Regulation (NAP) - Central Credit Risk System

---

Banco Central de S.T.P N A P NORMA DE APLICAÇÃO PERMANENTE CÓDIGO RD 09 PROPONENTE (S) | ENTRADA EM VIGOR | DATA DE EMISSÃO | N.º DOC | FL DSB 01 / 01/2010 | 31 / 12 / 2009 | 22 / 2009 | 1/6 Vistos Dados de Revogação:

Subject: Central Credit Risk System Considering the provisions of Article 27 of the Financial Institutions Law, banks must observe the principles of security, selectivity, and liquidity when granting credit, as well as the instructions of the Central Bank; Given that it is the responsibility of the Central Bank to ensure the proper functioning and promote the development of the financial system, in accordance with Article 8(2) of its Organic Law; Noting the need to minimize credit risk in the economic system, due to the expansion of the banking sector, in order to protect depositors and prevent systemic risk; The Central Bank determines:

Article 1. Object

1. Banks authorized to operate in the country must report to the Central Bank of São Tomé and Príncipe (BC) the values of credit operations granted or authorized, on behalf of their clients, whether individuals or legal entities, whose amount as of the reference date is equal to or greater than Dbs 4,000,000.00 (four million dobras) or its equivalent in foreign currency, including guarantees benefiting said clients and guarantees or sureties assumed by clients with banks.
2. The information referred to shall be consolidated in the Central Credit Risk System (SCRC), managed by the Central Bank, and the procedures and clarifications provided in this Permanent Application Regulation.
3. The Central Bank is the authority responsible for administering the SCRC, which operates as a database with information provided by participating entities, in the format defined in paragraph 1 of this article.
4. Participating entities of the SCRC are: a) The Central Bank; and b) Banks authorized to operate in the country.
5. Information provided to the SCRC may only be used within national territory, unless otherwise determined by Law or cooperation agreement.

Banco Central de S.T.P N A P NORMA DE APLICAÇÃO PERMANENTE CÓDIGO RD 09 PROPONENTE (S) | ENTRADA EM VIGOR | DATA DE EMISSÃO | N.º DOC | FL DSB 01 / 01/2010 | 31 / 12 / 2009 | 22 / 2009 | 2/6 Vistos Dados de Revogação: Article 2. Responsibility for Information

1. The participating entities mentioned in Article 1 are solely responsible for the information provided to the system, including their respective additions, updates, or exclusions.
2. The information must be current and accurate.
3. It is the responsibility of bank management to take all necessary measures to ensure that submitted information is accurate and appropriate.
4. Whenever a participating entity identifies inaccuracies or errors in transmitted data, it must immediately notify the Central Bank, correct the information, and submit the updated data to the SCRC.
5. The Central Bank, upon verifying that submitted or processed information is inaccurate or inappropriate, shall request explanations from the bank regarding the reasons for the inaccuracies and take necessary measures to promptly correct incorrect data.

Banco Central de S.T.P N A P NORMA DE APLICAÇÃO PERMANENTE CÓDIGO RD 09 PROPONENTE (S) | ENTRADA EM VIGOR | DATA DE EMISSÃO | N.º DOC | FL 01/01/2010 | 31/12/2009 | 22 / 2009 | 3/6 Vistos Dados de Revogação: Article 3. Information Requirements

1. Each participating entity is obligated to report to the Central Bank, with the reference date being the last business day of each month, the following: I. Client identification, represented by the tax number for legal entities and, for individuals, by the individual's tax number plus the identity card number for residents, or passport number for non-residents; II. The amount of credit due, overdue credit, and credits written off as losses, on behalf of the client; III. The unused amount of credit granted to the client, including release installments, guaranteed accounts, and credit card limits; IV. The value of co-obligations assumed and guarantees provided to the client; V. The value of sureties or guarantees assumed by the client in favor of the entity; VI. The risk level of the client, for operations exceeding Dbs 4,000,000 (four million dobras).
2. Values shall be reported in the contracted currency and their equivalent in dobras, determined based on the purchase exchange rate calculated by the Central Bank for that date.
3. The participating entity shall not report: a) Client data whose credit and guarantee liabilities do not exceed Dbs 4,000,000 (four million dobras); b) Operations conducted with banks authorized to operate in the country; c) Operations conducted with the Central Bank; and d) Any amounts forgiven by the participating entity.

