Credit bureaus rebut e-toll blacklisting threats

Featured

Etoll picSA’s credit bureaus contradict threats by collection company ETC that non-payment of e-tolls could get road users blacklisted.

Road users need not panic – non-payment of e-toll bills will not get you blacklisted.

This is the firm word from SA’s credit bureaus, in reaction to recent news around e-tolls and default judgments that has sparked a new wave of panic around the government’s embattled highway tolling project.

In a statement last week, the Credit Bureau Association (CBA) stated categorically that road users could not – and would not – be blacklisted for not paying their e-toll bills. “Information relating to e-tolls/SANRAL [SA National Roads Agency Limited] will not be held on the credit bureaus.

“The Transport Laws and Related Matters Amendment Act, 2013, which amended the South African National Roads Agency Limited and National Roads Act, 1998, specifically excludes the levying and collecting of e-tolls from the provisions of the National Credit Act, 2005 and the Regulations thereto, as amended from time to time (“the NCA”).

“Credit bureaus receive, hold, display and remove consumer information in accordance with the provisions of the NCA and accordingly are not able to hold information which is specifically excluded from the provisions of the NCA.”

The CBA, an industry body representing 9 of the 14 registered credit bureaus within South Africa, further stated that any information relating to e-tolls or SANRAL, which had been “inadvertently” loaded onto a consumer profile, would be removed.

“If any consumer is aware that information relating to e-tolls/SANRAL has been loaded to his/her consumer profile, please contact one of the [listed] credit bureaus to lodge a dispute and this information will be removed.”

The CBA represents Compuscan, Consumer Profile Bureau, Cred-IT Data Risk Management Solutions, Experian, Inoxico, Lexis Nexis Risk Management Services, Tenant Profile Network, TransUnion and Xpert Decision Systems (XDS).

What sparked the panic?

The CBA’s setting straight of the record comes after reports last weekend that a Gauteng motorist had been denied credit after being blacklisted for owing R60 000 in e-toll fees.

According to IOL, at least 25 other e-toll defaulters had also been given default judgments. Default judgments arise when a debtor does not respond or defend a summons they have received, and a default judgment automatically means blacklisting.

Shortly after reports of the shock discovery by the Gauteng consumer, Electronic Toll Collection (ETC) – the body appointed by Sanral to collect e-toll fees – said it had applied to the courts for about 1 400 default judgments against road users who had neglected to pay their e-toll fees, and had ignored court summonses.

According to Eyewitness News, ETC chief executive Coenie Vermaak said that over 15 000 summonses had been sent to court for e-toll users who had not settled their e-toll accounts.

 *To read the law that underpins the CBA’s statement first-hand, click HERE.

 [REFERENCES]  

  1. Credit Bureau Association: Consumer information relating to e-tolls
  2. za – Transport Laws and Related Matters Amendment Act 3 of 2013
  3. Eyewitness news – E-tolls collection company applies for 1400 default judgments for blacklisting
  4. Business Tech – ‘Pay your e-tolls or you will be blacklisted’
  5. IOL – E-tolls blacklist shocker for Gauteng resident

China’s social scoring system takes the idea of credit vetting to another level

Featured

 

chinasocialcredit

Picture credit: Kevin Hong

Your credit score makes up a significant part of the whole when it comes to your social status – something we at pbVerify value, and use to promote sound decision making.

 

As SA’s leading credit data bureau, pbVerify knows how important it is – for businesses and consumers alike – to be familiar with their credit history, and well aware of their current credit status. There are good reasons for providing access to credit score information, all of which are aimed at promoting financial health and good business decisions.

The same beneficial system, however, has seemingly seen a more sinister twist, with the well-publicised move by the Chinese government to take it to a whole new level – one that instils fear, rather than protecting the people it is in place for.

