ieExplains: Why is the Central Bank's error an issue for borrowers? 

What is the Central Credit Register?

The CCR is operated by the Central Bank of Ireland and is used to store the personal and credit information on loans of €500 or more issued throughout the country. All financial institutions offering loans have to supply loan repayment information to it every month.

This information is then used to generate individual credit reports on borrowers which they and lenders can access. Lenders can use these credit reports to get an idea of the borrower's repayment history to help them to decide if they should approve an application for a loan.

Under the terms of the CCR, lenders have to seek a person’s credit report if they are applying for a loan of €2,000 or more. Borrowers can request their credit report to see the credit information lenders have submitted on their loans.

What kind of information is contained in a credit report?

Information contained in a credit report includes a summary of all active loans including their value, outstanding balance, repayment frequency, the repayment amount, the number of payments not made or past due, as well as the expected date of final payment.

The same information is also stored on all closed loans.

Data is stored for five years after which it is supposed to be deleted. However, an error in the Central Bank’s system meant that data from three months in 2018 — which should have been deleted — was actually retained and included in credit reports sent to lenders.

Unlike systems set up in other countries, the CCR does not give an individual a credit score, rather the lender will decide on a person’s loan application based on the lending history contained in this report.

Why is this Central Credit Register error an issue?

The people most likely to be impacted by this error are people who had repayment difficulties during the months of May, June, and July 2018. Prospective lenders could see that they had difficulties during that period in their credit reports when it should not have been included.

This could impact a lender's decision as to whether to approve the individual for a loan or not.

The Central Bank has estimated that between June 1 and August 7 this year, there were approximately 476,000 total enquiries made by lenders or borrowers for information held on the CCR.

According to its preliminary analysis, the Central Bank said the records of around 20,500 borrowers contained performance data pointing to repayment difficulties during those three months.

However, the bank said it is not in a position to determine the extent to which credit applications were adversely affected by this incident because a significant proportion of those 20,500 borrowers continued to have payment performance difficulties in the months following July 2018.

The Central Bank is continuing to investigate how many borrowers could have been affected by this error.

Have there been issues with the CCR before?

In April, Bank of Ireland said an error in the transfer of KBC mortgages over to its systems meant that it did not submit customer repayment data to the CCR for the months of February and March. It came as a result of the mortgage “start date” being incorrectly inputted into their systems.

It was estimated that 35,000 people were impacted by the error. The resulting gaps in payments could have impacted the credit histories of those customers and their ability to borrow money.

In a separate incident from 2018 and 2019, Bank of Ireland was fined €463,000 after the Data Protection Commissioner (DPC) found thousands of customers’ data was accidentally altered in such a way it could have damaged their credit ratings and prevented them getting loans.

The DPC received 22 breach notifications from Bank of Ireland in relation to the “corruption of information” the bank was sending to the Central Credit Register. In total, 19 of these incidents met the definition of “personal data breach” under GDPR.

The DPC found that approximately 47,000 data subjects were affected by this breach.