> Posted by Susy Cheston, Senior Advisor, CFI

Almost three decades ago, I walked into a meeting with a loan officer at a major bank in Boston. I was running a not-for-profit dance company that was well-respected, had good governance, and had a decent business plan—but hey, it was a not-for-profit dance company with no endowment and no certainty of surviving beyond its next show. We were not a good risk on paper. My job was to persuade the loan officer to give us an unsecured line of credit based solely on our business plan and his judgment of our ability to execute against that plan. He looked at our financials, but he also sized me up. This was not data analytics, this was the old-time community bank model of a decision based on a hand shake and a relationship, a sense of trust. Truth be told, the loan officer was biased in our favor. He really loved our work and believed in what we did. That plus a few well-placed board members had gotten me in the door where a company with a similar balance sheet and risk profile would have been left out in the cold.

A few years later, I landed in El Salvador where I formed lending groups among poor, illiterate women in the relatively early days of microfinance. “Ella es buena paga” was the phrase the women used to identify someone who was known as good for paying her debts. It meant that when a vendor in the marketplace or the owner of a corner store let a customer buy something on credit, she was good for it. On the basis of a reputation as “buena paga,” the lending group would allow a woman to join them. Needless to say, those who were known as “mala paga” would be blacklisted and not permitted to join the group.

Perhaps the greatest microcredit miracle of the last century was that, thanks to these lending groups, poor women who were credit invisible were revealed as credit worthy, identified as such through social relationships and their standing in the community. It was the kind of relationship-based credit decision that I and our dance company had benefited from in Boston, but that people at the base of the pyramid had always been excluded from.

Back in the 1860s in the United States, local merchants had their own version of “buena paga” and “mala paga.” They would keep lists of their customers who didn’t pay their debts. After a while, they started sharing those lists with each other. It was a pretty simple risk management system — a basic list of people they considered to be poor credit risks. Soon enough, someone started providing the service of collecting that information from merchants and sharing it with others—but only at a local level. People still knew each other.

By 1899, the Retail Credit Company (RCC) was founded to provide that service of sharing information about who was “buena paga” and who was “mala paga.” They grew quickly, and by the 1920s, they had offices all over the United States. By the time the 1960s arrived, RCC had credit information and files on millions of Americans and would share it with just about anyone who paid them for it. The game had moved from relationships to data.

But credit bureaus didn’t only collect information on who paid off their loans. They collected data on people’s health, personal habits, morals, use of vehicles, and finances. According to Professor Alan Westin writing in The New York Times in 1970, Retail Credit collected “…facts, statistics, inaccuracies and rumors… about virtually every phase of a person’s life; his marital troubles, jobs, school history, childhood, sex life, and political activities.” The company was also alleged to reward its employees for collecting negative information on consumers.

When I worked in El Salvador in the 1990s, a woman could be ostracized and left out of a lending group due to a feud or some kind of unfair discrimination—something that had nothing to do with her ability and willingness to pay off her loan. As an outsider to the community, I did not know enough to be able to intervene in those cases, nor would I have. Since the women were guaranteeing each other’s loans, they needed to have a high level of trust in each other. It was a relationship-based model.

Nevertheless, one potential downside of that group lending model was that a woman could be outcast and become even more excluded by being left out of the group. In the 1960s in the United States, that outcast effect was magnified many times over if a consumer had the bad luck to have Retail Credit come across negative information of any kind. If you were blacklisted, the game was over.

This brings us back to Alan Westin, who was a real hero of credit reporting. A professor at Columbia University in the 1960s, Westin conducted some of the first significant work on consumer data privacy and data protection. His major books on privacy – Privacy and Freedom (1967) and Databanks in a Free Society (1972) – shaped the conversation, prompting U.S. privacy legislation and supporting the launch of many privacy movements globally in the 1960s and 70s. According to Westin, privacy is defined as an individual’s right “to control, edit, manage, and delete information about them[selves] and decide when, how, and to what extent information is communicated to others.”

Thanks in part to Professor Westin’s advocacy, those Wild West days of credit reporting in the United States were significantly cleaned up when the Fair Credit Reporting Act was passed in 1970, establishing limits on what information credit bureaus could share, and with whom.

Retail Credit Company not only responded to its tainted image by changing its name to Equifax, but it also significantly cleaned up its act. In 1989—the same year I was approaching my nice Boston loan officer for a line of credit—Jack Rogers took over as CEO of Equifax. Rogers made a number of changes, including reorienting the company toward providing tailored risk management for its customers; taking the company international; and, in a major break from its recent practices, setting a vision of becoming the gold standard of the industry with respect to personal privacy. He did something pretty revolutionary, inviting the company’s chief critic, none other than Alan Westin, to work with the company to transform its privacy policies and practices. Westin did exactly that, and today on its corporate website, Equifax proclaims: “We are committed to a well-established set of principles that address consumer privacy issues, and we take pride in being a trusted steward of consumer information….” The commitment seems to be real, and there is a strong corporate culture built around protecting those privacy principles.

Today, credit bureaus process billions of points of data every month and monitor activity on at least a billion credit cards in the United States. In addition to the U.S., Equifax works in 18 other countries (it’s the market leading credit bureau in all but a few of them), generating 158 billion credit score updates per month. Based on the myriad of data Equifax and other credit bureaus collect they make decisions about the credit-worthiness of individuals and assign them credit scores, determining if someone is “buena paga” or “mala paga.” They have immense power that is fueled by spectacular access to data and sophisticated models of data analytics. With new technologies, new abuses also become possible, making it more important than ever to focus on people and to protect their privacy. While the old days are blessedly gone—no longer is someone denied a loan because of marital troubles or political activities—still, there are people today in the United States whose credit score unfairly and unjustly prevents them from receiving a loan, effectively giving them a bad name. Sometimes the reason is the most faceless of all–simply a data entry error on the part of the credit bureau.

The fight for consumers to have some control over their own data—and their reputations — continues on. It’s part of the balancing act of businesses managing risk through some combination of relationships and data, with credit reporting ever evolving. On May 20, new regulations were agreed to that should make it easier for customers in the United States to correct inaccuracies in their credit reports. And on June 1, Equifax settled a lawsuit against the company by a man whose first name is God. Equifax had refused to recognize God Gazarov’s name as legitimate, and had effectively cast him out of the financial system. Now, Equifax has restored its relationship with God. We’ll hope that is a sign of good things to come.

Image credit: Accion

Have you read?

Ratings to Loosen the Regulatory Noose on China’s Microcredit Companies

How Client Protection and Ratings Work Together

The Future of Creditworthiness