The Information Commissioner’s Office said it will be making “detailed enquiries” to examine a complaint that banks and independent finance firms are compiling and sharing files that may contain “unproven allegations” about small businesses they have lent to, reports The Telegraph.
The probe follows an anonymous whistle blower’s report to the Financial Services Authority, which was shared with the ICO, about Aldermore, a fast-growing “challenger bank” that has lent more than £1bn to small companies.
The allegations centre on lenders’ asset-based lending arms, which are unregulated. They provide a combined £16bn of credit to the UK’s small and medium-sized businesses – typically by advancing cash against their invoices.
The ICO said it will investigate the complaint about so-called “FIG” (Financial Intelligence Group) files on companies, which are routinely shared among certain finance firms, including two of Britain’s biggest banks.
“These electronic files include unproven allegations against particular individuals which are based purely on gossip and rumour which they then share with [lenders],” the whistle-blower said.
The files allegedly contain “unproven allegations (including fraud)”. “The sharing of this information prevents the individuals from obtaining facilities with other providers.”
This weekend, the Royal Bank of Scotland, HSBC, Aldermore and Bibby, Britain’s largest independent provider of asset-backed lending, all admitted that they share FIG data.
They said they were legally entitled to do so under an exemption under the Data Protection Act that allows “sharing of intelligence in relation to actual and suspected fraud”.
Steve Barry, chief risk officer at Aldermore, said: “In all areas of financial services there is sharing of intelligence in relation to actual and suspected fraud, which is expressly permitted under the Data Protection Act. Sharing information in this manner protects legitimate and law- abiding customers.”
Both Barclays and Lloyds Banking Group said they do not take part.
The ICO is thought to be concerned about the accuracy of, and basis for, some of the accusations being passed between lenders and whether those on the list have been made aware of their inclusion.
A spokesman for the ICO said: “Allegations have been made, and we will need to examine the full details and make our own detailed enquiries to see whether the Data Protection Act has been breached.”
Where a breach has “caused, or had the potential to cause, substantial damage and distress to those affected”, offenders could be fined up to £500,000, the ICO said.
