BANK OF MADAGASCAR

001 INSTRUCTION NO. DDI/2016 RELATING TO THE RISK CENTRAL

The Governor of the Bank of Madagascar,

Having regard to Law No. 95-030 of February 22, 1996 on the activity and supervision of credit institutions, as amended (the Banking Law), Having regard to Law No. 2005-016 of September 29, 2005 on the activity and supervision of microfinance institutions, Having regard to Law No. 2014-038 of January 9, 2015 on the protection of personal data, Having regard to Law No. 2016-004 of July 29, 2016 establishing the statutes of the Central Bank of Madagascar, Having regard to Decree No. 2014-1684 of October 29, 2014 appointing the Governor of the Central Bank of Madagascar.

DECIDES:

Article 1: Purpose

This instruction governs the Risk Central, abbreviated as Rc, which comprises mechanisms established at the Bank of Madagascar to collect, centralize, process, and manage information on credits transmitted by Reporting Entities.

The Rc is a monitoring and risk assessment tool enabling:

• the Bank of Madagascar to obtain all credit-related information likely to inform monetary policy decisions;
• the Banking and Financial Supervision Commission (CSBF) to support its institutional role in monitoring systemic credit risk;
• and credit institutions to respond as broadly as possible to credit requests from clients and to know the overall indebtedness of their clients and related negative information.

The Rc is hosted and managed by the Bank of Madagascar.

Article 2: Scope

This instruction applies to credit institutions defined by the Banking Law, hereinafter referred to as "Reporting Entities".

It defines:

• the information to be reported by credit institutions,
• the procedures for their transmission to the Rc and subsequent processing,
• the obligations of Reporting Entities.

---

Article 3: Definitions

For the purposes of this instruction, the following terms are defined as:

• "Correspondents": The point of contact at the Bank of Madagascar within each Reporting Entity, authorized to manage risk information;
• "Reporting Entity(ies)": Credit institutions defined by the Banking Law, licensed as territorial or extra-territorial banks, financial establishments, specialized financial institutions, and microfinance institutions;
• "Credit Outstanding": The amount effectively made available to the borrower, net of related repayments and excluding accrued interest. It notably includes disbursed credits (including those granted from public or private allocated funds) and signature credits;
• "Zero Credit Outstanding": A credit that has been fully repaid;
• "Borrower" or "Counterparty" or "Third Party": A client of the credit institution, whether a legal or natural person, or a representative of a group, with whom the financial commitment is contracted;
• "Exchange Files": Computer files through which Reporting Entities record all information to be reported to the Rc;
• "Group": A group of natural persons jointly liable for the purpose of obtaining a credit from a microfinance institution;
• "Credit Information": The totality of credit risks, including loan volume, maturity, terms and conditions, repayments, guarantees, and all other financial commitments, which allow determining at any time the borrower's financial situation and exposure, as well as information concerning credit history, payment history (including borrowing or repayment capacity and behavior);
• "Negative Information": Information relating to payment defaults on loans, checks, and bills of exchange;
• "Credit Risks": Any banking commitment or credit granted by a credit institution to its clientele;
• "Security/Guarantees": Legal means granted to the creditor to ensure the fulfillment of prior obligations and to protect against the risk of debtor insolvency;
• "User": Reporting Entity, Bank of Madagascar, and the General Secretariat of the CSBF.

Article 4: Nature of Information to be Reported

4.1. Reporting Entities are required to communicate to the Rc credit outstandings as defined in Article 3, according to the credit nomenclature provided in Appendix 11 of this instruction, as well as all information regarding borrowers provided in the exchange files concerning third parties, risks, and security/guarantees.

In addition to the aforementioned information, microfinance institutions are required to provide their accounting statements in compliance with their periodic declarations, as well as information regarding borrowers provided in the exchange files concerning groups.

4.2. Borrowers whose credit outstandings become zero must be reported to the Rc in the reporting period following the date of the last repayment.

---

4.3. Any credit with an individualized counterparty must be reported regardless of the status of other accounts opened in the name of the borrower registered in the Rc.

No set-off between a credit account and a debit account is permitted, except for ordinary current accounts (debit and credit) opened in the name of the same client, subject to a balance set-off agreement.

4.4. Reporting Entities are required to communicate borrower identification as follows:

• Natural person: full name and forenames according to the order on the identity document, followed by the National Identity Card (CIN) number for nationals, or passport, residence card, or foreign identity card for foreigners;
• Legal person: the Tax Identification Number (NIF), which must serve as the common identification reference for all legal persons, the name including the full corporate name followed by the usual acronym, the Statistical Number, and the Registration Number in the National Register of Commerce and Companies (RNCS).

4.5. The use of "not elsewhere classified" (n.e.c.) or "other" designations must be exceptional. Reporting Entities must include the precise title of such information in the "Comments" field reserved for risk exchange files as provided in Article 4.1.

Article 5: Procedures for Reporting, Access, Rectification, and Consultation

5.1. Information transmission to the Rc is carried out via secure electronic means.

5.2. For any reporting or consultation, Rc access by a correspondent must be authenticated. The application procedures for security devices include:

• the grant by the Bank of Madagascar of an access code, characterized by an identifier and a password;
• authentication via the access code of the authorized correspondent entitled to access the Rc for reporting and consultation;
• the Reporting Entity's obligation to inform the Bank of Madagascar as soon as possible in case of change(s) to the correspondent(s);
• password customization and updates by the correspondent.

5.3. The access code is personal. Each user must take all necessary measures to preserve and secure it; the user is responsible for any unauthorized or improper use of this code.

