Handbook

on

Credit Bureau Systems and Processes

for

NBFC-MFIs

Version 1 Feb, 2015

2

Abbreviations ............................................................................................................................................................................... 3

Section 1: Introduction ................................................................................................................................................................ 4

1.1 Objective of Handbook ............................................................................................................................................... 4

1.2 How to use the Handbook .......................................................................................................................................... 4

1.3 Disclaimer ................................................................................................................................................................... 5

Section 2: Policy and compliance details for top management ................................................................................................... 6

2.1 Checklist ..................................................................................................................................................................... 6

2.2 Policies to be put in place at to comply with credit bureau processes ...................................................................... 7

Section 3: Operational details for middle management .............................................................................................................. 8

3.1 Credit inquiry generation ........................................................................................................................................... 8

3.2 CIR receipt and processing ......................................................................................................................................... 8

3.3 Credit assessment process ......................................................................................................................................... 8

3.4 Data capturing in system ............................................................................................................................................ 9

3.6 Rejection records review, correction and resubmission .......................................................................................... 11

3.7 Data dispute management ....................................................................................................................................... 11

3.8 Data quality report/index review ............................................................................................................................. 12

Section 4: Operational checklist for lower management .......................................................................................................... 15

4.1 Credit inquiry generation ......................................................................................................................................... 15

4.2 CIR receipt and processing ....................................................................................................................................... 15

4.4 Data capturing in system .......................................................................................................................................... 16

4.5 CDF generation and submission ............................................................................................................................... 17

4.7 Data dispute management ....................................................................................................................................... 17

4.8 Data quality review .................................................................................................................................................. 18

Annex 1: List of documents considered for compliance checklist ............................................................................................. 19

Annex 2: Extract of relevant sections ........................................................................................................................................ 19

Annex 3: Basic validations and checks ....................................................................................................................................... 23

3

Abbreviations

CB Credit Bureau

CIC Credit Information Company

CICRA Credit Information Companies Regulation Act

CIR Credit Information Report

DQR/I Data Quality Report/Index

GRT Group Recognition Test

KYC Know Your Customer

MFI Micro Finance Institution

MFIN Micro Finance Institutions Network

o/s Loan amount outstanding

RBI Reserve Bank of India

SRO Self Regulatory Organization

TFCB Task Force on Credit Bureau

UID Unique Identification / Aadhaar Number issued by UIDAI

4

Section 1: Introduction

1.1 Objective of Handbook

In the last couple of years, MFIN member MFIs have taken enormous efforts to ensure that full and comprehensive data of

their borrower is shared with Credit Information Companies (CICs) or Credit Bureau(CBs) on a regular basis and Credit

Information Report (CIR) is used for every loan decision. These efforts have been taken within a set of rules and framework

put by (a) Reserve Bank of India (RBI) in Credit Information Companies Regulation Act 2005 (CICRA) and its later

directions/circular and (b) a series of evolving Credit Bureau standards by MFIN.

However, it is recognized that not many MFIs have a very well documented manual to operationalize credit information

related systems and processes and this may, at times, lead to certain lapses in processes compliance and data integrity

among things.

In the background of above, Task Force on Credit Bureau (TFCB) at MFIN envisioned this document, titled ‘Handbook for

Credit Bureau Systems and Processes’ to document the key systems and processes that MFIs need to follow vis-a-vis data

reporting to CICs/CBs and generation and usage of CIR. This will support MFIs in putting in place and institutionalize all

necessary credit bureau/information related systems and processes.

This is the first version of the document, prepared by Qadit Systems & Solutions Pvt Ltd with extensive feedback from TFCB,

MFIN member MFIs, CICs and the Secretariat. In the background of evolving regulatory landscape and business

environment, it is expected that document will be periodically reviewed and suitably modified.

1.2 How to use the Handbook

The document has been structured as a compendium of the following stand-alone documents and is intended to be used by

different levels of management as required.

Section Name of the Section

2 Policy and compliance details for top management

2.1 Checklist

2.2 Policies to be put in place to comply with credit bureau processes

3 Operational details for middle management

a Credit Inquiry Generation

b CIR Receipt and Processing

c Credit Assessment Process

d Data Capturing in System

e CDF Generation and Submission

f Rejection Records Review, Correction and Resubmission

g Data Quality Review

h Data Dispute Management

i Exceptional Cases

4 Operational check-list for lower management

a Credit Inquiry Generation, CIR Receipt & Processing

b Credit Assessment Process

c Data Capturing in System

d CDF Generation and Submission

e Rejection Records Review, Correction and Resubmission

f Data Quality Review

g Data Dispute Management

5

Each section contains both

Compliance related activities: Activities that need to be done in line with the various statutes and obligations imposed

on MFIs by CICRA/RBI and by MFIN circulars and Industry Code of Conduct (CoC)

Best practice guidelines: Activities that are only recommendatory in nature, but would be beneficial to the

organization as well as for the industry

For easy reference, sections are distinguished as through different symbols.

1.3 Disclaimer

It may be noted the purpose of this document is provide ‘broad directions’ to MFIs on systems and process with respect to

credit information. Given the diversity of operations among MFIs, it is recommended that document be suitably

modified/customized based on the context and requirement of individual MFIs to develop tier own standard operation

procedure.

However, it is strongly recommended that:

systems and process related to ‘compliance’ be strictly adhered to without fail; and

the essence of the ‘best practices’ recommended in this document be retained

It is recommended that all MFIs develop a Credit Information Policy duly approved by its Board of Directors. MFI should also

put in place a system to review and update this policy on a regular basis to align with evolving statutory compliance and

business needs.

