Focus: Hong Kong – banking guidelines - Sharing and using commercial credit data in Hong Kong
8 June 2004
In brief: In June 2004, Hong Kong banking authorities released guidelines for the sharing and use of commercial credit data in Hong Kong. Partner Matthew Barnard and Senior Associate Daniel Yeo look at the changes and their implementation.
- HKMA Guideline On the Sharing and Use of Commercial Credit Data Through a Commercial Credit Reference Agency
- Outline of guideline requirements
HKMA Guideline On the Sharing and Use of Commercial Credit Data Through a Commercial Credit Reference Agency
On 3 June 2004 the Hong Kong Monetary Authority (the HKMA) issued a guideline on The Sharing and Use of Commercial Credit Data Through a Commercial Credit Reference Agency (the Guideline).
The Guideline sets out the minimum standards the HKMA expects all authorized institutions (ie. licensed banks, restricted licence banks and deposit taking companies) (AIs) to observe in relation to the sharing and use of commercial credit data when providing credit to small and medium enterprises in Hong Kong (SMEs).
A failure by an AI to comply with the Guidelines may result in the HKMA considering that the AI does not meet the criteria for authorisation under the Hong Kong Banking Ordinance (Cap 151).
A subsidiary of an AI that provides commercial credit facilities to a SME will also be able to share and use commercial credit data on a voluntary basis.
The Hong Kong Association of Banks (HKAB) and the DTC Association (DTCA) are working to establish a commercial credit reference agency (CCRA) to collect and store commercial credit data.
The HKMA expects relevant AIs to have commercial credit data policies and procedures in place by the second half of 2004.
Commercial credit data
AIs will be required to provide 'commercial credit data' to the CCRA.
The term 'commercial credit data' is very broad. It means any data concerning a SME collected by an AI in the course of, or in connection with, the provision of commercial credit facilities to the SME. The exact scope will be set out in relevant guidelines and circulars to be issued by the HKAB and the DTCA.
Collection and database system
The HKMA expects relevant AIs to have a database system to collect commercial credit data for sharing and using through the CCRA. In addition to supplying commercial credit data to the CCRA, AIs will be expected to request credit reports from the CCRA when assessing credit applications and conducting credit reviews.
In assessing the effectiveness of an AIs credit management system, the HKMA will take into account the extent to which the AI:
- participates in the contribution of commercial credit data; and
- uses the services of a CCRA.
The HKMA has stated that if in the opinion of the HKMA an AI does not make 'appropriate use of the relevant facilities of a CCRA', the HKMA may require the AI to 'mitigate the risk' by restricting the amount of SME business the AI can undertake.
Policies and procedures and information security
AIs must comply with the significant compliance requirements in the Guidelines. In particular, AIs must have comprehensive policies and procedures relating to;
- ensuring the security, confidentiality and integrity of the commercial credit data;
- preventing unauthorised access or use of commercial credit data;
- access to and use of the CCRA database and credit reports;
- safeguarding and retaining commercial credit data;
- checking the accuracy and updating commercial credit data; and
- ensuring adequate management oversight and monitoring of compliance with relevant policies and procedures.
Before disclosing any commercial credit data of a SME to the CCRA an AI must obtain the consent of the SME;
- at the time the SME applies for a new credit facility; or
- as a condition of the renewal, restructure or rescheduling of an existing credit facility.
Requests for access and correction of commercial credit data
A SME may request an AI for access to relevant data held by a CCRA and correction of that data. If the data is corrected by the CCRA, then the SME may request the relevant AI to reconsider any previous credit decision based on the corrected information.
Compliance audit and staff training
AIs will be required to conduct an annual compliance audit of its data management practices and to provide guidance and training to staff involved in the sharing and use of commercial credit data.
If the information and reports provided by the CCRA reveal that an SME may have difficulty in repaying loans, AIs are required to consider and discuss with the SME an appropriate work out solution in accordance with relevant HKMA guidelines and procedures.