LogoRegulatory Alerts
2024-01-31

BCEAO Instruction 001-01-2024 on Payment Services in the West African Monetary Union

The Central Bank of West African States (BCEAO) issued Instruction 001-01-2024 to establish the conditions and procedures for providing payment services across UMOA member states. The regulation defines fifty key terms, outlines authorized and prohibited operations for payment institutions, banks, credit financial institutions, microfinance entities, and electronic money issuers, and mandates strict compliance regarding authentication, data segregation, outsourcing, and crisis management. It further specifies that payment service providers must maintain dedicated payment accounts, ensure strong authentication through multi-factor verification, and report major operational incidents affecting service continuity or security.

Banque Centrale des Etats de l'Afrique de l'Ouest logo

Senegal

Banque Centrale des Etats de l'Afrique de l'Ouest

Click to view thumbnail

The Governor INSTRUCTION NO. 001-01-2024 ON PAYMENT SERVICES IN THE WEST AFRICAN MONETARY UNION The Governor of the Central Bank of West African States (BCEAO), Having regard to the Treaty of the West African Monetary Union (UMOA) of 20 January 2007, particularly Article 34; Having regard to the Statutes of the Central Bank of West African States (BCEAO) annexed to the UMOA Treaty of 20 January 2007, particularly Articles 9, 21, 30 and 59; Having regard to the Uniform Act on banking regulation in the UMOA; Having regard to the Uniform Act on microfinance regulation in the UMOA; Having regard to the Uniform Act on combating money laundering, terrorist financing and proliferation of weapons of mass destruction in UMOA member states; Having regard to the Uniform Act on sanctions for offences concerning cheques, bank cards and other electronic payment instruments and procedures; Having regard to the Regulation on payment systems in UEMOA member states; Having regard to the Regulation on external financial relations of UEMOA member states, HEREBY DECIDES

TITLE I: GENERAL PROVISIONS CHAPTER I: OBJECT AND SCOPE Article 1: Object This Instruction sets out the conditions and procedures for providing payment services in the member states of the West African Monetary Union.

Avenue Abdoulaye FADIGA P.O. Box 3108 – Dakar - Senegal Tel. (221) 33 839 05 00 / Fax. (221) 33 823 93 35 courrier.bceao@bceao.int - www.bceao.int

Article 2: Scope This Instruction applies to the following entities:

  1. banks;
  2. credit financial institutions;
  3. payment institutions;
  4. microfinance institutions;
  5. electronic money institutions.

CHAPTER II: DEFINITIONS Article 3: Terminology For the purposes of this Instruction, the following terms shall mean:

  1. Payment transaction acquisition: a payment service provided by a payment service provider under contract with a payee to accept and process payment transactions, so that funds are transferred to the payee;

  2. Banking agent: a natural or legal person registered with the Central Bank, acting on behalf of one or more credit institutions, whose main activity consists in presenting, proposing or assisting in the conclusion of all or part of banking operations or carrying out preparatory work and advice for their implementation. It is authorized to carry out, as a profession, without assuming liability as principal (sans se porter ducroire), the intermediary activity covering one or more banking operations, within the limits of its mandate;

  3. Payment service agent: a natural or legal person registered with the Central Bank, acting on behalf of one or more payment service providers for the purpose of providing the payment service(s) for which it is mandated;

  4. Authentication: the procedure enabling a payment service provider to verify the identity of a payment service user or the validity of the use of a given payment instrument, including its personalized security devices;

  5. Strong authentication: a procedure aimed at strengthening the verification of the identity of a payment service user or the validity of the use of a given payment instrument, through the combination of at least two of the following three elements: (a) something only the payment service user knows, notably a password or secret code; (b) something the payment service user possesses, notably a mobile phone, smart card or dedicated device provided by its payment service provider; (c) something inherent to the payment service user, notably voice, face, fingerprint or any other biometric data;

  6. Home supervisory authority: the supervisor of the home country outside UMOA of the structure seeking approval as a payment institution;

  7. Bank: a bank within the meaning of the Banking Regulation Act;

  8. BCEAO or Central Bank: the Central Bank of West African States;

  9. Payee: the natural or legal person who is the recipient of funds that have been subject to a payment transaction;

  10. Beneficial owner: the natural person as described in the legislation on combating money laundering, terrorist financing and proliferation of weapons of mass destruction in UMOA member states;

  11. Segregation: a mechanism that allows the separation of funds belonging to the payment institution from those received from payment service users and other payment service providers for the execution of a payment transaction;

  12. Payment account: an account held by a payment institution in the name of one or more payment service users and used exclusively for the execution of payment transactions;

  13. UMOA Banking Commission or Banking Commission: the Banking Commission of the West African Monetary Union;

  14. Distributors: natural or legal persons defined by electronic money regulation;

  15. Sensitive payment data: data, including personalized security data and any other data likely to be used to commit fraud. Regarding the activities of payment initiation service providers and account aggregation services, the account holder's name and account number do not constitute sensitive payment data;

  16. Personalized security data: personalized data provided to a payment service user by the payment service provider for authentication purposes;

  17. Credit institutions: the collective body of banks and credit financial institutions;

  18. Electronic money institution: a legal person, other than a credit institution, payment institution, financial company or microfinance institution, which issues and distributes electronic money as a profession;

  19. Payment institution: a legal person, other than a credit institution, electronic money institution, financial company or microfinance institution, which provides payment services as a profession;

  20. Credit financial institution: a legal person other than a bank that carries out, as a profession, one or more banking operations in compliance with the conditions and limits defined by its approval;

  21. Account managing institutions: credit institutions, electronic money institutions and microfinance institutions authorized to hold customer accounts;