Banco Central de S.T.P N A P NORMA DE APLICAÇÃO PERMANENTE CÓDIGO RD 09 PROPONENTE (S) | ENTRADA EM VIGOR | DATA DE EMISSÃO | N.º DOC | FL 01/01/2010 | 31/12/2009 | 22 / 2009 | 4/6 Vistos Dados de Revogação: 4. Credits written off and not collected must be reported within five years, counted from the contract or operation maturity date, with records removed from the system after this period expires. 5. The risk level of each client must correspond to the risk classes established in a Central Bank regulatory instrument, respecting the following coding: CÓDIGO | CLASSE DE RISCO (RISK CLASS) 1 | Class I – Regular 2 | Class II – Under supervision 3 | Class III – Below standard 4 | Class IV – Doubtful 5 | Class V – Loss 6 | Class VI – Written off 6. If a single client presents operations classified at different risk levels, the information mentioned above shall indicate the highest risk classification.

Article 4. Communication and System Access

1. Participating institutions shall communicate with the system and request information through the medium established by the Central Bank.
2. In contingency situations, information may be submitted via physical electronic media, such as USB drives and CD-Rs, with the Central Bank responsible for processing immediate system updates.
3. The Central Bank will periodically provide each participating entity with a report of the credit beneficiaries' liabilities registered by that participant, for verification.
4. Participating institutions may query consolidated client information stored in the system, as well as reports pertaining to their own institution.
5. To preserve information confidentiality, participating entities may only query client information for clients who have requested credit in writing and provided specific authorization for this purpose.
6. Available information must be the most recent, incorporating any rectifications received after the monthly database update.

Banco Central de S.T.P N A P NORMA DE APLICAÇÃO PERMANENTE CÓDIGO RD 09 PROPONENTE (S) | ENTRADA EM VIGOR | DATA DE EMISSÃO | N.º DOC | FL DSB 01 / 01/2010 | 31 / 12 / 2009 | 22 / 2009 | 4/6 Vistos Dados de Revogação: Article 5. Access to Information by Credit Beneficiaries

1. Any client has the right to access information existing in the system regarding their own person and, if the information is incorrect, request necessary corrections from the bank.
2. The deadline for a participating entity to rectify data upon client request is 10 (ten) days, counted from the date of the request.
3. When a participating entity considers that data rectification is not warranted, it shall inform the client in writing, with a copy to the Central Bank – Central Credit Risk System, stating the reasons for refusing rectification.
4. If the Central Bank considers that the client is correct, it may order the participant to rectify the data included in the SCRC.

Article 6. Deadline for Information Submission

1. SCRC participating entities must submit updated information regarding their clients by the 10th (tenth) day following the reference month.
2. Information registered in the SCRC shall be stored electronically for a period of five years, after which it must be deleted.
3. Authorizations granted to an individual or legal entity to consult existing system data regarding that person shall remain valid for a period of two years, counted from the date of the last consultation presented by them.

Article 7. Accredited Persons

1. All SCRC participating entities must designate two staff members, from the credit and IT departments, to be responsible for the information provided, answer queries raised by the Central Bank, and ensure compliance with deadlines and information quality.
2. Each participating entity shall report to the Central Bank the names of the designated persons and their respective substitutes.
3. Changes in the names of responsible persons regarding the SCRC must be immediately communicated to the Central Bank.
4. The Central Bank shall reciprocally publish to participating entities the names of persons responsible for system management, both in IT and content aspects.

