Schedule A (Regulation 3)
Form CB1 - Application to be registered as a credit bureau
Form CB2 - Resolution by applicant to apply to be registered as a credit bureau
Resolution of the Members/Directors/Trustees/Partners of ______________ (the entity) ______________ Registration number (if applicable) taken at ______________ on ______________ date ______________ of ______________ month ______________ yearRESOLVED THAT—1.The entity ____________________________ applies to the Central Bank for registration as a credit bureau.2.____________________________ (full name of person) be and is hereby authorised by the entity, to sign all such documentation and take all such steps as may be necessary to give effect to the above mentioned decision.3.The entity understands that it will be liable for any action by any broker or agent who acts on behalf of the entity.FULL NAME(S): ____________________________SIGNED: ____________________________ (Properly mandated representative of the applicant)Date ____________________________FULL NAME(S): ____________________________SIGNED: ____________________________ (Properly mandated representative of the applicant)Date ____________________________One member/director/trustee/partner to sign who is not nominated as the competent person;Two members/directors/trustees/partners to sign if the competent person is not a member/director/trustee/partner of the company.Form CB3 - Strategic and operational competence report to be completed by the applicant credit bureau and certified by an independent auditor
The Central Bank of Lesotho
Form CB3 - Strategic and operational competence report
Part A – Applicant's details
Name of applicant ____________________________Company registration number ____________________________Name of person that completed this Form ____________________________E-Mail ____________________________Contact telephone number ____________________________Date of submission ____________________________Part B – Strategic competence
1.Business planPlease confirm—(1)the existence of business plans;(2)lower-level supporting procedures;(3)remediation plans to address known deficiencies, for purposes of operating a credit bureau to serve the Lesotho market, and(4)provide a brief high level summary of the contents of such business plan;(5)The business plan should specifically refer to the strategy to collect, host and report credit information on—(a)all persons that are the recipients of credit in Lesotho; and(b)all natural persons that are Lesotho citizens, or juristic persons registered in Lesotho that are recipients of credit in any other country.2.Organizational overviewPlease indicate—(1)existing personnel holding key positions within the applicants' organisation as well as(2)the overall organizational structure.More Specifically:(a)Resource strategy & planningi.Indicate sufficiency of resources (IT, administration or call centre) to manage data to be received and administration requests;ii.If no or inadequate resource available, indicate plan to acquire additional resource;iii.Indicate qualifications/ experience of administration or call centre staff to manage consumer, data supplier and other requests.3.Site overviewPlease describe the applicant's building and site facilities for purposes of demonstrating its conduciveness to business operations.4.Business integrityThe object is to establish the integrity of the juristic person applying for membership as well as the integrity of the natural persons exercising management and control of the juristic person.More specificallyprovide background reports on—(a)persons who exercise management and control of the applicant, including a certification that—(i)such persons are "fit and proper" persons of good standing, and do not have any criminal records;(ii)have not been subject to insolvency proceedings; and(iii)have a good standing with the relevant government taxation authorities;(b)the juristic person /company applying for membership; including confirmation of record of registration of company; and that the company has a good standing with the relevant government taxation authorities.5.Corporate finance: Sources of financeFor purposes of financial due diligence, please indicate sources of finance relating to the applicant.More specifically—(a)confirm that the applicant has sufficient financial resources to operate a credit bureau to service the Lesotho market; and(b)confirm that the applicant has adequate liability insurance.Part C – Operational assessment
1.Information Systems (IT)Assessing the current applicant's computer processing environment to ensure that the key information technology areas are addressed by controls implemented by the applicant. In this regard, please indicate implementation of controls specifically covering the following areas—(a)Information Systems Operations including technological capacity;(b)Information Security around critical servers and firewalls;(c)Change Control over application and operating systems, databases, networks and hardware; and(d)Resource and Continuity Planning, including a description of the current procedures and plans in place to acquire and train resources, and indicate whether continuity planning is in place to ensure the applicants' business and IT operations are a going concern.More Specifically:(a)Information systems operations:(i)High level indication of systems;(ii)High level indication of operational process;(b)Information security—(i)Protection of data collected (couriers, FTP, e-mail etc.);(ii)Protection of data on CD's, cartridges, disks, e-mail etc. at