The Bank of Slovenia is establishing the Central Credit Register (CKR) in accordance with the Central Credit Register Act (Official Gazette of the Republic of Slovenia, No. 77/16; ZCKR). CKR will constitute a centralised national database of the indebtedness of private individuals and business entities. As an element of the CKR, an electronic system for the exchange of information regarding the indebtedness of private individuals and business entities will begin functioning on 3 January 2017. In addition to the existing SISBON information system (containing data regarding the indebtedness of private individuals), from 3 January the SISBIZ information system for the exchange of data and information regarding the indebtedness of business entities will be available.
Similar to the SISBON before it, the SISBIZ will be accessible via the Bank of Slovenia’s website at www.bsi.si under the subpage ‘Central Credit Register’. 
Purpose of the establishment of the CKR and information exchange system
The CKR (and within it the SISBON and SISBIZ information exchange systems) is being established for the purpose of improving the processes of assessing and managing lenders’ credit risks, encouraging policies and measures for responsible lending and sustainable borrowing, preventing excessive borrowing by both private individuals and business entities, and aiding in the performance of the Bank of Slovenia’s tasks (risk management, macroprudential supervision, administration of monetary policy, maintenance of financial stability, etc.). The establishment of a central credit register in Slovenia also follows actions in the European banking area, where the European Central Bank and the central banks of the euro area and certain other countries are continuing processes to establish a dataset with detailed information on individual bank loans in the euro area, known as the Analytical Credit Datasets (AnaCredit).
Who submits data?
In addition to banks and savings banks, other lenders whose principal line of business is the conclusion of loan agreements, the provision of finance leasing or factoring services, lenders providing real estate leasing services, payment service providers, the Bank Asset Management Company, the Housing Fund of the Republic of Slovenia, the Eco Fund and the Ministry of Finance’s Public Payments Administration as the asset manager for the government’s single treasury account are all required to report data to the information exchange system and CCR. As members of the information exchange system, the aforementioned reporting entities will be able to access all the data exchanged in the system. In addition to the aforementioned members, certain other lenders (persons providing consumer lending services or legal entities that are established in Slovenia and whose principal business activity is to provide lending services by entering into loan agreements) may also join the information exchange system under the same conditions that apply to mandatory members.
Which information will be collected?
Data regarding borrowers (name, surname, address, information regarding personal bankruptcy, etc.), data regarding credit transactions (loans, approved overdraft facilities on payment accounts, transactions with payment instruments, arrears of more than 90 days in the payment of liabilities, information regarding tax, administrative and court enforcement orders via banks, etc.) and data regarding accepted sureties are collected in the SISBON database on the indebtedness of private individuals. Personal data in the exchange system and CCR are processed in accordance with the law governing personal data protection.
In accordance with Article 17 of the ZCKR, the following data regarding the indebtedness of business entities are exchanged in the SISBIZ database: basic data regarding borrowers (company name, business address, tax/registration number, data regarding insolvency proceedings and other data from business registers) and data regarding credit transactions (date of conclusion, unpaid liabilities, collateral, arrears, etc.). The Bank of Slovenia may also request the exchange of additional data, such as information regarding forborne exposures, performing/non-performing exposures and the classification of exposures.
As is already the practice in the SISBON, all private individuals and business entities about whom data are collected and exchanged in the system will be able to find out which data have been collected on them, and by whom, when and for what purpose they have been accessed. The ZCKR also envisages fines for members of the system and their responsible persons that fail to meet the prescribed technical and security requirements, or use data contrary to the purposes set out in the law.
Security aspect
The Bank of Slovenia will place a great deal of emphasis on the security aspect of the information exchange system, i.e. on mechanisms to prevent the potential abuse of data. The starting point in this regard were best practices drawn from the existing information exchange system for private individuals (SISBON), which will be further strengthened in certain areas. Special emphasis will be placed on enhanced audits of the fulfilment of information security requirements and standards, both at new members in the process of joining the information exchange system and at existing members. A full audit trail will be provided within the framework of the information exchange system, so that at any moment it is possible to determine when the data of an individual or business entity were accessed, by whom, and for what purpose. The ZCKR envisages major fines (ranging from EUR 5,000 to EUR 150,000) for violations associated with access to information.
SISBIZ bo od 3. januarja 2017 dostopen - tako kot je zdaj že SISBON - prek spletne strani Banke Slovenije www.bsi.si oz. nove podstrani Centralni kreditni register.
Namen vzpostavitve CKR in sistema izmenjave informacij
CKR – in znotraj njega tudi sistema izmenjave informacij SISBON in SISBIZ – se vzpostavlja z namenom izboljšanja procesov ocenjevanja in obvladovanja kreditnih tveganj kreditodajalcev, vzpodbujanja politik in ukrepov za odgovorno kreditiranje in vzdržno zadolževanje ter preprečevanje prezadolževanja tako fizičnih oseb kot poslovnih subjektov ter za izvajanje nalog Banke Slovenije (upravljanje tveganj, makrobonitetni nadzor, vodenje denarne politike, zagotavljanje finančne stabilnosti, idr.).
