Nigeria: A Critical Evaluation Of The Credit Reporting Act 2017 – Practical Issues Arising

Last Updated: 22 November 2018
Article by Oladele Oladunjoye and Bisola Oguejiofor

Abstract

The Credit Reporting Act ("the Act") was enacted on the 30th day of May 2017 with the primary objectives of promoting access to credit information and enhancing risk management in credit transactions. To achieve these, the Act provides for the licensing and regulation of Credit Bureaux on one hand, and stipulates the various processes to facilitate the creation, maintenance and sharing of credit information amongst key players on the other hand.

This article examines the role of the said key players in achieving the objectives of the Act and evaluates the legal and practical issues arising therefrom.

Introduction

Prior to the passing into law of the Act, the activities of the Credit Bureaux were regulated by the Guidelines for the Licensing, Operations and Regulation of Credit Bureaux and Credit Bureaux Related Transactions in Nigeria 2013 (''the Guidelines''). However, with the enactment of the Act, a statutory framework for the licensing and regulation of the operations of credit bureaux in Nigeria, the promotion of a credit reporting system, and the facilitation of the sharing of credit information has now been provided.

The Act, inter alia, sets out the operations of the Credit Bureaux and the role of the key players, which are germane to the realization of the objectives of the Act. These key players include the Credit Information Providers, who provide credit information; Credit Information Users who seek credit information from Credit Bureaux for a permissible purpose; and Data Subjects comprising individuals or entities whose credit information are collated and administered by the Credit Bureaux.

Considering that the proper execution of the function of each key player is critical to the realization of the objectives of the Act, we have provided below, an overview of the rights and obligations of each key player from a legal cum practical perspective.

Credit Bureau

A Credit Bureau is an entity duly licenced and regulated by the Central Bank of Nigeria under the Act to perform specialized functions, including the creation and maintenance of a database of credit related information and issuance of credit reports based on such information. Its aim is to promote responsibility in the credit market by encouraging responsible borrowing, avoiding over-indebtedness and generally discouraging reckless granting of credit by credit providers. In other words, by the issuance of a credit report, credit providers who are also Credit Information Users, become well guided and better equipped to assess the credit worthiness or otherwise of a person before extending credit.

However, in creating a database of credit information, the Credit Bureaux receive and collate credit information from the Credit Reporting Management System, public registries and key players all known as Credit Information Providers. The reality is that a Credit Bureau is only as valuable as its database of information; and this is perhaps the reason the Act imposes an obligation on Credit Bureaux to regularly update their database regarding the nature of information stored whenever information is provided by a Credit Information Provider. Credit Bureaux are also charged with the obligation to implement strict quality control procedures to ensure the quality of information supplied and the continuity of their services.

In performing its functions, particularly when handling credit related information, a Credit Bureau must ensure the confidentiality and security of its data. However, it is noteworthy that a Credit Bureau has no obligation to verify the accuracy of credit information received unless such information appears to be inaccurate, incomplete, misleading or contains any manifest error. Conversely, the onus is on the credit information provider to ensure that they provide at all times, accurate and complete information to Credit Bureaux, as the Act makes them culpable otherwise.

Furthermore, whilst the Act imposes an obligation on Credit Bureaux to adopt measures allowing Credit Information Providers to correct data which is found to be inaccurate, invalid, incomplete or out of date, the Guidelines further impose an obligation on the Credit Bureaux to notify all Credit Information Users of specific credit information found to be incorrect, and to forward copies of the corrected credit information at no cost to such User, and the Data Subject.

The Act further authorises a Credit Bureau to issue credit reports to Credit Information Users who have obtained the written consent of a Data Subject in a form and substance satisfactory to the Credit Bureau; or who have entered into a Data Exchange Agreement with the Credit Bureau, and where the disclosure is for a permissible purpose. Accordingly, Credit Bureaux will not issue credit reports without the requisite consent of a Data Subject and/or without the execution of a Data Exchange Agreement with it.

Although it is provided that the consent must be in a form and substance satisfactory to the Credit Bureau, there is no clarity as to what constitutes "satisfactory form of consent". The Guidelines however define consent as a signed written authorization by the Data Subject, or his/her legal representative or authorized agent indicating his/her approval to inquire about his/her data from the Credit Bureaux. Accordingly, it is our view that a written and properly executed consent letter from the data subject shall be valid for this purpose.

The Act stipulates that Credit information must be maintained by a Credit Bureau for at least 6 years from the date it was provided by a Credit Information Provider to a Credit Bureau or by a Credit Bureau to a Credit Information User, whichever is later; after which same must be archived for another 10 years.