Banco Central de S.T.P N A P NORMA DE APLICAÇÃO PERMANENTE CÓDIGO RD 09 PROPONENTE (S) | ENTRADA EM VIGOR | DATA DE EMISSÃO | N.º DOC | FL 01/01/2010 | 31/12/2009 | 22 / 2009 | 5/6 Vistos Dados de Revogação: Article 8. Costs

1. Information provided by the Central Bank in delivering the services described in this NAP shall be subject to a commission, previously fixed and published, aimed at recovering costs incurred for the services provided.
2. The Central Bank and other participating entities are authorized to use information maintained in the SCRC.
3. Use of the system is also authorized for any other legally qualified person or by court order.
4. Access shall always be restricted to information submitted by the participating entity, except for the Central Bank, which may use consolidated information for credit risk assessment in the country and for financial system supervision purposes.

Article 9. Conditions of Use

1. Information and data contained in the SCRC are subject to banking secrecy and must be maintained securely and confidentially by authorized users.
2. The Central Bank shall only provide the credit report: a) To a participating entity, via an accredited person, as per Article 7, for the purpose of analyzing a credit application in which the person whose information is requested is a party to the operation, provided there is prior authorization from said person; b) To the client themselves, upon request to the Central Bank; c) In compliance with a legal obligation or court decision.
3. The SCRC may include information such as date of birth, parentage, or client address but shall not register or process personal data, such as racial or ethnic origin, political, religious, or other beliefs.
4. SCRC participants are prohibited from obtaining information contained therein for the purpose of offering credit and services or advertising credit prospectuses, if the person does not maintain a credit relationship with the participating entity.
5. Failure to comply with the preceding paragraph shall be considered a violation of this NAP and subject the participating entity to penalties.

Article 10. Obligations

1. Participating entities must, before approving any credit or credit-risk-related operation, consult the SCRC for information on interested persons, as established by this NAP.
2. It is the responsibility of entity management, through internal acts, to establish procedures for reporting to and obtaining information from the SCRC regarding any client of the entity, as established by this NAP, as well as procedures for correcting erroneous or inaccurate information and other procedures deemed necessary by the entities.
3. Participating entities are responsible for taking necessary measures to ensure the confidentiality of information contained in the SCRC and to protect it against unauthorized use.

Banco Central de S.T.P N A P NORMA DE APLICAÇÃO PERMANENTE CÓDIGO RD 09 PROPONENTE (S) | ENTRADA EM VIGOR | DATA DE EMISSÃO | N.º DOC | FL DSB 01 / 01/2010 | 31 / 12 / 2009 | 22 / 2009 | 6/6 Vistos Dados de Revogação: Article 11. Sanctions

1. Breach of banking secrecy regarding data contained in the SCRC, for those providing or using the information for their own benefit, is punishable under the Penal Code.
2. The following are considered violations of this NAP and subject to prevailing penalties: a) Failure to update the SCRC within established deadlines; b) Provision of incorrect information; c) Unauthorized or improper use of SCRC information; d) Breach of data confidentiality when unauthorized; e) Failure to meet the 10 (ten)-day deadline for rectifying a client's information or lack of justification for refusal, as per Article 5 of this NAP.

Article 12. Formats and Contents The Central Bank shall establish, in consensus with other participating entities, the procedures and formats for sending and exchanging information in the SCRC, as well as the content to be reported regarding each credit risk.

Article 13. Disclosure for Statistical Purposes The Central Bank may disclose consolidated information contained in the SCRC on a statistical basis, without specifying the information-providing entities or any of their clients.

Article 14. Entry into Force This NAP enters into force under legal terms, granting a period of 90 (ninety) days for participating entities to prepare information regarding all clients with credit risks, for proper registration in the SCRC.

Article 15. Revocation NAP 13/2005 of May 5, 2005 is hereby revoked.

Article 16. Entry into Force This regulation enters into force under legal terms.

Central Bank of São Tomé and Príncipe, December 31, 2009.-