Credit Reference Agencies and Their Regulation

The 2020 Credit Score Guide – Chapter Four

Like any other financial institution in the UK, CRAs are licensed and regulated. In this article, we’ll look at how far consumers are protected in their interaction with credit reference agencies and whether the system is open to abuse. We’ll also discuss the different ways you can look at your your credit report – a vital step in improving your credit score!

A group of friends are walking on a shopping street

Article Highlights:

We start this article by examining the key roles played by the FCA (Financial Conduct Authority) and the ICO (Information Commissioner’s Office) in the regulation and supervision of credit reference agencies. We look at what circumstances they’re permitted to collect data about us and what rights we have. Finally, are these agencies allowed to sell the data which they possess about us?

Regulation of credit reference agencies

Anything that concerns consumer credit, including the activities of credit reference agencies, comes under the terms of the Consumer Credit Act of 1974. This sector of the finance industry is now regulated by the FCA. This means that all agencies must be licensed by the FCA before they can operate. Although the FCA regulate them, they have no control nor are they entitled to scrutinise how credit scores and ratings are compiled.

The terms of the Data Protection Act of 1998 for credit reference agencies

The ICO is responsible for how your personal data is compiled and used by CRAs. It might come as a surprise to learn that details of your spending habits and credit history aren’t considered to be sensitive data in the same way that details of your medical history are, for example.

Credit reference agencies don’t need your consent to process information about you as long as they have a legitimate reason for doing so. You may be surprised to hear that you have given your permission for such data to be shared. Every time that you sign a credit agreement with a lender, this consent is hidden in all the pages of terms and conditions which you sign. How many times have you read all these pages through to the end?

However, the terms of the Data Protection Act make it clear that data relating to identifiable living individuals must be relevant, accurate, held for a proper purpose and must be kept up-to-date. Consumers also have a legal right to access their credit report. How can you do this?

How to access your credit report

You can access your credit report from the 3 main credit reference agencies for free. Credit report requests used to be £2, but were made free once new GDPR laws came into force in May 2018.

To prevent mistakes, agencies recommend that you supply them with the following information:

  • Your full name
  • Other names used in the past 6 years (such as your maiden name)
  • Your full address (including the postcode)
  • Other addresses used in the past 6 years
  • Your date-of-birth

If you don’t wish to sign up for a free trial or subscription to one of the agencies, you can still receive a statutory copy of your credit file by applying online or by post at a cost of £2. They may need proof of your name and address and if so, will ask for a utility bill or bank statement to ensure that no one gets a copy of your credit file by mistake or fraudulently. Once they have all the information they need, you should receive a copy within 7 working days.

Click here for practical tips on how to improve your credit score!

Changes to Data Protection because of the GDPR

The GDPR (General Data Protection Regulation) came into effect on 25th May 2018. These rules require credit reference agencies to follow certain guidelines on handling the data of both individuals and businesses. Since then, consumers have had more say about what companies can do with their personal data. Also, there are tougher fines for non-compliance.

The use of your financial data for marketing

One of the worries that consumers have is that data held about them might be used for marketing purposes. They’re concerned that they might be bombarded with offers for financial products which they have no interest in because of data supplied by credit reference agencies. It’s important to understand that your personal data is sensitive, so it’s worth it to invest in learning to protect your data online.

Although credit reference agencies also operate as lead generators, the data that they sell for direct marketing purposes are collected by other means. This information is bought from local authorities especially from individuals who haven’t opted out of the full (or open) electoral roll. Other data comes from lifestyle questionnaires, consumer surveys and competition entries when you haven’t ticked the box to say you don’t want your information to be passed onto third parties.

All credit reference agencies make sure to keep the credit referencing data that they hold completely separate from their marketing data. After all, their role of compiling a report about your credit history is from data supplied by the lenders themselves who use this shared data to make a decision about whether to approve a credit agreement. As a data processor, the information CRAs hold for credit referencing doesn’t strictly belong to them.

A phone salesman is using marketing data to succeed with a phone sale

Conclusions about the regulation of CRAs

Like any company which offers consumer credit, credit reference agencies are both licensed and regulated. There are also guidelines in place to prevent them from using information held about you for their own commercial gain. The best way to protect your data online from unwanted marketing contact is to always tick the box so your personal details aren’t shared. The GDPR is making it easier for consumers to do so.

FAQs about CRA regulation

Are credit reference agencies regulated?

The regulation of the credit reference agencies which operate in the UK falls under the jurisdiction of the FCA. All agencies must therefore be licensed by the FCA before they are eligible to operate their business in the UK. The same applies for lenders, who would otherwise be unable to legitimately issue loans under UK law.

Which credit reference agencies do banks use?

UK banks normally use all three credit reference agencies when deciding on loan applications. There data from all credit reference agencies is used for better accuracy that is required for the decision making process of approving credit and financial products. This approach enables banks to reach a decision with greater certainty than only using one credit reference agency.

Who can be a credit reference?

A credit reference relates to information, including personal information such as the name of the individual or organisation, which provides details about the entity’s credit history. Credit reference agencies provide credit references, or reports, to companies that sell financial products or services to the public.

Enjoyed this article? Continue to Chapter 5

Jump To A Category

Quick Read: Money Magazine