Part of a comprehensive analysis of the Credit Bureau Act 2016
All Parts in This Series
Duties of Approved Members of Licensed Credit Bureaus: An In-Depth Analysis
The Credit Bureau Act 2016 establishes a comprehensive regulatory framework governing the conduct of approved members of licensed credit bureaus in Singapore. Part 6 of the Act delineates specific duties imposed on these members to ensure the confidentiality, security, accuracy, and proper submission of customer information and credit data. This article analyses the key provisions under Part 6, their purposes, definitions, penalties for non-compliance, and relevant cross-references to other legislation.
Duty to Maintain Confidentiality of Customer Information (Section 33)
Section 33 imposes a strict duty on approved members and their officers to maintain the confidentiality of customer information obtained from licensed credit bureaus. Specifically, subsection (1) prohibits approved members and their officers from requesting or using customer information, including credit reports, of their own or other approved members’ customers except for purposes explicitly permitted under subsection (2).
"Except for a purpose mentioned in subsection (2), an approved member of a licensed credit bureau and any of the member’s officers must not — (a) request from the licensed credit bureau, any customer information (including a credit report of the member’s customer) of that or any other approved member of the licensed credit bureau; or (b) use any customer information (including any such information in a credit report) of that or any other approved member of the licensed credit bureau received from the licensed credit bureau." — Section 33(1), Credit Bureau Act 2016
Verify Section 33 in source document →
The rationale behind this provision is to protect sensitive customer data from unauthorized access and misuse, thereby preserving the trust and integrity of the credit reporting system. Confidentiality safeguards prevent potential abuses such as identity theft, unfair discrimination, or improper lending decisions based on unauthorized data sharing.
Section 33(8) clarifies that these confidentiality duties do not override rights of disclosure under other written laws, including the Banking Act 1970, ensuring that approved members can comply with lawful requests or obligations.
"To avoid doubt, subsections (3), (4), (5) and (7) do not affect the rights of disclosure that the approved member or any of its officers has under any other written law, including the Banking Act 1970." — Section 33(8), Credit Bureau Act 2016
Verify Section 33 in source document →
Moreover, subsection (11) defines “officer” by cross-reference to section 2(1) of the Banking Act 1970, ensuring consistency in terminology across financial legislation.
"In this section, “officer” has the meaning given by section 2(1) of the Banking Act 1970." — Section 33(11), Credit Bureau Act 2016
Verify Section 33 in source document →
Duty to Maintain Security and Integrity of Data (Section 34)
Section 34 mandates approved members to ensure the integrity of data provided to licensed credit bureaus and to protect data received from them through reasonable security arrangements. This includes preventing unauthorized access, collection, use, disclosure, copying, modification, or disposal of data.
"An approved member of a licensed credit bureau must — (a) ensure the integrity of any data it provides to the licensed credit bureau; (b) protect any data received from the licensed credit bureau by making reasonable security arrangements to prevent unauthorised access, collection, use, disclosure, copying, modification, disposal or similar risks; and (c) dispose of any data received from the licensed credit bureau if — (i) the purpose for which that data was provided is no longer being served by retention of the data; and (ii) retention is no longer necessary for the approved member’s legal or business purposes." — Section 34(1), Credit Bureau Act 2016
Verify Section 34 in source document →
This provision exists to uphold the accuracy and reliability of credit data, which is critical for fair credit assessments. It also addresses data lifecycle management by requiring disposal of data when retention is no longer justified, thereby reducing risks of data breaches or misuse.
Duty to Correct Data (Section 35)
Section 35 empowers data subjects to request corrections of errors or omissions in their data processed by licensed credit bureaus and held by approved members. Approved members must respond to such requests to maintain data accuracy.
"A data subject may request an approved member of a licensed credit bureau to correct an error or omission in any data of the data subject that — (a) has been processed by the licensed credit bureau; and (b) is in the possession or under the control of the approved member." — Section 35(1), Credit Bureau Act 2016
Verify Section 35 in source document →
The purpose of this duty is to protect individuals from the adverse consequences of inaccurate credit information, such as wrongful credit denials or higher interest rates. It promotes fairness and transparency in credit reporting.
Duty to Submit Data to Licensed Credit Bureau (Section 36)
Section 36 authorizes the Authority to require approved members to provide data relevant to the credit reporting business within specified timeframes and formats.
"The Authority may, by written notice, require an approved member of a licensed credit bureau to provide to the licensed credit bureau, such data relating to the licensed credit bureau’s credit reporting business within such period and in such manner as the Authority may specify in the notice." — Section 36(1), Credit Bureau Act 2016
Verify Section 36 in source document →
This provision ensures that licensed credit bureaus receive timely and comprehensive data to maintain up-to-date and accurate credit reports, which are essential for effective credit risk management across the financial sector.
Duty to Provide Information to the Authority (Section 37)
Section 37 empowers the Authority to require approved members or their representatives to furnish information relating to their membership and activities as approved members.
"Subject to subsection (4), the Authority may, by written notice, require an approved member of a licensed credit bureau, or any person acting on behalf of the approved member, to provide to the Authority, information relating to — (a) the approved member’s membership of the licensed credit bureau; and (b) the approved member’s activities as an approved member of the licensed credit bureau, within such period as the Authority may specify in the notice." — Section 37(1), Credit Bureau Act 2016
Verify Section 37 in source document →
This duty facilitates regulatory oversight and enforcement by enabling the Authority to monitor compliance and investigate potential breaches effectively.
Duty to Provide Information in Credit Facility Documents (Section 38)
Section 38 allows the Authority to require approved members to include specified information in credit facility documents provided to customers, such as application forms, approval or rejection letters.
