Credit Reporting Regulations, 2013


Lesotho
Credit Reporting Act, 2011

Credit Reporting Regulations, 2013

Legal Notice 68 of 2013

  • Published in Government Gazette no. 37 on 19 July 2013
  • Commenced on 19 July 2013
  • [This is the version of this document from 19 July 2013.]
Pursuant to section 41 of the Credit Reporting Act, 20111, I, Dr. Retśelisitsoe Matlanyane Governor of the Central Bank of Lesotho make the following regulations—1Act No. 1 of 2012

1. Citation and commencement

These regulations may be cited as the Credit Reporting Regulations, 2013 and shall come into operation on the date of publication in the Gazette

Part I – Preliminary

2. Interpretation

In these Regulations unless the context otherwise requires—"Act" means the Credit Reporting Act, 2011"annual financial statements" means the audited annual financial statements as required for each specific registrant;"auditor" means a member of the Lesotho Institute of Accountants certified to provide, attest or perform auditing functions recognised by the Lesotho Institute of Accountants;"delivered" means sending a document by hand, fax, e-mail, or registered mail to an address chosen in the agreement by the proposed recipient, if no such address is available, the recipient’s registered address;"general management" when referring to juristic persons means the directors of a company registered in terms of the Companies Act, 2011, for all other juristic persons, the individuals who perform a similar function to the board of directors;"the Central Bank" means the Central Bank of Lesotho continued in existence by the Central Bank of Lesotho Act 20002;2Act No. 12 of 2000

Part II – Registration requirements criteria and procedures for a credit bureau

3. Registration requirements

(1)A person who applies for registration as a credit bureau operator in terms of section 12 of the Act shall submit, to the Central Bank, the following—
(a)a completed application form on Form CB1 as set out in Schedule A;
(b)a resolution by the applicant to apply for registration as a credit bureau on Form CB2 as set out in Schedule A;
(c)a document detailing the organisational structure of the applicant, and business activity within that structure, to establish that the applicant is not engaging in any business activity inconsistent with operating an independent and objective credit bureau;
(d)a certified strategic and operational competence report from an auditor on Form CB3 as set out in schedule A, to confirm the capacity of the applicant to promote the objectives of the Act under section 3, and compliance with the registration requirements under section 12 of the Act;
(e)any additional documents required in the relevant application form; and
(f)receipt of the non refundable application fee as set out in Schedule B.
(2)A person who applies for registration shall, within 15 business days of receipt of a request, provide any further information required by the Cen­tral Bank in terms of section 13 of the Act.

4. Minimum registration requirements

(1)The Central Bank may only register a person as a credit bureau operator, if the person has—
(a)submitted a completed and signed application form;
(b)submitted a completed and signed resolution by an authorised person;
(c)satisfied the Central Bank that it does not engage in any business activity inconsistent with operating an independent and objective credit bureau;
(d)submitted proof of registration with relevant taxation authorities;
(e)submitted a certified strategic and operational competence report by an independent auditor on Form CB3, confirming the capacity of the applicant to promote the objectives of the Act set out in section 3, and compliance with the registration requirements set out in section 12 of the Act;
(f)submitted credible plans to remedy areas of lack of capacity or non compliance, if referred to in the report by the independent auditor, within a reasonable time as agreed between the Central Bank and the applicant;
(g)submitted a receipt of the non refundable initial registration fee, as set out in Schedule B.

5. Conditions of registration

(1)The Central Bank may, having regard to the objects, and purposes of the Act, the circumstances of the application for registration, and the registration requirements, impose conditions on the registration of an applicant, where the applicant has not satisfied the requirements of registration.
(2)The applicant may be notified of the conditions contemplated in subregulation (1) and the reasons for the conditions imposed.
(3)An applicant who has received a notification of conditions imposed on the applicant, shall respond to the Central Bank within 15 business days after that date on which the applicant first received notification.
(4)If the applicant consents, the Central Bank shall register the applicant subject to the conditions imposed.
(5)If the applicant does not respond to the notice or objects, the Central Bank may consider any objection lodged and may finally determine the conditions to be imposed, and register the applicant.
(6)The Central Bank shall inform the applicant, in writing, of a decision in terms of subregulation (5).

