Eurofinas is the voice of consumer credit providers at European level. As a Federation, Eurofinas brings together associations throughout Europe that represent finance houses, universal banks, specialised banks and captive finance companies of car or equipment manufacturers.

The products sold by Eurofinas members include all forms of consumer credit products such as personal loans, linked credit, credit cards and store cards. Consumer credit facilitates access to assets and services as diverse as cars, furniture, electronic appliances, education etc. In 2015, consumer credit providers that are members of Eurofinas helped support European consumption by making more than 423 billion EUR goods and services available to individuals and households, reaching 981 billion EUR of outstandings at the end of the year .

Digital innovation is transforming our industry; new technologies as well as a shifting consumer demand bring business opportunities as much as challenges. It is essential that we adjust to this new landscape. Against this backdrop, we welcome the opportunity to respond to the Discussion Paper on innovative uses of consumer data by financial institutions. Eurofinas supports the work of the European Banking Authority (EBA) to ensure that market actors engaging in financial innovations can do so with confidence across Europe. We trust that our comments will be taken into account and remain at the disposal of the Authority should any further questions arise.

Data analytics is at the heart of consumer credit providers’ activities. It is used to accurately and properly evaluate risk, assess the creditworthiness of applicant borrowers and fight against financial crime. EU legislation in force, such as the Capital Requirements Directive IV (CRD IV), the Consumer Credit Directive (CCD) and the Anti-Money Laundering Directive (AMLD) require lending institutions to collect, store and analyse data throughout their business activities and over long periods of time.

Our industry is currently going through a major transformation, driven by digital innovation and new competition. Providers are not only changing the way they deliver their products and services, but also how they use data and for what purpose. Traditionally, data analytics has relied on the retroactive exploration of partial segments of structured data held by a provider. A more advanced usage and analysis of data is challenging due to capacity constraints, the ability for lenders to access and connect different existing data sets or simply to assess and make sense of unstructured and non-traditional data.

As pointed out by the EBA, the issue of innovative use of data touches upon a variety of currently applicable legislation. Many of the issues addressed in the Discussion Paper are covered by the General Data Protection Regulation (GPDR), which replaces the existing Data Protection Directive (DPD). Together with local data protection supervisors, the industry is currently preparing for the new standards that will become applicable by 25 May 2018. We strongly believe that it would be inappropriate to disrupt this complex implementation and compliance process and that additional work on the subject-matter could be better timed with the European Commission’s review of the Regulation in 2020.

As stated, Eurofinas brings together national associations across Europe, which in turn represent finance houses, universal banks, specialised banks and captive finance companies of car or equipment manufacturer. Our membership encompasses both traditional consumer credit providers offering credit in branches, through agents and at the point of sale as well as lenders with dedicated digital activities.

Many specialised consumer credit providers are exploring how to improve processes, and are continuously investing to develop better IT systems and applications, in order to better perform their core activities and to comply with regulatory requirements. However, their uptake of more innovative forms of data is very much governed by their respective business models, market conditions and customer demand.

Our response is therefore based on the experience of lenders with different business models operating under varying market conditions.
Consumer credit providers collect and process personal data in order to identify their customers, assess the creditworthiness of borrowers, evaluate the risk of transactions and ensure the safety of lending and repayment processes.

For this purpose, the data primarily used by consumer credit providers include:

• Name / surname / ID number
• Address
• Family status
• Property ownership
• Economic data (including income, employment information and aggregated savings)

The data naturally varies based on providers’ business models (online distribution, at the point of sale or at a branch, etc.), market conditions, type of customer segments, as well as the existence of a relationship with the applicant borrower.

While it is true that some lenders explore the possibility of using alternative data (e.g. social media, browsing data & data from commercial partners), this will only be considered for purposes such as marketing and advertising which require customers’ explicit consent.
To perform the activities as primarily outlined under question 4, consumer credit providers rely on a variety of data sources, dependent on national regulatory conditions, business models, target markets and customer relationships.

Different providers rely on different sources to best respond to their operations and to best reflect upon the risk connected to their activities and market conditions. As a general rule, specialised consumer credit providers rely on data provided by the applicant borrower in his/her loan application, data previously collected based on historic relationship with the borrower, data held by Credit Reference Agencies (CRAs) where existing, and data from public sources (e.g. National Banks, tax authorities and local administrations).
As identified by the EBA, legislation in force, such as the Capital Requirements Directive IV (CRD IV), the Consumer Credit Directive (CCD), the Mortgage Credit Directive (MCD) and the Anti-Money Laundering Directive (AMLD), require consumer credit providers to collect, store and analyse data throughout their business activities.

