The Information Commissioner s response to the FCA s Credit card market study: consultation on persistent debt and earlier intervention remedies

Similar documents
Chapter 5: The consequences of not correcting Penalties Models

StepChange Debt Charity response to Credit card market study: Consultation Paper CP17/43

Credit card market study: Consultation on persistent debt and earlier intervention remedies

The Information Commissioner s response to the Financial Conduct Authority s call for inputs on big data in retail general insurance

Consumer Credit sourcebook. Chapter 6. Post contractual requirements

CREDIT CARD MARKET STUDY: CONSULTATION ON PERSISTENT DEBT AND EARLIER INTERVENTION REMEDIES

UNCLASSIFIED. Framework Agreement

Rental Exchange Frequently Asked Questions

Future regulatory treatment of CCA regulated first charge mortgages

Forbearance and Impairment Provisions FSA Guidance Consultation. Response by the Building Societies Association

GDPR: The future of marketing and commercialisation of data. Alexander Brown & Matt Dyer, Simmons & Simmons

PPI DEADLINE UPDATE. Julia Cooper, Independent Chair, Alliance of Claims Companies

henriksen limited This document sets out how Henriksen processes data and your rights as the data subject.

FCA Reshuffles Credit Card Rules

See article 36A4 of The Financial Services and Markets Act 2000 (Regulated Activities) Order 2001, S.I. 2001/544. 2

Walsall Council. Data protection audit report. Executive summary February 2017

ABI response to DCMS Call for views on GDPR. The ABI

The Standards of Lending Practice. Business Customers Asset Finance

Introduction / About the Money Advice Trust Introductory Comment Responses to individual questions

Consumer Credit sourcebook. Chapter 7. Arrears, default and recovery (including repossessions)

The Financial Services Consumer Panel welcomes the opportunity to respond to the FCA s consultation on High-cost Credit Review: Overdrafts.

Credit cards: Responsible lending assessments

CP17/27: Assessing creditworthiness in consumer credit

Eurofinas response to the European Banking Authority s Discussion Paper on the innovative use of consumer data by financial institutions

PRIVACY NOTICE LAST UPDATED: SEPT. 2018

Pension Trustees. Final Countdown to the GDPR

Putting Consumers First. Code of Practice The Professional Financial Claims Association. All rights reserved.

Financial Services Authority FINAL NOTICE. DB UK Bank Limited (trading as DB Mortgages) Winchester House 1 Great Winchester Street London EC2N 2DB

DATA QUALITY WORKING PARTY. Data Quality Reference Guide. Version 1 July 2016

2018 Australian privacy outlook

Investor Key Information Understanding your investment

StepChange Debt Charity response to the Banking Standards Board consultation: What do good banking outcomes look like to consumers?

The Standards of Lending Practice. Business Customers

Review of Regulatory Funding. A report prepared for the Information Commissioner s Office

Finance Platforms Call for Expressions of Interest

Home Insurance. Privacy Notice

The General Data Protection Regulation (GDPR): action plan for pension scheme trustees

BSA Response to FCA Loan-based ('peer -topeer') platforms consultation. CP18/20. Restricted 25 October 2018

PPRO has given us an undertaking, under the Consumer Rights Act 2015 (the CRA), in relation to terms in its contracts relating to:

Bank of Ireland Insurance Services Limited. Terms of Business

Mr W says CashEuroNet UK LLC, trading as QuickQuid, lent to him irresponsibly.

Consultation and decision paper CP17/44. PSR regulatory fees

The contract is important so that both parties understand their responsibilities and liabilities.

