information System (CCIS) cannot be linked with any other databases (e.g. utilities and telecoms data), preventing financial institutions from obtaining a reliable and comprehensive picture of a consumer's overall credit situation (including non-financial credit). The Act also restricts the categories of users of the CCIS to banks and financial and investment enterprises providing credit, which limits the use of the CCIS data by companies providing other, including innovative, financial products and services and other services (such as telecoms and utilities).
• In Spain, the current data protection legislation only allows to process negative data without the consent of the consumer. Processing positive data requires the consent of the consumer and the consumer always has the possibility to withdraw it. In addition, due to the Spanish regulation of public sources, access by Credit Reference Agencies and financial institutions to the data contained in public sources is either not allowed at all or, in some cases (e.g. land register), prohibitively expensive.
• In Portugal, due to bank secrecy laws, information from banks and financial institutions is protected as bank secret and Credit Reference Agencies cannot process information from financial institutions with other sectors, such as telecoms, utilities, and potentially innovative financial services providers.
• In Croatia, The Act on Personal Data Protection, in conjunction with the Credit Institutions Act, allow data collection and sharing only with a consumer's written consent. Although the Credit Institutions Act provides for the possibility of data exchange based on special legislation on collection and sharing of creditworthiness information, currently there is no such special legislation in Croatia that would enable credit institutions (banks and housing savings bank) or other financial institutions (leasing companies etc.) to exchange the data without the client written consent.
It is important to recognise the benefits of innovation and create favourable conditions for innovation, including in the field of the use consumer data, in the EU in order to allow the development of strong and competitive financial services sector. Imposing regulatory restrictions on activities which are still at very early stages of their development can stifle innovation, harming the competitiveness of European businesses in the global markets. In this regard, existing regulated players (among them, Credit Reference Agencies) do not have to be limited in their research and development activities by a regulatory framework which is not designed for innovative products and services. Not taking in serious and immediate consideration this crucial point, would lead to a paradoxical situation, where the established and more reputable players, seeking to ensure compliance with regulations, would have less room for innovation than new companies with no established reputation to be compromised in the case of a failure or of a breach.
 Article 1 of the Italian Code of conduct and professional practice applying to information systems managed by private entities with regard to consumer credit, reliability, and timeliness of payments, available at: http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/1079077."
ACCIS largely agrees with the potential risks for consumers and financial institutions of the innovative uses of consumer data, listed in the Discussion Paper.
At the same time, it should be noted that as regards some of the risks discussed in the Discussion Paper, such risks are not limited to the use of consumer data and are business risks common to other areas. It is in the best interest of financial institutions to address and minimize such risks, without the need of additional regulatory intervention. For example, the risk of reputational damage to financial institutions (Risk 7) or risks relating to IT (Risk 9) and Data Security (10) should be fully understood by financial institutions and addressing them should be prioritised in their business activities, if they want to maintain and develop their competitive position in the market. As such, these risks will be largely addressed by competitive market forces without the need to take additional regulatory measures to tackle these risks.
As an additional concern regarding innovative uses of data ACCIS would like to highlight the problem of a level playing field between well established companies - Credit References Agencies, and banks on the one hand, and new market entrants, such as the Fintech start-ups experimenting with the innovative uses of data, on the other hand.
Established Credit Reference Agencies and financial institutions are subject to and comply with strict regulatory requirements regarding the use of consumer data, including, for example, the limitations on the purpose of the use of such data and types of data that can be used under EU and national data protection rules. In addition, Credit Reference Agencies and banks bear significant reputational risks in case of misuse of consumer data, and therefore will usually exercise a very high degree of caution and care in adopting innovative applications of consumer data. For example, as regards the use of social network data for creditworthiness assessment, currently, to the best knowledge of ACCIS, no ACCIS member engages in collecting social network data to share it with their customers, as this would usually be prohibited by data protection rules. Other companies, from different sectors already engage in collection and usage of social media data. Start-ups who do not have reputational capital yet and face significantly lower reputational and monetary losses in case of regulatory beaches or other data misused, may be more aggressive in experimenting with innovative uses of data, which puts them in a better competitive position as compared to Credit Reference Agencies and traditional banks, and at the same time increases the risk of data misuse and violations of applicable regulations, with potential significant harm to consumers.
Therefore, in any future policy measures, if taken by the EBA or other EU authorities, it is important that the level playing field between new market entrants and established Credit Reference Agencies and banks is maintained as regards innovative uses of consumer data.
We have not seen such risks materializing to date. However, ACCIS and its members are observing new players that, for instance, advocate creditworthiness assessment or credit scoring purely based on alternative data, often provided directly by consumers themselves (either provided to the new player itself or obtained from social media sources) and the difficulties in regard to privacy and/or data protection rules on one hand and the question of soundness and reliability of certain data on the other hand.