Statutory compliance Industry compliance Best Practices

As per RBI Directions As per MFIN Directions

6

Section 2: Policy and compliance details for top management [Responsibility: top management consisting of CEO/COO/Compliance Officer/IT Head etc]

2.1 Checklist

NBFC-MFIs are required to put in place a range of systems and process to comply with regulations/direction related to

Credit Bureau put in place by RBI and industry Self-regulatory Organization (SRO), MFIN. A check list1 is given below:

Sl no

Requirement Reference

1 Board approved policy and procedure to be present for CB operations CICRA 2006

2 Data Security and System integrity to be maintained CICRA 2006

3 Fidelity and Secrecy Agreement to be signed by all employees having access to Credit Information

CICRA 2006

4 Membership of all CICs RBI Circular, Jan 2015

5 Data to be submitted to all the CICs RBI Circular, Jan 2015

6 Data to be submitted to CICs in Uniform Credit Reporting Format (MFI) only RBI Circular June 2014

7 Accuracy and completeness of data submitted to the CICs to be ensured CICRA 2006

8 Data to CICs to be submitted on weekly basis MFIN Guidelines, Apr 2013

9 KYC to be one of eligible documents only MFIN Guidelines, Oct 2014

10 Minimum of 2 KYC data to be submitted to CICs one of them necessarily being either UID or Voter ID

MFIN Guidelines, Oct 2014

11 Rejected Data to be rectified and resubmitted within 7 days of receipt of rejection report

RBI Circular June 2014

12 Designated Nodal officer to deal with CICs/CBs RBI Circular June 2014 CICRA 2006

13 Grievance redressal in respect of credit information should be integrated with the existing systems for grievance redressal

RBI Circular June 2014

13 Credit information to be preserved for a minimum period of 7 years CICRA 2006

14 Transaction data to be preserved for atleast 10 years from the date of transaction

RBI Circular July 2014

15 KYC documents to be preserved for atleast 5 years after loan closure RBI Circular July 2013

16 CIR to be used in all lending decisions RBI Circular June 2014

17 Validity of CIR will be 15 days from the date of extraction MFIN Guidelines, Apr 2013

18 Intimation of rejection to be shared with the applicant, if requested CICRA 2006

1 A number of RBI circulars and direction are considered in drawing-up this check-list. Please refer to Annex 1 for complete

7

2.2 Policies to be put in place at to comply with credit bureau processes

2.1.1 Credit bureau data submission & inquiry

a. Complete and accurate data of all loan

accounts shall be submitted to all approved

CICs/CBs. Such data submission shall be in the

format and frequency as is prescribed by the

applicable guidelines

b. Prior to submission of data to the CICs/CBs an

authorized official shall review the data and

sign-off on its accuracy and completeness

c. Prior to disbursal of any loans, an inquiry has

to be made with at least one CICs/CBs on the

borrower’s credit history

d. A CIR received shall be treated as valid only

for 15 days from the date of generation of the

report

e. In case any loan application is rejected solely

due to a CIR, then the reasons for rejection

should be informed to the applicant, and if requested the said report will be shared with the applicant

f. A dedicated Nodal Officer will be designated to handle all credit bureau related issues

2.2.2 Record preservation

a. The following records shall be properly preserved for at least 10 years after the accounts are closed: Records pertaining to the identification of the borrower and their address (including copies of KYC documents)

obtained while opening the account and during the duration of the loan Records containing information of all transactions with the said borrower CIR of the borrower received, generated and distributed

b. The records shall be maintained and preserved in a manner that allows data to be retrieved easily and quickly

whenever required or when requested by the competent authorities, without compromising data integrity

2.2.3 Data security

a. Credit information shall be stored securely within the organisation and shall be accessible only by authorized users

b. Credit information when being transmitted within the organisation shall be adequately protected from unauthorized

access by ways of password protection. Credit information should not be sent over emails

c. Credit information when being transmitted outside the organization shall be through secure means only

d. All credit information will be classified as sensitive information and shall be governed by the provisions of the

Information Security Policy in respect of how such sensitive information should be stored and handled

e. All employees/contractors having access to credit information shall sign the Confidentiality Agreement before being

given access to the said information

f. CIRs received from CICs/CBs shall be adequately protected against any modification or alteration

2.2.4 Compliance monitoring

a. An annual inspection/audit for compliance of these policies will be done either by the internal audit team or by an

external team appointed for this purpose

2.2.5 Credit policy

a. A Board approved credit policy should give detailed guidelines on the credit bureau processes along with credit

assessment process to be followed

It is strongly recommended that top management team, conduct a monthly review on credit bureau related process using parameters pertaining to CIC/CB Date and frequency of data submission to CICs/CBs including reasons for

non-submission/delay, if any Rejection rates by the CICs/CBs including reasons for the same and

corrective actions taken Data quality report/index (DQR/I) sent by CICs/CBs including parameters

on number of records without primary ID (Voter ID/Aadhaar), 2 KYC documents and number of hanging records

Number of credit enquiries done with CICs/CBs, number of loans disbursed, number of loan applications rejected, number of loans sanctioned, number of CIR overrides done

Active accounts, portfolio, loans disbursed, amount disbursed, portfolio overdue as per CIC/CB records

8

Section 3: Operational details for middle management

3.1 Credit inquiry generation

a. A credit inquiry will be done for all loan applicants sanctioning/disbursing the loan. This could be done at different stages of loan application based on company policy

b. At a minimum, the following information will be submitted to CIC/CB while making the inquiry: Branch ID: ID of the branch that would be associated with this borrower if loan is disbursed Existing Member ID: If applicant is already a member with the MFI Applicant Name: Full name of the applicant Date of Birth or Current Age: Specify either one in the respective columns KYC Details: Atleast two KYC ID with one of them necessarily being either UID or Voter ID Address: As detailed an address as possible including pin code Spouse or father name: One of the two to be mentioned in the respective columns

