Hostname: page-component-586b7cd67f-tf8b9 Total loading time: 0 Render date: 2024-11-25T06:09:32.291Z Has data issue: false hasContentIssue false

Peer-to-Peer Lending and EU Credit Laws: A Creditworthiness Assessment, Credit-Risk Analysis or … Neither of the Two?

Published online by Cambridge University Press:  27 January 2021

Federico Ferretti*
Affiliation:
Department of Sociology and Business Law, University of Bologna, Bologna, Italy

Abstract

The Article deals with the protection of consumer borrowers and lending investors in peer-to-peer lending within the legal framework provided by EU credit laws. This is the legal framework for EU Member States in the area of loans to consumers. In particular, the article analyses the business model of taking lending decisions on financial technologies (“Fintech”) and big data vis-à-vis the legal obligation of the creditworthiness assessment by lenders. At the same time, it extends the applicability of such a business model to the credit-risk analysis undertaken in the interest of lenders. Ultimately, it questions to what extent EU law caters for peer-to-peer lending, and and to what extent consumers and lenders can find protection. It hints that peer-to-peer lending presents risks for both consumers and lenders, falling short of legal obligations and established practices for their protection.

Type
Article
Creative Commons
Creative Common License - CCCreative Common License - BYCreative Common License - NC
This is an Open Access article, distributed under the terms of the Creative Commons Attribution-NonCommercial licence (http://creativecommons.org/licenses/by-nc/4.0/), which permits non-commercial re-use, distribution, and reproduction in any medium, provided the original work is properly cited. The written permission of Cambridge University Press must be obtained for commercial re-use.
Copyright
© The Author(s) 2021. Published by Cambridge University Press

Introduction

In recent years, extraordinary developments in information technologies in a progressive thrust towards digitalization have started changing many traditional business models. In so doing, they have also started challenging the regulatory frameworks of reference. The retail financial services sector is one where financial technologies powered by sophisticated artificial intelligence and algorithms (“Fintech”) making innovative uses of a large amount of personal data taken from unrelated sources, also known as “big data” or “big data analytics,”are prominently affecting business models and markets. Peer-to-peer (“P2P”) lending—also known by other names such as social lending or marketplace lending—is one of such new business models engaging in the provision of credit to consumers and/or small entrepreneurs that is differentiating from financing in traditional banking/credit markets. It is a digital model that has experienced rapid growth and is one of the more mature crowdfunding sub-sectors. As an alternative method of financing, P2P lending enables individuals to obtain loans directly from other persons, such as, the investors or P2P lenders via a digital platform, cutting out the traditional financial institution as the intermediary. The platform is a third-party new intermediary that enables the service digitally optimizing and automating processes to deliver the needed outcome.

However, unlike traditional forms of lending to consumers, P2P lending does not find explicit regulation at EU level, despite posing not only the same set of problems but also new challenges. Its regulatory framework varies within the EU according to national rules of the Member States. However, not only is this inconsistent with the harmonized norms of EU credit laws for traditional credit provision, it is also at odds with the recent EU efforts to achieve a Capital Markets Union (“CMU”).Footnote 1

Within this framework, the goal of this Article is to analyze one of the crucial elements contained in EU credit laws applicable to the provision of credit to consumers: responsible lending and the assessment of their creditworthiness. It analyzes and conceptualizes “responsible lending” and “the creditworthiness assessment,” expanding the examination to risk-taking in finance and credit-risk analysis in the interest of lenders for the protection of their capital or investment.

The underlying question is: to what extent P2P lending—availing of Fintech and big data as the key of its business model—falls within the obligations of EU law and the interests of consumers on the one hand, and investors find protection from identified risks on the other hand. Do EU laws designed for lending responsibly cater for P2P lending? Are P2P lenders/investors protected by appropriate credit risks measures? Instead, is the practice of making lending decisions on Fintech and big data unfit to protect the interests of the parties and cater for other business goals of the platforms?

It is worth noting, as Fintech and big data analytics play a major role in the P2P lending business model, the General Data Protection Regulation (‘GDPR’), Footnote 2 is also applicable. However, this Article focuses solely on the analysis of credit laws, bearing in mind that establishing whether the GDPR is fit for artificial intelligence, big data and new financial technologies poses fundamental problems in its own right. These are addressed elsewhere. Footnote 3

A. Peer-to-Peer Lending, Credit Laws, and the Creditworthiness Assessment

I. Peer-to-Peer Lending

P2P lending is the most popular form of alternative finance by amount of capital raised. Footnote 4 It is part of the broader lending based crowdfunding market, an umbrella term used to make general reference to digital business models that connect those who can lend or invest money directly with those who need financing. Footnote 5

As a new model of organization alternative to traditional banking, in P2P lending a legal person in the form of a digital platform collects and pools separate amounts of funds from individuals or businesses in a crowd to finance collectively a larger loan to other needing individuals in their capacity of consumers or small entrepreneurs. Essentially, depending on the business model, it is lending and borrowing between private parties through the intermediation of a for profit online platform that matches lenders with borrowers. Footnote 6

This business model is made possible by the advancement of technological innovation in the financial services sector. As analyzed further below in this Article, Fintech and big data are changing the way financial solutions are delivered to customers. Footnote 7 To be clear, the primary roles and functions in financial services remain the same, but the way they are undertaken is changing—payments still need to be made, loans granted, savings and investments made, etc. Those specific activities still need to be undertaken as ever and do not change. What changes is how these activities are carried out and the roles undertaken by the providers.

The dealings among the three parties of a P2P lending transaction define the private law relationships. In its basic unsecured form, the borrower makes an inquiry or application to the platform indicating the amount and maturity of the sought loan. Next, the platform makes an assessment of the credit risk involved and sets the related interest rate to be published to potential lenders subject to the borrower’s agreement of the platform’s terms and conditions, including the obligation to repay the capital with interests in the agreed timeline and penalties for delays. In turn, the creditors or investors, also known as lenders, undertake a contract with the platform, which includes a contract for the benefit of a third party, and place their offers. After this, the loan is originated and the platform channels the funds from the lenders to the borrowers. Footnote 8

Crucially, there is no direct contract between the lenders and the borrower. Actually, the lenders and the borrowers remain anonymous to each other. In most models it is the platform that matches the lenders with the borrowers. In other models, though, the lenders may choose the borrowers in a pool by their characteristics or profile made by the platform. In these processes, the creditors or investors have access to limited information about the borrower, normally including the loan size, maturity, a basic risk scoring or rating, interest-rates, and return on investment. Footnote 9

Importantly, therefore, unlike traditional lenders that bear the credits on their balance sheet as well as eventual losses from non-repayment, the P2P lending platforms do not take risks through their contractual standing. They do not require capital, and they decentralize all financial risks, leaving them instead to the individual lenders. The lenders themselves bear the risk of credit, in particular that of the debtor’s insolvency or any failure to repay the loan. Footnote 10 Likewise, they bear the risk of the platform’s insolvency or a shutdown of its operations.

Distinctive cost-saving features of the whole process are the standardization and the automatization of user interfaces and assessments. The lower transaction costs vis-à-vis traditional lenders motivate the users of P2P lending alongside other distinct advantages including: a reduced time lag; minimal bureaucracy and documentation requirements for the borrowers; and higher returns on the invested capital for the lenders. Footnote 11

By contrast, the extent to which negative factors—such as borrowers’ poor credit history and high credit risk—motivate the use of the of P2P lending by the parties is unclear. In principle, on the one hand, borrowers access credit that otherwise they would not have. On the other hand, lenders would obtain higher returns by investing higher risk capital.

According to some, however, the borrowers’ lack of access to mainstream loans plays a minor role. This is due to an analysis of data that compares the non-performing loan rates of the traditional banks with those of the platforms. The results do not seem to validate the segmentation between low and high credit risk and a different allocation of borrowers. Footnote 12

By contrast, other studies provide empirical suggestions that P2P lending platforms explicitly target high-risk borrowers who do not otherwise have access to mainstream traditional credit channels, thus segmenting the market. Footnote 13

It appears that there is neither clarity nor certainty of the extent to which the assessment tools used in P2P lending could in fact be used to identify and target vulnerable consumers with high-cost or unsuitable products. Footnote 14

This debate is important and deserves more attention to provide more conclusive evidence, in particular to inform consumer protection policies and law. What is certainly noteworthy for this study is the method employed to make the relevant assessments of the debtors and the ensuing consequences.

In fact, when a platform conducts a credit risk assessment of a borrower for its users, it is confronted with the same problems of credit risk analysis as traditional lenders—though the latter conduct the credit risk assessment in their own interest. Moreover, as is analyzed in the next section, traditional lenders should conduct by law a creditworthiness assessment in the interest of borrowers.

In principle, the creditworthiness and credit risk assessments are particularly important in retail finance. These assesments are important for the debtors to be able to borrow responsibly, obtain affordable credit services they need, and help prevent risks of over-indebtedness. They are also important for lenders in order to minimize losses in their own interest and in the interest of financial stability.