Credit Information Providers

These are entities who provide or furnish credit information to a Credit Bureau and typically include banks, microfinance institutions, cooperative societies and insurance companies. In addition, a noteworthy category of Credit Information Providers as provided by the Act are utility companies such as electricity companies, telecommunications companies and water corporations. The implication of having this category of Credit Information Providers, at least from the perspective of a Data Subject, is that a default in payment of electricity bills for instance, may be reported to and received by a Credit Bureau and thus, count towards an assessment of the credit worthiness of such Data Subject.

Due to the role a Credit Information Provider plays with respect to the obtention of credit information by the Credit Bureaux, it is critical for Credit Information Providers to ensure that they always provide accurate and complete information regarding a Data Subject. Accordingly, a Credit Information Provider and/or a Credit Bureau are first points of contact in the event of a dispute regarding the validity, accuracy or completeness of credit information or a credit report. Furthermore, the Act imposes liability on a Credit Information Provider where there are losses arising from the provision of inaccurate data as a result of the illegal activity, gross negligence or misconduct of a Credit Information Provider. Where a Credit Bureau is found culpable for any incorrect or incomplete credit information, such Credit Bureau can bring a claim against the applicable Credit Information Provider.

The Act provides that a Credit Information Provider can disclose credit information relating to a Data Subject to a Credit Bureau without the prior consent of such Data Subject. This position is logical considering the circumstances under which credit information is disclosed by a Credit Information Provider, as no Data Subject will voluntarily give consent to a Credit Information Provider to disclose its credit information to a Credit Bureau.

A Credit Information Provider, when acting in the capacity of a Credit Information User is mandated to obtain a Credit Report from at least one Credit Bureau before granting any form of credit. However, suppliers of goods and providers of services on a post-paid, deferred or instalment payment basis; and other entities who have relevant information that comply with permissible purposes and serve the purposes of a Credit Bureau are not required to obtain a Credit Report before extending credit except they are otherwise restricted under any other applicable law.

For the purpose of performing its role under the Act, any obligation of confidentiality owed to a Data Subject by a Credit Information Provider, such as by a Bank to its customer, is waived or modified to the extent required of the Credit Information Provider to perform its obligations under the Act.

Furthermore, a Credit Information Provider is entitled to receive services from a Credit Bureau if it has a valid Data Exchange Agreement with such Credit Bureau. They are also entitled to the integrity and protection of data submitted to a Credit Bureau.

Credit Information Users

As the name implies, these are users of credit information who obtain information from a Credit Bureau for a permissible purpose. Permissible purposes under the Act include: considering an application for credit or qualification as a guarantor; restructuring credit facilities; underwriting, reviewing or renewing insurance policies or analysing insurance claims; considering applications for credit contracts or other post-paid services; carrying out employment checks on prospective employees; and assessing the credit worthiness of a prospective tenant in any lease or tenancy.

In other words, Credit Information Users would include all Credit Information Providers, employers of labour and even a landlord. Indeed, one may argue against the rationale for an employer of labour as a Credit Information User for the purpose of carrying out employment checks on prospective employees, considering that it is not a credit based transaction, at least from the point of view of the employee. In fact, the reverse should be the case for the obvious reason that an employee may want to satisfy himself/herself as to the creditworthiness or capacity of the employer to pay the salary as and when due. A case may be made for a Landlord as a Credit Information User as landlords would need to make an informed judgment regarding the creditworthiness or capacity of a prospective tenant to pay rent as it becomes due.

Considering that a Credit Bureau will not release credit information to a Credit Information User in the absence of a data exchange agreement with such Credit Information User, or until the consent of the Data Subject is obtained by the Credit Information User, it behoves the Credit Information User to take practical steps to either execute a data exchange agreement with the Credit Bureau or obtain a consent letter from a Data Subject.

Having regard to the volume of Data Subjects that Credit Information Users such as financial institutions deal with, this category of Credit Information Users are encouraged to enter into data exchange agreements with Credit Bureaux which essentially serves to circumvent the need to obtain the consent of every data subject before receiving credit information from Credit Bureaux.

However, for other adhoc Credit Information Users such as landlords and employers, a practical step might be to incorporate a consent clause in an Offer of Employment Letter whereby the prospective employee gives his/her consent to the prospective employer to inquire about his/her creditworthiness from a Credit Bureaux. In that case, It will be expedient for the employer to also subject the employment to satisfactory checks with the Credit Bureau. The same principle also applies in the case of a landlord, who may by an Offer Letter or consent letter, be able to elicit the consent of the prospective tenant to obtain its credit information from a Credit Bureau for the purpose of granting a tenancy/ lease.