Additional information may be submitted to the selected CICs/CBs in the inquiry wherever available for example, mobile Number/additional KYC details/additional relationships

3.2 CIR receipt and processing

a. The summary/full file of Credit Information Report(s) will be downloaded from the respective CICs/CBs

b. Ensure that CIR date is within 15 days of current date. CIR is valid only for 15 days from date of extraction

c. A cross verification will be done as to whether CIRs have been received for all the inquiries made. If there

are any records which have been missed out – either missed out for inquiry, or missed out by the CICs/CB for report generation, the same will be escalated / followed up till closure

d. Both the summary file and the detailed CIRs will be available only to authorized users on a need to know

basis. Printouts will be taken of summary file and CIR only in exceptional cases, and in such cases, the printouts will be treated as sensitive information and handled with care as per the Information Security policy of the company

e. A copy of the summary file originally received from the CICs/CBs will be maintained in a secure location in a

server and no modifications will be allowed on the same

f. The received files will then be processed and the records will be split as per the credit policy of the

company. It is, however, recommended that records be necessarily disaggregated for: Applicants with no match Applicants where match indicates

- Loan amount outstanding (o/s) ≥ Rs 50,000 and/or - active number of lenders (NBFC-MFIs) ≥ 2

Applicants with matches but within limits set by RBI o/s (≤ Rs 50k) and active lenders (≤ 2 NBFC-MFIs)]

3.3 Credit assessment process

The summarized data prepared in the previous step be handled as per the credit policy of the MFI. However, it is

recommended that information from CIRs be analyzed and processed as under:

Category Action

Applicants with no match Sample verification will be done of such records to check that if

data sent to CICs/CBs for inquiry is correct/no typographical errors. If errors, correct records be re-sent for credit inquiry, else all applications may be approved for loan sanction subject to field due-diligence

Applicants where match indicates o/s plus loan application amount ≥ Rs

50,000 or active number of lenders ≥ 2

These applications be rejected and branches be intimated along with reasons, which branch may share with applicant

Applicants with matches but is within specified limits prescribed by the RBI)

These applications may be approved for loan sanction/disbursement subject to satisfactory field level due-diligence as per the company policy

9

3.4 Data capturing in system

At the time of capturing applicant data (via loan application form/MIS), the following are to be ensured:

a. Borrower name Capture the name in full as present in the KYC document. If borrower has an alternate name or any KYC document has an alternate name, capture alternate name In the alternate name section - Capture the name with expanded initials. for example, Gomathi R should be captured as Gomathi Ramesh - Capture the actual name as the first name and the surname / spouse name / father name at the end. For

example, do not capture the name as Ganesan Anitha. Capture the name as Anitha Ganesan - In case of single word name, add the spouse name or father name at the end to make it a full name

b. Age / Date of Birth (DoB) Wherever DoB is known, capture the DoB Where DoB is not known, capture the age as on current date (i.e. date on which the record is being created) Ensure that either DoB or Age is captured. Both should not be left blank

c. Relationships At a minimum, the following relationships will be captured: spouse/father/mother Order of priority in capturing relationship should be spouse, father and mother Other relationships may be captured to the extent the information is available Ensure that the name of the relative and the relationship type is captured correctly

d. KYC data At a minimum, 2 KYC data has to be captured for which documentary proof is also required Of the 2 mandatory KYC id, one of them should be either UID (Aadhar) or Voter ID Effort shall be made to obtain both UID and Voter ID If any of the additional KYC IDs mentioned below are present, these details should also be captured in the

system such as Ration Card, Driving License, PAN Card, Passport Put in place system for validating IDs (such as UID/Voter ID, PAN Card, Passport) wherever possible Captured KYC data has be populated in the appropriate fields/buckets. For example. Voter ID to be

captured in Voter ID field, Aadhar ID to be captured in UID field etc

e. Telephone number Capture the mobile number of the borrower. Wherever available, also capture the mobile number of the spouse / father.

f. Address Capture the address in as detailed manner as possible Wherever possible, capture street, locality, town /village, district, state and pincode Ensure that the one-time branch address submission to CBs have the detailed address/pin code of branches

g. Borrower id A unique borrower id should be generated for each borrower. This id should be unique across the MFI In case of forms being filled by existing borrower (in case of an old borrower applying afresh, or 2

nd cycle

loan, etc), the existing borrower id should be captured and tagged to this form

h. Loan account number At the time of creating the loan account in the system the following information should be correctly

captured in the system for each loan account: - Unique loan account number - Date of disbursement - Disbursed Amount - Number of instalments - Repayment frequency - Instalment amount

Please note that the loan account number should be unique across the MFI

Note: Where the Loan Application Form does not have the facility to capture any of the above data, it is recommended that the Loan Application form be

modified in due course to accommodate these requirements. In the interim, the branches / field officers may be advised to capture the missing details in a

separate sheet and append the same to the Loan Application Form.

10

3.5 Generation and submission of data in Uniform Credit Reporting Format (UCRF)2

a. Full and consolidated data from MFIs should be submitted to CICs in Uniform Credit Reporting Format (UCRF) (i.e. CDF) and will be done as per the following schedule:

Date of submission Data upto Type of submission

7th

of each month Last day of previous month Full Data

14th

of each month 7th

of current month Incremental Data

21st

of each month 14th

of current month Incremental Data

28th

of each month 21st

of current month Incremental Data

Full data means All active accounts as on cut-off date All accounts that were closed or written off during the past two calendar months For e.g. if data submission is being done on 7

th of January 2015, the data will comprise of

- All active accounts as on 31st

December 2014, plus - All accounts that were closed or written off since 1

st November 2014.

