LogoRegulatory Alerts
2019-03-01

Instruction No. 1/GR/2019 on the Regulation of Participation in the Credit Information Exchange System

The Central Bank of Mauritania issued Instruction No. 1/GR/2019 to establish the regulatory framework for financial actors' participation in the Credit Information Exchange System. The instruction mandates that credit institutions collect prior written consent, submit and share client credit data with the Credit Information Bureau (BICR), and ensure accurate, confidential handling of sensitive personal information. It further defines consumer rights, establishes strict timelines for data correction and dispute resolution, and grants the Central Bank supervisory and disciplinary powers to enforce compliance and technical security standards.

Banque Centrale de Mauritanie logo

Mauritania

Banque Centrale de Mauritanie

Click to view thumbnail

Islamic Republic of Mauritania The Governor CENTRAL BANK OF MAURITANIA Nouakchott, on [Date]

  • 222 45 25 22 06
  • 222 45 25 28 88
  • 222 45 25 27 59 info@bcm.mr www.bcm.mr BP623 Nouakchott Mauritania Tel: + 222 45 25 22 06
  • 222 45 25 28 88 Fax: + 222 45 25 27 59 info@bcm.mr www.bcm.mr Instruction No. 1/GR/2019 on the Regulation of Participation in the Credit Information Exchange System The Governor of the Central Bank of Mauritania; Whereas Law No. 73.118 of May 30, 1973 establishes the BCM; Whereas Law No. 2018-034 of August 8, 2018 sets the statutes of the Central Bank of Mauritania; Whereas Law No. 2018-036bis of August 16, 2018 regulates credit institutions; Whereas Decree No. 003-2015 of January 9, 2015 appoints the Governor of the Central Bank of Mauritania; Whereas Resolution No. 155-CG-R6 of the General Council dated June 19, 2018; Whereas Service Note No. 11/GR/2019 of February 27, 2019 establishes the Credit Information Bureau; HEREBY DECIDES:

Article 1: Object This instruction aims to establish the regulatory framework for the participation of financial actors in the Credit Information Exchange System, pursuant to Article 141 of Law No. 2018-036bis of August 16, 2018 regulating credit institutions.

Chapter I: Definitions and General Rules Article 2: Definitions For the purposes of this instruction, the following terms shall apply: BICR, the Credit Information Bureau; data provider, financial actors subject to the supervision of the Central Bank that can directly provide information on credit or payment arrears of clients with large public or private enterprises to the database; data user, financial actors and BICR personnel who have access to information on client credits, including the credit report; client, any natural or legal person applying for credit from a credit institution; credit report, a document issued by the BICR providing information on a client's credit or deferred payment history and any other information useful for assessing credit risk; sensitive data, the data referred to in Law No. 2017-020 of July 22, 2017 on the protection of personal data.

Article 3: Client Information Based on the Credit Report If a client's credit application is refused, wholly or partly, based on information from the BICR credit report, the client must be notified of this event by the user who is required to provide them with a copy of the credit report. To ensure the authenticity, reliability, and compliance of database information, the BICR system identifies clients by any appropriate means.

Chapter II: Consumer Rights Article 4: Prior Information Obligation Data providers and users are required, before obtaining the client's consent, to provide them with all information regarding activities and elements of the credit report in accordance with the BICR internal regulations and the commitments of the parties.

Article 5: Prior Consent Obligation The client's prior consent is required for any collection, use, sharing, and dissemination of personal information or data, including credit information. To this end, the client's consent must be recorded as an integral part of the credit application or contract.

Article 6: Provisions Regarding Credit Information Personal information and data must be:

  1. collected honestly and lawfully, not arbitrarily;
  2. processed fairly and lawfully;
  3. adequate, relevant, and not excessive relative to the purposes for which they are collected and subsequently processed;
  4. accurate and up-to-date. Data providers and users must take appropriate measures to ensure that inaccurate, incomplete, ambiguous, expired data, or data whose collection, use, communication, or retention is prohibited, are deleted or rectified;
  5. retained in a form that allows identification of the concerned persons and preserves confidentiality and restricted access for any unauthorized third party;

Chapter III: Information Sharing and Participation in the Credit Information System Article 7: Responsibilities of the Parties All parties designated by this instruction are responsible for the personal information they have in their possession or under their custody.

Article 8: Credit Report Obligation Credit institutions must:

  1. submit a request to the SICR for a credit report prior to granting credit to any client, provided that prior, free, and written consent has been given by the concerned client;
  2. include the credit report in the file of each client applying for credit;
  3. share data on all credits within their portfolio.