We all know about social status and, whether we like to admit it or not, it is important to us. Nowadays we use social media platforms like Facebook, WhatsApp, Instagram and Snapchat to project a certain idea about ourselves to the world around us – a feature these platforms refer to as a user’s “Status”.

pbVerify specialises in one of the most influential aspects or “scores” that make up a personal status – your credit score. While most consumers are all too familiar with what a credit score means, the implications of a negative score and the importance of knowing your score, the system the Chinese government plans to implement over the next few years, in which every citizen is tagged with a social score, sounds like the makings of a science fiction novel.

China’s Social Credit System (SCS), whereby the government plans to rank its citizens based on their social credit, is due to be implemented in full by 2020, although its wheels are already well in motion. It basically allocates each citizen a social score card based on – among other things – their credit history, behaviour, philanthropic contributions and even outlook on life and events. The government will garner this information based on citizens’ accounts and network activities.

Going forward, this social credit score will be used to rank citizens and reward – or punish – them accordingly. Some of the implications include travel bans, exclusion from top schools (for kids of parents with low credit scores) and from certain jobs, slow internet connection, exclusion from hotels, and even registration on a public blacklist.

In development for some time already (reportedly conceived around 2014 in its current form) and set in motion in earnest in late 2018, China’s SCS has already seen millions of Chinese citizens prohibited from travelling, with a reported 1.75 million air ticket purchases, and 5.5 million train ticket purchases denied last year.

While China claims its aim with the SCS is to enhance trust and social stability by creating a “culture of sincerity”, most are less optimistic about the system’s ultimate goal, with many referring to it as an Orwellian Dystopia, and calling it “nightmarish”.

The jury is sure to be out on this one for some time, at least as far as the general public goes. If nothing else conclusive for now, it does go to show the weight social scores – or statuses – can hold.

We are all about empowerment

At pbVerify, we pride ourselves in providing a service that is accessible, easy to use – and above all, beneficial to our customers. Our focus is on empowering our customers every step of the way, by imparting knowledge that enables sound, intelligent financial decisions.

We constantly strive to put the power squarely in the hands of local businesses, to enable them to quickly and comprehensively make informed decisions with regard to the customers they onboard.

To this end, we recently bolstered our TransUnion Business Report with Quick Vet 4 Business (QV4B) – an instant online tool that enables credit vetting decisions in a matter of seconds.

Granting credit to new customers does not need to be a long, complicated process. Read HERE for more on how QV4B can speed up your business’s decision making and credit granting processes, giving you more time to attend to the things that matter most.

For more information or to speak to a pbVerify consultant call 010 300 4898 or email support@pbverify.co.za.

[REFERENCES]

  1. Wikipedia – Social credit system
  2. ABC Australia – China uses social credit surveillance system to ban millions from buying plane and train tickets
  3. Opploans – For people with bad credit, China’s ‘Social Credit’ scores sound like an actual nightmare
  4. Wired – Big Data meets Big Brother as China moves to rate its citizens
  5. Wired – The complicated truth about China’s social credit system
  6. pbVerify Blog – pbVerify bolsters credit risk management portfolio
  7. TransUnion – Quick Vet 4 Business

 

Healthcare – revolutionising an industry through digital

Featured

digitising healthcare with logoDespite all the fear and uncertainty surrounding data security in a digital world, the health industry has more to gain that it will ever have to lose from digitalisation.

The emergence of new privacy laws – international, local and industry specific – in an era of digital business and record management, has many companies quaking in their boots when it comes to the issue of data security.

One of the industries perhaps most touched by the concern over sensitive data, is the healthcare industry and, although digitisation can sound scary, there are so many more benefits than there are risks for this specific industry – and at the top of the advantages list, is increased security.

Independent research on paper document security by the Ponemon Institute found that not only is there a greater risk of loss that comes with going the paper route – rather than digital – but paper processes also make it far more difficult for companies to prepare for audits, share information securely and cut down on costs.

“There are not enough resources available to protect confidential paper documents. Sixty-one percent of individuals surveyed report that there are not enough resources and controls available to secure paper documents containing sensitive or confidential information,” reports Ponemon.