Consumer Credit sourcebook. Chapter 6. Post contractual requirements

TABLE OF CONTENTS. Compliance Manual Version: 4.9 Author: [Your Company Name] Updated: 28/10/2017

Consumer Credit sourcebook. Chapter 1. Application and purpose and guidance on financial difficulties

Response to Ofcom s consultation on price rises in fixed term contracts

FSA Mortgage Market Review Distribution & Disclosure (CP10/28) Response by the Building Societies Association

HANDBOOK ADMINISTRATION (DATA PROTECTION) INSTRUMENT 2018

A distinctive local company with national standards. Practical Credit Control & New [GDPR] Data Protection Regulations

Strengthening Consumer Redress in the Housing Market. Executive Summary

Draft Memorandum of Understanding between the Financial Conduct Authority and Prudential Regulation Authority Overview

SME Business Lending. Application Form Republic of Ireland.

Credit Reference Agencies Call for information

DATA SUBJECT ACCESS REQUEST POLICY AND PROCEDURE

Citizens Advice Scotland Scottish Association of Citizens Advice Bureaux

Freedom of Information Act 2000 (FOIA) Decision notice

Customer Privacy Notice Edition

Financial Ombudsman Service s consultation transparency and the Financial Ombudsman Service publishing ombudsman decisions: next steps

FINAL NOTICE. To: Redstone Mortgages Limited Of: 2 Royal Exchange Buildings, London EC3V 3LF Date: 12 July 2010

28 June Final report by the Complaints Commissioner Complaint number FCA00450 The complaint

FLA. Lending Code setting standards, creating transparency YEARS

ABI response to ICO consultation on GDPR consent guidance

TABLE OF CONTENTS. Compliance Manual Version 4.8 Author: Updated: 28/05/2017

BREXIT AND DATA PROTECTION Q & A

SLAYING THE DEBT DRAGON

This helpful resource translates some commonly used financial terms into plain English.

THE UNIVERSITY, CAMBRIDGE IN AMERICA AND THE COLLEGES DATA SHARING PROTOCOL

Re: Senate Inquiry - Credit and financial services targeted at Australians at risk of financial hardship

Consumer Credit sourcebook. Chapter 8. Debt advice

General Data Protection Regulations Briefing (the presentation you ve all been waiting for)

Code of Conduct & Practice

The GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018

LOCAL GOVERNMENT PENSION SCHEME (LGPS) GENERAL DATA PROTECTION REGULATION - THE IMPLICATIONS FOR THE LGPS

Appendix 3 Handling Payment Protection Insurance complaints

Regulating Defined Benefit pension schemes. Buck Consultants response to consultation by the Pensions Regulator

European Union General Data Protection Regulation

Bank of Ireland Insurance Services Limited. Data Privacy Summary How we protect and manage your personal data

Intermediary Registration

TABLE OF CONTENTS. Compliance Manual Version: 4.9 Author: [Your Company Name] Updated: 14/10/2017

Principles of Processing the Personal Data of Clients

BBA RESPONSE TO JOINT COMMITTEE CONSULTATION PAPER ON GUIDELINES FOR CROSS-SELLING PRACTICES JC/CP/2014/05

Implementation of the EU mortgage credit directive. Response by the Council of Mortgage Lenders to the HM Treasury consultation paper

Hot topic. New proposed consumer credit lending rules: Customer affordability. Stand out for the right reasons Financial Services Risk and Regulation

Direct Debit Facilities Management: Switching providers

THE COMMITTEE OF EUROPEAN SECURITIES REGULATORS

GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS

Review of Code of Conduct on Mortgage Arrears. Consultation Paper CP 46

responsible lending and credit cards

FINAL NOTICE. 3. For the reasons listed below, the Authority has decided to refuse the Application.