bureau site (e.g. fireproof cabinets, physical media filing and cataloguing, encryption, access security etc.);(iii)Protection of data on the database against unauthorized access, removal or amendment (e.g. password control, firewalls, intrusion detection etc.);(iv)High level indication of physical security (premises, computer room etc)(c)Change control (over application and operating systems, databases, networks and hardware); indication of change control process followed when making changes to the above data;(d)Business continuity procedures(i)Indication of disaster recovery process(ii)Indication of disaster recovery site(iii)High level indication of business continuity plan.2.Credit information integrity and accuracyMore Specifically:(i)High level indication of key measures of matching credit information to consumers;(ii)High level indication of credit information quality process followed prior to loading data to the database;(iii)Indication of measures to remove credit information from display at the expiration of the prescribed data display period.3.Processing credit information for purposes specified in lawMore specifically:High level indication of key measures to ensure that credit information will only be reported or released for purposes prescribed in the Act.Part D – Declaration
I confirm that:(a)I am duly authorised to sign this report;(b)this report is to the best of my knowledge and belief accurate and complete;(c)appropriate methods have been implemented to ensure that the information in this report is accurate.______________________________Name of Duly Authorised Officer of Applicant Credit Bureau______________________________Signature of Duly Authorised Officer of Applicant Credit BureauForm CB4 - Quarterly Synoptic Report
Schedule B (Regulation 3(1)(f))
Fees
1.Application feeThe prescribed application fee in terms of section 14(l)(a) of the Act is 20 000 Maloti—(a)payable by each applicant upon application for registration as a credit bureau;(b)must be paid to the Central Bank upon submission of the application for registration or within 20 business days from receipt of notice from the Central Bank for payment of the application fee for applications already submitted; and(c)must be paid by cheque made out to the Central Bank or by electronic transfer to the bank account of the Central Bank.2.Initial registration feeThe prescribed initial registration fee in terms of section 14(1)(b) of the Act is 10,000 Maloti—(a)payable by each registrant upon initial registration as a credit bureau;(b)must be paid to the Central Bank upon registration of the applicant as a credit bureau or within 20 business days from receipt of notice from the Central Bank for payment of the initial registration fee for an applicant already registered; and(c)must be paid by cheque made out to the Central Bank or by electronic transfer to the bank account of the Central Bank.3.Annual registration renewal feeThe prescribed annual registration renewal fee in terms of section 14(1)(c) of the Act is 5,000 Maloti—(a)payable by each registrant annually for purposes of renewing registration as a credit bureau;(b)must be paid to the Central Bank upon renewal of registration or within 20 business days from receipt of notice from the Central Bank for payment of the annual registration fee for registration already renewed; and(c)must be paid by cheque made out to the Central Bank or by electronic transfer to the bank account of the Central Bank.Guidelines (Regulation 8(1))
Guideline CB1
Guidelines for Annual Compliance Reporting
Guideline and Explanatory Notes for the Certification of Annual Compliance Report
Guide for Independent Auditors of Credit Bureau
Summary
Guideline in respect of the certification of annual compliance report
This document constitutes guidelines issued by the Central Bank of Lesotho, in terms of Regulations issued in terms of the Credit Reporting Act, 2011.This guideline is intended for independent auditors of the registered credit bureaus who by regulation are required to submit an annual compliance report which is certified by their independent auditors. This document provides guidance and explanatory notes pertaining to the certification of an annual compliance report, which must be submitted to the Central Bank of Lesotho on an annual basis.1.Definitions"Act" - Credit Reporting Act, 2011"CBL" - Central Bank of Lesotho"Credit record" - Any consumer record with one or more account, payment profile entry, adverse record judgment, or default. With the exclusion of any enquiries."Credit report" - (direct to consumer) Report issued to consumer with or without charge which contains credit information."Data supplier" - Any party who supplies credit information to a credit bureau, irrespective of whether there is a written contractual relationship between the party and the credit bureau. Examples: credit providers, service providers, judgement information providers, information on-sellers etc."Deemed valid dispute" - Where a change or correction on a credit record is required due to the prescribed investigation period that has lapsed."Dispute" - Where investigation is required and feedback is expected."ID fraud" - Identity fraud is a synonym for unlawful identity change. It indicates an unlawful and intentional misrepresentation by using the identity of another person or of a non-existing person as a target or principal tool. Identity fraud can occur without identity theft, as in the case where the fraudster has been given someone's identity information for other reasons but uses it to commit