6. Review of conditions of registration

(1)A registrant may on compelling grounds apply to the Central Bank for the review or variation of any condition of registration.
(2)On receipt of an application under subregulation (1), the Central Bank may determine the application having regard to—
(a)the purposes and objectives of the Act;
(b)the prescribed registration requirements; and
(c)the compelling grounds submitted by the applicant.
(3)A determination under subregulation (2), may be referred by an applicant to a competent court for review.

7. Certificate of registration

A certificate of registration issued in terms of section 16 of the Act, shall specify—
(a)the identity of the registrant;
(b)the company registration number and, in the case of a partnership, the words "trading in partnership" shall be specified;
(c)the activities that the registration permits the registrant to engage in, conduct or make the activities available to the public;
(d)registration number of the registrant issued by the Central Bank;
(e)signature of a duly authorised representative of the Central Bank;
(f)certificate number;
(g)date on which the certificate was issued.

Part III – Regulation and supervision of credit bureau

Chapter A
Annual compliance reporting

8. The annual compliance report

A registrant shall submit to the Central Bank an annual compliance report, compiled by an auditor following special investigations, due diligence and factual findings in accordance with the guidelines stipulated in Guideline CB1 set out in Schedule B, addressing the following matters—
(a)adequacy of policies, processes and procedures employed by it to ensure—
(i)the accuracy and integrity of data received, maintained and reported by it;
(ii)the confidentiality and security of data received, maintained and reported by it;
(iii)data released as permitted by the Act;
(iv)the display of data for fixed reasonable periods, as stipulated in the Credit Information Reporting Standards stipulated under guideline CB2;
(v)rights of a consumer to access their reports and challenge information contained in it;
(vi)compliance with the Credit Information Reporting Standards stipulated under guideline CB2.
(b)Incidence of requests for correction of data in terms of sections 27(2) and 27(3) of the Act, and resolution of such requests, more particularly—
(i)total requests for correction of data;
(ii)reasons for requests to correct data;
(iii)incidence of data corrected at the request of the consumer.

9. Time-frame for submission of annual compliance report

A compliance report submitted by a registered credit bureau in terms of regulation 8 above shall be submitted to the Central Bank on or before the 15th March each year for the period starting 1st January and ending on 31st December.

10. Processing of annual compliance report by the Central Bank

On receipt of an annual compliance report from a registered credit bureau, the Central Bank shall—
(a)in writing, acknowledge receipt of the report;
(b)make an assessment of the report and communicate the outcome of the assessment to the registrant credit bureau;
(c)If the outcome of the assessment of the report reflects areas of non compliance found, the Central Bank may—
(i)provide the registrant with an opportunity to remedy the shortcomings found;
(ii)issue a compliance notice in terms of section 35 of the Act;
(iii)cancel the registration in terms of section 17 of the Act if the registrant has repeatedly contravened the Act.

Chapter B
Credit Information Reporting Standards

11. Standards for the filing, retention and reporting of credit information

(1)In terms of section 7(2) of the Act, the Central Bank may prescribe standards for the filing, retention and reporting of credit information in the Credit Information Reporting Standards.
(2)The Credit Information Reporting Standards shall, among other things, address matters such as display and retention periods for credit information; maintenance, retention and reporting of credit information by credit bureau.
(3)The Credit Information Reporting Standards set out in Schedule B may be amended, varied or supplemented by the Central Bank by written notification to all registrants.

Part IV – Credit bureau reporting

12. Quarterly synoptic report to be submitted by registered credit bureau

(1)A registered credit bureau shall in terms of sections 9 (1)(a) and 8 of the Act submit a quarterly synoptic report in accordance with the report template and report Guidelines prescribed in form CB4, and definitions stipulated in Guideline CB2, regarding—
(a)the total number of credit active consumers that are natural persons;
(b)the total number of credit active consumers that are juristic persons;
(c)the credit standing of the consumers that are natural persons, in particular, the number of the consumers that are natural persons in good standing; and the number of the consumers that are natural persons with impaired records;
(d)the total number of consumer accounts pertaining to natural persons, in good standing, and the total number of the consumer accounts pertaining to natural persons with impaired records;
(e)the total number of the consumer accounts, pertaining to juristic persons in good standing and with impaired records;
(f)credit market activity, with respect to the following credit products, mortgages, vehicle and asset finance, unsecured credit loans, credit facilities, and telecommunication services in respect of which payment is made in arrears;
(g)total outstanding book debt per credit product, amount in arrears per credit product and amount in relation to adverse information and civil court judgment information for debt.
(2)A report on each credit product in terms of subregulation (1)(f) shall be in the following categories—
(a)small credit agreement;
(b)medium credit agreement; and
(c)large credit agreement.
(3)In reporting in terms of subregulation (1), a registered credit bureau shall report on credit extended in Lesotho or credit extended in other country to natural persons that are Lesotho citizens, or juristic persons registered in Lesotho.
(4)A registered credit bureau shall submit a quarterly synoptic report referred to in subsection (1), in accordance with die report template on Form CB4 set out in Schedule A, in respect of the quarters and by the following due dates—
(a) quarter l 1 January - 31 March 15 May;
(b) quarter 2 1 April - 30 June 15 August;
(c) quarter 3 1 July - 30 September 15 November;
(d) quarter 4 1 October - 31 December 15 February
(5)The Central Bank may, after consultation with a registered credit bureau, vary or amend the content of the quarterly synoptic report.