Digital Dawn

And, while times may change, paper processes do not. The fact remains – paper and manual document and data processes will always require more time and money, and be more prone to human error and other inevitable risks that come with physical handling, duplication and the sending back and forth of documents.

Fortunately, where resources do change, is in the digital realm. Today, digitalisation is not only a reality – it is the only way to go for institutions that value the security of their data as highly as law – and good sense – dictate.

Digitising processes, including storing and maintaining medical records, registration, exam requests and prescriptions, among others, can only bolster the security of data, and therefore the protection of all parties involved in medical processes, including patients, physicians, hospitals, laboratories and medical finance institutions.

The SigniFlow solution was developed precisely for this type of application. Instead of limiting functionality and dictating how entities and organisations should use their systems, SigniFlow offers total flexibility, allowing integration with a host of business applications so companies can go digital their way, with as little disruption as possible.

The best part, coming back to the thorny issue of data security, is that our encrypted solution is fully compliant with all security and privacy standards, including security requirements imposed by internal policies, industry, national and international laws.

Serious Security

SigniFlow is compatible with different enterprise resource planning (ERP) and hospital management systems, such as Phillips Tasy, MV and Benner, allowing entities and organisations to take advantage of investments already made, without the impact a change of system and infrastructure can have.

Our software platform enables the digitisation of processes such as patient check in, onboarding, medical records, requests for examinations and procedures, prescriptions and many more medical processes. At the same time, the SigniFlow solution uses different authentication methods to guarantee the identity of the parties involved, and to apply electronic signatures sealed by a digital certificate.

What’s more, SigniFlow allows users with their own certificates to use these, thereby enforcing compliance with regulations such as eIDAS, eSign, ICP Brasil, HIPPA, and many others, ensuring the authenticity, integrity and non-repudiation required to legally validate the relevant documents anywhere in the world.

For customers that require a higher level of identity assurance, we can also implement different authentication methods, such as witness signatures, photo capturing or biometrics, at the time of signing.

Big Benefits

So, in a nutshell, what are the real and immediate benefits of digitising processes in the healthcare industry?

Well, in addition to a considerable reduction in the costs associated with paper processes, going digital with SigniFlow can:

  • Decrease time of registration and admission of patients
  • Reduce waiting time for insurance approvals
  • Reduce financial loss resulting from misplaced original paper contracts related to payments for hospitals and insurance
  • Eliminate prescription forgery and health insurance fraud
  • Increase efficiency when it comes to access to patients’ medical history
  • Centralise information, allowing it to be shared with the relevant party (such as other hospitals, experts, health insurance, laboratories & pharmacies) in a matter of seconds

And the above are just some of the many benefits that come from integrating with our platform to digitise processes.

For patients, it means faster and more efficient healthcare. It means faster processes – which in turn means a quicker diagnosis.

For more information visit www.signiflow.com or call us on 010 300 4898.

REFERENCES

  1. Ponemon Institute: Security of Paper Documents in the Workplace
  2. Crypto ID: Benefícios da digitalização de processos na Indústria de Saúde

 

Local digital signature company cements global alliance

itologo

Posted by IT Online on 19 November 2018.

 

South African-born digital signature and workflow solution, SigniFlow, offering socially responsible product for business process automation, has landed on American shores.

A woman-owned small business based in New Hampshire, SigniFlow Americas is a member of the New Hampshire Tech Alliance, an affiliation committed to nurturing a technology ecosystem by building partnerships, enhancing knowledge, and shaping public policy.

The woman behind the new digital signature solution is Laila Robak, a Brazil-born entrepreneur with a passion for information technology and the power it has to transform and improve lives.

“We are very excited about the launch of SigniFlow Americas, and with Laila at the helm, this business is destined for greatness. We are proud to welcome all our Americas customers and partners to the global SigniFlow family,” says Leon van der Merwe, director of digital technologies at SigniFlow.

SigniFlow delivers enterprise-grade on-premise, private cloud and cloud solutions with a high level of integration, allowing companies to customise the solution to suit both their specific needs and their budgets. The solution provides legally valid digital signatures (cryptographic e-signing) and accepts digital certificates from almost any e-identity provider, publicly trusted certificate authorities (CAs) and privately signed public key infrastructures (PKIs).

