It may be recalled that the Credit Information Companies (Regulation) Act, 2005 was passed in May 2005 and notified in the Gazette of India on June 23, 2005. The Act was passed with a view to regulating credit information companies and to facilitating efficient distribution of credit and for matters concerned or incidental to it. The Credit Information Companies (Regulation) Act, 2005 required Rules and Regulation to be notified under the Act. While the Central Government was empowered to make the Rules, the Reserve Bank was empowered to make the Regulations to carry out the purposes of the Act. Accordingly, the Reserve Bank has prepared the Regulations for implementation of the Credit Information Companies (Regulation) Act, 2005 and placed them on the website for feedback.

i. The Rules enumerate the procedure for appeal and other incidental matters when an aggrieved credit information company whose application for certificate of registration has been rejected or whose certificate of registration has been cancelled, approaches the Appellate authority designated by the Central Government. (Rules 3 to 19 of Chapter II)

ii. Rules provide that the credit institution and the credit information company should formulate appropriate policy and procedure, duly approved by its board of directors, specifying the steps and security safeguards in regard to (a) collecting, processing and collating of data relating to the borrower; (b) steps for security and protection of data and the credit information maintained at their end; and (c) appropriate and necessary steps for maintaining an accurate, complete and updated data. Further, the credit institution or the credit information company should ensure that the credit information is accurate and complete with reference to the date on which such information is furnished or disclosed to the credit information company or the specified user as the case may be. (Rules 20 to 28 of Chapter III and IV)

iii. The specified user should consider and decide such requisite steps for ensuring and verifying the accuracy and completeness of data received from a credit information company and protect the data from unauthorised access; formulate and adopt an appropriate policy and procedure in this behalf duly approved by its board of directors. (Rule 29 and 30 of Chapter IV and V)

iv. The credit information company or credit institution or specified user shall adopt all reasonable procedures to ensure that their managers, officers, employees are obliged to fidelity and secrecy in respect of credit information under their control or to which they have access (Rule 31 of Chapter VI).

v. The credit information company should maintain a high standard of customer service by maintaining help desk, attending to complaints, feedback, queries, etc., in speedy and efficient manner. (Rule 32 of Chapter VII).

i. The Regulations indicate which companies can obtain credit information as specified users (insurance company, cellular/phone company, rating agency, broker, trading member, SEBI, IRDA etc.) in addition to those provided under section 2(l) of the Act. (Regulation 3 of Chapter II).

ii The Regulations also deal with submission of application, grant of certificate and the form in which application can be submitted and certificate can be issued. (Regulations 4 and 5 of the chapter III).

iii. The Regulations provide for the form of business in which credit information companies can engage in addition to those provided under section 14(l) of the Act. (Regulation 6 of Chapter IV).

iv. The Regulations give the format in which a credit information company can issue notice to the credit institutions or other credit information companies for calling for the information. (Regulation 7 of Chapter V, Form-C).

v. The privacy principles which will guide the credit Information companies, credit institutions and specified users have been indicated in the Regulation. These encompass accuracy, security, secrecy, adequacy of data collected as also limitation on the use of data, that is, the purpose for which the Credit Information Reports can be made available and the procedure to be followed by specified uses for getting reports. (Regulation 9 of Chapter VI)

vi. Regulations provide that the maximum amount of fees leviable to specified users should not exceed Rs.500 for individuals and Rs.5000 for non-individual borrowers. Further, the fees charged to the credit institutions or credit information companies for admission of a credit information company should not exceed Rs.15,00,000. (Regulation 12 of Chapter VIII)

vii. Regulations provide for the principles and procedures relating to personal credit information in respect of manner and purpose of collection of personal data, solicitation of personal data, accountability in transferring data to third party, protection of personal data etc. (Regulations 14 to 18 of Chapter IX)

viii. Regulations provide that an individual can file a complaint against a credit information company, credit institution or a specified user for contravening any provision of the Act. (Regulation 19 of Chapter IX)