13. Data supplier report

A registered credit bureau shall, in terms of section 9 (1)(b) of the Act, submit a data supplier report to the Central Bank on or before the 10th working day of each month, regarding—
(a)credit providers, with a place of business in Lesotho, from whom the registrant has accepted and loaded credit information;
(b)credit providers, with a place of business in Lesotho, who have supplied credit information which the registrant has rejected, and the reason for the rejection;
(c)credit providers with a place of business in Lesotho, who have not supplied credit information;
(d)credit providers with a place of business in Lesotho, who have accessed credit information for credit assessment in accordance with section 30 of the Act.
(2)A credit bureau data liaison officer shall be appointed by the Central Bank for purposes of regulating the submission of accurate, complete and up-to-date credit information by all credit providers extending credit in Lesotho to a registered credit bureau.

14. Processing of reports submitted in terms of this Chapter by the Central Bank

On receipt of a quarterly synoptic report or data supplier report from a registered credit bureau, the Central Bank shall—
(a)acknowledge receipt of the report in writing;
(b)make an assessment of the report within a reasonable period;
(c)In the case of a quarterly synoptic report, communicate the outcome of the assessment to all stakeholders within the credit market;
(d)In the case of a data supplier report, take reasonable steps based on the outcome of the report to ensure that credit providers with a place of business in Lesotho, submit complete, accurate and up-to-date credit information to a registrant credit bureau;
(e)If a credit provider with a place of business in Lesotho fails to submit a complete, accurate and up-to-date credit information to a registrant credit bureau, the Central Bank may, after consulting with the credit provider—
(i)require that the credit provider submit within a reasonable period, specified categories of credit information, not previously submitted; or
(ii)issue the credit provider with a compliance notice for failing to comply with its obligation in terms of section 19(2) of the Act;
(f)If a registered credit bureau fails to submit a report, or submits an incomplete or inaccurate report, the Central Bank may, after consulting with the registrant—
(i)provide the registrant with a reasonable opportunity to remedy the shortcomings found;
(ii)issue a compliance notice in terms of section 35 of the Act; or
(iii)cancel the registration in terms of section 17 of the Act if the registrant has repeatedly contravened the Act.

Part V – Record-keeping and prescribed forms

15. Records of registered activities to be retained by credit bureaux

A registrant shall maintain records of registered activities, in paper or electronic format, readily accessible for a period of three years from the date on which the registrant created, signed or received the document.

16. Forms and use of forms

(1)The forms to be used, for the purposes of these regulations, shall be as set out in Schedule A.
(2)If a prescribed form is used with any other information or document not prescribed, the prescribed form shall be clearly distinguishable from the information or document not prescribed.
(3)If a prescribed form is used in conjunction with another prescribed form, each shall be clearly distinguishable from the other.
(4)Where a form or document is prescribed in these regulations—
(a)it shall be sufficient if a person required to prepare such a form or document does so in a form that satisfies all the substantive requirements as to content and design of the prescribed form; and
(b)any deviation from the prescribed form shall not invalidate the form, unless the deviation fails to satisfy the requirements set out in paragraph (a), negatively affects the substance of the document or is deceptive or misleading.

17. Electronic submission of forms

A form that has to be submitted to the Central Bank may be submitted electronically.