Robak comments: “SigniFlow is a solution that can revolutionise business processes. It has various APIs that give us flexibility to create and integrate with existing systems and platforms, allowing organisations to choose from a range of options, from cloud to local deployments and hosted environments, and to use a mix of digital and electronic signatures – all while guaranteeing the legal validity of documents.”

Geospatial tech solves FICA, KYC challenges

Featured

geospatial image.PNGpbVerify’s ground-breaking KYC API transforms laborious manual processes into fast, effective and secure verification.

In our ongoing quest to build a digital future based on holistic online solutions to help our clients maximise operational efficiency, pbVerify has developed a Digital KYC API like no other.

Designed for institutions accountable to the Financial Intelligence Centre Act (FICA) – specifically its know your customer (KYC) requirements – our Digital KYC API (application programming interface) takes the pain out of the on-boarding process for both accountable institutions, and their customers.

pbVerify’s API transforms an onerous, time-consuming and expensive manual process into a convenient, fast-moving and inexpensive online one.

KYC hurdles

KYC, a risk-based assessment of customers (individuals and businesses), is an integral part of FICA which makes it incumbent on accountable institutions to carry out extensive due diligence on all financial services applicants.

This typically involves a list of documents, including minimum requirements such as proof of residence and proof of identification for individuals; and evidence of shareholding, director information and company history for businesses  (either originals, or sighted by an institution employee).

Steeped in red tape and paper documents, the manual KYC process has long been the bane of institutions and potential customers alike. Not only is it costly and time-consuming, it can be incredibly frustrating, given South Africans’ unique circumstances.

Moonstone, a Stellenbosch-based independent support network for financial service providers, cites residential transience and “an inefficient postal service” as aggravating factors in the KYC process.

API answer

Instead of spending unnecessary time and money trying to acquire the list of documents and physical verification required by FICA’s KYC rules, financial institutions can now – by running pbVerify’s Digital KYC API – get identification and residential verification directly from the HANIS (Home Affairs National Identification System) and SACRRA (South African Credit & Risk Reporting Association) databases, respectively, instantly and online.

Coupled with advanced algorithms, which were built to eliminate all the challenges South African address databases face, this makes pbVerify’s latest solution the most powerful one on the market.

In a nutshell, the KYC API works like this:

  1. Applicant requests an account with a registered credit provider.
  2. Applicant completes the credit provider’s online form, linked to the pbVerify KYC API.
  3. Applicant’s identification information (names and ID number) are instantly verified against the HANIS database.
  4. Applicant’s address (residential information) is verified against the SACRRA database, based on two parameters set by the credit provider, i.e. over what period – 3, 6, 12, 24 or 36 months; and how many address matches required, obtained from other credit providers.
  5. If the Digital KYC API returns the applicant’s address data as matching the database, as per credit provider’s criteria, the system automatically approves the KYC process.
  6. The system sends a response to the compliance department, indicating whether or not the consumer is FICA compliant.

API differentiator

What sets pbVerify’s KYC API apart from other digital KYC verification products on the market, is the advanced method is uses to not only effectively, but to irrefutably verify applicants’ information.

Our API uses geospatial technology, as well as multi-paradigm geodistance algorithms, to determine and compare address data between data received from applicants, and data on file from at least one hundred registered credit providers across South Africa.

Essentially, our technology loops through credit provider data to find similar address matches, within the said specified time parameter (3 to 36 months), within a few metres of the pinned geolocation of the applicant’s input.

One of the biggest challenges in South Africa when it comes to address verification by credit providers, is the fact that many citizens live in townships and townhouse setups, where the address does not conform to the standard street address format.

To overcome this challenge, pbVerify’s algorithm pinpoints the applicant’s address via geospatial location, strips all anomalies and/or conflicting information from the address, and finds other credit providers that have similar address details. Only if these are also within a few metres of the applicant’s original input, will the API accept the address and report the credit provider sources where it was found.

