Licensed credit bureaus will be required to establish a Code of Conduct and comply with requirements on technology risk management and cyber security.
MAS (Monetary Authority of Singapore) has issued its consultation response on draft regulations and notices applicable to licensed credit bureaus and approved members regulated under the Credit Bureau Act 2016.
The consultation was issued in October 2020, proposing to better regulate credit bureaus and credit reporting businesses in areas such as fees, governance, dispute resolution standards, data security, technology risk management, and cyber hygiene.
The consultation had proposed that credit bureaus be required to establish a Code of Conduct to govern issues such as the dispute resolution process, where a Dispute Resolution Committee must be formed to resolve complaints and data disputes, and an Approved Members Committee to review and coordinate operational matters concerning the credit reporting processes between the approved members and the credit bureau.
In its consultation response, MAS said the requirements under the Code of Conduct will be expanded to cover matters relating to data integrity, data reporting and operational risk of credit reporting processes.
On the role of the Approved Members Committee, MAS has clarified that it includes the responsibility of making recommendations on policies concerning the credit reporting process between a credit bureau and its approved members.
MAS says it will extend the period for a licensed credit bureau and approved members to complete the investigation and correction process for disputed data to 10 business days – from the date when the request is received. The consultation had proposed that investigation be completed within 5 business days and correction within 2 additional business days.
The frequency of submission of data from approved members to a licensed credit bureau will be amended from a weekly basis to a monthly basis.
Given the extended period for investigation and correction of disputed cases, and shift from weekly to monthly data submissions, MAS says there is no longer a need for the proposed 12 month transition period to meet these requirements.
There will continue to be a transitional period of six months for the requirements to form a Dispute Resolution Committee and Approved Members Committee to take effect.
Credit bureaus will be subject to similar technology risk management requirements and cyber security measures as required of other financial institutions in Singapore, as proposed in the consultation.
The consultation response is available here.
An effective date for the credit bureau regulations and notices has not yet been announced.