Schedule A (Regulation 3)

Form CB1 - Application to be registered as a credit bureau

[Application form CBI is obtainable from the Central Bank of Lesotho]

Form CB2 - Resolution by applicant to apply to be registered as a credit bureau

Resolution of the Members/Directors/Trustees/Partners of ______________ (the entity) ______________ Registration number (if applicable) taken at ______________ on ______________ date ______________ of ______________ month ______________ yearRESOLVED THAT—
1.The entity ____________________________ applies to the Central Bank for registration as a credit bureau.
2.____________________________ (full name of person) be and is hereby authorised by the entity, to sign all such documentation and take all such steps as may be necessary to give effect to the above mentioned decision.
3.The entity understands that it will be liable for any action by any broker or agent who acts on behalf of the entity.
FULL NAME(S): ____________________________SIGNED: ____________________________ (Properly mandated representative of the applicant)Date ____________________________FULL NAME(S): ____________________________SIGNED: ____________________________ (Properly mandated representative of the applicant)Date ____________________________One member/director/trustee/partner to sign who is not nominated as the competent person;Two members/directors/trustees/partners to sign if the competent person is not a member/director/trustee/partner of the company.

Form CB3 - Strategic and operational competence report to be completed by the applicant credit bureau and certified by an independent auditor

The Central Bank of Lesotho

Form CB3 - Strategic and operational competence report

Part A – Applicant's details

Name of applicant ____________________________Company registration number ____________________________Name of person that completed this Form ____________________________E-Mail ____________________________Contact telephone number ____________________________Date of submission ____________________________

Part B – Strategic competence

1.Business planPlease confirm—
(1)the existence of business plans;
(2)lower-level supporting procedures;
(3)remediation plans to address known deficiencies, for purposes of operating a credit bureau to serve the Lesotho market, and
(4)provide a brief high level summary of the contents of such business plan;
(5)The business plan should specifically refer to the strategy to collect, host and report credit information on—
(a)all persons that are the recipients of credit in Lesotho; and
(b)all natural persons that are Lesotho citizens, or juristic persons registered in Lesotho that are recipients of credit in any other country.
2.Organizational overviewPlease indicate—
(1)existing personnel holding key positions within the applicants' organisation as well as
(2)the overall organizational structure.More Specifically:
(a)Resource strategy & planning
i.Indicate sufficiency of resources (IT, administration or call centre) to manage data to be received and administration requests;
ii.If no or inadequate resource available, indicate plan to acquire additional resource;
iii.Indicate qualifications/ experience of administration or call centre staff to manage consumer, data supplier and other requests.
3.Site overviewPlease describe the applicant's building and site facilities for purposes of demonstrating its conduciveness to business operations.
4.Business integrityThe object is to establish the integrity of the juristic person applying for membership as well as the integrity of the natural persons exercising management and control of the juristic person.More specificallyprovide background reports on—
(a)persons who exercise management and control of the applicant, including a certification that—
(i)such persons are "fit and proper" persons of good standing, and do not have any criminal records;
(ii)have not been subject to insolvency proceedings; and
(iii)have a good standing with the relevant government taxation authorities;
(b)the juristic person /company applying for membership; including confirmation of record of registration of company; and that the company has a good standing with the relevant government taxation authorities.
5.Corporate finance: Sources of financeFor purposes of financial due diligence, please indicate sources of finance relating to the applicant.More specifically—
(a)confirm that the applicant has sufficient financial resources to operate a credit bureau to service the Lesotho market; and
(b)confirm that the applicant has adequate liability insurance.

Part C – Operational assessment

1.Information Systems (IT)Assessing the current applicant's computer processing environment to ensure that the key information technology areas are addressed by controls implemented by the applicant. In this regard, please indicate implementation of controls specifically covering the following areas—
(a)Information Systems Operations including technological capacity;
(b)Information Security around critical servers and firewalls;
(c)Change Control over application and operating systems, databases, networks and hardware; and
(d)Resource and Continuity Planning, including a description of the current procedures and plans in place to acquire and train resources, and indicate whether continuity planning is in place to ensure the applicants' business and IT operations are a going concern.More Specifically:
(a)Information systems operations:
(i)High level indication of systems;
(ii)High level indication of operational process;
(b)Information security—
(i)Protection of data collected (couriers, FTP, e-mail etc.);
(ii)Protection of data on CD's, cartridges, disks, e-mail etc. at bureau site (e.g. fireproof cabinets, physical media filing and cataloguing, encryption, access security etc.);
(iii)Protection of data on the database against unauthorized access, removal or amendment (e.g. password control, firewalls, intrusion detection etc.);
(iv)High level indication of physical security (premises, computer room etc)
(c)Change control (over application and operating systems, databases, networks and hardware); indication of change control process followed when making changes to the above data;
(d)Business continuity procedures
(i)Indication of disaster recovery process
(ii)Indication of disaster recovery site
(iii)High level indication of business continuity plan.
2.Credit information integrity and accuracyMore Specifically:
(i)High level indication of key measures of matching credit information to consumers;
(ii)High level indication of credit information quality process followed prior to loading data to the database;
(iii)Indication of measures to remove credit information from display at the expiration of the pre­scribed data display period.
3.Processing credit information for purposes specified in lawMore specifically:High level indication of key measures to ensure that credit information will only be reported or released for purposes prescribed in the Act.

