Federal Agencies Encourage Alternative Data In Credit Underwriting If Done Right

On Tuesday, federal financial regulators released an Interagency Statement on the Use of Alternative Data in Credit Underwriting (the Statement) that encouraged the “responsible” use of “alternative data” in lending decisions, simultaneously highlighting the benefits and risks of using alternative data.  The Statement was released jointly by the Board of Governors of the Federal Reserve System, the Consumer Financial Protection Bureau (CFPB), the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency.

Alternative data, as discussed by the Statement, refers to a broad pool of information that typically does not show up in traditional credit history or that consumers do not customarily provide as part of their credit applications.  Whereas, traditional credit history typically includes a borrower’s debt and inquiry history, alternative data includes, among other things, non-debt payments, such as utility and telecommunications bill payments.  Cash flow data that includes electronic deposits, withdrawals, and transfers over time, may also be used, in the context of underwriting, as alternative data.  Indeed, the Statement specifically discusses the potential benefits of using cash flow data, including its benefits for evaluating consumers with multiple income streams, the relative reliability of the data sources (such as bank account records), the control that consumers have over the data, and the level of explainability when used in credit decisions. 

The CFPB has explained that alternative data can help individuals with limited—or even no—traditional credit information (credit invisibles) obtain access to services they would otherwise be denied by looking at conventional sources of information.  Alternative data could thus provide critical relief to these consumers, by potentially providing, according to the Statement, “expand[ed] access to credit and … benefits for consumers.”

The Statement, however, stops short of a full-throated endorsement and vaguely encourages the “responsible use of such data.” (emphasis added).  Responsible use suggests that firms should adopt a risk-based “compliance management program” to analyze “relevant consumer protection laws and regulations to ensure firms understand the opportunities, risks, and compliance requirements before using alternative data.”  As part of this compliance management program, firms should be testing and analyzing data to assess whether it is reliable and whether its use raises any fair lending concerns.  Firms should also consider the factors cited by the Statement in pointing to cash flow data as a potentially beneficial source of data—e.g., reliability, control, explainability.  In sum, the regulators have tentatively encouraged using alternative data, so long as compliance comes first.

The Statement appears to largely echo a CFPB blog post from August—unsurprising given that the CFPB was one of the Statement’s authors.  That post provided an update on the agency’s first No-Action Letter (NAL) issued in 2017, in which the agency agreed not to take enforcement action against a company called Upstart for using alternative data and machine learning in lending decisions.  In exchange for the NAL, Upstart agreed to adopt a model risk management and compliance plan and provide the CFPB with its data.  Like the Statement, the blog post took a positive tone—explaining that Upstart’s data showed that it approved “27% more applicants than [a] traditional model”—but also encouraged lenders to “maintain[] a compliance management program that appropriately identifies and addresses risks of legal violations.”

In sum, regulators are warming to alternative data, but they are still keen on ensuring that it is used responsibly and that companies demonstrate that they are fully analyzing consumer protection risks when using it for credit decisions.

Wiley Connect

Sign up for updates

By using this site, you agree to our updated Privacy PolicyTerms & Conditions, and Cookies Policy.