In other words, only if enough data exists to satisfy your unique KYC requirement-settings, will the API return positive results, together with the source of the data matches, e.g. Vodacom, Edgars, FNB Home Loans, etc.

Apart from the immediately evident advantages of replacing manual with digital – primarily time and cost savings – pbVerify’s Digital KYC API underpins POPI (Protection of Personal Information) Act compliance, it adds another dimension in terms of security, and it removes the probability of human error.

 

[REFERENCES]

  1. gov.za – Financial Intelligence Centre Act, 2001 (Act No. 38 OF 2001)
  2. Financial Intelligence Centre – The FIC Act
  3. Financial Intelligence Centre – Frequently asked questions
  4. Moonstone – KYC– Knowing your client or killing your client?
  5. FNB – KYC/FICA information portal
  6. Investec – KYC Requirements

 

Data protection D-day is here – SA companies take heed

Featured

gdrpGDPR is here, and for organisations that deal with any personal information relating to EU member states, non-compliance will be ruinous.

The countdown has ended. D-day for enforcement of the European Union’s (EU) General Data Protection Regulation (GDPR) is here.

As of today, 25 May 2018, penalties will begin rolling in for organisations that have not yet taken the necessary steps to ensure they are compliant with this restructured – and considerably more stringent – set of data protection regulations.

The GDPR is a regulation borne out of the European Parliament, Council of the European Union and European Commission’s joint intent to strengthen and unify data protection for EU citizens.

But just because the GDPR is an EU regulation, South African organisations are by no means off the hook. On the contrary, experts warn, local companies need to take the GDPR – positioned as one of the most significant changes in data privacy regulation in 20 years – very seriously.

The inescapable fact is, any South African company that handles personal data connected to the EU has to comply with the GDPR, and failure to do so will be met with the same major consequences EU organisations face for non-compliance.

Far-reaching forces

Over recent decades, not only has personal data has become an increasingly important corporate asset that needs to be handled with extreme care, it has also become geographically agnostic. This means that, today more than ever, with the exponential growth of data propagated across borders, organisations globally need to take a staunch and unified approach to guarding it.

South African organisations, big or small, are no different – and the GDPR is not the only government-led product of this hugely digital age, nor will it be the last, it is merely the latest one to be enforced.

Leilani Smit, compliance professional at Smit Compliance (Pty) Ltd, notes that the GDPR applies to any local organisation that holds or processes data on EU citizens, regardless of the location of its head office. “This includes companies that have employees in the EU, sell or market products or services in the EU, or partner with EU organisations.”

Leon van der Merwe, head of digital at customer communication firm PBSA and director of local digital signature and workflow solution SignFlow, adds that any South African entity controlling or processing data relating to EU citizens is affected by the GDPR. “Controlling refers to any organisation that states why and how data is processed, while a processor is any party doing the actual processing of the data, whether based in the EU, or not.”

World Wide Worx MD, Arthur Goldstuck, says the effects of the GDPR will be far-reaching due to the fact that the EU is SA’s biggest trade partner. “[On top of this], any company that does business with a company that has to comply with GDPR, will also have to comply, to ensure the client is in compliance.”

GDPR vs POPI

Fortunately for SA, details around the country’s own local version of data protection policy – the Protection of Personal Information (POPI) Act – have been highly publicised since 2013, and many companies will already be familiar – some even largely compliant – with what is expected of them in terms of data protection.

Summing up SA’s POPI Act, Michalson’s says: “Essentially, the purpose of [POPI] is to protect people from harm by protecting their personal information. To stop their money being stolen, to stop their identity being stolen, and generally to protect their privacy, which is a fundamental human right.”

Although – unlike the GDPR – it is still not known when POPI will come into effect, what is known is that companies will have a one-year transitional phase in which to comply once POPI’s implementation date is made public.

Smit says, should a local company already be compliant with international legislation such as GDPR, the implementation of policies to comply with POPI “should be a breeze and not require anything other than normal company practices and procedures”.

