In October 2017, the RBI announced a high level task force that would study and help set up a transparent and comprehensive public credit registry (PCR). The RBI’s PCR was intended to be “an extensive database of credit information for India that is accessible to all stakeholders”. The PCR was intended to help improve efficiencies in the Indian credit market, aid financial inclusion, help control deliquencies and in general improve the ease of doing business.
The RBI’s PCR task force, headed by Mr. Y.M. Deosthalee (ex-CMD, L&T Finance Holdings Limited) was setup with several high ranking RBI officials, top bankers in it. Additionally, the task force also included an evangelist from iSPIRT, a think tank for the Indian software products industry that had also “volunteered” to help setup the Aadhaar program. The task force was given the liberty to invite any experts from World Bank etc. if required.
Given six months to submit their report, the task force was directed to to assess the current credit information systems in India, assess gaps, gather information about best international practices and come up with a roadmap for the PCR. But, while the deadline for the report submission has come and gone on April 4, 2018, there has been no sign of the report being released by the RBI.
An RTI request submitted to the RBI seeking a copy of the report (or a revised date when the report would be submitted) has elicited a strange response. Though it has accepted that the task force has submitted its report on time, the RBI has used sections 8(1)(a) and 8(1)(e) of the RTI act of 2015 as reasons to deny the petitioner a copy of the report.
So what are these two sections of the RTI act?
Section 8(1)(a) in The Right To Information Act, 2005
(a) information, disclosure of which would prejudicially affect the sovereignty and integrity of India, the security, strategic, scientific or economic interests of the State, relation with foreign State or lead to incitement of an offence;
Section 8(1)(e) in The Right To Information Act, 2005
(e) information available to a person in his fiduciary relationship, unless the competent authority is satisfied that the larger public interest warrants the disclosure of such information;
Basically, these two sections give the government the right to refuse information if such disclosure would affect the sovereignty of India (or) if disclosure is not in the larger public interest.
So what is in this report about a transparent and comprehensive public credit registry for India, that cannot be public knowledge? Considering the composition of the task force (specifically the iSPIRT presence) and the current state of related affairs, it is not difficult to peice this “secret” together.
We also know that Dr. Viral Acharya said that the credit system would use Aadhaar as an identifier and would essentially enable 360 degree financial profiling of an individual using Aadhaar. Such a system would necessarily aggregate information about the individual from various databases. And when the financial profile is stored with the individual’s Aadhaar, it would enable this information to be compatible with any other Aadhaar based profiling as well.
All this while the government repeatedly denied that Aadhaar can enable 360 degree profiling in the Supreme Court.
Thread on a non transparent RBI on PCR denying RTI, Aadhaar, right to privacy by Srikanth Lakshmanan
“Srikanth Lakshmanan, who drives “Cashless Consumer”, a collective studying digital payments and role of data in financial systems to protect consumer interests shared this article with a tweeted commentary, which we are converting into paragraphs with minor edits for readability as below:
Before that, what’s public doing there in public credit registry whose high level task force report can’t be divulged citing national interest? Call it National interest credit registry instead.
In July 2017, RBI Deputy Governor Viral Acharya made a case for use of Aadhaar in creating a state backed Public Credit Registry, one which will help in reducing information asymmetry. In Oct 2017, RBI appoints a high level task force to give a report on PCR in 6 months. It is this report that RBI has denied in RTI now.
Let us try to understand a PCR a bit more in detail, and I shall then list my fears / concerns (yes, some may be FUD, but a non-transparent regulator isnt helping, so all economists over here, please help me) I am happy to be educated more.
How is PCR different from Credit Information Bureaus (CIBIL etc)? CIB caters to the information needs of commercial lenders and is privately owned.While a PCR is geared towards use by policymakers, regulators and other officials and are generally owned by a central bank of a country. The earliest of literature dates back to 2010 WB research paper “Public Credit Registries as a Tool for Bank Regulation and Supervision”. Some excerpts to get a gist from my skimming of 24 page paper.
Although these “prudential rating systems” are not aimed at replacing or competing with banks’ rating systems,they can play a subsidiary role.For example,smaller banks may be limited in their capacity to develop their own rating systems due to insufficient data,experience or resources; in such cases, the prudential ratings could supplement better risk analysis.
So not just PCR helps regulation, it helps smaller lenders to serve the market, in that sense, its a market tool for furthering credit by state / Central bank making investment.
What is the minimal information in PCR according to it? Here is it. Viral’s proposal was to use Aadhaar as borrower ID number for individuals and CIN for companies. For this to happen you would need to share your UID (no VID, so there goes privacy) while taking credit.
One of most important institutional elements supporting a well-functioning credit market is credit reporting firms.They are able to provide rapid access to accurate,reliable and standardized information on potential borrowers and are of critical importance in determining risk exposure.
Who are potential borrowers? Every Aadhaar holder?
Where is fundamental right to privacy here? PCR doesnt even have a law, let alone examine for proportionality.
The paper also talks about PCR tracking payment behaviors. This is where BBPS data will potentially be exported. I can already visualize various data first systems being built and coerced openly/covertly by BullyStack being put in use for PCR.
Where is fundamental right to privacy?
Having the state owning both the ID system (Aadhaar) and PCR (state owned central bank), only complicates problems further, as a citizen can now be penalized by state for voicing dissent. (Imagine state version of having employee fired for tweet).
Given that the World Bank working paper on PCR was in the aftermath of 2008 crisis, one may argue PCR is a legit need and privacy concerns might not stand against it. But shouldn’t the functioning and even setting up be public?