Credit Information Companies (CICs), which assign credit scores to retail borrowers, play a vital role in helping lenders decide who gets access to loans and at what terms. Despite the Reserve Bank of India’s (RBI) directives on CIC data collection and scoring practices, there have been mounting complaints about opaque processes, data privacy issues and lack of recourse for borrowers, when they felt wronged. RBI’s latest Credit Information Reporting Directions 2025 seek to consolidate all the piecemeal directives into a single Master Direction and tighten the framework for data sharing, while making the credit scoring ecosystem more borrower friendly.  

The most important changes relate to CICs sharing borrower information with non-lenders. Earlier, RBI had allowed CICs to share customer credit data only with lenders, regulators, resolution professionals, telecom companies and SEBI-registered intermediaries. In 2021, to enable tie-ups between lenders and fintech companies, it expanded the ambit to include third parties working with lenders too. This seems to have opened the doors to leakage of sensitive customer data leading to its misuse. RBI has now prescribed specific eligibility criteria for non-lenders who seek to access CIC data. CICs will need to enter into written agreements with the entities with whom they seek to share credit information, after conducting due diligence on their compliance with RBI’s eligibility criteria. They also need to ensure compliance with them on an ongoing basis. When CICs share credit information with third parties, the borrower’s explicit consent will need to be secured. CICs have also been tasked with ensuring that entities who tap into their data do not allow their employees, associates or group companies to misuse it for other purposes. Hopefully, with RBI treating CICs as custodians of customer data and putting the onus on them to prevent its misuse, individuals’ credit information will be shared more selectively and judiciously from here on. 

In another key change, RBI has asked CICs to update their customer credit data every 15 days, with lenders required to share information accordingly. More frequent updates will ensure that CICs don’t miss repayments that alter a customer’s credit score for the better. At the same time, RBI may also be trying to make sure that retail borrowers who skip repayments on older loans are unable to take new ones; retail borrowers juggling multiple loans was a key concern flagged by the recent Financial Stability Report. The directions also seek to make credit scoring less error-prone, by requiring CICs to explain data rejections, rank lenders on data quality, with lenders required to deal with correction requests within stipulated timelines. Overall, the new rules plug gaps in data sharing and customer service. Issues relating to the opacity of the scoring process remain unaddressed and may need attention next.