  22. Outsourcing: the process by which a payment service provider relocates, under the responsibility of a third party, infrastructure or systems or entrusts to them on a durable and habitual basis the provision of services or other operational tasks by subcontracting, mandate or delegation;

  23. Critical operational function: any function whose partial or total failure is likely to impair the payment service provider's ability to permanently comply with approval conditions or other regulatory obligations, the quality or continuity of its payment services, or to have negative repercussions on its financial performance;

  24. Force majeure: an external, unforeseeable and insurmountable event;

  25. Unique identifier: the combination of letters, numbers or symbols indicated to the payment service user by the payment service provider, which the payment service user must provide in order to enable the certain identification of another payment service user and/or their payment account for the payment transaction;

  26. Major operational incident: any event of an operational nature that leads to one of the following consequences: (a) an interruption of payment services for a duration exceeding four hours. The incident duration corresponds to the period between the moment the incident occurs and the moment normal activities/operations are restored; (b) at least 25% of the usual daily transaction volume of the payment service provider is affected by the incident; (c) at least 25% of the payment service users of the payment service provider are affected by the incident; (d) a breach of the security of networks or information systems, notably any malicious action that compromises the availability, authenticity, integrity or confidentiality of networks or information systems, including data, related to the provision of payment services; (e) the triggering by the payment service provider of its crisis management device or an equivalent mechanism; (f) a malfunction of financial market infrastructure and payment systems;

  27. Microfinance institution: an institution exercising the microfinance activity within the meaning of the Microfinance Regulation Act;

  28. Payment instrument: any personalized device or set of procedures agreed between the payment service user and the payment service provider, which enables the payment service user to initiate a payment order;

  29. Mandated intermediary: a banking agent or payment service agent;

  30. OHADA: the Organisation for the Harmonisation of Business Law in Africa;

  31. Banking operations: the reception of public funds, credit operations and the making available to customers or management of payment means;

  32. Payment transaction: the action of paying, transferring or withdrawing funds, independent of any underlying obligation between the payer and the payee. It is initiated by the payer, or on their behalf by a third party, or by the payee;

  33. Payment order: an instruction from a payer or payee to their payment service provider requesting the execution of a payment transaction;

  34. Governance bodies: the deliberative body and its specialized committees, where applicable, as well as the executive body;

  35. Deliberative body: the Board of Directors in public limited companies or the collegiate body in companies constituted under another form. It is invested with all powers to act at all times on behalf of the concerned institution, within the limits of its corporate purpose and powers reserved to the General Meeting;

  36. Executive body: the collective structures contributing to the day-to-day management of a payment institution and ensuring the effective application of the activity direction defined by the deliberative body. Considered as members of the executive body are the General Manager, Deputy General Managers, the Secretary General, Heads of control functions and all equivalent functions;

  37. Payer: a natural or legal person holding an account who authorizes a payment order from that account, or, in the absence of an account, a natural or legal person who gives a payment order;

  38. Payment service providers: the collective body of credit institutions, microfinance institutions, electronic money institutions and payment institutions;

  39. Account information service provider or account aggregator: a payment institution that exclusively provides, as a profession, an account information service;

  40. Payment initiation service provider: a payment institution that exclusively provides, as a profession, the payment initiation service;

  41. Data custody service: a service that allows storing payment-related data on a network, remote server or any other accessible support for the client;

  42. Account information or account aggregation service: a service that enables a payment service user to have, on a single interface, notably an internet site and/or mobile application, consolidated information concerning one or more of their accounts held with one or more payment service providers;

  43. Payment initiation service: a service consisting of initiating a payment order at the request of the payment service user concerning an account held with another payment service provider;

  44. Durable medium: any instrument enabling the payment service user to store information addressed personally to them in such a way that these information can be consulted subsequently for a period appropriate to their purpose and reproduced identically;

  45. Payment system: a financial market infrastructure dedicated to the transfer of funds by clearing and/or settlement on the basis of one or more payment instruments;

  46. Data processing: an operation or series of operations, carried out with or without automated means, applied to data;

  47. UEMOA: the West African Economic and Monetary Union;

  48. UMOA: the West African Monetary Union;

  49. Union: UEMOA or UMOA;

  50. Payment service user: a natural or legal person who uses a payment service as payer and/or payee.

TITLE II: AUTHORIZED AND FORBIDDEN OPERATIONS FOR PAYMENT SERVICE PROVIDERS CHAPTER I: AUTHORIZED OPERATIONS Article 4: Payment services The following services are considered payment services: i) cash deposit or withdrawal and account management operations; ii) the execution of the following payment transactions:

  1. single or standing transfers and direct debits;
  2. payment transactions carried out with a payment card or similar device; iii) fund transfer operations; iv) payment transactions carried out by any means of communication; v) the issuance of payment instruments; vi) the acquisition of payment transactions; vii) payment initiation services; viii) account aggregation or account information services.

Article 5: Authorized operations for payment institutions Payment institutions are authorized to provide exclusively, as a profession, one or more payment services referred to in Article 4, in compliance with the conditions and limits defined by their approval or registration. The payment services referred to in points i) to vi) of Article 4 are associated with a payment account opened by the payment service user with the payment institution. Payment institutions may carry out, in addition to providing one or more payment services, operational services and auxiliary services considered as ancillary to their activities. These include custody services as well as data recording and processing services. These services are provided subject to compliance with the specific authorizations and other legislative and regulatory provisions governing them.

Article 6: Authorized operations for other payment service providers Banks are authorized to provide the payment services referred to in points vii) and viii) of Article 4. Credit financial institutions, microfinance [institutions and electronic money institutions are authorized to provide the payment services referred to in points i) to vii) of Article 4.]

Share