"The Authority may, by written notice to an approved member or a class of approved members of a licensed credit bureau, require the approved member or the member within that class to include any information specified by the Authority in any credit facility document that the approved member provides to its customer." — Section 38(1), Credit Bureau Act 2016
Verify Section 38 in source document →
This provision promotes transparency and informed decision-making by customers applying for credit facilities, ensuring they receive relevant information about their credit status or reporting.
Section 38(4) defines “credit facility document” to include any application form, approval letter, rejection letter, or other documents related to credit facility applications.
"In this section, “credit facility document” means any application form, approval letter, rejection letter or any other document in relation to an application for a credit facility." — Section 38(4), Credit Bureau Act 2016
Verify Section 38 in source document →
Penalties for Non-Compliance
The Act prescribes stringent penalties for breaches of the duties outlined above, reflecting the importance of compliance to maintain the integrity of the credit reporting system.
- Confidentiality breaches (Section 33(9)): Individuals face fines up to $125,000 or imprisonment up to 3 years or both; other persons face fines up to $250,000.
- Security and integrity breaches (Section 34(2)): Fines up to $250,000 plus continuing offence fines up to $25,000 per day.
- Failure to correct data (Section 35(4)): Fines up to $250,000 plus continuing offence fines up to $25,000 per day.
- Failure to submit data (Section 36(2)): Fines up to $100,000 plus continuing offence fines up to $10,000 per day.
- Failure to provide information to Authority (Section 37(5)): Individuals face fines up to $50,000 or imprisonment up to 2 years or both plus continuing offence fines up to $5,000 per day; others face fines up to $100,000 plus continuing offence fines up to $10,000 per day.
- Failure to comply with credit facility document information requirements (Section 38(3)): Fines up to $25,000.
"Any person that contravenes subsection (1), (3), (4), (5), (7) or any condition imposed under subsection (6) shall be guilty of an offence and shall be liable on conviction — (a) in the case of an individual, to a fine not exceeding $125,000 or to imprisonment for a term not exceeding 3 years or to both; or (b) in any other case, to a fine not exceeding $250,000." — Section 33(9), Credit Bureau Act 2016
Verify Section 33 in source document →
"Any person that contravenes subsection (1) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $250,000 and, in the case of a continuing offence, to a further fine not exceeding $25,000 for every day or part of a day during which the offence continues after conviction." — Section 34(2), Credit Bureau Act 2016
Verify Section 34 in source document →
"Any person that contravenes subsection (2) or (3) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $250,000 and, in the case of a continuing offence, to a further fine not exceeding $25,000 for every day or part of a day during which the offence continues after conviction." — Section 35(4), Credit Bureau Act 2016
Verify Section 35 in source document →
"Any person that contravenes subsection (1) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $100,000 and, in the case of a continuing offence, to a further fine not exceeding $10,000 for every day or part of a day during which the offence continues after conviction." — Section 36(2), Credit Bureau Act 2016
Verify Section 36 in source document →
"Any person that fails to comply with a notice issued under subsection (1) shall be guilty of an offence and shall be liable on conviction — (a) in the case of an individual, to a fine not exceeding $50,000 or to imprisonment for a term not exceeding 2 years or to both and, in the case of a continuing offence, to a further fine not exceeding $5,000 for every day or part of a day during which the offence continues after conviction; or (b) in any other case, to a fine not exceeding $100,000 and, in the case of a continuing offence, to a further fine not exceeding $10,000 for every day or part of a day during which the offence continues after conviction." — Section 37(5), Credit Bureau Act 2016
Verify Section 37 in source document →
"Any person that fails to comply with a notice given under subsection (1) shall be guilty of an offence and shall be liable on conviction to a fine not exceeding $25,000." — Section 38(3), Credit Bureau Act 2016
Verify Section 38 in source document →
These penalties serve as strong deterrents against breaches, reinforcing the importance of compliance to protect consumer interests and the credit reporting ecosystem.
Cross-References to Other Legislation
The Act incorporates definitions and rights from other statutes to ensure coherence and avoid conflicts. Notably, the term “officer” is defined by reference to section 2(1) of the Banking Act 1970, aligning the meaning across financial regulatory frameworks.
"In this section, “officer” has the meaning given by section 2(1) of the Banking Act 1970." — Section 33(11), Credit Bureau Act 2016
Verify Section 33 in source document →
Additionally, the confidentiality provisions explicitly preserve rights of disclosure under other written laws, including the Banking Act 1970, allowing approved members to comply with lawful obligations without breaching the Act.
"To avoid doubt, subsections (3), (4), (5) and (7) do not affect the rights of disclosure that the approved member or any of its officers has under any other written law, including the Banking Act 1970." — Section 33(8), Credit Bureau Act 2016
Verify Section 33 in source document →
Conclusion
Part 6 of the Credit Bureau Act 2016 imposes critical duties on approved members of licensed credit bureaus to safeguard the confidentiality, security, accuracy, and proper handling of credit data. These provisions exist to protect consumers, maintain data integrity, and enable effective regulatory oversight. The stringent penalties for non-compliance underscore the importance of adherence to these duties in sustaining a trustworthy credit reporting environment in Singapore.
Sections Covered in This Analysis
- Section 33 – Duty to maintain confidentiality of customer information
- Section 34 – Duty to maintain security and integrity of data
- Section 35 – Duty to correct data
- Section 36 – Duty to submit data to licensed credit bureau
- Section 37 – Duty to provide information to Authority
- Section 38 – Duty to provide information in credit facility document
Source Documents
For the authoritative text, consult SSO.