Part D – Declaration

I confirm that:
(a)I am duly authorised to sign this report;
(b)this report is to the best of my knowledge and belief accurate and complete;
(c)appropriate methods have been implemented to ensure that the information in this report is accurate.
______________________________Name of Duly Authorised Officer of Applicant Credit Bureau______________________________Signature of Duly Authorised Officer of Applicant Credit Bureau

Form CB4 - Quarterly Synoptic Report

[Application Form CB4 is obtainable from the Central Bank of Lesotho]

Schedule B (Regulation 3(1)(f))

Fees

1.Application feeThe prescribed application fee in terms of section 14(l)(a) of the Act is 20 000 Maloti—
(a)payable by each applicant upon application for registration as a credit bureau;
(b)must be paid to the Central Bank upon submission of the application for registration or within 20 business days from receipt of notice from the Central Bank for pay­ment of the application fee for applications already submitted; and
(c)must be paid by cheque made out to the Central Bank or by electronic transfer to the bank account of the Central Bank.
2.Initial registration feeThe prescribed initial registration fee in terms of section 14(1)(b) of the Act is 10,000 Maloti—
(a)payable by each registrant upon initial registration as a credit bureau;
(b)must be paid to the Central Bank upon registration of the applicant as a credit bureau or within 20 business days from receipt of notice from the Central Bank for payment of the initial registration fee for an applicant already registered; and
(c)must be paid by cheque made out to the Central Bank or by electronic transfer to the bank account of the Central Bank.
3.Annual registration renewal feeThe prescribed annual registration renewal fee in terms of section 14(1)(c) of the Act is 5,000 Maloti—
(a)payable by each registrant annually for purposes of renewing registration as a credit bureau;
(b)must be paid to the Central Bank upon renewal of regis­tration or within 20 business days from receipt of notice from the Central Bank for payment of the annual regis­tration fee for registration already renewed; and
(c)must be paid by cheque made out to the Central Bank or by electronic transfer to the bank account of the Central Bank.

Guidelines (Regulation 8(1))

Guideline CB1

Guidelines for Annual Compliance Reporting

Guideline and Explanatory Notes for the Certification of Annual Compliance Report