However, as will be shown further below, the P2P platforms’ methods of assessments are different from the already imperfect methods of traditional lenders and contain the significant additional feature that, unlike the latter, the former do not take any credit risks that, repetita iuvant, remain on the platforms’ users. Moreover, the application of credit laws to the platforms is questionable.

II. Credit Laws and the Creditworthiness Assessment

As noted, the relationship between the three parties of a P2P transaction is regulated by the contracts with the platforms. Thus, national contract and agency laws provide for the applicable regulatory framework. In addition, where the borrower is a consumer, relevant EU law applies, which mandates obligations in the area of credit to consumers.

The central pieces of applicable EU legislation are the Consumer Credit Directive Footnote 15 (“CCD”) and the Mortgage Credit Directive (“MCD”). Footnote 16 Both pieces of legislation apply to creditors who grant or promise to grant credit in the course of their trade, business, or profession. Footnote 17 An important feature of these credit laws is the creditor’s duty to assess the creditworthiness of the borrowers.

Under the first limb of Article 8 CCD, creditors have to assess the consumer’s creditworthiness on the basis of “sufficient information” obtained from the consumer.Footnote 18 According to the interpretation of the Court of Justice of the European Union (“CJEU”), this provision leaves to creditors a broad margin of discretion in the determination of the information to be used.Footnote 19 In fact, the sufficient nature of the information may vary depending on the circumstances in which the credit contract was concluded, the personal situation of the borrower, or the amount covered by the agreement. In light of such interpretation, the CJEU declared that Article 8(1) CCD permits lenders to assess the creditworthiness of consumers solely on the basis of information supplied by them, on the condition that such information is sufficient and accompanied by supporting evidence, but not requiring a systematic verification by the creditor. Footnote 20

Only where it is “necessary” do financial institutions have to make such assessment on the basis of a consultation of the relevant database. Footnote 21 Such circumstances occur in Member States whose legislation mandates them to consult databases, which is usually a requirement imposed by central banks for purposes of financial stability or by some national banking acts.

In Article 9 the CCD is concerned that, for competition purposes, access is ensured on a non-discriminatory basis for creditors from other Member States to databases used in another Member State for assessing the creditworthiness of consumers.

The creditworthiness assessment of consumers is also featured in the MCD as the most reliable tool capable of fostering responsible lending. The EU legislature believes that imposing such a duty will enable lenders to determine the ability of consumers to meet their obligations under the credit agreement, and thus function as a tool to detect or prevent over-indebted consumers. After the lesson learned from the financial crisis, the MCD requires that creditors take appropriate account of a number of relevant factors, thus, requiring financial institutions to obtain information directly from the consumer with the addition of relevant internal or external sources, but without mandating or explicating what these necessary external sources are. What the law explicates is that relevant factors include income, savings, assets, expenses, features of the loan of offer, et cetera. Credit data is one of many possible sources of information for the creditworthiness assessment. Footnote 22

Like the CCD, the MCD looks at the competition side of the market and it provides for the non-discriminatory access of creditors to the databases used in another Member State via the exchange of information among the competing creditors, specifying that such databases comprise databases operated by private information providers as well as public registers. Footnote 23

Article 18(5) MCD introduces a nominal “duty to deny credit,” but the nature of this provision appears unclear or open to different readings. According to the norm, the creditor makes the credit available to the consumer only when the result of the creditworthiness assessment indicates that the obligations resulting from the credit agreement are likely to be met in the manner required under that agreement. Footnote 24 Therefore, if the outcome of the assessment is negative, indicating that the consumer is not likely to be able to repay his loan, the creditor should not grant the credit. Footnote 25 Moreover, should this situation arise, creditors must also be able to invoke the specific indications they took into account for the assessment of the consumer’s ability to repay the loan. Footnote 26 Under this interpretation, the intention of the European legislator is to impose on the Member States the introduction of a duty to deny and intervene in the freedom of the contractual parties, which could have opted to proceed to the conclusion of the credit agreement despite the negative assessment. Footnote 27

On a reverse reading of such a duty, the establishment of such an obligation should not mean that a positive creditworthiness assessment obliges lenders to provide the credit. This is expressly provided for in the relevant recital of the MCD. Footnote 28 This seems to be explained by the legislator’s intervention in the general principle of the freedom of contracts, which requires an express legislative provision justified by reasons of superior public interest. Footnote 29

Questions arise as to the public or a private nature of the obligation, as well as of the resulting sanctions and issues of enforcement. All that the MCD does is reference to sanctions to be set up by the Member States individually. There is an argument among scholars about the legal nature of the lender’s obligation to carry out a creditworthiness assessment. Until recently, it was the majority’s opinion that this obligation is a public law duty only. Footnote 30 As a result, a breach of such a duty could only trigger remedies laid down in the underlying sanctioning system of the national law providing for it. By contrast, the view of what until recently was seen as a minority is that the duty to carry out the creditworthiness assessment is a duty owed to the debtor; it is by nature either a private law duty or a duty with both public and private law character. Footnote 31 According to this view, breach of this duty entitles the debtor to damages. As a result, the creditor would have to put the debtor in the situation he would have been in had the duty not been breached. The debtor could claim that, had the creditor properly carried out the creditworthiness assessment, either the creditor or the debtor would not have entered into the loan agreement. Accordingly, the creditor would have to pay for every loss suffered by the debtor as a result of having entered into the contract. This does not only include costs and interest but can also extend to the loan itself. Additionally, if the debtor became insolvent as a consequence of taking out the loan the creditor would have to pay for any loss resulting from the insolvency. Footnote 32 What, in any event, appears doubtful is the extent to which the provision is capable of tackling the problem of over-indebtedness as its violation cannot lead to a debt cancellation without immediate repayment of the lent capital.

III. The Guidelines of the European Banking Authority (“EBA”) Footnote 33

To ensure that the provisions of the MCD on responsible lending are implemented and supervised consistently across the Member States, the EBA has issued guidelines on the way in which the creditworthiness assessment should be conducted. Footnote 34

According to the EBA’s guidelines, the creditor—when verifying a consumer’s prospect to meet his obligations under a credit agreement as referred to in Article 18 MCD:

Should make reasonable enquiries and take reasonable steps to verify the consumer’s underlying income capacity, the consumer’s income history and any variability over time. In the case of consumers that are self-employed or have seasonal or other irregular income, the creditor should make reasonable enquiries and take reasonable steps to verify information that is related to the consumer’s ability to meet his/her obligations under the credit agreement, including profit capacity and third-party verification documenting such income. Footnote 35

However, according to Ferretti and Livada:

There is no guidance, for example, as to whether the income includes only the net individual income and/or the family income, the period of time for which data should be gathered—particularly in the case of consumers with variable income depending on various parameters such as the profitability of the enterprise where they are employed or the market conditions—and what applies for the calculation of the income in the case of consumers who will retire within the duration of the credit agreement and whose income will thus be reduced. The precise determination of several of those elements that should be checked by the creditor is objectively quite difficult, since their configuration depends on many different factors varying per category of borrower and the market of each Member State. Moreover, taking into account the long average duration of home loans, the assessment process is quite complex and cannot but end up in assumptions and indications. This is exactly why in Article 18, paragraph 5 of the Directive, reference is made to the terms ‘likely to be met,’ as it is impossible to have certainty, particularly in periods of financial instability or crisis. Footnote 36

Moreover, under the EBA guidelines, the creditor should take into account relevant factors that could influence the consumer’s ability to meet his/her obligations. The factors may include other servicing obligations, their interest rates, the outstanding principal on such debt, evidence of any missed payments, and directly relevant taxes and insurance. Footnote 37

Importantly, the creditor should establish sound processes to assess the borrowers’ ability to meet their obligations under the credit agreement and maintain up-to-date records of those procedures, reviewing them at regular intervals. Footnote 38

Equally, to ensure that the high-level provisions on arrears and foreclosure will be implemented and supervised consistently across Member States and in support of their transposition into Member State domestic law, the EBA has issued a consultation on draft guidelines that aims at providing in greater detail how lenders should give effect to the provisions of Article 28 MCD. Footnote 39

These guidelines request that lenders establish policies and procedures to detect and handle consumers in financial difficulty, actively engage with consumers, and provide an undefined form of support alongside basic information as to the status of payments, consequences of failure to repay, and the existence of public schemes or support. As it concerns the resolution process, the guidelines contain a limited obligation on the creditor having to take into account the individual circumstances of the consumer and his interests—including the ability to repay—when deciding on which steps or forbearance measures to take. The listed concessions to the consumer include a total or partial refinancing of a credit agreement and/or a modification of the previous terms and conditions of a credit agreement, such as: extension of the term of the mortgage, change of the type of the mortgage, deferral of payment of all or part of the instalment repayment for a period, change of the interest rate, or offer of a payment holiday. Footnote 40

