Law No. 2017-045 Governing the Activity and Supervision of Credit Information Bureaus

---

REPUBLIC OF MADAGASCAR

Law No. 2017-045

Governing the Activity and Supervision of Credit Information Bureaus

STATE OF REASONS

Within the framework of improving and strengthening the financial system, the Central Bank of Madagascar has committed to enhancing credit data sharing infrastructure to foster financial inclusion and business climate development through modernization.

Thus, Madagascar must undertake reforms in credit granting procedures. The establishment of a Credit Information Bureau (CIB) constitutes a major step forward. CIBs, existing professionals worldwide with experience and infrastructure in processing credit-related data, effectively contribute to producing related services.

The CIB market is limited to a few dozen internationally prominent professionals.

The objective is to attract at least one of these foreign investors to Madagascar.

The CIB collects from financial institutions, public sources, and major billers (water, electricity, telecommunications companies, etc.), data on a client's credit or payment history. These information are subsequently processed and made available to lenders in the form of detailed solvency reports, enabling them to properly assess the borrower's repayment capacity.

From an economic perspective, the CIB contributes to improving the financing of economic agents at lower cost, due to its advantages for borrowers and lenders. It also strengthens the efficiency of credit activity supervision, particularly debt overhang prevention, and systemic risk management. In doing so, the CIB contributes to improving the country's international reputation and provides an assessment of the solidity of its financial system.

---

For lenders, it constitutes an effective tool for risk analysis, evaluation, and management that enables anticipating borrower debt overhang, making better decisions in the credit granting process, reducing information asymmetry, and increasing credit volume with improved portfolio quality.

For borrowing clients, it enables better access to credit with risk-based pricing, potentially leading to lower credit and guarantee costs, consideration of reputation, as well as improved service quality and relationships with financial institutions and other members.

The client thus has a document that concisely traces their payment habits, and can use it as a "reputation guarantee," gradually phasing out the traditional guarantees required by credit institutions.

This law also aims to regulate the sharing of credit information and CIB operations. It is based on key principles of reciprocity, confidentiality, and explicit prior consent of the concerned natural persons. The law accords notable importance to consumer rights protection, with a particular emphasis on the principles of access, rectification, and updating of personal information.

Law No. 2014-038 of January 9, 2015 on the protection of personal data is the general framework governing any automated processing of data related to a natural person. This law, which remains fully in force, provided for the establishment of the Malagasy Commission on Informatics and Liberties (CMIL), which is the authority responsible for supervising and controlling such a system on Malagasy territory.

However, given the specificity of credit-related data, on the one hand, and knowing that CIB services will serve as a decision-making basis for credit-providing institutions, on the other hand, the Central Bank of Madagascar (BFM), in its capacity as the Central Bank, is called upon to play its regulatory role and will consequently approve and supervise all actors related to CIB activities.

The text is thus composed of 66 articles distributed across 8 Titles:

TITLE I: GENERAL PROVISIONS TITLE II: ON THE ROLE OF THE CENTRAL BANK OF MADAGASCAR TITLE III: ON THE GRANTING AND WITHDRAWAL OF APPROVAL FOR A CIB TITLE IV: ON THE CONDITIONS FOR EXERCISING CIB ACTIVITIES TITLE V: ON CIB ACTIVITIES TITLE VI: ON CLIENT PROTECTION TITLE VII: ON SANCTIONS TITLE VIII: TRANSITIONAL AND FINAL PROVISIONS

Such is the object of this law.

---

REPUBLIC OF MADAGASCAR

PRESIDENCY OF THE REPUBLIC

---

Law No. 2017-045

Governing the Activity and Supervision of Credit Information Bureaus

The National Assembly and the Senate have adopted in their respective plenary sessions on November 30, 2017 and December 13, 2017,

THE PRESIDENT OF THE REPUBLIC,

• Having regard to the Constitution,
• Having regard to Decision No. 10-HCC/D3 of February 7, 2018 by the High Constitutional Court,

PROMULGATES THE LAW WHOSE TEXT FOLLOWS:

TITLE I GENERAL PROVISIONS

Article 1: Object

This law aims to establish the legal framework for the creation, operation, and supervision of Credit Information Bureau (CIB) activities on the territory of the Republic of Madagascar.