They are used for a variety of core activities, for example to:

• Confirm an applicant borrower’s identity
• Accurately and properly evaluate risk
• Comply with supervisory reporting standards
• Calculate prudential ratios
• Assess the creditworthiness of applicant borrowers
• Perform anti-money laundering processes
• Fight against fraud/financial crime (e.g. terrorist financing)

Data may also be used in marketing activities in order to provide customers with relevant and tailored offers, products and services. In line with the European data protection framework, this can only be done with the customers’ explicit consent
Consumer credit providers are continuously assessing how their internal processes and customer / partner engagement can be improved. Through technical developments, more varieties of data are likely to be held and analysed by lenders and CRAs. Also, legislation, such as the new Payment Services Directive (PSD II), will allow for greater amounts of data held by financial institutions to be accessed by companies from the fintech sector and global internet players.

In this process, big data analytics will likely play an important role. The consequences are most likely multi-fold. It may provide for the provision of a wider range of “made-to-measure” financial products, as well as help to create new products and services for customers.

With big data analytics, the thresholds for entering the consumer credit market are expected to be lowered and we are therefore likely to see the entering of additional market actors from the digital sector and the fintech industry, which in addition often hold vast amount of alternative data, relating to consumers’ social media activities.

The technical developments and the new tools made available are benefiting both business operators and consumers. Consumers will have a greater control of their data and a better understanding of its value. Consumers will more easily decide to whom and when specific data should be made available in return for a better price and / or product.
We agree in general with the potential benefits outlined by the EBA.

In relation to the core activities of consumer credit providers, we believe innovative uses of data can help to confirm the identity and improve the creditworthiness assessments of applicant borrowers. The use of alternative data can speed up processes, providing consumers with better, more relevant, faster and safer services and products, and help to meet their ever increasing expectations in the digital reality.

The more innovative use of consumer data may also be beneficial to groups of applicant borrowers that often face problems accessing credit products due to lack of a traditional credit history, such as a temporarily employed person or an individual that recently has re-located to a new country.

Consumer credit providers represented by Eurofinas do not view social media data as a relevant factor in the credit-making decision processes. While it may provide some value in relation to marketing exercises (with the explicit customers’ consent), it is generally not viewed as a relevant dataset for their core activities.
Consumer credit providers carefully need to consider a number of factors in their data processing.

The use of consumer data by consumer credit lenders is governed by both horizontal and sector-specific legislation. Thus, lenders need to carefully respect data protection frameworks, rules on banking privacy, credit provision legislation and a diversity of differing national rules.

For financial services providers, trust and a high degree of security are necessary pre-requisites for their activities. The use of consumer data is dependent on the confidence and consent offered by the consumers. Any processing must carefully meet the customers’ expectations. Thus, the processing must be transparent as to the data processed and the reasons for the processing. Financial institutions must carefully avoid any form of processing that may be viewed as intrusive and always uphold the highest degree of security for their data.

Between traditional financial services providers and new market entrants, such as fintech companies and digital giants, clear differences exist regarding the amount of data held and used. With this in mind, a level playing field is crucial. Most of all, it is important to avoid a regulatory situation which, for any party, discourages and limits the possibility of innovation and the provision of better products to consumers.
We believe that the risks outlined in the Discussion Paper are fairly accurate and consumer credit providers are on a continuous basis actively responding to them in compliance with the applicable legislation and in light of technical developments.

Consumer credit providers have a longstanding focus on the use of data in their core activities and systems to counter risks. The data held by consumer credit providers and their key partners, such as CRAs, is highly reliable and well-protected, as well as continuously updated to reflect the actual situation of the borrower. Safeguards in place, allow the consumer to have erroneous data rectified and to receive further information on a credit decision. The Eurofinas membership is committed to ensure that consumers are well-informed of their rights in this aspect.

Eurofinas members only use social media data in a limited extent and not for credit-scoring purposes. As a general reflection, we believe that the better use of alternative data is likely to have a positive effect on the development and marketing of products with more relevant and adapted offers provided to consumers.

Based on the applicable legislation, consumers are informed as to the purposes of the processing of their personal data as well as provided with relevant product information, in line with the existing data protection framework and sector legislation. They are also asked for their consent for the processing where necessary. While the prescribed information may be complex at times it is prescribed by the applicable legislation.

The EBA lists a number of risks for consumers connected to the innovative use of data. However, we believe both current and forthcoming legislation already satisfactory address several of the concerns put forward by the EBA. For example, the GDPR mandates that:

• The data shall only be collected for specified and explicit purposes
• The data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed

Also, the GDPR also provides the consumer a right to transfer their personal data between different data controllers (data portability), thus allow them to take greater control over it and its value.

The potential concern regarding cross-border information asymmetry is not a serious risk. The cross-border credit market within the EU is small. This is mainly due to that the availability of appropriate behavioural data differs widely across the Member States. Moreover, the demand for cross-border provision of credit is very low with the exception of a limited number of border areas.
[Trade association"]"