fraud, or when the person whose identity is being used is colluding with the person who is committing the fraud."Information" - Credit information as defined in the Credit Reporting Act, 2011."Juristic person" - Includes a partnership, association or other body of persons, corporate or unincorporated, or a trust if (a) there are three or more individual trustees; or (b) the trustee is itself a juristic person."Regulations" - Credit Bureau Regulations in terms of the Credit Reporting Act, 2011."Service provider" - An entity that provides services to consumers or other entities. Such as a medical practitioner, a telecommunication service provider etc."The Act" - The Credit Reporting Act, 2011."Valid dispute" - Where a change or correction on a credit record is required after investigation.Where a definition, within these guidelines does not coincide with that of the Act, in all instances the definition in the Act will supersede and take precedence over any definition provided within these guidelines.2.IntroductionThis guideline applies to independent auditors of credit bureaus who have registered with the CBL. The guidance and explanatory notes have been compiled by the CBL to provide assistance to those responsible for certifying the Annual Compliance Report.This document provides guidelines on the annual compliance report that must be certified by an independent auditor for submission to the CBL.3.General3.1.Submission timeThe annual compliance report must be submitted by the credit bureau to the CBL by the 15th March each year for the period 1 January to 31 December of the previous year.3.2.Submission procedure and addressThe signed annual compliance report must be submitted in duplicate, with only one being signed as the original, together with an electronic version of the completed return. The signed copy and duplicate must be sent to:The Central Bank of LesothoCnr Moshoeshoe & Airport RoadsMaseru 100LesothoE-mail: ____________________If applicable, a nil return may be submitted in accordance with the above guidelines and procedures.4.Company detailsName of registered entity: | registered name. |
CBL Registration Number: | unique registration number that is allocated to each credit bureau at registration by the CBL. |
Name of contact: | is the person who completed/compiled the compliance report. |
Telephone and e-mail contact: | telephone and e-mail contact details of the person who completed/compiled the annual compliance report. |
Year covered in return: | the starting and ending dates pertaining to the relevant reporting period. |
5.Company profile (only update if applicable)5.1.Material changes to companyAny changes in ownership or directors; acquisition or disposal of major assets; relocation of business premises; etc.6.Data integrity6.1.Key measures to verify the data accuracy(a)Obtain copy of policies and procedures in respect of any data received from any party, irrespective of whether there is an existing contractual relationship between the party and credit bureau, implemented by a credit bureau to—(i)validate and verify the data accuracy before loading onto its database and sending off to other parties, such as consumers, subscribers etc.;(ii)validate and verify the data accuracy to avoid re-loading or overriding previously rejected, removed or amended data;(iii)communicate with the suppliers whose data was rejected due to inaccuracy; or who have not been submitting data;(iv)monitor turnaround time for data correction and reloading previously rejected data etc.;(v)observe and interview the staff members who execute the tasks; and report on such findings.6.2.Display periods in terms of the Credit Information Reporting Standards set out in Schedule B to the RegulationsIn terms of assessing compliance the auditors are required to—(a)obtain copies of policies and procedures of full process flows and functions in each process, including operational resources and systems, which have been implemented by the credit bureau to ensure compliance with the prescribed display periods;(b)observe and interview the staff members who execute the tasks; and report on such findings;(c)sample on the basis of 5% of population or 100,000 records of each category of display periods, whichever is the lesser, and automate tests;(d)on the basis of a sample, indicate the extent to which credit information records, held by credit bureau, comply with prescribed display periods;(e)obtain a list of all disputes lodged in the last 3 months of commencing the audit, and report on—(i)the percentage of disputes related to data display periods;(ii)the percentage of valid disputes related to data display periods; and(iii)provide reasons and explanations for non-compliance with data display periods.6.3.Non-displayable data in terms of the Credit Information Reporting Standards set out in Schedule B to the RegulationsIn assessing compliance, the auditors are required to—(a)obtain a list of fields displayed on the database;(b)compare the list of fields with that of the fields held on credit bureau databases; and report on the deviations if any.6.4.Investigation of requests to correct information(a)obtain copies of policies and procedures of full process flows and functions in each process, including operational resources and systems, which have been implemented by the credit bureau for the investigation of requests for correction of information by natural and juristic persons;(b)observe and interview the staff members who execute the tasks, and report on such findings.6.4.1.Incorrect information is not repeatedly