*****************************************
Following is a question by Dr Hon Kwok Ka-ki and a written reply by the Secretary for Financial Services and the Treasury, Professor K C Chan, in the Legislative Council today (June 11):
Question:
Recently, a member of the public has complained to me that his applications for credit cards and loans have been affected by a bad credit history, which has remained in his personal credit data since someone else made loan applications to banks and finance companies using his identity fraudulently during the period when he had lost his identity card (ID card), despite confirmations having been made subsequently by the Police to such institutions that the person had reported to the Police on the loss of his ID card. In this connection, will the Government inform this Council:
(1) whether it knows how financial institutions handle the bad credit history of members of the public which they claim to have been caused by the fraudulent use of their identity; whether the guidelines of the Hong Kong Monetary Authority (HKMA) and relevant government departments have specified such practices; if they have, of the details; if not, the reasons for that;
(2) whether the law enforcement agencies concerned have put in place established procedures for handling cases of fraudulent use of stolen identity to apply for loans; if they have, of the details; if not, the reasons for that; and
(3) whether HKMA monitors the compliance by financial institutions with its guidelines on the provision of and access to credit data; if it does, of the details; if not, the reasons for that?
Reply:
President,
(1) Consumer credit data is personal data subject to the Personal Data (Privacy) Ordinance (PDPO) and the Code of Practice on Consumer Credit Data issued by the Office of the Privacy Commissioner for Personal Data (PCO Code). Credit providers are required to comply with the PDPO and PCO Code in handling consumer credit data. The PCO Code requires a credit provider to update consumer data held in the database of a credit reference agency (CRA) as soon as reasonably practicable if the credit provider discovers any inaccuracy in the data provided to the CRA. In addition, the Code of Banking Practice and the HKMA's Supervisory Policy Manual require Authorised Institutions (AI) to comply with the requirements of the PDPO and PCO Code.
If a fraudulent use of the data is confirmed, a credit provider shall, in accordance with the PCO Code, instruct the relevant CRA to delete the loan record concerned from the CRA's database as soon as reasonably practicable and to leave no history in the CRA's database.
(2) Making loan applications using a fraudulent identity may contravene section 18 (obtaining pecuniary advantage by deception) of the Theft Ordinance, or section 7A (using an identity card which relates to another person) of the Registration of Persons Ordinance. Depending on the nature of the case and the evidence collected, the Police will conduct investigation and follow up accordingly.
(3) The HKMA monitors AIs' compliance with the requirements of the Code of Banking Practice and the Supervisory Policy Manual as part of its regular supervision (including on-site examination, handling of complaints, and review of regular self-assessments conducted by AIs). If the HKMA detects any breaches of relevant requirements by individual AIs or sees any areas warranting improvement, the HKMA will follow up with the AIs concerned accordingly.
Ends/Wednesday, June 11, 2014
Issued at HKT 12:32
NNNN