5.4. Each Reporting Entity must submit a monthly report. The data in the sent file will be integrated when all are valid (complete and error-free information). If applicable, the entire file is rejected and returned to Reporting Entities with an error report. Partial data integration will not be permitted.

5.5. The Reporting Entity may perform rectifications during the reporting period defined in Article 6, in accordance with the user guide made available to it.

5.6. In case of correcting data for a closed period, or in case of late reporting beyond authorized periods, the Reporting Entity must submit a formal request to the Bank of Madagascar to reopen the concerned reporting period.

5.7. Data transmitted to the Rc are consultable in aggregate by other users.

---

Article 6: Periodicity and Reporting Cutoff

Reporting Entities submit their monthly risk reports indicating all elements stipulated in Article 4. The information to be reported is finalized on the last business day of the month. It must reach the Rc no later than the 20th of the following month.

If the 20th of the month is a holiday or non-business day, the reporting deadline is extended to the next following business day.

Beyond this date, system access is available only upon formal request to the Bank of Madagascar.

In case of late reporting, Reporting Entities are subject to the sanctions provided in Article 10 of this instruction.

Article 7: Quality of Information Communicated to the Rc

Reporting Entities will take all necessary measures within their information systems and internal controls to ensure reliable and regular reporting.

Reporting Entities are responsible for the accuracy, completeness, and consistency of information communicated to the Rc.

The same applies to the protection, retention, and transmission of data they receive from the Rc in accordance with the personal data protection law.

A formal written commitment from management (as defined in Article 23 of the Banking Law) to this effect must be provided to the Bank of Madagascar according to the model presented in Appendix 20.

When the Bank of Madagascar determines that information communicated and falling under Reporting Entities' responsibility is not accurate or complete, or is likely to distort users' opinions, Reporting Entities are subject to the sanctions provided in Article 10 of this instruction.

Article 8: Obligations of Reporting Entities

8.1. The Reporting Entity must inform the borrower of their rights and responsibilities, namely:

• at any time, the borrower through the Reporting Entity has the right to consult information concerning them, their credit history within said entity, and if applicable, to contest and have erroneous information corrected or removed;
• the borrower remains responsible for the accuracy of information they provide to the Reporting Entity and is subject to criminal and civil proceedings in case of inaccurate information;
• information directly concerning the borrower, explicitly mentioned or not in this instruction, is protected by confidentiality rules, professional secrecy, and personal data protection in accordance with prevailing law;
• the purpose and destination of information requested from them.

8.2. The Reporting Entity submits any rectification requests to the Bank of Madagascar accompanied by justification, according to the procedures stipulated in Articles 5.5 and 5.6 of this instruction.

8.3. The Reporting Entity is responsible to the Bank of Madagascar for the accuracy, completeness, and consistency of credit information it transmits.

8.4. The Reporting Entity is also required to consult the Rc before granting any type of credit (new loans, renewals) and must maintain consultation traceability in the loan file.

8.5. Consultation must be performed in accordance with the access conditions specified in paragraph 5.2 of this instruction.

---

8.6. All persons authorized to access and utilize Rc data are subject to professional secrecy, under penalty of sanctions provided by prevailing criminal legislation.

For any breach of these obligations, the Reporting Entity is subject to the sanctions provided in Article 10 of this instruction.

Article 9: Retention and Protection of Data

The retention period for centralized data and information from the Rc is five (5) years from the date of the last reported information. This period is during which information remains accessible and consultable by any user according to this instruction's provisions.

Information and data collected at the Rc must comply with personal data protection rules in accordance with prevailing legislation.

Article 10: Sanctions

Non-compliance with the provisions of this instruction is subject to one of the disciplinary sanctions provided in Article 49 of the Banking Law.

A Reporting Entity may be ordered to comply with the provisions of this instruction.

Failing to satisfy this order within 5 days, a penalty of 400,000 Ariary per day of delay will be applied, as provided in Article 52 of the Banking Law. Access to the Rc is suspended until payment of the penalty.

Without prejudice to the disciplinary sanctions provided in the first paragraph of this article, anyone acting on their own behalf or for third parties who knowingly communicates inaccurate data and information to the Rc is subject to the penalties stipulated in Article 83 of the Banking Law.

Article 11: Entry into Force

This instruction enters into force upon its notification to the Professional Association of Banks, the Professional Association of Microfinance Institutions, and Financial Establishments.

As an exception, sanctions related to late reporting apply to declarations made starting from April 2017.

Article 12: Final Provisions

This instruction repeals and replaces all prior contrary provisions, notably Instruction No. 002-DCR/09 of July 23, 2009 on risk reporting by microfinance institutions and Instruction No. 004-DCR/09 of October 1, 2009 on risk reporting by banks.

The appendices listed below form an integral part of this instruction.

The Bank of Madagascar and the Banking and Financial Supervision Commission are each responsible, within their respective competencies, for applying this instruction.

Antananarivo, November 24, 2016

THE GOVERNOR ALAIN H. RASOLOFONDRAIBE

---

List of Appendices

Appendix 1 – List and codification of third parties Appendices 2, 3, 14 to 17 – Codification of borrowers' location zones (municipality, country, district, city, region, and province) Appendix 4 – List and codification of borrowers by legal form Appendix 5 – List and codification of professions Appendices 6 to 10 – Nomenclature of activities (by section, division, group, class, and category) Appendix 11 – Credit nomenclature Appendix 12 – List and codification of currencies Appendix 13 – Codification of guarantee types Appendix 18 – Codification of reporting entities Appendix 19 – Glossary Appendix 20 – Model commitment letter