Incremental data means All new loans disbursed during the 7 day period inclusive of cut-off date; and All loans that are in delinquent status as on the cut-off date (i.e. amount overdue > 0); and All loans closed or written off during the 7 day period inclusive of cut-off date For e.g. if data submission is being done on 14

th of January 2015, the data will comprise of

- All new loans disbursed between 1st

and 7th

of January 2015 (both days inclusive); plus - All loans which has an overdue amount as on 7

th Jan 2015; plus

- All loans closed /written off between 1st

and 7th

of January 2015 (both days inclusive)

b. All loans disbursed including add-on loans, top-up loans, etc are to be included for submission

c. Once the ‘full data file’ in UCRF is generated, a summary report will be prepared from the UCRF file

indicating the following parameters: Total number of active accounts being reported in the file Total outstanding being reported in the file - This summary report will be sent to CEO/Head Operations (as per the company policy) for his/her

validation, and only on receipt of his/her approval the data will be submitted - In case there is a variation of over 5% between the Operational MIS data and data from UCRF summary

sheet, the variations shall be reconciled and certified by the CEO/Head Operations before the UCRF file can be submitted to the CICs/CBs

d. In case there is any delay in generation/ submission of the UCRF file for any week as per the schedule

above, intimation will be sent to the Senior Management (CEO/Head Operations/Compliance Officer) with reasons for non-compliance.

e. Data submission to the CICs/CBs will only be in the Uniform Credit Reporting Format (UCRF)

f. The approved file in UCRF is submitted to all the CICs/CBs in the mode prescribed by CICs

g. It shall be ensured that UCRF file generated from the tool is not altered or modified before or during submission to the CICs/CBs

h. The same UCRF file shall be submitted to all the CICs/CBs

i. The acknowledgement mail from all the CICs/CBs for submission of data will be saved in the specified

folder

2 This is commonly known as Common Data Format (CDF)

11

3.6 Rejection records review, correction and resubmission

a. The rejected records report will be received from each CICs/CBs separately

b. If the data quality report/index and rejected records report is not received from the CICs/CBs within 7

days of submission, the credit/IT team (as applicable) will follow up with the CICs/CBs to obtain the same

c. Each such report will be reviewed and the following action will be taken

Rejection rate Actions

If the number of records rejected equals or exceeds 10% of the total records submitted

‘Data Inconsistency Intimation’ will need to be sent to top management The reasons for the rejection will need to be investigated For records which have been rejected due to data not being present or quality of

data not being sufficient, the records will be sent to operations team for their action in rectifying the data.

For records which have been rejected due to inconsistency in UCRF, the records be sent to IT team to rectify data

It will be responsibility of the credit/IT team to ensure that the rectified data is resubmitted to CICs/CBs within 7 days of receipt of the rejected records report

If the number of records rejected is below 10% of the total records submitted

Credit/IT team will identify the reasons for the rejection. For records which have been rejected due to data not being present or quality of

data not being sufficient, the records will be sent to operations team for their action in rectifying the data for the next submission.

For records which have been rejected due to inconsistency in UCRF, the records will be sent to IT team for their action in rectifying the data for subsequent submissions

3.7 Data dispute management

a. As and when a borrower raises a dispute on the accuracy of data in his/her CIR a detailed note on the

same will be prepared by the branch and forwarded to the credit department. Supporting documents to include loan passbook of the disputed transaction or no-dues certificate from

the said institution The genuineness of the said documents should be independently verified by the branch. If such

independent verification has not been done (or cannot be done) by the branch, then the same should be indicated clearly while forwarding the documents to the credit Team.

b. The credit team will generate a fresh CIR for the applicant and check if the disputed data is still present c. If the data has been rectified in the meantime, the application will be rerouted through the regular

Credit assessment process with the revised report d. If the claimed data inconsistency is still present, then the following steps will be taken: The supporting documents received from the branch will be reviewed for its validity, and if the Credit

team believes it is a genuine case of data error, then they can make a recommendation for overriding the CIR.

The documents with the recommendation will be sent to the Head Operations for his approval On approval, the loan sanction process will be commenced as usual The borrower will also be informed about the steps he needs to initiate to get the data corrected (i.e. the

contact details of the financial institution which has reported the erroneous data to the CICs/CBs (if available), etc).

A request will also be generated to the CIC/CB regarding the data error so that they can in turn follow up with the reporting entity for data correction

e. A master list of all such CIC/CB report overrides will be maintained, and a monthly summary sheet of the same will be circulated at the end of every month to CEO, Head Operations and Compliance Officer

12

3.8 Data quality report/index review

a. The data quality report/index (DQR/I) received from each CIC/CB be promptly reviewed for every

submission

b. The rejected records be handled as per ‘Rejection records review, correction and resubmission’ process

c. Hanging records Records that are reported as active during a previous submission, and not reported in the current

submission, is termed as ‘hanging records’ If any ‘hanging records’ are reported by the CICs/CBs, these should be investigated immediately If this involves rectification of data at the MFI end, then such data rectification should be done and

revised UCRF file should be submitted within 7 days of receipt of the (DQR/I) If the hanging records involves rectification of data at the CICs/CB end (for e.g. due to branch mergers or

splits, etc), then such information should be sent to CICs/CBs within 7 days of receipt of (DQR/I). An acknowledgement should be obtained from CICs/CBs about the receipt of this intimation.