Guide for Independent Auditors of Credit Bureau

Summary

Guideline in respect of the certification of annual compliance report

This document constitutes guidelines issued by the Central Bank of Lesotho, in terms of Regulations issued in terms of the Credit Reporting Act, 2011.This guideline is intended for independent auditors of the registered credit bureaus who by regulation are required to submit an annual compliance report which is certified by their independent auditors. This document provides guidance and explanatory notes pertaining to the certification of an annual compliance report, which must be submitted to the Central Bank of Lesotho on an annual basis.
1.Definitions"Act" - Credit Reporting Act, 2011"CBL" - Central Bank of Lesotho"Credit record" - Any consumer record with one or more account, pay­ment profile entry, adverse record judgment, or default. With the ex­clusion of any enquiries."Credit report" - (direct to consumer) Report issued to consumer with or without charge which contains credit information."Data supplier" - Any party who supplies credit information to a credit bureau, irrespective of whether there is a written contractual relation­ship between the party and the credit bureau. Examples: credit providers, service providers, judgement information providers, information on-sellers etc."Deemed valid dispute" - Where a change or correction on a credit record is required due to the prescribed investigation period that has lapsed."Dispute" - Where investigation is required and feedback is expected."ID fraud" - Identity fraud is a synonym for unlawful identity change. It indicates an unlawful and intentional misrepresentation by using the identity of another person or of a non-existing person as a target or principal tool. Identity fraud can occur without identity theft, as in the case where the fraudster has been given someone's identity information for other reasons but uses it to commit fraud, or when the person whose identity is being used is colluding with the person who is committing the fraud."Information" - Credit information as defined in the Credit Reporting Act, 2011."Juristic person" - Includes a partnership, association or other body of persons, corporate or unincorporated, or a trust if (a) there are three or more individual trustees; or (b) the trustee is itself a juristic person."Regulations" - Credit Bureau Regulations in terms of the Credit Re­porting Act, 2011."Service provider" - An entity that provides services to consumers or other entities. Such as a medical practitioner, a telecommunication serv­ice provider etc."The Act" - The Credit Reporting Act, 2011."Valid dispute" - Where a change or correction on a credit record is required after investigation.Where a definition, within these guidelines does not coincide with that of the Act, in all instances the definition in the Act will supersede and take precedence over any definition provided within these guidelines.
2.IntroductionThis guideline applies to independent auditors of credit bureaus who have registered with the CBL. The guidance and explanatory notes have been compiled by the CBL to provide assistance to those responsible for certifying the Annual Compliance Report.This document provides guidelines on the annual compliance report that must be certified by an independent auditor for submission to the CBL.
3.General
3.1.Submission timeThe annual compliance report must be submitted by the credit bureau to the CBL by the 15th March each year for the period 1 January to 31 December of the previous year.
3.2.Submission procedure and addressThe signed annual compliance report must be submitted in duplicate, with only one being signed as the original, together with an electronic version of the completed return. The signed copy and duplicate must be sent to:The Central Bank of LesothoCnr Moshoeshoe & Airport RoadsMaseru 100LesothoE-mail: ____________________
If applicable, a nil return may be submitted in accordance with the above guide­lines and procedures.
4.Company details
Name of registered entity: registered name.
CBL Registration Number: unique registration number that is allocated to each credit bureau at registration by the CBL.
Name of contact: is the person who completed/compiled the compliance report.
Telephone and e-mail contact: telephone and e-mail contact details of the person who completed/compiled the annual compliance report.
Year covered in return: the starting and ending dates pertaining to the relevant reporting period.
5.Company profile (only update if applicable)
5.1.Material changes to companyAny changes in ownership or directors; acquisition or disposal of major assets; relocation of business premises; etc.
6.Data integrity
6.1.Key measures to verify the data accuracy
(a)Obtain copy of policies and procedures in respect of any data received from any party, irrespective of whether there is an existing contractual relationship between the party and credit bureau, implemented by a credit bureau to—
(i)validate and verify the data accuracy before loading onto its database and sending off to other parties, such as consumers, subscribers etc.;
(ii)validate and verify the data accuracy to avoid re-loading or overriding previously rejected, removed or amended data;
(iii)communicate with the suppliers whose data was rejected due to inaccuracy; or who have not been submitting data;
(iv)monitor turnaround time for data correction and reloading previously rejected data etc.;
(v)observe and interview the staff members who execute the tasks; and report on such findings.
6.2.Display periods in terms of the Credit Information Reporting Standards set out in Schedule B to the RegulationsIn terms of assessing compliance the auditors are required to—
(a)obtain copies of policies and procedures of full process flows and functions in each process, including operational resources and systems, which have been implemented by the credit bureau to ensure compliance with the prescribed display periods;
(b)observe and interview the staff members who execute the tasks; and report on such findings;
(c)sample on the basis of 5% of population or 100,000 records of each category of display periods, whichever is the lesser, and automate tests;
(d)on the basis of a sample, indicate the extent to which credit information records, held by credit bureau, comply with prescribed display periods;
(e)obtain a list of all disputes lodged in the last 3 months of commencing the audit, and report on—
(i)the percentage of disputes related to data display periods;
(ii)the percentage of valid disputes related to data display periods; and
(iii)provide reasons and explanations for non-compliance with data display periods.
6.3.Non-displayable data in terms of the Credit Information Reporting Standards set out in Schedule B to the RegulationsIn assessing compliance, the auditors are required to—
(a)obtain a list of fields displayed on the database;
(b)compare the list of fields with that of the fields held on credit bureau databases; and report on the deviations if any.
6.4.Investigation of requests to correct information
(a)obtain copies of policies and procedures of full process flows and functions in each process, including operational resources and systems, which have been implemented by the credit bureau for the investigation of requests for correction of information by natural and juristic persons;
(b)observe and interview the staff members who execute the tasks, and report on such findings.
6.4.1.Incorrect information is not repeatedly reflected on credit bureau
(a)obtain copies of policies and procedures of full process flows and functions in each process, including operational resources and systems, which are implemented by the credit bureau to ensure that information which was previously rejected, removed or amended is not repeatedly reflected on the credit bureau database;
(b)observe and interview the staff members who execute the tasks; and
(c)report on such findings.
6.5.Combating or preventing ID fraud
(a)obtain copies of policies and procedures of full process flows and functions in each process, including operational resources and systems, which have been implemented by credit bureau to ensure that consumer records and information held on the credit bureau database are not unlawfully accessed by any other consumer or third party for possible fraudulent and/or other illegal activities; and
(b)observe and interview the staff members who execute the tasks; and report on such findings.
6.6.Data security and confidentiality
(a)obtain copies of policies and procedures of full process flows and functions in each process, including operational resources and systems, which have been implemented by the credit bureau for keeping data, in any form and any source, confidential;
(b)observe and interview the staff members who execute the tasks; and
(c)report on such findings.
7.Dispute resolution
7.1.Disputes in respect of credit recordsAgree the numbers with relevant supporting documents.
7.2.Valid disputes in respect to judgmentsAgree the numbers with relevant supporting documents.
7.3.Valid disputes where a particular credit agreement was reflected to the incorrect natural or juristic personAgree the numbers with relevant supporting documents.
7.4.Valid disputes where the credit report was reflected to the incorrect natural or juristic personAgree the numbers with relevant supporting documents.
7.5.Valid disputes where the amount reported in respect to a judgment was incorrectAgree the numbers with relevant supporting documents.
7.6.Valid disputes about information that must be erasedAgree the numbers with relevant supporting documents.
7.7.Valid disputes about other instancesAgree the numbers with relevant supporting documents.
8.Non-compliance
8.1.Problems and reasons of non-complianceAgree that the problems and reasons of non-compliance are reported accurately.
8.2ResolutionsAgree that corrective action plans are in place and have been agreed to at senior management level.
9.Confidentiality of information
9.1.Enquiries done for prescribed purposesProvide and illustrate full process flows and functions in each process, includ­ing operational resources and systems, which have been implemented by the credit bureau to ensure that credit information is being used for the prescribed purpose and that consumer consent, where applicable, has been obtained prior to accessing/releasing credit information.
10.DeclarationThis section confirms that the person who is authorised to sign off the Annual Compliance Report as an accurate reflection and truthful account of the content disclosed to the CBL, is so duly authorised.Guideline 2: Credit Bureau Quarterly Reporting