Article 9: Prohibited Mentions Data providers, data users, and the SICR are prohibited from collecting, retaining, processing, or disseminating in a credit report, or in any other form, format, or medium, sensitive data as defined by Law No. 2017-020 of July 22, 2017 on the protection of personal data. Information provided to the SICR must in no case relate to balances and transactions of savings or checking accounts, except for unpaid checking accounts, deposits of any nature, other similar products, or the client's sensitive personal data. The SICR and users are strictly prohibited from providing or requesting any type of information or credit reports for marketing purposes or for purposes other than those provided by current regulations.

Article 10: Financial Actors' Participation in the Credit Information Exchange System Financial actors must:

  1. participate in the credit information exchange system under conditions defined by regulatory provisions;
  2. submit a request to the SICR to obtain a credit report under conditions defined by regulatory provisions.

Chapter IV: Content of the Credit Report Article 11: Credit Report Details Any credit report made available to an applicant must be drafted in a clear, complete, and accessible form. The report is transmitted within a period not exceeding seven (7) days from the SICR's receipt of the request. The credit history provided to the client must include a list of users who have accessed their data over the past six (6) months.

Article 12: Mandatory Details Every credit report must contain at least the following details included in the credit information exchange system:

  1. complete and detailed identification of the client;
  2. credits obtained in the past;
  3. amounts granted and paid;
  4. unpaid credits,

Article 13: Reasons for Issuing a Credit Report A credit report is issued exclusively for the following reasons:

  1. assessment of a client's solvency in the context of granting credit or recovering a claim;
  2. upon request by the client or requisition by the courts;
  3. risk management and banking supervision needs, or any other reason approved by the Central Bank;
  4. application of an international treaty, subject to reciprocity,

Article 14: Liability of Data Providers and Users Subject to personal data laws, data providers and users also incur civil and criminal liability in the following cases:

  1. collection of information from a client who has not given consent, subject to exceptions provided by current legislation, or in case of transmission of erroneous data on the client;
  2. unauthorized request for a credit report by the concerned person, and any illicit or abusive use of credit information.

Article 15: Technical Guarantees and Compliance The various system participants commit to respecting access protection and data confidentiality rules for the information and data they access. They are required to take all technical measures to ensure access security at their level. They commit to continuously monitoring technical security provisions to ensure compliance with the minimum standards set for system participants.

Article 16: Information Guarantee Data providers commit to verifying the authenticity, reliability, and compliance of information intended to feed the Credit Information Bureau database.

Chapter V: Management of Claims and Disputes Article 17: Information on the Referral Procedure The BICR must make available to the client detailed information on the referral procedure enabling access to their credit information, its correction, or its deletion.

Article 18: Claim Procedure If a client disputes information in a credit report, they may file a claim accompanied by documents proving the inaccuracy of the data with the BICR services. The claim may also be submitted through the data provider with whom the client holds an account or has a contract. Without prejudice to appeals to the Central Bank or any other competent authority, the client may petition the courts of general jurisdiction.

Article 19: Processing Period The BICR transmits the client's request to the data provider within five (5) days from the date of receipt. The data provider has fifteen (15) days from receiving the BICR's correspondence to confirm the accuracy of the data and correct it, if applicable. Exceptionally, the BICR may perform this correction upon request by the data provider. If there is a disagreement between the client and the data provider regarding information transmitted to the BICR to prove an error, and if the dispute is not resolved by agreement within thirty (30) days, the BICR must authorize the client to insert a message in the credit report, containing up to one hundred (100) words, explaining the reason for the dispute, until a final solution is reached.

Article 20: Obligation to Correct Errors If the data provider indicates that an error cited in the client's filed request is attributable to the BICR, the latter must correct it within ten (10) working days from receiving the data provider's notification.

Article 21: Appeal to the Central Bank If a client is unsatisfied with how their request was handled by the BICR, data provider, or data user, they may file a petition with the Central Bank, which rules within sixty (60) days from the date of referral. Without prejudice to appeals to the Central Bank or any other competent body, the client may petition the courts of general jurisdiction.

Chapter VI: Final Provisions and Sanctioning Powers Article 22: Security Verifications The BICR has the necessary prerogatives to drive and guide credit bureau activities in Mauritania. To this end, it holds all powers over system participants to ensure compliance with technical obligations, particularly security essential for the proper operation of the Credit Information Bureau. If necessary, it takes all useful measures to correct operational difficulties.

Article 23: Breach of Obligations When, due to either a lack of vigilance or negligence, a data provider or user fails to meet its obligations—such as failure to transmit data, late transmission, erroneous data, or lack of security measures—the BICR communicates observed violations to the Central Bank, which applies disciplinary measures provided by current legislative and regulatory texts.

Article 24: Control and Supervision Powers The Central Bank ensures and guarantees BICR activities. To this end, it holds control and supervision powers over all operations to ensure their compliance with security rules and user data protection. It takes any useful provision or measure for the implementation and management of credit information in Mauritania.

Article 25: Entry into Force This instruction takes effect from its date of signature. It repeals any prior contrary provisions. Abdel Aziz DAHI

Share