If an account is appearing as ‘hanging account’ in two or more consecutive submission, then a report of the same should be prepared and submitted to Head Operations along with reasons for its appearance and action taken, within 7 days from the 2

nd Hanging Account report.

d. Data inaccuracies Data inaccuracies reported in the DQR (for e.g. instalment amount and loan tenor not matching with

disbursed amount, amount overdue present but DPD not reported, etc) should be reviewed, and should be taken up for correction

These have to be corrected in the next submission. If the same inaccuracy for the same account has been reported across two full data submissions, then a

report of the same should be prepared and submitted to Head Operations alongwith reasons for its appearance and action taken, within 15 days from the 2

nd full submission DQR

e. Monthly review A monthly review of CICs/CB interaction shall be done by the middle management team and report

should be sent to top management team for their review Middle management review should include the following: - Date/frequency of submission to CICs including reasons for non-submission/delay if any - Rejection rates by the CICs/CBs including reasons for the same and action taken - Data Quality parameters including number of records without primary ID (Voter/Aadhaar) and 2 KYC

documents - Newly opened active, old active, closed including number of hanging records reported by CICs/CBs for

last three months - Number of enquiries done CIC/CB wise including

o Number of loan applications rejected o Number of loans sanctioned o Number of CIR overrides done

- Hit Rate (CIC/CB wise and state/region wise)

13

3.9 Additional situations

3.9.1 Branch splitting / merging leading to change in account number

a. Whenever there is a splitting of a branch, or a merger of two or more branches, or any similar activity which

would involve either of the following: change in existing account numbers of certain accounts, or change in associated branch id of certain accounts b. Then the procedure as laid out below shall be followed: A separate master list will be prepared showing the link between the old account number and the new

account number, or the account number, old branch id and new branch id (as the case may be). This list has to be sent separately to the CIC/CB with an intimation regarding the cause of the change. This

note also has to indicate the CDF file from which the new data is being / will be reported. An acknowledgement has to be obtained from the CICs/CBs about the receipt of this intimation. After 30 days of the above acknowledgement, an inquiry should be done of sample account holders where the

change has happened to ensure that the change in the CICs/CBs database has happened properly and that old accounts are not appearing as hanging accounts.

If any accounts are appearing as hanging accounts, then the issue has to be escalated to the CICs/CBs and a confirmation should be received that the data has been corrected at their end.

3.9.2 KYC data / other data updation

a. At the time of each loan renewal, or once a year – whichever is earlier, the following data of each active

borrower will be generated from the database and shared with the field officers: KYC Data: UID, Voter ID, Ration Card Address Spouse, Father and Mother name Age as on current date Mobile number b. During the centre meetings, the data will be reviewed with the borrower. If any or all of this information is not available in the report – or is wrongly shown in the report, but currently

available with the borrower or has changed since initial updation, then the same will be updated in the report. The Field Officers will validate the changes with documentary evidence available.

In case of KYC ID changes / updation, the physical copies of these KYC IDs will also be obtained. The updated report – with attachments, if any – will be sent to the Central Office for updation

3.9.3 Loan restructuring / rollover

If a loan restructuring or loan rollover is done, the following procedures shall be followed: a. The old loan account will be updated as closed on the date of restructuring / rollover, and the outstanding

balance will be shown as nil. b. A new loan account will be created with revised tenor, etc. c. Both these accounts will be reported to the Bureaus CICs/CBs the time frame specified.

3.9.4 Write offs due to death

If a write off of an account is done due to the death of the borrower, then the following procedures shall be followed: a. The loan account status will be updated as written off due to death. b. The outstanding balance will be updated as nil. c. While reporting to the Bureau, it has to be ensured that the balance outstanding at the time of death is reported under the column ‘Write off amount’. the date of writing off is reported under the column ‘Date written off’ the value “X02 – Death” is reported under the column ‘Write off reason’

14

3.9.5 Write offs due to willful default

If a write off of an account is done due to willful default by the borrower, then the following procedures shall be followed: a. The loan account status will be updated as written off due to willful default b. While reporting to the Bureau, it has to be ensured that the balance outstanding at the time of write off is reported under the column “Write off amount”. the date of writing off is reported under the column “Date written off” the value “X03 – Willful Default Status” or “X04 – Suit filed, willful default status” (as the case may be) is

reported under the column “Write off reason”

3.9.6 Inquiry with multiple CICs/CBs

a. At half yearly intervals (or at such shorter duration as may be decided by the Credit Head), on a randomly

chosen day, 5% (or such other higher percentage as may be decided by the organisation) of total credit inquiries made during the day shall be routed to all the CICs/CBs for CIR comparison purposes.

b. The credit decision shall be taken based on the report received from the CICs/CBs to which the inquiry would have been originally made as per the ‘credit inquiry’ process defined

c. The multiple CIRs received shall be tabulated for easy comparison and a report will be prepared on the effectiveness of each CICs on each such inquiry made

d. This report will be reviewed by the Credit Head and will then be shared with the Operations Head e. This report will provide input to management decision on selection CIC(s) for regular CIRs

15

Section 4: Operational checklist for lower management [Responsibility: Loan officers/branch officers/data entry executives etc]

The assignment of responsibilities for the below mentioned points have been made under the assumption that

Data submission to CICs/CBs, CIR inquiries, CIR receipt and credit assessment process are centralized. Individual

MFIs may modify these responsibilities depending on their operational processes / organisation structure.

