As we’ve explained in previous articles, a person’s credit history is the record of things like: how many credit accounts are currently open in that person’s name, their closed credit accounts, the history of on-time versus late payments on those credit accounts, accounts that are in collections, and how many times that person has applied for credit. Credit reporting agencies, or CRAs, are companies that gather, analyze, and then share specific information about an individual's credit history with third parties.

In this article, we’ll consider the reasons why a data provider should consider becoming a CRA and some of the steps to do that. Additionally we’ll discuss scenarios where a fintech app that needs financial data should seek to get it from a CRA versus a non-CRA data provider and how to establish that connection. 

Why Become a CRA?

Not all data providers need to consider becoming a CRA – in fact, we would say that most don’t. Becoming a CRA and then maintaining CRA status undoubtedly requires a lot of work and money. Yet for all the work, there are definitely some benefits to having the official status and capabilities of a credit reporting agency. In our experience, the main two are:

1) Increased Credibility and Trustworthiness

Like we mentioned above, in order to become a CRA, a company must follow strict government-imposed regulations and always stay up-to-date on any changes or compliance updates. When other companies know that about you, they will be much more likely to believe that your services and products are trustworthy and can be depended on for both accuracy and legal compliance. That credibility can increase your company’s reputation and marketing audience. 

2) More business opportunities

When a company becomes a CRA, they often gain access to a broader range of data sources. With more consumer data, your company now has more opportunities for applications of the data and thus more opportunities for partnerships. You can expand what services you provide to your customers, like credit risk assessment, fraud prevention, and identity verification. Overall, more diverse sources of data means more use cases for your company.

How to Become a CRA

Just because a data provider has access to financial data related to people’s credit histories doesn’t automatically make the provider a CRA. To gain the status of being a CRA in the U.S., a data provider must have several specific capabilities, like: 1) they need to be able to access specific, sensitive data about individuals from all relevant sources, 2) they often need to develop a credit scoring algorithm that will consistently and accurately predict a person’s ability and likelihood to repay debts, and 3) they need to comply with all additional legal requirements.

As a unique subset of data providers, CRAs understandably have a lot of specific requirements they must follow. In the United States, the Fair Credit Reporting Act contains a majority of the specific legal rulemaking that pertains to CRAs, but there are additional legal documents that also must be followed, like the Fair and Accurate Credit Transactions Act and the Gramm-Leach-Bliley Act. If you want to become a CRA, you almost certainly would need to hire a corporate attorney who is experienced with consumer financial services law as well as regulatory compliance. This attorney (or team of attorneys) would help your company develop its CRA plan from the very beginning, ensure you are adhering to all regulatory provisions, help prepare for and respond to regulatory examinations, and handle consumer inquiries and disputes.  

Why Get Data from a CRA?

There are four main categories of services that would make getting data from a CRA not only preferable, but in some cases mandatory according to the Fair Credit Reporting Act:

1. Lending – if your app involves lending money to individuals or small businesses (including BNPL apps) even in small amounts, then you will want to be getting data from an actual CRA to conduct your underwriting
2. Insurance – if your app has to do with helping users find and obtain insurance policies, whether its for medical or property, you’ll need to access data from an approved CRA
3. Employment – if your app involves the hiring or firing of people, then you need data from a relevant CRA
4. Tenancy – if your app involves reviewing housing applications and granting or denying tenancy, then you’ll need to get relevant data from a housing-related CRA

Equifax, Experian, and TransUnion have historically been the three primary credit reporting agencies utilized in the United States to calculate and publish individuals’ credit scores; but with the rise of open banking in more recent years, more CRAs are emerging as alternatives to the big three. Today there are various subcategories of CRAs that exist, based on what kind of financial information is being considered and for what purpose. The CFPB publishes a list annually that contains information about CRAs in the United States and is organized by services such as employment screening, tenant screening, medical, etc. You can access that list here. 

If your app doesn’t involve any of the four services listed above, however, then you probably don’t need to bother getting data from a CRA. For example, most peer-to-peer payment apps or digital wallets don’t need CRA data, nor would basic budgeting apps. 

How to Get Data from a CRA

If you’ve determined you do indeed need to get data from a valid CRA, the process involves several steps. Luckily most CRAs now have web services available which make things easier than they would have been in the past. Although through APIs you can connect to a CRA much more quickly and efficiently than previously, you should still expect the process to take three to six months from start to finish. Establishing the connection will require a variety of security and compliance reviews, meaning your app needs to have specific security certifications for data security. This most likely will be SOC 2 Type 2, PCI, or ISO 27001 compliance. 

Once your app is successfully connected to your selected CRA and able to receive data from it, you should expect to pay considerable monthly minimum fees (much higher than a standard data processor), even if you aren’t always using the service. With this in mind, we recommend again that you make sure you do need ongoing data from a CRA so that you’re not paying more than you need to be. 

Conclusion

Credit reporting agencies are a unique subset of data providers that has access to very specific information about individuals and their financial state. Becoming a CRA is a complicated process that requires huge attention to detail and a deep understanding of legal documents such as the Fair Credit Reporting Act, so we don’t recommend pursuing CRA status unless it’s absolutely necessary. While many fintech apps won’t ever need to access data from a CRA, there are four main categories of services that most likely do require CRA data: lending, insurance, employment, and tenancy. Because it’s significantly more expensive to get data from a CRA versus a non-CRA, we recommend avoiding it unless you’re legally required to.