Sun. Oct 17th, 2021

Regulation HK

Financial Regulator

PBOC Finalises Rules for Credit Reporting Businesses

2 min read

The rules say the collection of credit information should “not be excessive” and subject to consent and information security requirements. Cross-border use is allowed.

The PBOC (People’s Bank of China) has finalised the rules on the management of credit reporting businesses, in light of a rapidly developing digital economy which is heavily reliant on personal credit data.

The new rules, which will come into effect on 1 January 2022, are part of a government initiative to step up the regulation of data collection and usage, and better protect the rights of consumers and businesses.

According to the PBOC, the new rules seek to achieve clarification of the boundaries of credit reporting businesses and strengthen the protection of the rights and interests of data subjects.

New technologies such as the Internet and big data have been widely adopted in the field of credit assessment over the recent years, and a large number of effective “alternative” data sets have been collected, analysed and used to assess the credit status of enterprises and individuals, the PBOC said in a statement (Chinese).

Under the new rules, the PBOC specifies that the collection of credit information should “not be excessive” and that it should follow the principle of “minimum and necessary.”

Further, the rules say any collection of personal credit information should be subject to the consent of the data subjects, and that the information subject should be clearly informed.

In China, there has been increasing concern about the collection, storage and sale of information on individuals and companies given the strong potential for data abuse.

The new rules emphasise the security of credit information and that any cross-border usage must be in compliance with laws and regulations. The rules allow the use of credit information in cross-border trade, investment, financing, and other economic and financial activities under the premise of ensuring information security.

Credit reporting agencies are required to strengthen their credit information security management and improve internal control systems. They are also required to be transparent in displaying the content of credit information, establish assessment standards for scoring products, and disclose to the public the types of credit information collected and the process of handling disputes.

The new rules provide for a transition period until the end of June 2023 for companies to comply with the new rules. The PBOC says it will provide additional guidance to companies as needed to ensure a smooth transition.

Leave a Reply

Your email address will not be published. Required fields are marked *