Guideline CB2

Guideline and explanatory notes for quarterly synoptic reporting

Definitions;For the purposes of regulation 12 of these regulations requiring the submission of a quarterly synoptic report by a registered credit bureau, the following words, and phrases shall bear the meanings as set out below:"accounts in good standing" means accounts that are current or 1 to 2 months in arrears;"accounts with impaired record" means accounts that are 3 or more months in arrears, or accounts that have adverse listings, judgments, sequestration order, liquidation order, rehabilitation order, or administration orders;"a consumer in good standing" means a consumer who may be a natural or a juristic person with all accounts in good standing;"a consumer with an impaired records" means a consumer who may be a natural or juristic person, with one or more accounts with an impaired record."consumer" shall mean a natural or juristic person, who is the recipient of a credit product."credit product" shall mean a mortgage; vehicle and asset finance; unsecured credit loans; credit facilities; and telecommunications services billed in arrears."credit facility" shall mean the extension of credit as defined in the Act, and where the credit provider defers the obligation to pay for any part of the goods or services or any part of an amount extended; or bills periodically for any part of goods or services or any part of an amount extended; and a charge, fee or interest is payable to the credit provider in respect of an amount deferred or billed periodically and not paid within the time provided in the agreement."juristic person" means a juristic person as defined in the Act with annual turnover less than five million maloti."mortgage" shall mean a pledge of immovable property that serves as security for a mortgage agreement."outstanding book debt per credit product" shall mean the total outstanding principal debt per credit product."unsecured credit loan" shall mean the payment of a monetary amount, within the definition of the phrase "extension of credit" in the Act, and the deferment of the repayment of such monetary amount, which debt is not supported by any pledge, or other right in property or suretyship or any other form of security."vehicle and asset finance" shall mean the extension of credit for purposes of facilitating the purchase of a vehicle or other asset.

