7 June 2010
A monitoring campaign conducted by the Consumer Agency and Data Protection Ombudsman indicates that many companies offering instant loans do not follow the relevant legislation. Authorities will intervene in the illegal policies that are used by these companies. In addition, the Consumer Agency has asked the police to investigate possible usury.
Measures have been taken to prevent problems with instant loans through new legislation. Companies offering instant loans have not been allowed to grant loans since February, unless they identify the applicant with a strong identification method, such as online bank identification. They must also indicate the annual percentage rate of interest in their marketing activities and are not allowed to transfer money into the customer’s account at night.
The Consumer Agency and the Data Protection Ombudsman checked in spring as to what extent the some 80 companies offering instant loans comply with the new requirements. Authorities paid special attention to how well they follow the new requirements and also looked into maintaining consumer protection and data protection at a more general level.
Only 30 companies identify credit applicants in the manner required by law, i.e. using a strong identification method. Many of them leave the identification to the customer by letting him/her choose whether to use online bank identification when applying for a loan. According to the law, an instant loan company must request identification from all new customers as well as from existing customers who apply for a new loan and to whom the company has granted loans before February 2010.
It turned out that thirteen companies were indicating the annual percentage rate of interest inadequately. They may state the rate, but not visibly enough and only in the terms of agreement, for example. Four companies still transfer money to customers’ accounts at night.
Gaps in handling customer information
Companies offering instant loans must see to it that the data in their customer registers are up-to-date and that they are not kept longer than necessary. In addition, they must always state the purpose for which the data will be used.
The monitoring campaign indicated that companies offering instant loans typically keep applicants’ personal data in their registers for 5-10 years. Keeping the data for such a long time involves the risk that they are no longer up-to-date. The Consumer Agency and the Data Protection Ombudsman have received reports about cases in which a consumer who has changed his/her telephone number has received invoicing and recovery messages and SMS advertisements from the instant loan company because the previous holder of the number used to be a customer of the company.
About one-third of the companies are a part of a group of companies. Their customer data may end up in use by the other group companies even without consumers knowing about it. The data can be used for direct marketing and making credit decisions.
The inspections also revealed that the companies had not always issued statutory advance reports to the Data Protection Ombudsman about the use of automatic decision-making systems or the outsourcing of the handling of personal data.
Companies must remedy their faulty policies
The Consumer Agency and Data Protection Ombudsman insist that the companies remedy their illegal, faulty policies. The authorities are monitoring the situation and will intervene in any faults.
During the monitoring campaign, the Consumer Agency submitted an investigation request to the police about usury in the offering of instant loans.