Fintech & Credit Scores Business - The Curious Case of 2021 And Continuing

In the recent past activities viz. lending process automation, algorithmically analysing the credit history of the borrowers and mechanized reports generation over creditworthiness has become a common practice in the Financial Technologies (“FinTech”) Sector.

This has created a relatively efficient ecosystem enabling faster lending processes and informed credit decisions backed by unbiased and multifactor data analysis-based predictions. In this domain, one of the most important datasets is the credit information provided by the Credit Information Companies (“CIC”). 

The credit score business for this article refers to creditworthiness check made on behalf of individuals and assisting them to become eligible for borrowing by FinTech companies.  Notably, the CIC is allowed to share such data only with the Specified Users and for the Permitted Purposes. In 2021 the ambit of Specified Users was expanded by the concerned regulator the Reserve Bank of India (“the RBI”), and certain important guidelines in this regard were issued. In 2022, the related nuances are being further refined. The chronology of the developments and the impact is analysed below.

Sharing of credit information and other obligations

The CIC while sharing the credit information of a borrower requires to make sure that it is shared only with the Specified Users and for the Permitted Purpose as per the CIC Act1 and Regulations2 The Specified Users can further share the credit information with any person allowed under the Act and Regulations. In addition, to this, the obligations of privacy, data protection, restrictions on unauthorised access etc are to be complied by the CIC and Specified Users. The details are provided under the diagram below:


Developments of 2021 and 5th January 2022:

The Guidelines3 were issued in about Mid-2021 provided clarity on the model used by many Fintech Companies engaged in the credit score business. The Guidelines-Document validated that the individual can duly appoint any entity to obtain their credit information in the capacity of agent. 

The Guidelines also provided the much-needed regulatory framework around this business by making CIC responsible for making market standards ecosystem by way of conducting diligence and entering into agreements. One of the important points to take note about this is that the accountability has been created without the regulator directly overseeing the credit score market.

The Amendment4 issued in November 2021 allowed Data Processing Companies to become Specified Users due to which they can directly obtain credit information of borrowers from CIC. Further recent Eligibility Criteria5 of January 2022 has provided for specific criteria for newly added data processors based on the parameters such as net-worth, experience, shareholding, and ownership etc.

One of the imperatives is that the business of such entity has to be data processing, however, the ambiguity lies whether the same has to be the only business or primary business or one of the businesses? The details are provided under the flow-graphic below:


To conclude briefly, besides the above-listed factors, other important factor for the FinTech Companies engaged in the credit score business would be to decide on their target audiences i.e. on the issue whether such credit analysis is to be conducted only on the request of credit institutions or whether it should be initiated on individual borrowers’ requests as well. The requirement under the Amendment and Eligibility Criteria is for end use of such data processing i.e.   for the support or benefit of credit institutions. The Fintech companies engaged in the credit score business would require modifying the business model given the market trend whereunder so far, the focus was also on individuals.  


[1] The Credit Information Companies (Regulation) Act, 2005

[2] Credit Information Companies Regulations, 2006

[3] Guidelines to be followed by Credit Information Companies (CICs) while sharing Credit Information based on consent of an individual with entities which are not categorized as Specified Users under CICR (the “Guidelines-Document”)

[4] The Credit Information Companies (Amendment) Regulations, 2021

[5] Eligibility criteria for entities to be categorised as Specified User under clause (j) of Regulation 3 of the Credit Information Companies (Amendment) Regulations, 2021 https://rbidocs.rbi.org.in/rdocs/content/pdfs/Eligibility05012022.pdf 

profile-image

Arunabh Choudhary

Guest Author Partner (Regulatory and Economic Law Practice), Eiliant Advisors and Co-Founding Partner, LawKNIT

Also Read

Stay in the know with our newsletter