A Credit Information User cannot disclose credit information received from a Credit Bureau to any person, or use such information for any purpose other than a permissible purpose, except with the written consent of the Data Subject and unless such disclosure is required by applicable law, court order or by the CBN; and where the Data Subject is involved in financial or credit related malpractice e.g. the issuance of dishonoured cheques. Furthermore, considering that Credit Information Users consist of Credit Information Providers, it follows that an insurance company for instance, may function as a Credit Information Provider and a Credit Information User. Accordingly, in its dealings with the Credit Bureau, it should be borne in mind, that even though consent might not be required when acting in the capacity of a Credit Information Provider, consent is compulsorily required when acting as a Credit Information User.

It should also be noted that where a Credit Information User declines an application by, or a transaction involving a Data Subject on the basis of a Credit Report of the Data Subject, the Credit Information User must inform the Data Subject within 15 working days of the reason(s) for such denial and provide a copy of the Credit Report to the Data Subject at no cost.

Data Subject

A Data Subject is any person or entity, or a guarantor of any person or entity, whose Credit Information is collated and administered by the Credit Bureaux. Having regard to the permissible purposes as provided by the Act, a Data Subject will typically include seekers of credit, persons involved in credit related transactions, persons to whom utility services are provided, prospective employees or employees in whatever form; prospective tenants/ lessees etc. In other words, every/any one is a potential Data Subject.

Being a potential Data Subject, caution must therefore be exercised when entering credit related transactions to avoid credit default under a financial contract.

It is clear from the provisions of the Act that even as a tenant, you stand a chance of tainting your credit records if you default in your tenancy obligations and such information is submitted by your landlord to a Credit Bureau. Indeed, it is in the best interest of the Data Subject to comply with its financial obligations in a credit transaction to avoid having an unfavourable credit report.

The Act provides that all Data Subjects shall have the right to privacy, confidentiality, and protection of their credit information, and where such information needs to be shared, it shall be done with the consent of the Data Subject. However, as earlier stated, Credit Information Providers may disclose credit information of the Data Subject without consent. Similarly, where a Data Subject is involved in the issuance of a dishonored cheque owning to lack of funds or financial and credit related malpractices and disclosure of credit information is required, the consent of the said Data Subject shall not be required.

It is also important to note that where consent is given by a Data Subject, it is only valid for the specific purpose for which it was granted and shall lapse immediately the purpose is satisfied. This therefore means that every single transaction or purpose shall each require the consent of the data subject.

Under the Act, a Data Subject has the right to request and obtain one free credit report from a Credit Bureau; and a further right to contest the accuracy of information provided in such credit report. More importantly, where an application or transaction involving a data subject has been declined on account of information provided to a Credit Information User in a credit report, the Data Subject is entitled to be informed by the Credit Information User about the reason(s) for the denial, and be provided with a copy of the credit report. Consequently, in the scenario of the landlord and tenant as mentioned above, should the landlord choose not to grant the tenancy owing to the credit report provided on the Data Subject, the landlord must within 15 working days, inform the Data Subject of the reason for the denial and provide a copy of the credit report to the Data Subject.

A Data Subject who has any complaint regarding the accuracy of any information provided in a credit report can submit its complaint in writing to a Credit Information Provider or a Credit Bureau, upon which the Credit Bureau shall conduct investigations and reach a decision. The decision must be communicated to the Data Subject within 10 working days of the receipt of the complaint. However, where the complaint is not satisfactorily resolved by the Credit Information Provider or Credit Bureau, it may be referred to the Central Bank of Nigeria (CBN), and ultimately to a court of competent jurisdiction.

Conclusion

Whilst it is the expectation that the Credit Reporting Act will facilitate and promote ease of access to credit as is obtainable in other countries, the Act is a means to an end not an end in itself. Thus, to achieve the desired objectives of the Act, we all have roles to play, whether in our capacity as providers or users of credit information. Only when there is synergy and proper synchronization of credit information by the stakeholders, can the Act yield the intended outcome.

Furthermore, although the provisions of the Act are lofty considering the intended objective, the compliance cost may hinder the achievement of the objectives.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Authors
Similar Articles
Relevancy Powered by MondaqAI
 
In association with
Related Topics
 
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
 
Up-coming Events Search
Tools
Print
Font Size:
Translation
Channels
Mondaq on Twitter
 
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
 
Email Address
Company Name
Password
Confirm Password
Position
Mondaq Topics -- Select your Interests
 Accounting
 Anti-trust
 Commercial
 Compliance
 Consumer
 Criminal
 Employment
 Energy
 Environment
 Family
 Finance
 Government
 Healthcare
 Immigration
 Insolvency
 Insurance
 International
 IP
 Law Performance
 Law Practice
 Litigation
 Media & IT
 Privacy
 Real Estate
 Strategy
 Tax
 Technology
 Transport
 Wealth Mgt
Regions
Africa
Asia
Asia Pacific
Australasia
Canada
Caribbean
Europe
European Union
Latin America
Middle East
U.K.
United States
Worldwide Updates
Registration (you must scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.

Disclaimer

The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.

General

Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions