MAS consults on proposed regulations and notices for licensed credit bureaus and approved members: Allen & Gledhill

29 October 2020

On 16 October 2020, the Monetary Authority of Singapore (“MAS”) issued a consultation paper on “Proposed Regulations and Notices for Licensed Credit Bureaus and Approved Members” to seek feedback on regulations and notices to effect the objectives of the Credit Bureau Act 2016 (“CBA”).

The CBA aims to subject credit bureaus to formal MAS oversight in view of the large amount of sensitive borrower credit information collected by them. Under the CBA, MAS will regulate licensed credit bureaus (“LCBs”), the credit reporting business, and approved members of these licensed credit bureaus (“AMs”).

In the consultation paper, MAS seeks comments on the following regulations and notices:

Credit Bureau Regulations 2020: These Regulations set out provisions of general application, such as the type of fees payable by an LCB, and the procedures that apply when a person is given an opportunity to be heard by MAS (for example, with regard to a decision of MAS to revoke the approval or deemed approval of an AM under section 31(1) of the CBA).
Credit Bureau (Composition of Offences) Regulations 2020: These Regulations set out the compoundable offences that apply to both LCBs and AMs. Any offence punishable by a fine and the offences in these Regulations are compoundable.
Notice to Licensed Credit Bureaus and Approved Members: This Notice sets out requirements which will instil robust governance standards within the LCBs, safeguard the confidentiality and accuracy of data processed by LCBs and their AMs, and ensure that disputes over data are resolved in a prompt, fair and independent manner.
Notice on Technology Risk Management and Notice on Cyber Hygiene: These Notices will subject LCBs to technology risk management requirements and cyber security measures similar to those of other financial institutions regulated by MAS. This will ensure that LCBs have robust infrastructure, systems and processes to manage technology risks and cyber threats.

The consultation closes on 15 November 2020.