Van der Merwe says POPI and GDPR are similar in that both are intended to strengthen the protection of individuals’ personal information and privacy, and it is precisely this element – intention – that is key here, says Goldstuck.

The high price of non-compliance

Another area in which both sets of rules are similar, is in the hefty fines that come with non-compliance.

In a nutshell: breach rules laid out in the POPI Act, and face a R10 million fine and/or a jail sentence; fail to comply with the GDPR’s regulations, and be prepared to be slapped with a fine of up to €20 million (about R290 million) – or 4% of annual sales (whichever is greater).

Smit comments: “In South African terms, POPI already poses strict penalties for non-compliance, however as far as our Rand stretches, the GDPR’s penalties will definitely cause sleepless nights.”

Although possibly the biggest concern for companies, Smit notes that financial implications are not the only implications they should be worried about. “Not only can non-compliance result in fines and penalties set by the legislation itself, but [the] reputational damage of not processing information correctly, can often be more damaging that the initial penalty itself.”

It is this high price of non-compliance IT and legal experts hope will drive South African companies to do the right thing – not only for themselves, but ultimately for their customers – and fervently strive to meet GDPR compliance criteria.

Consumer-centric control

Van der Merwe says it is all about the consumer. “Both GDPR and POPI were ultimately created to protect the consumer’s privacy. We are all someone’s consumer, and even small businesses owners need to think carefully and logically about areas in their business where personal information is processed or stored, and what vulnerabilities may exist in their processes.

“For instance, we all receive CVs that contain heaps of personal and even sensitive information. Often, after a host of interviews, only the person’s CV that is employed, is securely transferred to a digital or physical vault in HR. What happens to the rest of the CVs that did not make it? It is the responsibility of any business to have policies and procedures to timeously and responsibly destroy such information. Simply identifying these vulnerabilities and implementing logical measures to manage them, is a good start for any size business.

“GDPR is a good thing that could be very bad news for companies, if they fail to provide evidentiary and auditable processes and adequate IT security to protect personal data.”

Goldstuck adds that it is not only important, but essential, that South African companies have a global view on data protection. “Something as simple as having a website hosted on an international platform can make a company liable to sanction under GDPR.”

Teaming up with tech

When it comes to local companies complying with the seemingly daunting and complicated GDPR in a relatively pain-free way, experts agree technology will be key. Software systems that offer automation, content management, enterprise resource planning and accounting, among others, will become a lifeline for many companies in their quest to comply.

Van der Merwe says existing paper-based processes and antiquated electronic systems that were created prior to factors such as the GDPR and POPI, pose major risks of contravening their laws and directives. “It is all about how businesses – and governments themselves – are going to align their physical and data processing practices with the new requirements and legislation. New regulations that enforce concepts such as the right to be forgotten pose major challenges if not considered in the process from the outset.”

Goldstuck says, while the data protection laws necessitate considerable changes in the ways businesses operate and interact with customers, good compliance systems will provide most of the safeguards they need.

“Businesses will have to get permission for almost every interaction with customers, they will have to become more discerning in what information they require from customers, and they will have to institute strict compliance systems to ensure they do not fall foul of these laws. As a result, compliance officers, CIOs and CTOs will have more direct roles to play in customer strategy.”

Don’t delay

Although not yet enforceable, the commencement date for POPI has been looming large on the horizon for some time now, with many expecting it by the end of 2018.

Despite this, say experts, many organisations are far from being ready. Goldstuck says: “Most large businesses have geared themselves up to comply with POPI, although many have not put this gearing up into effect. However, there is also an impression that many companies are simply not bothering until they are forced.”

Forrester’s 2018 predictions indicate that a whopping 80% of firms will not comply with GDPR regulations by May this year.

This has to change – and fast – says Smit. “Businesses can no longer just take a backseat and hope this will pass by or fly over.  Active steps will have to be taken in an organisation, for instance staff training, risk assessments and creating an ethical culture within an organisation, specifically with regards to processing personal information.”