The EBA has further deepened the concept of the creditworthiness assessment by setting general requirements in its area of competence. In new draft guidelines, it finally recognizes that the creditworthiness assessment should aim to verify not only the borrowers’ ability and prospect to meet their obligations under the specific loan agreement, but also to provide an accurate single customer view that enables the assessment of the borrower’s ability to service and repay all its financial commitments.Footnote 41

The distinction between credit risk management and creditworthiness assessment eventually found recognition where the EBA demands that the verification of “the borrower’s profile is in line with the institutions’ and creditors’ credit risk appetite, policies and limits.”Footnote 42

In so doing, lenders should use relevant information, which has to cover, at a minimum, an assessment of the borrower’s income, disposable income, financial situation, and source of repayment capacity to meet contractual obligations.Footnote 43 Accordingly, lenders need to carry out the assessment of the borrowers’ creditworthiness before the conclusion of the loan agreement. When verifying borrowers’ prospects to meet their obligations, creditors should make reasonable enquiries to the borrower or third parties—for example, employer, public authorities, credit registers or credit bureaus—and take reasonable steps to verify the information and data collected. Where creditors make enquiries regarding borrowers’ personal data, “they need to ensure that they inform and seek permission from the borrower” in accordance with the General Data Protection Regulation.Footnote 44

Importantly, when assessing borrowers’ ability to meet their obligations, lenders should consider potential negative scenarios in the future, including, for example, a reduction of income and an increase in interest rates.Footnote 45

B. Fintech and Big Data: A Creditworthiness Assessment, Credit-Risk Analysis … or What?

I. The Traditional Use of Personal Data in Credit Markets

The methods of assessment undertaken in the P2P lending process require a contextualization with the traditional use of personal data in the underwriting of financial agreements. Arguably, the state of affairs already presents a number of unresolved economic, policy, and legal complexities that for many aspects remain controversial, at least in the EU. Reference is made to the diverse uses of personal data for a variety of different purposes in the area of retail credit markets, not all of them univocal or universally recognized or accepted.

It is already a common feature that lenders process and share a growing amount of personal financial data about their customers to underwrite credit decisions. Lenders access databases managed by third-party providers, known as Credit Registries or Credit Bureaus, in order to evaluate a consumer’s application, the risks involved in the transaction and their management, or—controversially—the prospective customer’s creditworthiness. Footnote 46

Traditional credit data is personal data relating to debt payments and financial accounts with lenders. Examples include previous and existing accounts—which normally include mortgages—bank accounts, store cards, charge cards, credit cards, loan accounts, and in many jurisdictions even mail order accounts as well as telecom and other utilities accounts. The level of credit product coverage in the databases differs from country to country. This is also determined by the type of lenders taking part in the data exchange system. The detail of the type of information collected and disseminated within the financial services industry also varies considerably at national level. Footnote 47

In financial circles, the virtues of data sharing are usually portrayed in terms of more efficient processes and decision-making or for a better management of financial risks or fraud situations. Most of the time, the benefits for consumers have been highlighted in terms of products/services better tailored to their needs, better quality, or cost-efficiency. Footnote 48 Moreover, the extensive use of credit data has been promoted to achieve a number of policy objectives. Examples include the facilitation of the access to a more affordable and better quality credit for consumers, Footnote 49 the prevention of consumer over-indebtedness by limiting irresponsible/predatory lending, Footnote 50 and the contribution to financial stability by limiting banks’ credit loss risks. Footnote 51 Under certain national systems, consumer financial data can even be part of a broader information centralization system managed by national central banks for the purpose of oversight of the financial system as a whole—meaning they are an instrument for the prudential supervision of the banking system. Footnote 52

In its thrust towards the creation of a true European market for retail financial services, the European Commission has identified the twofold issue of whether, and what type, of credit data should be necessary for the creditworthiness assessment. They question whether further action is needed to facilitate provision of services or ensure consumer protection. Footnote 53 The concern arises from the provisions of the CCD and MCD where creditors have the right to consult credit databases in other Member States on a non-discriminatory basis to assess the creditworthiness of potential customers. Footnote 54 However, financial institutions still face problems when attempting to use data as the techniques for their collection, distribution, and use are still very diverse across the EU, and opinions vary on what type of data are relevant for creditworthiness assessments. This means that accessing and using these data from lenders in other Member States is problematic, and they are unable to provide their services cross-borders competitively.

The latter aspect raises the issue about the absence of a standardized EU-wide information infrastructure for univocal and defined objectives. This situation not only exposes a jeopardized EU single market in the area. The arrangements and function of data infrastructures in the national jurisdictions, the differences in volume and variety of the datasets and data sources, as well as the depth and breadth of the data in use—including differences in the meanings attributed to equivalent data—show that very different practices exist across the EU. Footnote 55

The portrayed diversity among the Member States raises the question of whether data processing practice works better to achieve well-defined and univocal objectives, especially as it concerns the creditworthiness assessment and without forgetting data protection legislation. For example, both the CCD and the MCD state that the provisions mentioning the use of credit data are without prejudice to the application of the EU data protection law on the protection of individuals, specifically, with regard to the processing of personal data and the free movement of such data. Those provisions must be respected, particularly as far as the requirements of “necessity” and “proportionality” of the processing are concerned. Footnote 56

Within the EU’s scattered framework, the question is whether practices in one Member State are more appropriate than those in the others. There is no study or evidence that may offer such a suggestion. That is why, arguably, the fragmentation in the Member States questions the reliability and proportionality of the practices in use in the national system. There are no uniquely accepted criteria or standards on the use of data—that is, there is no accepted/shared acceptance of what data are relevant to achieve defined objectives, especially when it comes to policy goals such as the creditworthiness assessment of borrowers or the provision of suitable loans to consumers.

Despite the questions that credit data pose for the integration of the EU single market in retail finance and the safeguard of its citizens, so far the policy and regulatory responses have been uncoordinated and equivocal—exposing the absence of common, harmonized, and/or appropriately resourced strategies at EU level. Footnote 57

II. Credit Scoring

Credit scoring is a systematic method used by lenders for evaluating the credit risk of each credit applicant. This provides an automatic analysis of the factors that have been predetermined to cause or affect the level of risk in lending. When used to assess consumers, it is essentially a way of recognizing different groups in a population according to certain features expressed by a combination of personal credit data and other non-personal information, and differentiating them on grounds of parameters and classifications set a priori from statistics for a predictive purpose. It is an analysis of customer behavior, with the objective to classify them in groups based on a predictive outcome associated with each customer. The probability of given events, for example a default in the repayment of a loan, is assumed to depend on a number of characteristics of the individuals. Footnote 58 The factors relevant for such a classification purpose are usually determined through an analysis of consumers’ past payment history together with other descriptive information provided in the credit application form and other data from public sources.

In technical terms, scoring models are mathematical algorithms or statistical programs that determine the probable repayment of debts by consumers, assigning a score to an individual based on the information processed from traditional financial data and categorizing credit applicants according to risk classes. It is a classification method where the input characteristics are the answers to the application form questions and the result of a check with databases, and the output is the division between “good” and “bad” or something in between. Footnote 59 In such a process, to avoid a selection bias, account has to be taken of not only the characteristics of borrowers who were granted credit, but also of those who were denied it. Footnote 60

Computer scientists believe that the reasons for the poor judgmental capabilities of humans are: (i) the subjectivity and the large grey area where the decision is up to the officers; (ii) humans being prone to bias, for instance in presence of a physical or emotional condition which may affect the decision-making process; (iii) personal acquaintances with applicants distorting the decision-making process; (iv) humans considering the evidence sequentially rather than simultaneously; and (v) the difficulty for humans of discovering useful relationships or patterns from data and the knowledge hidden in the same data. Footnote 61 Moreover, humans are deemed to be costly and time consuming and thus replaceable by more efficient machines. Footnote 62

Clearly, no scoring system, even the better ones, may predict with certainty any individual repayment performance. Footnote 63

III. Fintech: Artificial Intelligence, Algorithms, and Big Data

It is within the above described complex and controversial scenario that the P2P lending assessments undertaken by the platforms should be contextualized. As anticipated, in fact, platforms use the tools of big data analytics as a substitute to the assessment tools and standards of bank credit analysis, resulting in incomparable credit assessment quality.

Broadly conceived, the term “Fintech” abbreviates “financial technologies” to deliver financial solutions. Footnote 64 Many Fintech developments are based on proprietary artificial intelligence systems (AI) and associated innovative uses of data. AI embraces different forms of computer systems that are able to learn from the data and their own experiences to solve complex problems or uncover patterns to predict future data or perform decision-making tasks—also known as machine-learning powered by mathematical algorithms able to create further algorithms based on accumulated data. Footnote 65 There is no single methodology to design such systems and they are likely to differ one from the other, closely guarded as trade secrets. Footnote 66

The rise of big data—large data collection and processing obtained from diverse and unrelated sources—has created vast digital catalogues of personal information that can be continually analyzed and categorized with AI.