FINAL NOTICE. 1.1 For the reasons given in this Final Notice, the Authority hereby: a. imposes on Vanquis a financial penalty of 1,976,000; and

HKICPA REQUEST FOR INFORMATION: Post-implementation Review of Accounting Guideline 5 Merger Accounting for Common Control Combinations

Moneylending Review of the Consumer Protection Code for Licensed Moneylenders. Consultation Paper CP 118

Service standards. Introduction. What this publication covers. Financial Conduct Authority 1. As at May 2018

AUGUST ENERGY RETAIL CONTRACTS REVIEW Unfair contract terms

High-cost credit Including review of the high-cost short-term credit price cap

FCA Consultation CP 13/10 December 2013 The ABI s response to proposals for the FCA regime for consumer credit

The General Manager Retail Investor Division The Treasury Langton Crescent PARKES ACT 2600

Freedom of Information Act 2000 (FOIA) Decision notice

PRIVACY NOTICE Use of Information Data Controller and Data Processor

Transcription:

The Information Commissioner s response to the FCA s Credit card market study: consultation on persistent debt and earlier intervention remedies The Information Commissioner has responsibility for promoting and enforcing the Data Protection Act 1998 ( DPA ), the Freedom of Information Act 2000 ( FOIA ), the Environmental Information Regulations ( EIR ) and the Privacy and Electronic Communications Regulations 2003 ( PECR ). She is independent from government and upholds information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The Commissioner does this by providing guidance to individuals and organisations, solving problems where she can, and taking appropriate action where the law is broken. The Information Commissioner welcomes the opportunity to respond to the FCA s consultation on persistent debt and earlier intervention remedies. She recognises the effects that persistent credit card debt can have on individuals, and is supportive of measures to help people to manage their finances well. The Commissioner's response is restricted to those areas that fall within her regulatory remit. It should be noted that data protection laws are undergoing significant reform at the present time and the General Data Protection Regulation (GDPR) will take effect in the UK from 25 May 2018. Laws concerned with electronic direct marketing are also undergoing reform and this may lead to changes to PECR. We would be happy to provide further advice and guidance to the FCA on the potential impact of these reforms. Data protection law is concerned with the collection and use of personal data. Personal data is information that by itself, or in conjunction with other information, identifies a living individual. Personal data should be handled in accordance with the data protection principles. In particular, personal data should be used fairly and a key aspect of fairness is ensuring individuals are appropriately informed about how their data is used. Individuals should also be able to exercise control over their data where appropriate. Under these proposals, sharing data with credit reference agencies (CRAs) is of particular interest to the Commissioner, as is any profiling of 1

individuals. The Article 29 Working Party, representing data protection authorities across the EU, is currently drafting guidance on profiling that may be helpful to lenders. When personal data is to be used in new or novel ways an organisation should consider undertaking a Privacy Impact Assessment (PIA). This will help an organisation identify, consider and address any privacy and data protection risks. Under GDPR assessments of this nature will be mandatory for particular types of high risk processing. Organisations will also need to ensure electronic direct marketing, such as marketing by phone, fax, SMS or email, is carried out in a way that complies with PECR. Marketing is defined widely and includes an activity to promote a product, service, aim or ideal. Question 2: Do you agree with our proposal for intervention at 18 and 27 months? The Commissioner is concerned that all the interventions comply with data protection obligations, in particular the requirements to be fair and transparent about how personal data will be handled. In practice, lenders must be clear with individuals about how and why their personal data will be used. If individuals would not generally expect that their account usage will be monitored in this way, then they should be notified prior to the monitoring beginning. If there will be a disclosure of personal data to the CRAs, or other third parties, then this will need to be made clear to individuals who will be affected. This is particularly the case where the information reported will be different from, or go beyond, that which would normally be reported to CRAs. The Commissioner agrees that the interventions at 18 and 27 months should clearly reiterate what information has been gathered and why, as well as how that information will be used in future. Data protection law does not require a particular format for providing information, but it should be easily understandable to the individual. The ICO s Privacy Notices Code of Practice provides useful guidance for organisations when providing privacy information. It may be sensible for the banking sector to develop consistent criteria about the circumstances in which they will consider intervention. This may help ensure that customers understand how their data is being used, and that different organisations treat customers fairly. 2

