We are in the early stages of a quiet but powerful transformation in how lenders obtain data to make underwriting decisions.
This transformation will have profound effects on consumers’ access to credit, lenders’ business models and how incumbent consumer reporting agencies operate.
Many new sorts of financial data — including utility and telecom payment histories, checking account balances and transaction information — are broadening credit access for people who lack credit history. At the same time, lenders are, more often than not, obtaining this information from banks and others using data portability protocols or data aggregators, with the consumer’s permission.
This “network-sourced data” is more up-to-date than the data lenders get from traditional credit reporting databases. Indeed, most reporting databases only receive updates from creditors in monthly batches, which means the data could be two months old by the time an underwriter or credit scoring model assesses it, while the lender can get network-sourced data in real time. Moreover, the new data sources come with a potentially richer array of attributes.
U.S. fintech firms such as Affirm, Ascend and Petal are pioneering network-sourced data in their underwriting models. Lenders are also testing the model in verifying self-reported income and assets and making ability-to-repay assessments in mortgage underwriting.
These changes hold a lot of promise for lenders. Timelier data will help them to better assess default probabilities. Datasets that cover a greater range of financial behavior — such as bill payments and the timing of deposited earnings and expenses — will enable lenders to assess the creditworthiness of larger portions of the population, making credit accessible to more people. And because queries to obtain network-sourced data are initiated with a consumer’s permission, there is the potential for greater transparency in lending decisions.
As network-sourced data becomes a greater part of underwriting, consumers may become less exposed to the sort of massive data breach that can and does happen to centralized consumer reporting databases. Credit reporting databases contain all of the identity and credit history information for millions of consumers, so they represent attractive targets for hackers. When breached, they not only pose costs to consumers and data providers in the form of fraud perpetrated by identity thieves, but they also dilute the reporting system’s effectiveness at verifying identities and assessing creditworthiness. True, hackers can steal data residing with each of a consumer’s account providers, but only one query or one provider at a time. Likewise, data held for limited periods and transported by data aggregators could be hacked; however, the amounts of data they hold would be relatively small if holding periods for the data are kept short.
Realizing the full potential of network-sourced data will require today’s reporting companies to adopt new capabilities as data network — as opposed to database — managers. This will especially be the case if underwriters find value in up-to-the-minute and more granular information — rather than limited monthly updates — on a consumer's existing credit accounts.
Today, a consumer grants access to each of his accounts one source at a time. To feasibly compile data from multiple network-based sources, consumers would need to be able to generate a single authenticated permission for numerous accounts. This would be made possible through a relatively straightforward network registry to which banks and other credit and debit account providers would report only meta-data on an account — information about the consumer’s identity and about the provider and nature of the account at the time the account is opened and, again, when it is closed or sold to another provider.
Factern, a U.K.-based fintech, has already developed this capability. In the U.S., debt registries have begun assembling this meta-information for credit accounts that are in default.
It is true that constructing a network like this will require broad political consensus among many players — including banks, lenders, fintech innovators, consumer advocates and legislators. And banks have exhibited reluctance to foster low-friction consumer data portability in the absence of a regulatory push. However, access to a comprehensive dataset on their existing customers, along with improved data security attached to data they share, could make them more receptive. Such a plan would also reduce fraud losses and cap their liability.
Policymakers would need to ensure that strong guidelines are developed to assure transparency (about user, purpose and time periods) for which consumers grant permission access to their data, to clarify what kinds of data can be used in underwriting and to limit the potential for discrimination. And they would need to extend consumers' existing right to review, and dispute errors in, their account data.
Finally, the consumer permissioning and data matching functions needed to make a registry-based data network work will require safer ways for consumers to establish, authenticate, and protect their digital identities than we currently have in place.
There’s no doubt that efforts to establish ground rules for this kind of data sharing will be complicated — and likely slowed in the wake of Facebook sharing its members’ data with unknown third parties.
While not without risk, a regime of network-sourced data for credit underwriting could prove valuable for lenders and consumers alike.