The People's Bank of China (PBOC) is the main regulator of the personal credit scoring industry, as set in the Regulation on the Administration of Credit Investigation Industry, which is the industry's defining regulation issued by the State Council in 2012. The initial idea from the PBOC was for external ministries to send their citizens data to the central bank, which would then combine these datasets with its financial records to create profiles that would give an overall view of a person's creditworthiness.
However, because ministries are not required by law to do so, and don't have the motivation to send their data to the PBOC, so far the central bank has struggled to compile many of their comprehensive target profiles. As a result, the PBOC decided to build a credit scoring system by itself, something that should be feasible as the PBOC has some useful data already: IDs, hukou (household register), education, residence address, etc., - all things that would naturally come from credit applications where consumers fill in in banks.
The PBOC's idea was to launch the Credit Bureau to collect data, and then assign credit score licenses to private companies to analyze that data. The PBOC would then receive information from banks, then sell to credit score companies, that in their turn will analyze the data and sell reports to other parties, effectively allowing the PBOC to make some money on the side. However, it's been almost two years now since the licenses were announced, but none have been handed out yet. Why?
Here is how the events developed:
- In January 2015 China's central bank issued a Notice on Personal Credit Scoring, giving eight companies six months to prepare for starting the business.
- December 2015 saw a new regulation - Guidelines on Supervision of Credit Scoring Organizations, basically telling the PBOC divisions how to supervise these firms, but still no licenses were announced.
- In May 2016 the PBOC issued the Draft Credit Score Business Guidelines for public comment, and though again it wasn't a license handover, the document at least partially clarified why the regulator was hesitant. It is important to note that among the eight license holders two companies - Sesame Credit and Tencent - were already using the credit scores based on the data they were capturing from their users.
From the Guidelines is appears that the regulator is not sure what role a license holder should play. For example, the 12th rule states that a credit score organization has to receive consumer approval to collect certain data about her/him if the data is not considered public by law. So the PBOC would like to limit license holder's ability to directly collect private data such as payments transactions. The regulator probably sees it more optimal to centrally own this data and sell it to the credit score companies. The delay has happened as the PBOC is deciding whether the license holders should be able to have their data or not.
The recent Alipay incident shows how such private data can be misused by for-profit entities. Looking at this negatively, what happened was a big company started deciding what content users could see based on their spending records. This can be called credit score abuse and has significant implications. Sesame Credit score is already used in many areas, such as applying for visas and having access to VIP lines at the airport. Decades of experience in other markets show that these scores work great in finance, but should privately-owned, non-official scores, which also can be tweaked by sketchy manipulations (at least at the moment), be influencing many areas of millions of lives?
Will Sesame Credit's incident slow the regulatory decision-making process even further? It seems like it might - still, no licenses were given out as of December 2016. Another interesting point here is that China was always able to learn from the experience of developed markets when designing its regulation. The system where a government body is a data gatherer, and private companies analyze that data, is itself very similar to the system used in Germany.
But the unique and extremely fast market is leaving regulators without role models to learn from. China's conglomerates such as Alibaba, Tencent or Ping An (all on the license holder list) integrate many businesses and therefore have access to multiple sources of user data, such as the e-commerce and payment transactions, and even social interactions. Also, the new developments such as the Internet of Things and shared economy create even more data streams and change business and social norms. The combination of these factors gives the regulators a riddle that probably wasn't solved anywhere else before.