Fintech should not be understood to refer to a specific scene of start-up legal entities disrupting finance with innovation. More comprehensively, it focuses on the financial services offered to end-users, and is therefore activity- or services-based. It is finance enabled by, or provided via, new technologies where the value chain increasingly includes alternative providers such as P2P platforms to the traditional ones. Footnote 67

IV. The Rationale for Innovation

As noted earlier, in mature financial markets, the common approach to risk has been that past behavior is predictive of future behavior. As a result, assessment tools that make use of data about previous or existing credit lines—such as credit data taken from traditional sources—have been developed on a large scale and in an increasingly automated way. The idea that data about the past is predictive of the future represents an early correlation, and is in many ways the ancestor of big data correlations.

As credit underwriting and technologies evolve, and standards and appetite for credit adapt to changing economic cycles and shifting demographics, a wider array of new data are now available in the credit risk analysis of lenders. These so-called “non-traditional” or “alternative” data are classified as big data gathered from diverse sources outside the standard credit reports that lenders use to evaluate consumer borrowers. Their volume is greater than that of the traditional sources as they are usually taken from several data points mined from consumers’ offline and online activities. Big data can now assemble data from where consumers shop, internet browsing, social media, digital data brokers, and other online trails to mathematically determine the creditworthiness or credit-risk of consumers. In this fashion, even if such big data is not intuitively related to creditworthiness or credit risk, all data becomes credit data with an open nature as to their sources. Footnote 68

These innovative techniques are capable of reshaping business models, underwriting criteria, and customer experiences. Their innovations associate the commoditization of big data analytics with an understanding of demographic changes, borrower needs, and how to connect to borrowers through new technological channels. Footnote 69 Reportedly, the 2008 financial crisis has also played an accelerating role marking the impetus and arrival of new market players pushing for competition over innovation to lower costs and gain market share. Footnote 70

These new business models are the first ones to recognize the limits of traditional credit data. As credit underwriting and technologies evolve and credit adapts to changing economic cycles and demographics, lenders themselves want to target customers that may habitually have no or short credit history in the traditional sense—borrowers who may be termed the “invisible” or “unscorable.” A limit of traditional data is that they are largely of historical nature. As they make use of a limited number of categories of data relating to payment and debt histories to pursue new credit, they do not provide a reliable picture of the many factors that can lead someone to fall short of payments or high debt levels. Footnote 71

Again, the traditional model requires borrowers to take on debt before obtaining a credit score, leaving a large number of potentially creditworthy or profitable individuals unscorable by the traditional system. Such individuals may include the growing ranks of consumers who have migrated from other countries. In the EU there are nationals of other Member States who take advantage of EU free movement provisions but who are unknown in the host Member State. As seen earlier, traditional data is siloed in individual Member States. As such, the “unknown” issue can be more markedly the case for non-EU migrants. Moreover, traditional credit risk analysis and assessment methods are less effective in those economies where past data are not available, and especially where there are large segments of low-income or unbanked consumers. Footnote 72 Traditional data portrays how reliable someone may be at spending with debt, presupposing that this person is a frequent debtor, incentivizing the building of a credit history. Footnote 73 Therefore, these kinds of customer profiling remain incomplete.

Another case is that of young generations. They are users of new technologies and are connected in social media. Although they have not yet amassed wealth and have little to no credit history, they represent an important market segment. Moreover, the generational effects of the economic downturn that erupted in the last decade combined with high levels of youth unemployment may have delayed major purchases, thus prolonging the time it takes for young generations to establish a credit history. Footnote 74

Other significant market segments exist which traditional data are unable to serve. These are not only the unbanked or under banked consumers. Many households may have temporarily impaired financial capabilities. For example, consumers with otherwise immaculate or sufficient credit histories may experience hardship associated with the economic downturn. Footnote 75

All these examples show how traditional data sources are an imperfect indicator of credit risk analysis or creditworthiness assessment. From their side, the Fintech industry considers that traditional data may easily fail in identifying large segments of consumers, in detecting isolated versus recurring credit issues, or in providing more insight into consumer behavior. Thus, the overarching idea of big data, large datasets obtained from diverse unrelated sources, where Fintech makes the correlations. P2P lenders are able to source alternative data to target not only traditional customers with the added value of a more accurate profiling, but also customers that may habitually have no credit or short credit histories. Big data offers a more accurate profiling and are more predictive. Footnote 76

Illustrations of non-traditional data are emerging daily. The explosion of social media and professional networks provide unprecedented amounts of information that can be used to support decisions about an applicant’s credit risk. People post large amounts of personal information that can be captured. For example, to establish an estimated earning potential for borrowers with short job histories, lenders may consider information such as the education history, student loans, and the majors studied. In addition, if those “socially” or “professionally” connected with an applicant are responsible borrowers with stable employment and good credit histories, this may support the probability that the applicant him/herself is also a responsible borrower. The age of their social media accounts and the volume of activity within them can indicate an applicant’s interconnectedness and stability with their network. Some lenders apply similar concepts to an applicant’s professional networks. The individual’s job and the jobs their connections hold may provide insights into the strength of the applicant’s job stability. Footnote 77 Analyzing social networks may allow lenders to understand other information such as race, socioeconomic status, and their comparative customer loyalty. Footnote 78

New data sources that can be included in the assessment of a borrower can contain phone and utilities bills. Customers can be asked to sign over permission to access personal emails, bank accounts, social media accounts, shipping data, their monthly cash flow over bank accounts, and online financial accounts such as Paypal, Amazon, or Ebay, amongst others. Heavy activity on these sites may suggest a healthy cash flow. Additionally, spending patterns may give indications of the frequency someone loses control of finances. Similarly, probing the way applicants click through web pages can give suggestions about some of their character traits such as impulsiveness or attitude towards risk-taking. Footnote 79

Any data that may align with default rates can quickly be incorporated into the assessment. For example, some lenders are starting to look for customers with gym memberships, as they were found to be more reliable than those without aforementioned memberships. Footnote 80 Others look at stores frequented by people deemed by the company to have a poor repayment history. Footnote 81 Systems have been set up to detect unsettling patterns that are indicative of higher risk, such as expenses for marriage therapy for possible problems leading to separation or divorce, which can lower credit lines or lead to the setting of higher interest rates. Footnote 82 Even web searches for the applicant’s name combined with keywords chosen by the lender may provide information. Footnote 83 Accounts of smart devices provide other detailed data—for example they generate calls and text messages over given periods of time, each carrying a rich data set including the time the call was made, which may indicate having a more or less fixed job, the location of the caller at the time of the call, the receiver of the call, the type of information accessed via text messaging, and the types and number of payment transactions made through such devices. For those customers who consent to the sharing of their data in order to access credit, prepaid-minute or internet traffic purchase patterns can indicate a steady or uneven cash flow. Retailer loyalty cards can provide important insights into consumers’ income, spending habits, and family structure. Footnote 84

All the above illustrations show the limitless potential of big data in personal finance. At the same time, they indicate how digitalization and ensuing business models direct to the financialization of the private lives of consumers.

C. Peer-to-Peer Lending in a Legal Vacuum

I. Personal Data, Credit-Risk Analysis, and the Creditworthiness Assessment

As noted, the emergence of policies over responsible lending in the area of credit for consumers—especially commencing in the preparatory works of the CCD and developing further in the MCD—and the resulting legal requirements to lenders to engage in the creditworthiness assessment of customers have shaped the rhetoric justifying the use of personal data in the lending process. This usually occurs with the consultation of databases and the use of scoring models. These tools have been promoted to assess the credit risk or creditworthiness of customers in order to prevent over-indebtedness by limiting excessive borrowing.

However, while the concepts of credit risk analysis and creditworthiness assessment may be easily confused, they are not the same and require a distinction. In fact, the temptation would be to consider that the creditors’ interest coincides with that of debtors: if the former reduce their credit risk, it is more likely that the latter would be able to repay their debts, thus diminishing the risk of becoming over-indebted. Following this temptation, however, would be folly.

Lenders may increase their profitability if the borrower falls in arrears, pays penalty interests, but eventually repays the debt. Similarly, lenders may market a more expensive credit service to some consumers who, on the basis of credit risk analysis, can nonetheless repay the debt or repay it with arrears. Footnote 85 Financial incentives may lead lenders or intermediaries to market services that, though repayable by the consumers, do not necessarily coincide with their needs. Footnote 86 In all these cases, lenders have minimized their credit risk to their profitability, yet the consumer suffers a detriment.

The above examples show that the concepts of credit risk and the creditworthiness assessment are not coincidental and may serve different interests. Therefore, the concept of creditworthiness assessment, which derives from responsible lending policies and finds legal recognition, requires a further analysis.

