Banks have broadened their channels for the disposal of bundles of non-performing personal loans following the official issuance by the China Banking and Insurance Regulatory Commission (CBIRC) of the Notice on Implementing the Pilot Program of Transferring Non-performing Loans. However, there is still confusion about the protection of personal information in the transfer process.

Before the transfer is completed, the credit information should not be provided externally. The credit investigation industry is always under strict supervision. Except in post-loan risk management, commercial banks should obtain written authorisation from individuals when inquiring about their personal credit reports, according to the Regulations on the Administration of the Credit Investigation Industry and the Interim Measures for the Management of Basic Databases of Personal Credit Information.

The transfer of non-performing loans (NPLs) has gone beyond the scope of general post-loan risk management, and the credit information sought by banks should not be provided outside the scope authorised by debtors.

Other litigation-related information unrelated to the loan to be transferred should not be provided externally. The litigation-related information of the debtor who intends to transfer loans may be provided. However, banks may also inquire about the debtor’s other litigation-related information through the credit information system and information disclosure platforms (e.g., wenshu.com). The results of such inquiries should not be provided externally for the following reasons: the information obtained through the credit information system should only be used for the purpose agreed upon with the debtor according to the regulations covering the management of the credit investigation industry; for the information obtained through the information disclosure platform, there is no need to provide the information externally as third parties may make their own inquiries through the same channels.

Personal information that should not be provided externally according to various specifications and standards. Technical Specifications for Protecting Personal Financial Information (the provide that the supporting information for identifying users in C3 and C2 categories should not be provided externally, including personal health and physiological information, identification information, private biometric information and supporting identification information. Other personal financial information listed in the technical specifications should not be provided if it does not meet the necessity of transfer due diligence.

Statistical data of a non-performing asset package may be provided externally. Data on the underlying NPLs, including the amounts of the assets, number of borrowers, weighted average overdue days, asset distribution, borrower distribution and other statistical information, may be provided externally, according to the CBIRC’s notice and the Detailed Rules for Information Disclosure of Non-performing Loan Transfer Business of Banking Credit Assets Registration and Circulation Center (for Trial Implementation) – the disclosure rules.

Banks are probably more concerned about whether the debtor’s co-debt statistics may be provided externally. We believe that such information should not be provided externally in respect of a single debtor, but the provision of general statistics concerning all debtors, such as the number of borrowers with co-debt, the total debt amount with co-debt attributable to the bank, and the total amount of co-debts (also as a basic basis for judging the likelihood of realising creditor’s rights), so as to determine the different number of borrowers and total amount with or without co-debts. Such information can be used as basic data to help the transferees make business judgements and is of great value for their risk prediction.

Loan information to be transferred and relevant documents may be provided externally. In accordance with the disclosure rules, the NPL information includes project details, basic loan information, basic information of borrowers and information of lending institutions; “documents” include creditors’ rights, security and litigation materials. We believe that the specific scope of materials may cover:

Asset title documents, such as loan contract, debtor’s citizenship number, receipt for a loan/account statement, extension agreement (if any), loan collection notice, return receipt, repayment voucher and other creditors’ rights materials.

Security and litigation materials closely related to creditors’ rights materials. The former includes security contracts, identity certificate of the security provider and ownership certificate of the collateral (if any); the latter includes lawyer engagement agreement, complaint, application for property preservation, application for enforcement, judgment/mediation document/ruling, etc.

Archives, such as loan application forms, credit investigation reports for the loan, review and approval opinions and post-loan management report (if any). However, other information in the archives except the basic information of non-performing loans and borrowers should be masked.

Recommendation

Article 9 of the CBIRC notice provides that the transferor and the transferee should co-operate on the credit investigation of the debtor, and it can be stipulated in the creditor’s right transfer contract for the transferor to provide assistance. However, the content of this provision is very vague. In practice, when the transferee requests the bank to provide the updated credit information of the debtor during the information handover, the bank, out of prudence for compliance, often refuses the request on the ground that inquiry about the credit information of the debtor after the debt transfer is no longer in the scope of post-loan management. It would seem appropriate that the CBIRC should set out more specific provisions on this issue to ensure the smooth handover of assets between parties.