The Assessment of Companies by Credit Rating Agencies - Legal Protection in Germany
When two companies sign a contract, at least one of them will wonder about the other contracting party's solvency. Bad debt losses may be fatal, especially if high amounts are at stake. The need for reliable information has produced a separate market. Credit agencies are pushing their way into this market. They collect information on the solvency of companies and transmit it to prospective trade partners in advance. However, what if the data obtained by the credit rating agencies are virtually false or incomplete so that the ensuing rating turns out the wrong way? The possible damage may be immense. The following article examines legal protection options within the scope of application of the German data protection law. For parties affected by data processing, the German legal system provides means of taking action against incorrect credit ratings which differ from the Anglo-Saxon legal systems. International companies operating in Germany (such as a Germany-based subsidiary of an English parent company) are equally entitled to refer to these rules.
- Which credit rating agencies assess companies in Germany?
- What exactly do the credit rating agencies assess?
- Where do the data come from?
- How are companies scored?
- How to fight back
- Other companies
The Creditreform Group is one of the leading suppliers of business information. The Group's competitor, Schufa Holding AG also provides full business information on joint-stock companies and partnerships in the product field "For your business with commercial customers (B2B).“ Furthermore, there are suppliers such as Hamburg-based Bürgel Wirtschaftsinformationen GmbH & Co. KG but also new enterprises like Creditsafe Deutschland GmbH domiciled in Berlin, etc.
Among other things, they store addresses and communication data, information on the legal form, possible interests, the corporate purpose, information on the financial situation and credit worthiness up to the most important business data (such as turnover and share capital). The so-called monitoring process implies that companies are controlled for a certain period of time. Subsequently, all the essential information is disclosed to third parties. This also applies to data on the corporate history, real-estate holdings and banking arrangements. Not uncommonly, a monitoring service is part of the product range.
A lot of data may be retrieved from the internet and public registers (commercial registers, debtors' registers, electronic Federal Gazette). However, no-one should be under any illusions as regards data on the financial situation and credit worthiness. Such information also originates in the information systems of the credit rating agencies which, in turn, are affiliated with other companies. In plain terms - you may also be assessed by your competitors.
Using the example of Schufa Holding AG, companies are scored as follows: Every company to be rated is assigned a score between 0 (lowest credit worthiness) and 1000 (highest credit worthiness). Furthermore, the companies in question are divided into so-called rating categories which define the credit worthiness by the company's affiliation to a group. Members of Group A are very creditworthy, members of Group B slightly less, and so on.
When it comes to legal protection options, we have to differentiate between individuals and companies. The dissemination of incorrect information on an individual's financial soundness is a violation of the German Federal Data Protection Act. The individual involved is entitled to cancellation, revocation, omission, and compensation for damages, if necessary. However, things are somewhat different where companies are concerned.
E.g. the German Federal Data Protection Act protects freelancers. These include sole traders, doctors, lawyers, tax advisors, and architects. Such entrepreneurs have the same rights as individuals. The same applies if the managers of a limited liability company are assessed as individuals. In that case the manager is affected in his capacity as a consumer. Consequently, the German Federal Data Protection Act is applicable. The scope of application of the German Federal Data Protection Act provides a very wide range of legal protection options. Scoring is subject to specific data protection requirements which need to be verified in individual cases.
The German Federal Data Protection Act is not directly applicable to the other company types - especially joint-stock companies (such as partnerships in commerce, limited partnerships, limited liability companies, and stock corporations). However, a comparison with other European legal systems shows that it would be reasonable to protect companies by the data protection law, too.
As it is, such companies are not entirely without rights. The German Federal Administrative Court has ruled that as a matter of course, companies are entitled to data protection, too (Federal Administrative Court, judgment of 20 December 2001 - 6 C 7/01). The favorable rules of burden of proof, however, may not be assigned to these cases.
It is not possible to simply remove rightful negative entries. On the other hand, it is important to point out that companies do not have to tolerate unlawful and unjust credit ratings.