Responsible lending and borrowing is a post-economic crisis policy to tackle consumers’ over-indebtedness. In principle, it refers to the delivery of responsible and reliable markets, as well as the restoration of consumer confidence, where credit products are appropriate for consumers’ needs and are tailored to their ability to repay their debts. They envisage a framework that could ensure that all lenders and intermediaries act in a fair, honest, and professional manner before, during, and after the lending transaction. Similarly, it is expected that, in order to obtain credit, consumers provide relevant, complete, and accurate information about their finances. They are also encouraged to make informed and sustainable borrowing decisions. Footnote 87 Therefore, responsible lending means that lenders should not act solely in their own interests, but also that they should take into account the borrowers’ interests and needs throughout the relationship in order to satisfy consumer needs and prevent over-indebtedness. In so doing, responsible lending also envisages a policy framework to prevent economic and social detriment at macro-level, when consumer indebtedness reaches high levels in the economy.

The duty refers to both pre-contractual and post-contractual stages of the relationship between lenders and borrowers, and encompasses the whole life cycle of credit services, from their inception through marketing and until the borrower has repaid the loan. Thus, an important prerequisite for responsible lending is that consumer credit services are designed in a responsible way so as to reduce potential risks of detriment for borrowers that can be foreseen and therefore avoided. Footnote 88 For example, the importance of financial services design from a consumer protection perspective has been increasingly recognized in the post-crisis era, which has witnessed the introduction of the so-called product governance regimes across different areas of financial services. Such regimes generally relate to the organizational conduct of business rules that should be observed by financial institutions when developing financial services. Footnote 89

When it comes to lending practices, the thrust of responsible lending is that prior to the conclusion of a credit agreement, the lenders should assess more than whether or not they will recover their money in case of the borrower’s default on a loan—that is credit risk. For example, according to the guidance of the UK Financial Conduct Authority on assessing creditworthiness in consumer credit: [m]ost firms have a strong commercial incentive to assess credit risk, including the probability of default, but may have less incentive to assess the risk that the credit will impact negatively on the customer’s wider financial situation in particular where these customers will still be profitable for the firm. Footnote 90

This means that lenders should also determine whether the borrowers are likely going to be able to repay without incurring substantial financial harm generally, and whether a credit and any related services are actually suitable for them. In this sense, the duty to assess a borrower’s creditworthiness indicates a borrower-focused assessment to prevent the latter from culminating in financial distress. Footnote 91

This stance seems to be corroborated by the CJEU. In LCL Le Crédit Lyonnais it was held that the creditworthiness assessment should be done in the interest of consumers to prevent irresponsible lending practices and over-indebtedness. Footnote 92 To the extent that the interest of lenders is to enlarge the customer base and profitability, these interests may not coincide with the provision of suitable products in the interest of borrowers in terms of provision of financial services at affordable costs to those who need and qualify for them. Creditors certainly have an interest in the ability of debtors to repay under the credit agreement between the parties, but they may not be concerned about the sustainability of the new debt on other financial arrangements with other parties. A problematic repayment situation may arise if the consumer is not able to repay the debt within a reasonable time, and/or the consumer is only able to repay it in an unsustainable way—for example, by cutting back on essential living expenses or by defaulting on other loans or financial obligations. In these circumstances, a consumer may feel the need to take out more credit in order to meet the existing repayment obligations or cover basic living expenses. Moreover, the higher the risk is for the creditor, the higher the price of the loan. Instead, the borrower-focused creditworthiness assessment should primarily be designed to prevent the consumer from ending up in a problematic repayment situation that may result in over-indebtedness. Footnote 93

All things considered, therefore, while a customer’s assessment may also include the assessment of credit risk, it should by no means be limited thereto, but it should include a proper borrower-focused creditworthiness assessment.

Therefore, even more markedly than in the case of use of traditional credit data, arguably the expanded data processing of Fintech is mostly done in the interest of the platforms and, at least in principle, of the P2P lenders for their own risk and price assessments—ultimately for their profitability. It is objected here that this form of credit risk analysis and marketing—even in the broadest sense—may coincide with responsible lending and the creditworthiness assessment.

Having established that P2P lending does not engage in the creditworthiness assessment and before concluding in the direction of non-compliance or lack of enforcement, a subsequent question arises concerning the extent to which P2P platforms and/or lenders are under any obligation to conduct it in the first place.

II. The Applicability of Credit Laws to P2P Lending

As noted, both the CCD and the MCD apply only to creditors as defined in the respective laws. Both laws frame a “creditor” as a person who grants or promises to grant credit in the course of his trade, business, or profession. Footnote 94

The applicability of the provision to P2P platforms is doubtful. The CJEU shed light on the matter in TrustBuddy AB, where the request for a preliminary ruling asked precisely whether Article 3(b) CCD is:

[T]o be interpreted as meaning that that a trader is to be regarded as a creditor if it markets credit to consumers via the internet in the form of so-called peer-to-peer lending and exercises, as regards the consumers, the decision-making power generally appertaining to creditors with respect to the terms and conditions, the granting of credit and debt recovery, even though the funds for credits come from anonymous private individuals and are kept separate from the trader’s own funds. Footnote 95

Following to the platform’s bankruptcy, the case was deleted from the CJEU register and the question remained unanswered. Footnote 96

As the situation stands, it is reasonable to maintain that the definitions of “creditor” do not encompass persons whose business model only consists of matching borrowers with lenders or investors. At face value, a platform may qualify as a “credit intermediary,” defined as “a natural or legal person who is not acting as a creditor and who, in the course of his trade, business or profession, for a fee … presents or offers credit agreements to consumers or … concludes credit agreements with consumers on behalf of the creditor.” Footnote 97 As a credit intermediary, the platform shall certainly have a number of information obligations, Footnote 98 but not the duty to assess the creditworthiness of the borrower, which should be a responsibility that remains on the creditors under Article 8 CCD and Article 18 MCD. As a result, the applicability of the CCD and the MCD to P2P lenders does not appear straightforward.

If the P2P lender is a private individual, it would be hard to maintain the she or he falls within “the course of his trade, business or profession,” especially if this is not their primary means of living, but a mere investment in the same fashion as bonds, shares, funds, or else. Thus, the transaction could hardly qualify as consumer or mortgage credit, with resulting no obligations under the credit laws. By contrast, to the extent that a P2P lender is a natural or legal person who grants credit in the course of his business or profession, the credit laws should apply.

The problem is that, as noted earlier in this work, it is the platform that conducts its own assessment of risks and establishes the pricing. The above analysis indicates that the creditworthiness assessment is clearly missing and P2P lenders, where applicable, do not have any means to conduct it independently.

III. The Risks for Debtors

The above analyzed vacuum is clearly to the detriment of the borrower. Not only may the absence of a proper creditworthiness assessment cause problems of inability to repay the debt or other existing debts. Based on profiles, even solvent debtors are at risk of paying more than necessary. Algorithms, in fact, can match customers with the highest price they are capable or willing to pay, which does not necessarily mean meeting the consumer’s needs.

The question here is whether borrowers’ creditworthiness could be achieved through correlations or associations, bearing in mind that they are not causation. Likewise, prediction is not the same as knowledge. Unlike the latter, the former is not neutral and is used to determine the future. Therefore, the risk is that Fintech will create a more complex and fragmented financial environment where data analytics may exploit or manipulate consumer behavior or biases. The problem is that these systems are overly complex, not transparent, and there are no mechanisms to safeguard against abuses and mistakes—generally known as the “black box” problem. Footnote 99

Algorithms are complicated and opaque and, as a result, they transform numerous bits of apparently neutral or unrelated information about a consumer into straight numerical scores that determine the outcome and/or price of applications. Most of the time not only the logics/biases of the algorithms remain secret, but also the data sources used by the individual lenders are undisclosed. Accordingly, the use of algorithms raises concerns that consumers have limited means to identify and contest lenders’ decisions and to undertake the necessary steps to improve their chances. Footnote 100 It is arguably very difficult to determine how the data is correlated and whether the variety of unrelated data operates as proxies for personal features—also being of sensitive nature—targeting vulnerable individuals or behavioral biases. The fact that qualitative data is selected in addition to quantitative data poses the risk of unintentional or even intentional discrimination—for example, by cherry-picking certain borrowers and manage default rates that increase profitability—especially because their choice reflect biased human decisions in the design of the algorithm. Algorithms work on the basis of predetermined features or variables. Therefore, they are in a sense inherently biased or discriminatory. They assess the features of a person—thus his or her viability—according to the past behavior of others. In this way, the most appropriately designed algorithm is the one that can select, or discriminate, most effectively or better than others. This is a fundamental feature of algorithms that cannot be avoided. Obviously, the resulting decision-making does not overtly discriminate on the basis of factors such as race, gender, or age that are caught by anti-discrimination laws. Footnote 101 Nevertheless, it may instead use correlated information to build an in-depth profile of a particular customer and make indirect or other discriminations not explicitly covered by the law—such as discriminations based on behaviours, culture or wealth. Some instances of these discriminations can be traced back to traits of race, gender, or, age but they will be very hard—if not impossible—to prove. Big data may unearth protected information. For instance, they may reveal information that could not be otherwise obtained in any credit application, for example, shopping lists may reveal medical information or the health status of a person. Footnote 102

In totality, an indiscriminate use of data may easily lead to increased stereotypical decisions. They may respond to schemes concluding that certain groups of the population pose greater credit risks than others, so lenders decide to refrain from allowing access to financial services to those groups of consumers or make them pay more. In short, big data and Fintech allow too much access into their customer’s personal lives, and thus can create or ruin reputations. Footnote 103

All the above concerns can be exacerbated by inaccuracies in the data, the speed of its dissemination, or pre-existing biases. Big data can become a real problem for consumers who will not be able to determine where an error or a bias exists. If, under the traditional credit assessment system, they may be able to identify wrong or partial information in relation to a credit line or credit history, big data may make it impossible to know where the error or bias comes from because too much unrelated data from too many sources comes into play. Equally, big data can well frustrate the legal right individuals have to correct their data. Footnote 104 These risks not only expose an increasing intrusion in people’s private lives, but also raise debates and concerns over the financialization of their lives and the shaping and conforming of behaviors beyond that of repayment.