reflected on credit bureau(a)obtain copies of policies and procedures of full process flows and functions in each process, including operational resources and systems, which are implemented by the credit bureau to ensure that information which was previously rejected, removed or amended is not repeatedly reflected on the credit bureau database;(b)observe and interview the staff members who execute the tasks; and(c)report on such findings.6.5.Combating or preventing ID fraud(a)obtain copies of policies and procedures of full process flows and functions in each process, including operational resources and systems, which have been implemented by credit bureau to ensure that consumer records and information held on the credit bureau database are not unlawfully accessed by any other consumer or third party for possible fraudulent and/or other illegal activities; and(b)observe and interview the staff members who execute the tasks; and report on such findings.6.6.Data security and confidentiality(a)obtain copies of policies and procedures of full process flows and functions in each process, including operational resources and systems, which have been implemented by the credit bureau for keeping data, in any form and any source, confidential;(b)observe and interview the staff members who execute the tasks; and(c)report on such findings.7.Dispute resolution7.1.Disputes in respect of credit recordsAgree the numbers with relevant supporting documents.7.2.Valid disputes in respect to judgmentsAgree the numbers with relevant supporting documents.7.3.Valid disputes where a particular credit agreement was reflected to the incorrect natural or juristic personAgree the numbers with relevant supporting documents.7.4.Valid disputes where the credit report was reflected to the incorrect natural or juristic personAgree the numbers with relevant supporting documents.7.5.Valid disputes where the amount reported in respect to a judgment was incorrectAgree the numbers with relevant supporting documents.7.6.Valid disputes about information that must be erasedAgree the numbers with relevant supporting documents.7.7.Valid disputes about other instancesAgree the numbers with relevant supporting documents.8.Non-compliance8.1.Problems and reasons of non-complianceAgree that the problems and reasons of non-compliance are reported accurately.8.2ResolutionsAgree that corrective action plans are in place and have been agreed to at senior management level.9.Confidentiality of information9.1.Enquiries done for prescribed purposesProvide and illustrate full process flows and functions in each process, including operational resources and systems, which have been implemented by the credit bureau to ensure that credit information is being used for the prescribed purpose and that consumer consent, where applicable, has been obtained prior to accessing/releasing credit information.10.DeclarationThis section confirms that the person who is authorised to sign off the Annual Compliance Report as an accurate reflection and truthful account of the content disclosed to the CBL, is so duly authorised.Guideline 2: Credit Bureau Quarterly ReportingGuideline CB2
Guideline and explanatory notes for quarterly synoptic reporting
Definitions;For the purposes of regulation 12 of these regulations requiring the submission of a quarterly synoptic report by a registered credit bureau, the following words, and phrases shall bear the meanings as set out below:"accounts in good standing" means accounts that are current or 1 to 2 months in arrears;"accounts with impaired record" means accounts that are 3 or more months in arrears, or accounts that have adverse listings, judgments, sequestration order, liquidation order, rehabilitation order, or administration orders;"a consumer in good standing" means a consumer who may be a natural or a juristic person with all accounts in good standing;"a consumer with an impaired records" means a consumer who may be a natural or juristic person, with one or more accounts with an impaired record."consumer" shall mean a natural or juristic person, who is the recipient of a credit product."credit product" shall mean a mortgage; vehicle and asset finance; unsecured credit loans; credit facilities; and telecommunications services billed in arrears."credit facility" shall mean the extension of credit as defined in the Act, and where the credit provider defers the obligation to pay for any part of the goods or services or any part of an amount extended; or bills periodically for any part of goods or services or any part of an amount extended; and a charge, fee or interest is payable to the credit provider in respect of an amount deferred or billed periodically and not paid within the time provided in the agreement."juristic person" means a juristic person as defined in the Act with annual turnover less than five million maloti."mortgage" shall mean a pledge of immovable property that serves as security for a mortgage agreement."outstanding book debt per credit product" shall mean the total outstanding principal debt per credit product."unsecured credit loan" shall mean the payment of a monetary amount, within the definition of the phrase "extension of credit" in the Act, and the deferment of the repayment of such monetary amount, which debt is not supported by any pledge, or other right in property or suretyship or any other form of security."vehicle and asset finance" shall mean the extension of credit for purposes of facilitating the purchase of a vehicle or other asset.Credit Information Reporting Standards