4.1 Credit inquiry generation

[Responsibility: Initial data capture by field/loan officers, which is then consolidated and inquiry are generated by data

executives at IT Department at head office]

a. Credit inquiry must for all loan

Minimum Information for making an inquiry: Branch id Borrower id (if existing borrower) Full name Date of Birth or Current Age UID / Voter ID / Ration Card (any 2) Full address Spouse and/or father name

b. Additional information recommended Mobile number Additional KYC details Relationships name

c. Provide as detailed information as possible

d. Ensure no typographical errors

e. Ensure that data is always entered in relevant columns

4.2 CIR receipt and processing

[Responsibility: IT executives at Central Office]

a. Download the CIR Summary File from the respective CICs/CBs

b. Verify that CIR has been received for all the inquiries made

c. Verify that CIR date is within 15 days of current day

d. Follow up with the CICs/CBs for non-receipt of CIRs

e. Process the data and categorise the records for Sanction approval Rejection Manual check Sample check

f. Always keep the data secure and ensure that access is restricted to authorized users, and for authorized purposes only

4.3 Credit assessment process

[Responsibility: Credit Department at Central Office]

Category Action

a. Applicants where the primary match indicates o/s ≥ in excess of Rs 50,000, or active lenders ≥ 2 (NBFC-MFIs)

a. Reject applications b. Inform branches c. Share CIR with the borrowers if requested for

b. Applicants with no match Do a sample verification: at least 10% of cases Validate that the data sent for inquiry is complete and

correct Loan may be approved

c. Applicants with matches but within specified limits) Loan can be approved based on field level due-diligence

16

4.4 Data capturing in system

[Responsibility: Field Officers]

Name Write name in full Write first name first followed by surname or spouse name or father name Where alternate / alias name is available, capture the alternate name also

Age / Date of Birth If Date of Birth is known, capture the date of birth Else, mention the age as of today

Relationships If married, capture spouse name Also capture father and mother name Write the relationship clearly against the name / write the names in the correct columns

KYC data Minimum 2 KYC details One of the KYC ID has to be Aadhar or Voter ID Enquire and try to obtain Aadhar, Voter ID and Ration Card as far as possible Validate that the KYC number matches with the proof submitted Write the KYCs in the correct columns Captured KYC data has be populated in the appropriate fields/buckets. For example. Voter ID to be captured in Voter ID

field, Aadhar ID to be captured in UID field etc

KYC data format validation Aadhar number should be a 12 digit number. No alphabets or special characters allowed EPIC Voter ID number should be 10 character long – with 3 alphabets at the beginning and 7 numerical digits after that. PAN number should be 10 character long – first 5 characters should be letters, next 4 numerals and last character will

be a letter. The 4th

character should be “P” for individuals, and the 5th

character is the starting alphabet of the name of the person.

Mobile number Capture the 10 digit mobile number

Address Write down the full address with as much detail as possible Ensure that the address is the current residence address and is within the branch locality Obtain pincode and update the same

Borrower id If an existing borrower, mention the existing borrower id Borrower id should be unique across the MFI

Loan account number Loan account number should be unique across the MFI

Loan details Ensure that the following information is captured correctly Date of disbursement Disbursed amount Number of instalments Repayment frequency Instalment amount (mention only principal component here)

17

4.5 CDF generation and submission

[Responsibility: IT Department at Central Office]

a. Submission Schedule: as under

Date of submission Data upto Type of submission

7th

of each month Last day of previous month Full Data

14th

of each month 7th

of current month Incremental Data

21st

of each month 14th

of current month Incremental Data

28th

of each month 21st

of current month Incremental Data

b. Full Data: All active accounts + all accounts closed or written off during the past 2 months

c. Incremental Data: all new loans disbursed during the week/ all loans that have amount overdue > 0 as of reporting date/ all loans closed or written off during the week

d. Prepare summary report and send to Head Operations for validation / approval before submission

e. If delay in submission beyond stipulated time limits, send intimation to Head Operations and Compliance Officer

f. Data submission only in CDF format

g. Integrity of UCRF/CDF file to be maintained at all times

h. The same UCRF/CDF file has to be submitted to all Bureaus.

i. Get an acknowledgement mail after data is submitted.

4.6 Rejection records review, correction and resubmission

[Responsibility: IT Department at Central Office]

Full data submission

a. Receive rejected records report. If not received within 7 days of submission, follow up till receipt b. If rejections is more than 10% of total records submitted report to Head Operations and Compliance Officer analyse reasons for rejection decide on correction requirements escalate to concerned departments ensure correction is carried out ensure data is resubmitted within 7 days of receipt of rejection report c. If rejections is not more than 10% of total records submitted analyze reasons for rejection escalate to concerned departments for correction d. If same rejection appears is two full data submission reports, escalate issue to Head Operations/Compliance Officer

Incremental data submission

Receive rejected records report Analyse reasons for rejection escalate to concerned departments for correction

4.7 Data dispute management

[Responsibility: Branch Heads]

a. Branch to collect records and prepare a report on borrower regarding dispute of CIR

b. Generate new CIR and check if disputed data is still appearing.

c. If rectified, proceed with Credit Assessment.

d. If not rectified, review supporting documents make recommendation to Head Operations for approval on approval from Head Operations, initiate loan sanction process inform borrower about steps to get data corrected inform CICs/CBs about data dispute received

e. Maintain master list of CIR override instances

f. Circulate monthly summary sheet of CIR overrides to CEO, Head Operations and Compliance Officer

18

4.8 Data quality review

[Responsibility: IT Department at central office with support from operations department]

a. Review Data Quality Report/Index (DQR/Index) received from the CICs/CBs

b. Rectify ‘Hanging Records’ and send revised file / rectification intimation within 7 days or receipt of DQR/I

c. If the same hanging records appear in 2 or more consecutive submissions, report to Head Operations within 7 days of recent DQR/I report receipt

d. In case of other data inaccuracies (other than rejected records and hanging records) reported in DQR/I, for records that are appearing in 2 or more full data submission, report to Head Operations within 15 days of recent DQR/I report receipt

e. Prepare a monthly report of the following parameters: date of submission of data to the CICs/CBs including reasons for delay if any quantum of data rejected by the CICs/CBs including reasons for the same and action taken on the same data quality parameters including number of records without 2 KYC newly opened active, old active, closed including number of hanging records reported by CICs/CBs number of active accounts rejected by the CICs/CBs across two full month submissions (reported this month, reported

last month and this month) including reasons and action taken on the same number of credit enquiries done CICs/CBs wise including number of loans disbursed, loan applications rejected, number

of loans sanctioned, number of CIR Overrides done hit rate (CICs/CBs wise & State wise)

f. Circulate monthly report to Head Operations & Compliance Officer

19

Annex 1: List of documents considered for compliance checklist The following documents considered for drawing up the above compliance checklist:

RBI Circulars

Credit Information Companies (Regulation) Act, 2005 (CICRA)

Credit Information Companies Rules, 2006

DBOD.AML.BC.No.24/14.01.001/2013-14 dated, 1st

July, 2013

DNBS.(PD).CC.No.347/03.10.38/2013-14 dated 1st

July, 2013

DBOD.No.CID.BC.127/20.16.056/2013-14 dated 27th

June, 2014

DNBS.(PD).CC.No.388/03.10.042/2014-15 dates 1st

July, 2014

Master Circular RBI/2014-15/56 dated 1st

July, 2014

DBR.No.CID.BC.60/20.16.056/2014-15 dated 15th

January, 2015

MFIN Directions

MFIN Directions dated 3rd

October, 2012 for weekly submission of data and usage of CIR

MFIN Directions on 2 KYC Standards, updated on 29th

October, 2014

Annex 2: Extract of relevant sections The following are extracts of relevant sections (emphasis marked is not part of the original section and has been done to

highlight the compliance component of the section). Note: The above content are not complete extracts of the relevant

section, but edited / trimmed extracts only.

RBI Circular 56 of 1 July 2014

Banks are required to maintain the records containing information of all transactions including the records of

transactions detailed in Rule 3 above. Banks should take appropriate steps to evolve a system for proper maintenance

and preservation of account information in a manner that allows data to be retrieved easily and quickly whenever

required or when requested by the competent authorities. Further, banks should maintain for at least ten years from

the date of transaction between the bank and the client, all necessary records of transactions, both domestic or

international, which will permit reconstruction of individual transactions (including the amounts and types of currency

involved if any) so as to provide, if necessary, evidence for prosecution of persons involved in criminal activity.

Banks should ensure that records pertaining to the identification of the customer and his address (e.g. copies of

documents like passports, identity cards, driving licenses, PAN card, utility bills etc.) obtained while opening the

account and during the course of business relationship, are properly preserved for at least ten years after the business

relationship is ended. The identification records and transaction data should be made available to the competent

authorities upon request.

RBI Circular 127 of 27 June 2014

Clause 2(ii) - Banks/FIs should include in their credit appraisal processes/loan policies, suitable provisions for obtaining CIRs

from one or more CICs so that the credit decisions are based on information available in the system.

Clause 2(iv) - With a view to streamlining the process of data submission by banks/FIs to CICs, it has been decided to

standardize the formats for data submission by the banks/FIs to the CICs. In respect of Micro Finance Institution (MFI)

segment, data format as per Annex II should be taken as the base for standardization. These should be uniformly adopted

by the banks/FIs and CICs.

20

Clause 2(vi) - Banks/FIs should rectify the rejected data and upload the same with the CICs within seven days of receipt of

such rejection report.

Credit Information Companies (Regulation) Act, 2005 (CICRA) Clause 10 (a) (ii) - Every credit institution shall take all such steps which may be necessary to ensure that the credit information furnished by it, is update, accurate and complete. Clause 10 (c) - Every specified user, in case of denying credit or any other service to a borrower or a client, as the case may be, on the basis of his credit information report within thirty days of its such decision shall -

(A) send a written intimation to such borrower, or the client about the rejection; (B) include in such intimation the specific reasons for rejection; (C) forward a copy of the credit information report relied upon for such decision; and (D) also provide the name and address of the credit information company which had provided the credit information

report to the borrower or client, as the case may be. Clause 10 (d) - Every credit institution shall retain credit information collected, maintained and disseminated by them for a minimum period of seven years.

Clause 18 - Every credit institution shall formulate appropriate policy and procedure, duly approved by its Board of Directors, specifying therein the steps and security safeguards, to be adopted in their operations relating to –

(a) collection, processing and collating of data, information and credit information by them relating to their borrower or client;

(b) ssteps to be taken for ensuring security and protection of data, information, and credit information maintained by them;

(c) appropriate and necessary steps for maintaining an accurate, complete and updated data, information and credit information, in respect of their borrower or client, and to ensure the accuracy and completeness thereof while furnishing the same to a credit information company; and

(d) transmitting data, information and credit information through secure medium.

Clause 20 - Every credit institution before furnishing data to a credit information company shall ensure that the credit

information is accurate and complete with reference to the date on which such information is furnished and adopt

appropriate procedure in this behalf with the approval of their Board. Clause 23 - Every credit institution shall adopt such procedure and measures in relation to their daily operations as may be necessary to safeguard and protect the data, information and the credit information maintained by them, against any unauthorised access to or misuse of the same including the following safeguards, namely: -

(a) adopting the minimum standards for physical and operational security including site design, fire protection, environmental protection;

(b) keeping the round the clock physical security; (c) issuance of instructions for removing, labeling and securing the removable electronic storage media at the end of

the session or working day; (d) providing physical access to the critical systems to be on dual control basis; (e) making comprehensive succession plan for the key personnel so as to ensure that non-availability of a person does

not disrupt the system; (f) keeping of paper based records, documentation and backup data containing all confidential information in secured

and locked containers or filing system, separately from all other records; (g) adopting adequate procedure to ensure that the records could be accessed only by authorized persons on need to

know basis; (h) providing details of creation of firewalls and stress testing of systems through ethical hacking to evaluate and

ensure its robustness; (i) protecting systems against obsolescence; (j) adopting procedure for change of software and hardware ; (k) providing for disaster recovery and management plan; and

21

(l) taking necessary steps while handing over systems for maintenance to prevent unauthorized access or loss of data, information and credit information maintained by them.