In sum, the identified risks stemming from big data analytics in Fintech applications may appear several and diverse in nature, ranging from the absence of a creditworthiness assessment, consumer over-indebtedness, unsuitable credit lines for consumer needs, abuse of market power, exploitation of vulnerable consumers, discrimination between consumers, stereotypicization, system complexity, and opacity.

IV. The Risk for Creditors

It is possible that the assessment processes undertaken by P2P platforms through Fintech and big data may replace the traditional credit risk analysis of traditional lenders. As noted, the underlying rationales are the enlargement of the customer base, more accuracy, and tailored pricing.

Even here, however, problems arise, this time for the P2P lenders. Because platforms do not bear any financial risks—aside from their business reputation—but instead gain from the transaction, it is anomalous that they are entrusted with the conduct of a credit-risk analysis under their own criteria. The P2P lenders do not know such criteria or the logic used for the assessment of the borrowers and the evaluations made. Their capital could be at risk and it is unclear how accurately such a risk is compensated by appropriate pricing. This rings even truer if one considers that Fintech and big data operate in an opaque manner unknown to the P2P lender and protected under trade secrets. These situations are exacerbated when the P2P lenders are unaware individuals who are, more often than not, laypeople.

Additionally, in those Member States where traditional lenders are subjected to consultation and reporting in public data registries, P2P lending would circumvent such an obligation where the P2P lenders are professional ones.

All in all, it appears evident that P2P lending operates in a legal vacuum where both unaware creditors and debtors face major risks due to the absence of the obligation to perform the creditworthiness assessment or the outsourcing of the credit risk analysis onto platforms. Footnote 105

D. Conclusions

This Article has examined the delicate issues of creditworthiness under EU credit laws, credit risk assessments in P2P lending via Fintech powered by AI, and big data as integral elements of the business model.

Unlike in the traditional credit relationships, in P2P lending, the platforms do not lend money. They are a new form of intermediation made possible by new technologies that facilitate and automate the interface with the parties of the lending process, the assessment, profiling and rating of borrowers, and the pricing of the loans. They do not have capital requirements and do not take any credit risks, which remain with the platforms’ users.

P2P lending challenges credit laws in many ways and poses old and new problems for consumers and lenders alike. By operating in a legal vacuum, assessment methods escape or circumvent credit laws designed—at least in principle—to protect consumers from the old problems caused by unsuitable credit for their needs and the risk of over-indebtedness, as well as to allow them to borrow responsibly. Moreover, in those few occasions where in the P2P environment lenders—as platform users—fall within the scope of credit laws for being professional lenders, the business model does not allow them to conduct a proper creditworthiness assessment.

Simultaneously, the use of Fintech and big data for credit risk analysis creates new risks for the borrowers. Problems of system complexity, transparency, inaccuracy in untraceable data disseminated at high speed, intentional or unintentional economic and social discriminations, abuse of market power, exploitation, categorizations, sorting, and stereotyping are the next most likely major threats for consumers aside from the absence of a creditworthiness assessment, automating, and protracting financial difficulties or exclusion.

P2P lenders are not exempted from new risks either. They remain unaware of the criteria or logics used for the assessment of the borrowers and the evaluations made. Their capital could be at a higher risk than the risks that they were ready to take had they known how the assessments are conducted. It is also unclear how accurately such a risk is compensated by appropriate pricing. This problem is exacerbated when the P2P lenders are laypeople.

Clearly, the existing EU legal framework is inadequate to face the challenges posed by new financial technologies such as in P2P lending. National legislations are also not suitable in a market that is transnational by its own nature, especially within the perimeter of the EU digital single market and the CMU.

The model of taking lending decisions on Fintech and big data in P2P lending does not respond to either EU legal requirements or methods designed to protect investor lenders. Instead, it proves as an exceptional marketing tool in the broadest sense. However, in a market for loans that is mainly supply-driven and governed by that supply-side—aggressive business models—the market may expand via the digital development targeting individual marketing and exploiting consumers’ biased behavior.

Because new technologies change the way financial services are delivered—and not the service itself—the timely understanding by the legislator of the different business models is crucial to recognize how the market develops, the limits of the law, and the design of conduct of business rules tailored to fix or preempt the problems they may create. Financial innovation constantly morphs and it should develop to serve society and thrive in an environment where all market players and different segments of society find adequate safeguards. If not, the intrinsic goals of financial innovation need heated disagreement.

Footnotes

*

Member of the Financial Services Users Group of the European Commission. Director of the Jean Monnet Centre of Excellence “Consumers and SMEs in the Digital Single Market (Digi-ConSME). Co-funded by the Erasmus+ Programme of the European Union.

The usual disclaimer applies.

References

1 See Commission Green Paper on Building a Capital Markets Union, COM (2015) 630 final (Feb. 18, 2015); Commission Green Paper on Retail Financial Services, COM (2015) 630 final (Dec. 10, 2015); Commission Communication from the Commission to the European Parliament, the Council, the European Central Bank, the European Economic and Social Committee and the Committee of the Regions—Consumer Financial Services Action Plan: Better Products, More Choice COM (2017) 139 final (Mar. 23, 2017). See also Joint Committee of the European Supervisory Authorities, Report on Cross-Border Supervision of Retail Financial Services, JC/2019-22 (July 9, 2019).

2 Commission Regulation 2016/679, 2016 O.J. (L 119) 1, 88.

3 See, e.g., Federico Ferretti, Consumer Access to Capital in the Age of FinTech and Big Data: The Limits of EU Law, 25 Maastricht J. Eur. Comp. L. 476 (2018); Alessandro Mantelero, The Future of Consumer Data Protection in the EU: Re-Thinking the ‘Notice and Consent’ Paradigm in the New Era of Predictive Analytics 30 Computer L. Sec. Rev., 643 (2014).

4 Bryan Zheng Zhang, Robert Wardrop, Tania Ziegler, Alexis Lui, John Burton, Alexander James & Kieran Garvey, Sustaining Momentum: The 2nd European Alternative Finance Industry Report (Sept. 2016).

6 Accordingly, in a limited interpretation, P2P should cover only natural persons lending to other natural persons—however, the most common models also include businesses as peers, especially from the lending side. See Tanja Jorgensen, Peer-to-Peer Lending—A New Digital Intermediary, New Legal Challenges, 1 Nordic J. Comp. L. 233 (2018).

7 Douglas W. Arner, Janos Nathan Barberis & Ross P. Buckley, The Evolution of Fintech: A New Post-Crisis Paradigm?, 47 Geo. J. Int’l L. 1271 (2016).

8 Rainer Lenz, Peer-to-Peer Lending: Opportunities and Risks, 4 Eur. J. Risk Reg. 688 (2016).

9 Variations may occur depending on the business models, including occasions where the platforms themselves contribute to the loan and become lenders. See Laura Gonzales, Online Social Lending: The Effect of Legal and Cultural Frameworks (July 21, 2014) (unpublished manuscript) (on file with SSRN).

10 Depending on the business models, in some cases they are assisted by the platform in passing the outstanding sums to a debt collection agency; in other cases, they have to activate the debt collection procedures independently. See generally, Elisabetta Bani, Le Piattaforme di Peer to Peer Lending: La Nuova Frontiera Dell’intermediazione Creditizia, in FinTech: Introduction to the Legal Aspects of a Single Technological Market for Financial Services 163 (Giappichelli ed., 2017).

11 Lenz supra note 8.

12 Id.

13 Alexander W. Butler, Jess Cornaggia & Umit G. Gurun, Do Local Capital Market Conditions Affect Consumers’ Borrowing Decisions?, 63 Mgmt. Sci., 4175 (Dec. 2017); Calebe De Roure, Loriana Pelizzon & Paolo Tasca, How Does P2P Lending Fit into the Consumer Credit Market?, 30 Deutsche Bundesbank (2016).