Standards for the filing, maintenance, retention, display and reporting of credit information
1.Display periods for credit informationCredit information as per the following Table may be displayed and used for the purposes of credit assessment for a maximum period as indicated:Categories of credit information | Description | Period for which information must be retained from date of commencement of the event |
---|
1. Details and results of disputes/requests lodged by consumers | Number and nature of complaints lodged and whether complaint was rejected.No information may be displayed on complaints that were upheld. | 18 months |
2. Enquiries | Number of enquiries made on a consumer's record, including the name of the entity / person who made the enquiry and a contact person if available | 2 years |
3. Payment Profile | Factual information pertaining to the Payment profile of the consumer | 5 years |
4. Adverse Information consumer behaviour | Qualitative information on consumer behaviour | 1 years |
5. Adverse Information enforcement action | Classification related to enforcement action by a credit provider | 2 years |
5. Civil court judgments | Civil court judgments for debt including default judgments | The earlier of 5 years or until the judgment is rescinded by a court. |
7. Administration Orders | As per the court order | The earlier of 10 years or until order is rescinded by a court |
8. Sequestrations | As per the court order | The earlier of 10 years or until rehabilitation order is granted |
9. Liquidations | As per the court order | Unlimited period |
10. Rehabilitation Orders | As per the court order | 5 years |
(1)The date of commencement of the event is the date on which the relevant order was given or the date on which the conduct occurred which resulted in the listing;(2)Adverse classifications of consumer behaviour are subjective classifications of consumer behaviour, and include classifications such as "delinquent", "slow payer", "default", "absconded", "not contactable";(3)Adverse classifications of enforcement action are classifications related to enforcement action taken by the credit provider, including classifications such as "handed over for collection or legal recovery", "legal action" or "write off’;(4)Payment profile refers to the consumer’s payment history in respect of a particular transaction.(5)Any information not included in any category above may be displayed and used for purposes of credit assessment for a maximum period of two years.(6)Upon receiving a court order rescinding any judgment, a credit bureau must first verify the authenticity of such court order prior to removing the judgment from display in terms.2.Maintenance of credit information by credit bureaux(1)Records of credit information must be maintained in accordance with the following standards—(a)identified by the consumer’s identity number or passport number, or where no identity number or passport number is available for a particular person, any other reasonable method to identify the record;(b)collected, processed and distributed in a manner that ensures that the records remain confidential and secure;(c)protected against accidental, unlawful destruction and unlawful intrusion;(d)protected against loss or wrongful alteration, and(e)protected against unauthorised disclosure or access by any unauthorised person.(2)The credit bureau must take all reasonable steps to ensure that all records are kept up to date.(3)Credit information relating to the following subjects may not be contained on the records of the credit bureau:(b)political affiliation;(c)medical status or history;(d)religion or thought, belief or opinion;(e)sexual orientation, except to the extent that such information is self-evident from the record of the consumer’s marital status and list of family members; and(f)membership of a trade union, except to the extent that such information is self-evident from the record of the consumer’s employment information.3.Right to access credit reports(1)Registered credit bureau must provide consumers with credit reports on the following basis, one free credit report per annum and thereafter upon payment of the credit bureau's reasonable fee.(2)The consumer request for a credit report must provide—(i)full names, date of birth and identity number; or passport number and date of birth if no identity number is available;(ii)If it is a personal request, the requestor should provide proof of full names, date of birth and identity number by providing a copy of the national identity document, if the identity document is unavailable, a copy of the passport and full birth certificate or a valid driver’s licence;(iii)If a request is made on behalf of another person, there must be proof of the capacity of the requestor, and explicit written instructions by the person in respect of whom the request is being made, authorising the requestor to make the request on his behalf, which instructions must be verifiable. Whenever a request is made on behalf of another person, proof must be provided of both the requestor’s identity and the identity of the person on behalf of whom the request is being made.(3)The requestor must be provided with the opportunity to indicate the method of delivery of the credit report from options made available by the credit bureau; and how the requestor would like to be informed of the decision on the request, by written reply, fax or e-mail.(4)When a consumer requests a credit report, the report must disclose the same information that will be displayed to other parties when such report is displayed.