Clause 28 - Every credit institution shall take such steps as they may deem necessary to ensure that the data, information and the credit information maintained by them is duly protected against any unauthorized access or use and formulate and adopt an appropriate policy and procedure in this behalf with the approval of their Board of Directors. Every credit institution shall include such other aspects in such policy and procedure so as to -

(i) secure the confidentiality of the data, information and credit Information maintained by them; (ii) ensure that access to the data, information and credit Information maintained by them is permitted only to

such of their managers or employees or designated officers, who are duly authorised for the purpose on a need to know basis;

(iii) ensure and control, access to the data, information and credit Information, terminals, and networks, maintained by them, by means of physical barriers including biometric access control and logical barriers by way of passwords and to ensure that the passwords used in this behalf are not shared by anyone else than who is authorised in this behalf and the passwords are changed frequently on irregular intervals;

(iv) ensure that the best practices in relation to the deletion and disposal of data, especially where records or discs are to be disposed of off-site or by external contractors are followed;

(v) ensure that the system adopted for the purpose is sufficiently adequate to protect against any unauthorized modification or deletion of the data, information or credit information maintained by them;

(vi) ensure maintenance of log made for accessing to data, information or credit information maintained by them including – a. the data relating to identity of all such persons whosoever had accessed or attempted to access the data

information or credit information maintained by them and the date and time of such access, the identity of the borrower whose data or credit information were so accessed; and

b. the provision relating to preservation of the records and entries pertaining to such log for minimum period of two years and to ensure that the same is available for examination by auditors, or the officials of the Reserve Bank authorised in this behalf, as the case may be;

(vii) ensure the maintenance and review of records and entries of log, on a regular and frequent basis to detect and investigate any unusual or irregular patterns of use of or access to data including creation of the audit trails and verification thereof;

(viii) provide the guidelines for the use and access of information systems by external contractors; and (ix) protection against pilferage of information while passing through the public and private networks.

Clause 29 - Every credit institution in possession or control of data, information and credit information shall adopt all reasonable procedure to ensure that their managers, officers, employees are obliged to fidelity and secrecy in respect of credit information under their control or to which they have access. Every credit institution shall formulate the policy and procedure duly approved by its Board of Directors specifying therein the steps to be taken by them to ensure compliance of the fidelity and secrecy obligation by their managers, officers, employees with respect to data, information and credit information under their control. Such policy and procedure shall also include therein the appropriate provisions relating to the requirement that their employees, authorized personnel, agents, contractors and other persons who deal with or have right to access data, information and credit information comply with confidentiality obligation and sign covenants with them.

MFIN Circular on data submission and usage of CIR, 3rd

October 2012 Clause 3 (d) - All members will be required to submit data on a weekly basis. Cut-off date for weekly submission will be 7th, 14th, 21st and 28th of each month. For example, data submitted to 7th April should updated until 31st March, data submitted on 14th April must be updated until 7th April and so on. Clause 3 (e) - CB report to be treated as valid for 15 days from the date of extraction. Therefore, disbursement should be made within 15 days from date of extracting the CB report. If an MFI disburses loan after 15 days of extracting of CB report, it will be construed as not having used a CB report.

22

MFIN Circular on KYC Standards updated of 29th

October, 2014 All MFIN members will be required to take (during loan application process) and capture (in the Passbooks/MIS etc) two KYC documents, one of them necessarily being either UID (Aadhaar) or Voter ID and submit to the Credit Bureaus in the Common Data Format. List of acceptable documents for individuals as per RBI Master Circular on KYC Proof of identity

Aadhaar No (most preferred)

Voter’s Identity Card (most preferred)

Passport

PAN card

Driving License

Job Card issued by NREGA duly signed by an officer of the State Govt

Identity card (subject to the bank’s satisfaction)

Letter from a recognized public authority or public servant verifying the identity and residence of the customer to the satisfaction of bank

Proof of address

Aadhaar No (most preferred)

Voter’s Identity Card (most preferred)

Ration card

Driving License

Passport

Letter from any recognized public authority

Electricity bill

Telephone bill

Bank account statement

Letter from employer (subject to satisfaction of the bank)

A rent agreement indicating the address of the customer duly registered with State Government or similar registration authority.

any one document which provides customer information to the satisfaction of the bank will suffice

23

Annex 3: Basic validations and checks MFIs can put in place some basic validations at MIS to ensure that data input to UCRF do not carry incorrect or junk values.

Having these basic validations at the data capture stage itself will ensure a higher quality of data gets reported to the

Bureau.

Borrower Information

Name Name should not contain special characters such as @,(,”,%,/,), etc

Age Age of borrower is less than 18 years of age at the time of opening of account

Mobile number Length should be 10 characters, all numberic

Voter ID Length should be 10 or greater bytes

The first two bytes must be alpha

The 3rd byte can be alpha or numeric

All bytes after the 3rd byte must be numeric and not 9-filled

Sample: KDD5664661, AB123456458214

UID/Aadhaar Length should be 12 digit and all numeric

Sample: 465214558455

PAN Length should be 10 bytes

Should be in form of AAAAANNNNA format only. (A-Alpha and N-Numeric)

Sample: BRLPS5486R

Ration Card Should be minimum 5 character in length

Other ID Should be minimum 5 character in length

Account information

Loan cycle Should be ≥ 1

Loan Category Should be T01- JLG Group, T02- JLG Individual, T03 - Individual

Account status

Account status S04 (current) but DPD > 0

Account status Account status S05 (overdue) but DPD=0 and overdue amount =0

Account status Account status S07 (loan closed) but outstanding amount > 0

Date Date closed is prior to date opened/disbursed

Date write-off Date write-off is prior to or same as date opened/disbursed

24