14 Mikella Hurley & Julius Adebayo, Credit Scoring in the Era of Big Data, 18 Yale J.L. & Tech. 1 (2016).

15 Directive 2008/48 of the European Parliament and of the Council of 23 April 2008 on Credit Agreements for Consumers and Repealing Council Directive 87/102 O.J. 2008 (L 133) 66. The scope of application of the CCD covers credit agreements between €200 and €75,000 that do not fall under the exemptions listed in Article 2(2) CCD. For example, leasing agreements that do not impose an obligation to purchase the object of the agreement; credit agreements in the form of an overdraft facility and where the credit has to be repaid within one month; credits granted free of interest.

16 Directive 2014/17 of the European Parliament and of the Council of 4 February 2014 on Credit Agreements for Consumers Relating to Residential Immovable Property and Amending Directives 2008/48 and 2013/36 and Regulation No 1093/2010, O.J. 2014 (L 60) 34. The scope of application of the MCD covers credit agreements which are secured either by a mortgage or by another comparable security commonly used in a Member State on residential immovable property or secured by a right related to residential immovable property, and credit agreements the purpose of which is to acquire or retain property rights in land or in an existing or projected building.

17 Id. at art. 3(b); Directive 2008/48 of the European Parliament and of the Council, supra note 15, at art. 4(2).

18 Directive 2008/48 of the European Parliament and of the Council, supra note 15, at art 8.

19 Federico Ferretti & C. Livada, The Over-Indebtedness of European Consumers under EU Policy and Law, in Comparative Perspectives of Consumer Over-Indebtedness 11 (Federico Ferretti ed., 2016).

20 ECJ, Case C-449/13, CA Consumer Finance SA v. Ingrid Bakkaus and Others, ECLI:EU:C:2014:2464 (Dec. 18, 2014), paras. 36–39, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:62013CJ0449&from=EN.

21 Directive 2008/48 of the European Parliament and of the Council, supra note 15, at art. 8(1).

22 Directive 2014/17 of the European Parliament and of the Council, supra note 16, at arts. 18, 20, recital 59. On the suggested good practices for the creditworthiness assessment, see also Opinion of the European Banking Authority on Good Practices for Responsible Mortgage Lending, European Banking Authority, EBA-Op-2013-02 (June 13, 2013).

23 Directive 2014/17 of the European Parliament and of the Council, supra note 16, at art. 21. The focus on competition of the MCD is clear from Recital 60 MCD: “[T]o prevent any distortion of competition among creditors, it should be ensured that all creditors, including credit institutions or non credit institutions providing credit agreements relating to residential immovable property, have access to all public and private credit databases concerning consumers under non discriminatory conditions ….”

24 See also Directive 2014/17 of the European Parliament and of the Council, supra note 16, at recital 57.

25 An obligation to deny credit has existed under the Swiss law for consumer credit since 2003, even if not directly, but by combining the relevant provisions. See Loi sur le crédit à la consummation [LCC], arts. 28–32 (Jan. 1, 2003). Moreover, heavy sanctions are imposed in case of substantive infringement of the said obligation. See also B. Stauder & X. Favre-Bule , Droit de la Consommation 188 (2004).

26 Federico Ferretti & C. Livada, supra note 19.

27 Id.

28 Directive 2014/17 of the European Parliament and of the Council, supra note 16, at recital 57.

29 Ferretti & Livada, supra note 19.

30 Federico Ferretti, Riccardo Salomone, Holger Sutschet & Viktoras Tsiafoutis, The Regulatory Framework of Consumer Over-Indebtedness in the UK, Germany, Italy, and Greece: Comparative Profiles of Responsible Credit and Personal Insolvency Law, 37 Bus. L. Rev. 64, 71–93 (2016).

31 Id.

32 Id.

33 The EBA is the new independent EU authority in charge of prudential regulation and supervision across the European banking sector. See Commission Regulation 1093/2010 O.J. (L 331) 12. It was established as part of the European System of Financial Supervision (ESFS) which is made up of three supervisory authorities: The European Securities and Markets Authorities (ESMA), the EBA and the European Insurance and Occupational Pensions Authority (EIOPA). The system also comprises the European Systemic Risk Board (ESRB) as well as the Joint Committee of the European Supervisory Authorities and the national supervisory authorities. National supervisory authorities remain in charge of supervising individual financial institutions; the objective of the European supervisory authorities is to improve the functioning of the internal market by ensuring appropriate, efficient and harmonized European regulation and supervision. See also About Us, European Banking Authority, www.eba.europa.eu/about-us (last visited Dec. 2, 2020).

34 European Banking Authority [EBA], Guidelines on Creditworthiness Assessment, EBA/GL/2015/11 (June 1, 2015).

35 Id. at 1.1–1.2, 10.

36 Ferretti & Livada, supra note 19, at 20.

37 EBA, supra note 34.

38 Id.

39 European Banking Authority [EBA], Consultation Paper on Draft Guidelines on Arrears and Foreclosure, EBA/CP/2014/43, 43 (Dec. 12, 2014).

40 Id.

41 European Banking Authority [EBA], Consultation Paper—Draft Guidelines on Loan Origination and Monitoring, EBA/CP/2019/04, 96–100 (2019).

42 Id. at 96.

43 Id. at 98. Under the following point 99, the EBA provides that “institutions and creditors should apply the metrics and parameters that are relevant from the perspective of assessing the individual borrower’s ability to repay the loan. Where appropriate, these metrics and parameters should include the following: A) loan to income ratio; B) loan service to income ratio; C) debt to income ratio; D) debt service to income ratio.”

44 Id. at 88.

45 Id. at 101.

46 Federico Ferretti, The Law and Consumer Credit Information in the European Community: The Regulation of Credit Information Systems (2008).

47 Association of Consumer Credit Information Suppliers [ACCIS], ACCIS 2015 Survey of Members—An Analysis of Credit Reporting in Europe (Nov. 2015).

48 E.g., Bank of England, Should the availability of UK credit data be improved? (May 2014), https://www.bankofengland.co.uk/-/media/boe/files/paper/2014/should-the-availability-of-uk-credit-data-be-improved.pdf; HM Treasury, Improving Access to SME Credit Data: Summary of Responses (June 2014), https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/323318/PU1681_final.pdf; Michael A. Turner & Robin Varghese, The Economic Consequences of Consumer Credit Information Sharing: Efficiency, Inclusion, and Privacy (2010); Nicola Jentzsch, Financial Privacy—An International Comparison of Credit Reporting Systems (2007).

49 Organisation for Economic Co-operation and Development [OECD], Facilitating Access to Finance—Discussion Paper on Credit Information Sharing (2012), https://www1.oecd.org/globalrelations/45370071.pdf.

50 ACCIS, ACCIS Response to Financial Services User Group (FSUG) Position Paper on the London Economics Study on Means to Protect Consumers in Financial Difficulty (Oct. 2013) http://www.accis.eu/uploads/media/ACCIS_Response_to_FSUG_Position_Paper_October_2013.pdf.

51 General Principles for Credit Reporting, World Bank Group (2011) http://documents.worldbank.org/curated/en/662161468147557554/General-principles-for-credit-reporting.

52 T. Jappelli & M. Pagano, Public Credit Information: A European Perspective, in Reporting Systems and the International Economy, 81 (M.J. Miller ed., 2003).

53 Commission Green Paper on Retail Financial Services, COM (2015) 630 final (Dec. 10, 2015).

54 See Directive 2008/48 of the European Parliament and of the Council, supra note 15, at art. 9; Directive 2014/17 of the European Parliament and of the Council, supra note 16, at art. 21.

55 Federico Ferretti, A European Perspective on Consumer Loans and the Role of Credit Registries: The Need to Reconcile Data Protection, Risk Management, Efficiency, Over-indebtedness, and a Better Prudential Supervision of the Financial System, 33 J. Consumer Pol’y 1 (2010).

56 See Directive 2008/48 of the European Parliament and of the Council, supra note 15, at art. 9(4); Directive 2014/17 of the European Parliament and of the Council, supra note 16, at recitals 59, 61, 62.

57 See Commission Green Paper on Building a Capital Markets Union, COM (2015) 63 final (Feb. 18 2015); Commission Green Paper on Retail Financial Services, supra note 53; Commission Communication from the Commission to the European Parliament, the Council, the European Central Bank, the European Economic and Social Committee and the Committee of the Regions – Consumer Financial Services Action Plan: Better Products, More Choice COM (2017) 139 final (Mar. 23, 2017). See also Resolution of 22 November 2016 on the Green Paper on Retail Financial Services, 2018 O.J. (C 224) 2 (where the European Parliament calls on the European Commission to: Analyse what data are necessary for the creditworthiness assessment and introduce proposals for regulating this assessment process; investigate further the current practices of credit bureaus in relation to the collection, processing and marketing of consumer data with a view to ensuring that they are adequate and not detrimental to consumers’ rights; and consider taking action in this area if necessary).

58 Francisco Louzada, Anderson Ara & Guilherme B. Fernandes, Classification Methods Applied to Credit Scoring: A Systematic Review and Overall Comparison (2016) https://arxiv.org/pdf/1602.02137.pdf.

