Credit reporting provides reliable information resources for lenders to assess the risk of the loan. In order to get the quality and reliable report, the development of credit bureau need to be ensured important rules. According to World Bank, there are 5 basic principles to build a credit reporting system. The principles are data quality; Security, reliability and effectiveness; Legal and regulatory framework; Governance arrangements to deal with operational, legal and reputational risks; Globalization and access to credit across borders

Credit reporting systems should have accurate, timely and sufficient data – including positive – collected on a systematic basis from all relevant and available sources, and should retain this information for a sufficient amount of time.
- Accuracy and Quality: Free of errors, truthful, complete and up to date; consistent application of appropriate data-supplying rules and procedures to all data providers with similar characteristics.
- Timeliness: Clear and detailed rules for the updating of information; Pre-defined schedules and/or specific trigger events; Data available to users in a prompt manner to enable them to carry out their functions without unnecessary delays.
- Sufficiency (including positive): Credit Reporting Service Providers should be able to collect and process all the relevant information to fulfill their lawful purposes. Relevant information comprises both negative and positive data. Clear rules on minimum data inputs and optional data inputs.
- Data Retention: Data collected by credit reporting system should be available to users for a period of time that is consistent with the purpose for which the data used.

Credit reporting systems should have rigorous standards of security and reliability, and be efficient
- Security Measures: Credit Reporting system participants should protect data against any loss, corruption, destruction, misuse or undue access.
- Reliability of Data: Credit Reporting Service Providers should implement appropriate business continuity measures to ensure that their services will be available to users without any significant disruptions.
- Efficiency of Data: Credit Reporting Service Providers should strive to be efficient both from an operational as well as from a cost perspective, while continuing to meet users’ needs and high standards for service levels.

The overall legal and regulatory framework for credit reporting should be clear, predictable, non-discriminatory, proportionate and supportive of data subject and consumer rights. The legal and regulatory framework should include effective judicial or extrajudicial dispute resolution mechanisms.
- Clarity and Predictability: The legal and regulatory framework should be sufficiently precise to allow service providers, data providers, users and data subjects to foresee consequences of their actions; The terminology used throughout the legal and regulatory framework, including the rules and other norms, should be consistent at the domestic level; Public awareness of the laws and rules of credit reporting operations contributes to the clarity and predictability of the legal and regulatory framework.
- Non-discrimination: Data supplying and data access should be established in a fair manner, responding to impartial rules regardless of the nature of participants; Obligations on data quality, security measures and consumer rights should be equally applicable to all credit reporting service providers, data providers and users.
- Proportionality: The legal and regulatory framework should not be overly restrictive and burdensome relative to the possible issues it is designed to tackle; laws and regulations should be practical and effective as to ensure a high degree of compliance.
- Consumer rights and data protection: Consumer rights and data protection: right to object, right to be informed, right to access data and right to challenge accuracy of information.
- Dispute resolution: The process for solving disputes should be established in the laws; Credit Reporting Services Providers and data providers should flag to all users cases where data subjects are involved in a dispute with the data provider in connection with the subject’s data; Credit Reporting Services Providers and data providers should cooperate in reaching an expeditious solution to disputes; The legal framework should provide suitable enforcement mechanisms, including redress for data subjects harmed.

Data providers should ensure transparency, effectiveness in managing the risks associated with the business and fair access to the information by users.
- Transparency: Governance arrangements for credit reporting service providers and credit reporting should ensure timely and accurate disclosure of all relevant matters related to the entity and its activities.
- Effectiveness: The management of Credit Reporting Service Providers and data providers should identify all relevant risks faced by the organization, reporting periodically to the organization’s top governing body; To properly address and mitigate risks, credit areporting service providers and credit reporting data providers should establish sound internal controls and risk management mechanisms.
- Fair Access: Governance arrangements of Credit Reporting Service Providers should promote all users having access to information under equitable conditions. This objective should not be affected by the ownership structure of the service provider.

- Pre-conditions: The feasibility or desirability of cross-border data transfers should be based on a cost-benefit analysis that considers market conditions, the level of economic and financial integration, legal and regulatory barriers, and participant needs; Standardization of data formats and procedures should be fostered to facilitate cross-border credit data transfers.
- Requirement: When cross-border credit data transfers occur, the potential sources of risks that can arise should be identified and appropriately managed. There should be a framework for cooperation and coordination between relevant regulators and overseers.