Equifax, a credit bureau company in U.S., is paying at least $650 million in a settlement related to its 2017 data breach which affected about 150 million people. Of that sum, $425 million is kept for consumers, notes Fortune in a newsletter. As fintechs and credit bureaus mushroom in Nigeria, Nigeria needs to develop protocols to harden the protection of its citizens’ data. I have noted that credit bureaus in the Western world do not overly care on protecting citizen data since their actual customers are financial institutions which buy citizens data for loan making and more. Nigeria adopted that model, and that is bad. In this piece, I proposed a model that will ensure Nigerian credit bureaus can deliver value to the financial institutions and the citizens simultaneously by aligning all the interests.
Yes, it is evident that the credit bureaus do not really care about the security of citizen data. Banks do care because losing customer funds through cyber-breaches will cost them money. The credit bureaus do not see citizen data as being that important. Their customers are the banks and not the citizens, and that is why they never care what they send to the banks. The citizens cannot take the jobs away from them. They have no incentive to be absolutely correct on the data they send to banks. The banks pay them and the banks are their customers, and provided they are happy, the citizens are irrelevant.
So for Nigeria, we need to do things a little different. We need to have within the Central Bank of Nigeria a unit that will supervise credit bureaus the way we do to banks. Also, citizens must enroll before any bureau can monetize their data in the specific system. By asking the citizens to enroll before banks can use their data, via credit bureaus, it creates incentives for the bureaus to make efforts to be optimal in their services.
Sure, it can hurt the citizen if the data is not reported but it will also hurt the credit bureau if it has no data to monetize. We have existed for decades with no credit system and can wait for few months to get it right. But for the credit bureaus which are starting, they need the citizens’ data. I recommend the following in Nigeria to make sure we break any oligopoly power as is being experienced in the U.S. credit bureau sub-sector:
- CBN should register and give licenses to at least five credit bureaus
- Credit bureaus can get data from all the banks and approved sources but they cannot profit from them until a customer approves for them to monetize the data. By pushing them to wait until a citizen approves, they have an incentive to be optimal to the services they deliver to the citizen besides the banks
- A citizen must sign up with at least three bureaus at all times
- Where it is evident that a specific credit bureau is not performing well, a citizen can withdraw its approval to report its credit. That can happen once per two years. Once that happens, it will take another two years for that customer to rejoin that specific credit bureau. But at the time, the credit bureau will still be collecting the data but cannot monetize it with banks.
- A citizen at all times must have its credit records approved for monetization with at least three bureaus
By having this structure, a citizen will have leverage thereby reducing the poor reporting and lack of efforts by credit bureaus to harden systems to avoid identity thefts. A credit bureau that neglects its systems resulting to massive hack can lose all customers and will have nothing to sell to banks. So that creates an incentive to deliver better protection unlike what we have today. The addition of this citizen component will seed incentives for win-win in the sector.
The alignment of the interests of the banks, credit bureaus and citizens will be catalytic in establishing a functioning credit ecosystem in Nigeria. This is not included in the current CBN’s guidelines for establishing credit bureaus in Nigeria. We cannot do it the way the Americans have done it. We need a system that provides a citizen element so that credit bureaus have clear incentives to deliver good services. You cannot be selling people’s data and yet have no incentives to serve the people and protect their data. With this proposed model, the oligopolistic system that runs in the credit bureau industry will be dismantled in the Nigerian model. The outcome will be a virtuoso credit bureau system that secures customers data as it serves its core customers, the banks.