59 L.C. Thomas, A Survey of Credit and Behavioural Scoring: Forecasting Financial Risk of Lending to Consumers, 16(2) Int’l J. Forecasting 149 (2000),

60 Loretta J. Mester, What’s the Point of Credit Scoring?, Bus. Rev., Sept.–Oct. 1997, at 3.

61 M. B. Yobas, J. N. Cook & P. Ross, Credit Scoring Using Neural and Evolutionary Techniques, 11 IMA J. Stat. Fin. Mathematics Applied Bus. & Indus. 111 (2000); Louis W. Glorfeld & Bill C. Hardgrave, An Improved Method for Developing Neural Networks: The Case of Evaluating Commercial Loan Creditworthiness, 23 Computers & Operation Res. 933 (1996).

62 Herbert L. Jensen, Using Neural Networks for Credit Scoring, 18 Managerial Fin. 15 (1992).

63 Mester, supra note 60.

64 Arner etal., supra note 7, at 1319.

65 See Michelle De Mooy, Rethinking Privacy Self-Management and Data Sovereignty in the Age of Big Data (2017); Kevin P. Murphy, Machine Learning: A Probabilistic Perspective (2012). See also Deb Miller Landau, Artificial Intelligence and Machine Learning: How Computers Learn, Tech Innovation (August 17, 2016) https://iq.intel.com/artificial-intelligence-and-machine-learning/.

66 Neil M. Richards & Jonathan J. King, Three Paradoxes of Big Data, 66 Stan. L. Rev. 41 (2013).

67 P2P Consumer Loans Given Landmark Rating, Financial Times (January 28, 2015) https://www.ft.com/content/a22edbe0-a749-11e4-b6bd-00144feab7de.

68 Ferretti, supra note 3.

69 PricewaterhouseCoopers, Is it Time for Consumer Lending to go Social? (Feb. 2015) https://www.pwc.lu/en/fintech/docs/pwc-fintech-time-for-consumer-lending-to-go-social.pdf.

70 Dirk A. Zetzsche, Ross P. Buckley, Douglas W. Arner & Janos Nathan Barberis, From FinTech to TechFin: The Regulatory Challenges of Data-Driven Finance, 6 Eur. Banking Inst. Working Paper Series (2017).

71 E.g. Jesse Leimgruber, Alain Meier & John Backus, Bloom Protocol: Decentralized Credit Scoring Powered by Ethereum and IPFS, (Sept. 4 2017), https://hellobloom.io/whitepaper.pdf.

72 See, e.g., David Ramos Muñoz, Javier Solana, Ross P. Buckley & Jonathan Greenacre, Protecting Mobile Money Customer Funds in Civil Law Jurisdictions, 65 Int’l & Comp. L.Q. 705 (2016).

73 Christopher P. Guzelian, Michael Ashley Stein & H. S. Akiskal, Credit Scores, Lending, and Psychosocial Disability, 95 B.U. L. Rev. 1807 (2015).

74 See, e.g., Equality and Human Rights Commission, Is Britain Fairer? (2015).

75 See, e.g., Civic Consulting, The Over-Indebtedness of European Households: Updated Mapping of the Situation, Nature and Causes, Effects and Initiatives for Alleviating its Impact (2014).

76 Zetzsche, supra note 70.

77 PricewaterhouseCoopers, supra note 69.

78 Big Data: Credit Where Credit’s Due, Financial Times (Feb. 4, 2015) https://www.ft.com/content/7933792e-a2e6-11e4-9c06-00144feab7de.

79 Id.

80 Id.

81 Id.

82 Charles Duhigg, What Does Your Credit-Card Company Know About You? N.Y.Times (May 12, 2009) http://www.nytimes.com/2009/05/17/magazine/17credit-t.html?pagewanted=all.

83 Tim Lewis, With Wonga, Your Prosperity Could Count on an Algorithm, Guardian (Oct. 16 2011) https://www.theguardian.com/money/2011/oct/16/wonga-algorithm-lending-debt-data.

84 Tobias Baer, Tony Goland & Robert Schiff, New Credit-Risk Models for the Unbanked, McKinsey Q. (April 2013) http://www.mckinsey.com/business-functions/risk/our-insights/new-credit-risk-models-for-the-unbanked

85 Ferretti, supra note 46.

86 Financial Services User Group, Responsible Consumer Credit Lending—FSUG Opinion and Recommendations for the Review of the Consumer Credit Directive (2019).

87 See Communication of the European Commission to the European Council on 4 March 2009 Driving European Recovery, COM (2009) 114 final. See also, European Commission, Public Consultation on Responsible Lending and Borrowing (June 15, 2009) https://www.eapn.eu/wp-content/uploads/ec%20consultation%20resp%20lending%20and%20borrowing%2015.06.09.pdf.

88 See, e.g., European Coalition Responsible for Credit, Principles of Responsible Credit, https://www.responsible-credit.net/index.php?id=2516

89 European Banking Authority, EBA Guidelines of Product Oversight and Governance Arrangements for Retail Banking Products (March 2016). See, e.g., Directive 2014/65/EU of the European Parliament and of the Council of 15 May 2014 on markets in financial instruments and amending Directive 2002/92/EC and Directive 2011/61/EU, 2014 O.J. (L 173) 349; Directive 2016/97/EU of the European Parliament and of the Council of 20 January 2016 on Insurance Distribution, 2016 O.J. (L 26) 19.

90 Financial Conduct Authority, Assessing Creditworthiness in Consumer Credit FCA Feedback on CP17/27 and Final Rules and Guidance (July 2018) https://www.fca.org.uk/publication/policy/ps18-19.pdf.

91 See Iain Ramsay, Consumer Credit Regulation After the Fall: International Dimensions, 1 J. Eur. Consumer & Mkt. L. 33 (2012); Iain Ramsay, Changing Policy Paradigms of EU Consumer Credit and Debt Regulation, in The Images of the Consumer in EU Law: Legislation, Free Movement and Competition Law, 159, 162 (Doreta Leczykiewicz & Stephen Weatherill eds., 2016).

92 ECJ, Case C-565/12, LCL Le Crédit Lyonnais SA v. Fesih Kalhan, ECLI:EU:C:2014:190 (Mar. 27, 2014) http://curia.europa.eu/juris/liste.jsf?num=C-565/12.

93 See, e.g., Fin. Serv. User Grp., supra note 86.

94 See Directive 2008/48 of the European Parliament and of the Council, supra note 15, at art. 3(b); Directive 2008/48 of the European Parliament and of the Council, supra note 16, at art. 4(2).

95 Case C-311/15: Request for a Preliminary Ruling from the Korkein Oikeus (Finland) lodged on 25 June 2015—TrustBuddy AB v Lauri Pihjalaniemi, 2015 O.J. (C 294) 38.

96 ECJ, Case C-311/15, TrustBuddy AB v Lauri Pihlajaniemi, ECLI:EU:C:2015:759 (Oct. 23, 2015), http://curia.europa.eu/juris/liste.jsf?language=nl&num=c-311%252F15.

97 Directive 2008/48 of the European Parliament and of the Council, supra note 15, at art. 3(f). Note, however, that the applicability of the MCD to platforms raises doubts. Though framed with the same words, Article 4(5) MCD adds that a credit intermediary is “a natural or legal person who is not acting as a creditor or notary and not merely introducing, either directly or indirectly, a consumer to a creditor or credit intermediary …” (emphasis added). See Directive 2014/17 of the European Parliament and of the Council, supra note 16, at art. 4(5).

98 See Directive 2008/48 of the European Parliament and of the Council, supra note 15, at art. 21; Directive 2014/17 of the European Parliament and of the Council, supra note 16, at art. 15.

99 F. Pasquale, The Black Box Society (2015).

100 Hurley & Adebayo, supra note 14.

101 See, e.g., Directive 2000/43/EC O.J. (L 180) 22 (implementing the principle of equal treatment between persons irrespective of racial or ethnic origin); Directive 2004/113, O.J. (L 373) 37 (implementing the principle of equal treatment between men and women in the access to and supply of goods and services). See also Case C-236-09 Association Belge des Consommateurs Test-Achats ASBL and Others v. Conseil des Ministers, ECLI:EU:C:2011:100 (Mar. 1, 2011), http://curia.europa.eu/juris/document/document.jsf?text=&docid=80019&pageIndex=0&doclang=EN&mode=req&dir=&occ=first&part=1&cid=17132128 (where the CJEU ruled that insurers can no longer take gender into account when calculating insurance premiums).

102 Hurley & Adebayo, supra note 14.

103 S.A. Sandage, Born Losers: A History of Failure in America (2005).

104 Art. 15, General Data Protection Articles of the EU.

105 See also O.O. Cherednychenko, J.M. Meinderstma, Consumer Credit: Mis-Selling of Financial Product, Eur. Parl. PE 618.997 (June 2018), https://www.europarl.europa.eu/RegData/etudes/STUD/2018/618997/IPOL_STU(2018)618997_EN.pdf.