 

 

[REFERENCES]

  1. EUR-Lex – Access to European Law
  2. org – Web learning resources for the EU General Data Protection Regulation
  3. Government Gazette (justice.gov.za) – Act No. 4 of 2013: Protection of Personal Information Act, 2013
  4. Michalson’s – POPI Act Summary in Plain Language
  5. Forrester – Predictions 2018: A Year of Reckoning

Credit providers to proceed with caution

Featured

man-and-women-window-shipping-at-mallCredit-granting companies are urged to continue to carry out stringent checks on prospective lenders, following a recent ruling that relaxes affordability assessment requirements.

While many local retailers have lauded a recent High Court ruling that binned a legal clause requiring lenders to demand payslips and financial statements from credit applicants, the move has been met with raised eyebrows from SA’s credit regulator – which is concerned it may lead to reckless lending.

Indeed now more than ever, in light of the historic ruling, it is worth reiterating how vital it is for credit lending – in whatever form – to be approached with caution. If you are a business owner that deals with individuals or other businesses, the importance of carrying out thorough checks when assessing customers’ credit status cannot be stressed enough.

While it is unquestionably important for businesses to have customers, financially vulnerable customers only spell trouble – both for your company’s bottom line and the customer, who you as a business should be protecting.

Court ruling

On March 16 this year, the Western Cape High Court made a ruling that binned the clause of the National Credit Regulations that, since 2015, had made it compulsory for credit lenders to acquire payslips and financial statements from prospective borrowers before granting credit.

The judgment applies to all forms of credit lending, from store credit to microloans.

Prior to the recent ruling, subsection 23 A(4) of the National Credit Regulations required credit providers to obtain three recent payslips or bank statements as proof of income from applicants who were permanently employed – and three recent documented proofs of income or bank statements from those who did not receive a salary. If the applicant could not provide proof of income, credit providers had to then get three recent bank or financial statements from them (see page 18 of the Government Gazette, 13 March 2015).

While affordability assessments have always been a requirement of the National Credit Act (NCA), prior to the more stringent requirements put in place in 2015, credit providers were allowed to decide on their own means of carrying these out.

This year’s Western Cape High Court ruling – spurred on by applications by Truworths, the Foschini Group and the Mr Price Group – essentially returns the affordability assessment subsection of the NCA back to its former, more moderate, self.

The three retailers brought the case against the Department of Trade and Industry and the National Credit Regulator (NCR) because they claimed the said affordability assessment regulation adversely affected their businesses.

Continue with caution

However, the NCR, which believes an important tool in the fight against reckless lending and borrowing has been removed, is not happy with the ruling, to the extent it is considering an appeal.

The Credit Ombud, meanwhile, has also reportedly greeted the ruling with caution.

News site iol cites NCR company secretary, Lesiba Mashapa, urging credit providers to continue to carry out thorough credit checks despite the ruling: “We appeal to credit providers to continue to apply the income verification standards set by the regulations to protect themselves and consumers from reckless lending and borrowing.”

While the credit regulations in terms of affordability assessments have been significantly relaxed, Section 81 of the NCA, which requires credit providers to take “reasonable steps” to assess consumers’ financial stability before granting credit, remains in force.

Mashapa has urged credit providers to proceed with caution, and continue to carry out stringent credit checks on prospective customers. “[Credit providers] should request consumers to produce proof of income.”

pbVerify offers a range of B2B and B2C Credit Risk Management tools for any size business in South Africa that grants credit. For more information visit our products page HERE

 

[REFERENCES]

  1. Credit Ombud – National Credit Regulations including affordability (Chapter 3: Page 17)
  2. The Department of Justice & Constitutional Development – National Credit Act (Page 114)
  3. Southern African Legal Information Institute – Truworths Limited and Others v Minister of Trade and Industry and Others (4375/2016) [2018] ZAWCHC 41
  4. iol – High Court ruling removes barriers to credit
  5. Business Day – Court ruling leaves credit providers in catch-22 situation