Credit Information Reporting Standards

Standards for the filing, maintenance, retention, display and reporting of credit information

1.Display periods for credit informationCredit information as per the following Table may be displayed and used for the purposes of credit assessment for a maximum period as indicated:
Categories of credit information Description Period for which information must be retained from date of commencement of the event
1. Details and results of disputes/requests lodged by consumers Number and nature of complaints lodged and whether complaint was rejected.No information may be displayed on complaints that were upheld. 18 months
2. Enquiries Number of enquiries made on a consumer's record, including the name of the entity / person who made the enquiry and a contact person if available 2 years
3. Payment Profile Factual information pertaining to the Payment profile of the consumer 5 years
4. Adverse Information consumer behaviour Qualitative information on consumer behaviour 1 years
5. Adverse Information enforcement action Classification related to enforcement action by a credit provider 2 years
5. Civil court judgments Civil court judgments for debt including default judgments The earlier of 5 years or until the judgment is rescinded by a court.
7. Administration Orders As per the court order The earlier of 10 years or until order is rescinded by a court
8. Sequestrations As per the court order The earlier of 10 years or until rehabilitation order is granted
9. Liquidations As per the court order Unlimited period
10. Rehabilitation Orders As per the court order 5 years
(1)The date of commencement of the event is the date on which the relevant order was given or the date on which the conduct occurred which resulted in the listing;
(2)Adverse classifications of consumer behaviour are subjective classifications of consumer behaviour, and include classifications such as "delinquent", "slow payer", "default", "absconded", "not contactable";
(3)Adverse classifications of enforcement action are classifications related to enforcement action taken by the credit provider, including classifications such as "handed over for collection or legal recovery", "legal action" or "write off’;
(4)Payment profile refers to the consumer’s payment history in respect of a particular transaction.
(5)Any information not included in any category above may be displayed and used for purposes of credit assessment for a maximum period of two years.
(6)Upon receiving a court order rescinding any judgment, a credit bureau must first verify the authenticity of such court order prior to removing the judgment from display in terms.
2.Maintenance of credit information by credit bureaux
(1)Records of credit information must be maintained in accordance with the following standards—
(a)identified by the consumer’s identity number or passport number, or where no identity number or passport number is available for a particular person, any other reasonable method to identify the record;
(b)collected, processed and distributed in a manner that ensures that the records remain confidential and secure;
(c)protected against accidental, unlawful destruction and unlawful intrusion;
(d)protected against loss or wrongful alteration, and
(e)protected against unauthorised disclosure or access by any unauthorised person.
(2)The credit bureau must take all reasonable steps to ensure that all records are kept up to date.
(3)Credit information relating to the following subjects may not be contained on the records of the credit bureau:
(a)race;
(b)political affiliation;
(c)medical status or history;
(d)religion or thought, belief or opinion;
(e)sexual orientation, except to the extent that such information is self-evident from the record of the consumer’s marital status and list of family members; and
(f)membership of a trade union, except to the extent that such information is self-evident from the record of the consumer’s employment information.
3.Right to access credit reports
(1)Registered credit bureau must provide consumers with credit reports on the following basis, one free credit report per annum and thereafter upon payment of the credit bureau's reasonable fee.
(2)The consumer request for a credit report must provide—
(i)full names, date of birth and identity number; or passport number and date of birth if no identity number is available;
(ii)If it is a personal request, the requestor should provide proof of full names, date of birth and identity number by providing a copy of the national identity document, if the identity document is unavailable, a copy of the passport and full birth certificate or a valid driver’s licence;
(iii)If a request is made on behalf of another person, there must be proof of the capacity of the requestor, and explicit written instructions by the person in respect of whom the request is being made, authorising the requestor to make the request on his behalf, which instructions must be verifiable. Whenever a request is made on behalf of another person, proof must be provided of both the requestor’s identity and the identity of the person on behalf of whom the request is being made.
(3)The requestor must be provided with the opportunity to indicate the method of delivery of the credit report from options made available by the credit bureau; and how the requestor would like to be informed of the decision on the request, by written reply, fax or e-mail.
(4)When a consumer requests a credit report, the report must disclose the same information that will be displayed to other parties when such report is displayed.
▲ To the top

History of this document

19 July 2013 this version
Commences.
Cited documents 1
  1. Credit Reporting Act, 2011
Documents citing this one 0