Vzpostavitev CKR v Sloveniji sledi tudi aktivnostim na evropskem bančnem področju, kjer Evropska centralna banka skupaj s centralnimi bankami evroobmočja in nekaterih drugih držav nadaljuje procese za vzpostavitev podatkovnega niza s podrobnimi informacijami o posameznih bančnih posojilih v evroobmočju (ang. Analytical Credit Datasets – AnaCredit).
Kdo posreduje podatke
V sistem izmenjave informacij oz. v CKR bodo morali poleg bank in hranilnic podatke posredovati tudi drugi kreditodajalci, katerih prevladujoča dejavnost je sklepanje kreditnih pogodb, opravljanje storitev finančnega zakupa ali faktoringa, kreditodajalci, ki opravljajo storitve finančnega zakupa nepremičnin, ponudniki plačilnih storitev, Družba za upravljanje terjatev bank, Stanovanjski sklad RS, Eko sklad in MF oziroma UJP kot upravljavec sredstev sistema enotnega zakladniškega računa države. Navedeni zavezanci bodo kot člani sistema izmenjave informacij lahko dostopali do vseh podatkov, ki se bodo izmenjevali v sistemu.
Poleg navedenih se bodo sicer v sistem izmenjave informacij pod enakimi pogoji kot obvezni člani lahko vključili tudi nekateri drugi kreditodajalci, denimo osebe, ki opravljajo storitev potrošniškega kreditiranja ali pravne osebe s sedežem v RS, katerih glavna dejavnost so storitve kreditiranja s sklepanjem kreditnih pogodb.
Katere informacije se zbirajo
V zbirki podatkov o zadolženosti fizičnih oseb SISBON se zbirajo podatki o kreditojemalcu (ime, priimek, naslov, podatki o osebnem stečaju …), podatki o kreditnih poslih (krediti, odobrene prekoračitve na plačilnih računih, posli s plačilnimi instrumenti, zamude pri plačilu obveznosti nad 90 dni, podatki o davčnih, upravnih in sodnih izvršbah pri banki…) in podatki o prevzetih poroštvih. Osebni podatki se v sistemu izmenjave oziroma v CKR obdelujejo v skladu z zakonom, ki ureja varstvo osebnih podatkov.
V zbirki podatkov SISBIZ se, skladno s 17. členom ZCKR, izmenjujejo podatki o zadolženosti poslovnih subjektov, in sicer, osnovni podatki o kreditojemalcu (firma, poslovni naslov, davčna /matična številka, podatki o postopkih zaradi insolventnosti, drugi podatki iz poslovnih registrov), in podatki o kreditnih poslih (datum sklenitve, neodplačane obveznosti, zavarovanja, zamude…). Banka Slovenije lahko dodatno zahteva izmenjavo dodatnih podatkov, denimo o restrukturiranih izpostavljenostih, (ne)donosnih izpostavljenostih, razvrščanju izpostavljenosti.
Vsakemu posamezniku in poslovnemu subjektu, o katerem se podatki zbirajo in izmenjujejo v sistemu, bo – tako, kot je že praksa v SISIBONU - omogočena seznanitev, kateri podatki se o njem zbirajo ter kdo, kdaj in s kakšnim namenom je dostopal do njih. ZCKR predvideva tudi globe za člane sistema in odgovorne osebe, ki ne izpolnjujejo predpisanih tehničnih in varnostnih zahtev ali uporabljajo podatke v nasprotju z nameni, določenimi v zakonu.
Varnostni vidik
Pri sistemu izmenjave informacij namenja Banka Slovenije velik poudarek varnostnemu vidiku oz. mehanizmom preprečevanja morebitnih zlorab podatkov, še zlasti osebnih. V tem delu smo za izhodišče vzeli dobre prakse iz obstoječega sistema izmenjave informacij fizičnih oseb – SISBON in jih v nekaterih delih še okrepili. Ključen poudarek bo na izvajanju poglobljenih revizijskih pregledov izpolnjevanja zahtev in standardov varovanja informacij tako pri novih članih, v fazi vključevanja v sistem izmenjave informacij, kakor tudi pri obstoječih članih. V okviru sistema izmenjave bo zagotovljena polna revizijska sled, tako. da bo mogoče v vsakem trenutku ugotoviti kdo, kdaj in s kakšnim namenom je dostopal do podatkov posameznika ali poslovnega subjekta. ZCKR sicer predvideva visoke globe (od 5.000 do 150.000 evrov) za kršitve pri dostopu do informacij.