A controller is required to notify individuals of the basis of its processing activities. Sellers will commonly already include “the sale of a business, assets or portfolio” or “corporate restructuring” in their standard privacy notice. This should have been provided to the underlying loan customers at the time of originating the loan but, depending on the jurisdiction of the NPL seller and its internal procedures, this may not always be the case. We have witnessed a number of recent cases where sellers standard privacy notices have not been updated for GDPR purposes and consequently have been insufficiently detailed. This can lead to protracted discussions between the transaction parties (and third parties such as the domestic data protection commissioners) as to the appropriate way forward to facilitate the NPL transaction in a data protection-compliant manner.
The obligation to notify also exists where personal data is not directly collected from the individual. On completion of the transaction and once the NPL portfolio has been transferred, the buyer will need to comply with this obligation by issuing a privacy notice, identifying itself as the new controller and the purposes of its processing.
Where, as will be the case most pertinently for transactions involving US NPL investors, there may be a transfer of data outside of the European Economic Area, further considerations come into play. It is worth noting that the impending Brexit is likely to broaden the number of transactions where such extra disclosure considerations becomes relevant. Such data transfers are further restricted unless the jurisdiction is subject to an adequacy decision from the European Commission or an appropriate safeguard is put in place. The most common safeguard relied on in the absence of an adequacy decision would be the European Model Clauses. These are standard EU Commission issued contractual clauses which are to be entered into between the exporting and importing entities.
While the securitisation market has developed at pace in the past year with the new Securitisation Regulation and associated restatement of the Capital Requirements Regulation (CRR) both coming into force at the beginning of 2019, the development of clear guidelines relating to the NPL ent in the rest of the market.
4. The Indian Insolvency and Bankruptcy Code (IBC)
The online installment loans NE Discussion Paper issued by the European Banking Authority (EBA) in 2017 specifically sought to deal with the particular issues of SRT in the NPL market and attracted a variety of comments from market participants. According to the consultation paper issued by the Prudential Regulatory Authority (PRA) in , the EBA will report its findings in relation to harmonising SRT by and will, it is assumed, clarify the position with regard to NPL securitisation. Following this, the European Commission (EC) may choose to adopt a Delegated Regulation to further specify certain aspects of the CRR SRT framework. Until such time, however, no specialised regime is applicable to NPL exposures.
- recognition that standards applicable to performing exposures may not be appropriate and/or may require further elaboration in the case of transactions in which NPLs are securitised;
- recognition that further work ortisation structures and/or the use of excess spread to take due account of the specific aspects of NPL securitisation transactions; and
- specific regulatory treatment of expected and unexpected loss risk may need to be tailored to NPL securitisation transactions including defaulted exposures or where purchase prices are set at sub-par levels.
)) are still eagerly awaited by the market participants. It is to be hoped that these are delivered well before the deadline as this is an area clearly requiring a level of clarity and certainty currently not provided.