Question 3: Do you agree with our proposals for intervention after 36 months of persistent debt for those customers that can afford to repay more quickly? The Commissioner appreciates the long-term impact that persistent debt may have on customers. Customers that are in persistent debt, but are meeting the contractual terms of their credit agreements, should not have their data handled in a way that would be detrimental to them. Careful consideration should be given as to what information would be reported to CRAs, its impact on the individual, and whether this could lead to unfair outcomes for credit card users. The Commissioner agrees that it is important that new spending following an agreed repayment plan does not itself become persistent debt. Where the new spending came from a new credit facility with a different lender, it is unclear how this could be achieved. The Commissioner appreciates the reasons for proposing that lenders offer a way, or a range of ways, to repay debts faster, and that these may include referring customers to other financial products, such as loans. However, promoting products, services, aims, or ideals could constitute marketing, and lenders will have to ensure that they comply with legal requirements when delivering marketing messages. Under the DPA and GDPR, individuals have the right to issue a notice requesting that their personal data is not used for the purposes of direct marketing. PECR and the forthcoming eprivacy Regulation also place restrictions on electronic marketing. Lenders should carefully consider how to communicate with customers, as well as the content and tone of communications. Industry may wish to develop a common set of communications in order to ensure a consistent, informative, compliant approach. The Information Commissioner has published guidance to help organisations to meet their direct marketing obligations. Question 5: Do you agree with our proposals regarding a requirement to exercise forbearance and due consideration for customers in persistent debt who cannot sustainably repay more quickly? The Commissioner cannot comment on when forbearance should be exercised, or what form it should take. However, it is important that forbearance measures must be recorded in a way that complies with data protection law. 3

Paragraph 2.36 states that the nature of forbearance is not prescribed, and describes a range of ways it might be exercised. It is unclear whether some forms may result in information being reported to CRAs that would negatively impact an individual s credit score. In instances where forbearance measures are imposed upon customers who are meeting their minimum payment terms, it is unlikely to be fair if information adversely affecting them would be reported to CRAs or other third parties. If customers will be offered genuine choices about whether to accept help and the sort of help offered, then lenders would need to provide information to help them make an informed decision. This would include clearly stating what sort of information would be shared with third parties, such as CRAs, and the potential consequences. Question 9: Do you agree with our proposal that the firm must treat a customer with forbearance where the customer is unlikely to repay the balance in a reasonable period under a repayment arrangement? It is not for us to adopt a position on this matter, but where a customer has agreed to a repayment plan, they should be made aware of the possible consequences, including how any missed payments may be reported to CRAs. Question 10: Do you agree with our proposals for commencement of the Handbook provisions? If customers have not been told, and would not otherwise expect, that their repayments will be monitored for the purposes of encouraging faster repayment of debt, lenders will need to inform customers of what will happen and why. If lenders may start using credit reference data in ways that the customer had not previously been informed of, then they should be made aware of the changes and the justification in-line with the data protection transparency requirements. 4

Question 11: Do you agree with our proposals regarding overlap between persistent debt and earlier intervention and CONC 7.3.4R? If lenders may start using credit reference data in ways that the customer had not previously been informed of, then they should be made aware of the changes and the justification in-line with the data protection transparency requirements. Question 12: Do you agree with our proposal to require credit card firms to monitor other data in addition to a customer s repayment record? Transparency and fairness will again be considerations when gathering, analysing and monitoring data about individuals. For example, where an individual has a loan, current account, and credit card, it is not clear whether they would reasonably expect their data to be collected and analysed for the purposes of monitoring their other financial commitments. Careful consideration should also be given as to whether this would be fair to customers, and how to deal with customer objections. Article 22 of the GDPR introduces new rights for individuals in relation to automated decision-making and profiling. Lenders would need to determine how to comply with the requirements of article 22. Question 13: Do you agree firms should be required to take appropriate action where there are signs of actual or possible financial difficulties? People who are in financial difficulty, or who are in danger of difficulties, should be helped appropriately. Any data collection or analysis should be conducted in ways that comply with the DPA and GDPR. 5

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback