HKMA Expects Banks to Join Commercial Data Interchange by End-2022

The Supervisory Policy Module IC-7 addresses the sharing and use of commercial credit data through a CCRA for the implementation of CDI. Announced as part of the “Fintech 2025” strategy of HKMA, the CDI is a next-generation financial data infrastructure that aims to enable more efficient financial intermediation in the banking system. HKMA believes that with the ability to enhance banks’ capabilities in risk management, the CDI will become an indispensable tool to the banking industry. All banks with material small and medium-size enterprise financing business are expected to join CDI by the end of 2022. The recent letters to HKAB and DTC Association address two issues in connection with the CDI as well as its link with the CCRA. Additionally, a revised, mark-up version of the Policy Module has been enclosed with the letters to these Associations.

HKMA plans to amend the module IC-7 to reflect its expectations with respect to the CCRA-CDI link and has been working with the operator of CCRA to link up CDI with the CCRA database via an Application Programming Interface. This would enable institutions to access both conventional credit data in the CCRA database as well as alternative credit data via a single connection to the CDI. The link is expected to be launched in the fourth quarter of 2022. This will provide an opportunity for institutions to automate their credit approval process, reduce manual handling and the corresponding risk of human errors, and enhance overall operational efficiency. Institutions are hence strongly encouraged to access the CCRA database via the CDI, particularly for those with frequent access to CCRA data. Subject to comments from the industry, the revised module will take effect from December 30, 2022.

With respect to the protection of information security for alternative credit data obtained via CDI, Section 5 of SPM Module IC-7 will, after revision, provide guidance on institutions’ safeguards to protect information security of commercial credit data disclosed to, or obtained from, a CCRA regardless of whether access is made through CDI or designated terminal(s). For other alternative credit data obtained via CDI, HKMA is reminding authorized institutions joining CDI that they should also adopt reasonable procedures to ensure that such alternative data are properly safeguarded, with regard to the confidentiality, accuracy, and relevant and proper utilization of the information. Authorized institutions should, where relevant and practical, observe the guidance laid out in Section 5 of SPM Module IC-7 when handling alternative credit data obtained via CDI. Institutions should also observe the Rules for CDI, applicable requirements, and relevant terms and conditions for joining CDI. Depending on the development of CDI, HKMA may consider issuing further guidelines on the use of alternative credit data through CDI in the future if necessary.

Keywords: Asia Pacific, Hong Kong, Banking, Lending, Regtech, Open Banking, CCRA, CDI, Credit Risk, SPM IC-7, Fintech 2025, API, HKMA