A CIB is understood as a legal entity established in the form of a joint-stock company and approved by the Central Bank of Madagascar (BFM), which:

• performs, as a regular activity, the collection and processing of information and data, compilation, organization, storage, dissemination, locking, erasure or destruction of data and other related information collected from public sources or received from Data Providers,
• processes all information and data to make available to Users solvency reports and other value-added services, in accordance with a specific agreement signed between the Client on one hand, and Data Providers on the other.

Article 2: Definitions

For the application of this law, the following terms are understood as:

Approval: Authorization granted, under this law, for exercising CIB activities.

Database: Collection of information collected, managed, interconnected and disseminated or otherwise processed by a CIB.

Client: The consumer or borrower, natural or legal person whose information has been or could be included in a CIB's Database, due to a contractual credit or service relationship with Data Providers established in Madagascar.

Code of Conduct: Binding document formalizing the principles and behavioral standards for CIB activities and operations.

Consent: Written expression of the explicit will of the Client, a natural person, to authorize Data Providers to share information concerning them, including personal data, with Users and the CIB, and to consult their credit history, solvency information, and value-added services with the CIB.

Public Data: Data appearing in registers, archives, lists, or all other data collected, preserved, processed and held by a public or parastatal body, whose public nature and permanent accessibility to the public are guaranteed by law.

Personal Data: Any information, regardless of its nature and medium, relating to an identified or identifiable natural person, directly or indirectly by reference to a name, identification number, or one or more elements specific to them. These elements are notably physical, physiological, psychological, financial, economic, cultural or social.

Sensitive Data: Personal data revealing racial origin, biometric data, genetic data, political opinions, religious or other beliefs, trade union membership, and those relating to health or sexual orientation of persons.

Supervised Entities: Credit institutions defined by the law on the activity and supervision of credit institutions.

Unsupervised Entities: commercial enterprises, retailers, public service companies, entities whose activities include granting credit or offering deferred payment options, collection agencies or similar agencies, not supervised by BFM or CSBF.

Data Providers: Suppliers of goods or services identified by BFM as likely to communicate to the CIB information related to the credit or payment history of a natural or legal person, such as credit institutions and other financial institutions or similar bodies, fixed and mobile telecommunications operators, public establishments, water, gas and electricity supply companies, as well as all other private or public institutions approved by BFM. The list of Data Providers is fixed by a BFM instruction.

Credit Information(s): Information including personal data and concerning, in particular, credit history, payment history of a natural or legal person, public or parastatal, solvency, borrowing or repayment capacity, all credit risks, loan volume, maturity, terms and conditions, repayments, guarantees and other commitments, financial or service or payment data not necessarily linked to a loan, which allow assessing at any time the financial situation, exposure to financial risks, and probability of payment performance of any concerned natural or legal person.

Persons Related to a Data Provider or User: Any natural or legal person having with the Data Provider or User at least one of the following qualities or relationships:

1. an administrator or executive;
2. any shareholder holding, directly or indirectly, a share equal to or greater than five percent (5%) of voting rights;
3. a company in which they hold, directly or indirectly, at least twenty-five percent (25%) of voting rights;
4. a company in which the persons referred to in points 1° and 2° are executives, administrators or hold, directly or indirectly, at least twenty-five percent (25%) of voting rights;
5. a spouse, a direct line relative or an ally up to the first degree of any of the persons referred to in points 1° and 2°, as well as companies in which they are executives, administrators or hold, directly or indirectly, at least twenty-five percent (25%) of voting rights;
6. a company that, alone or with others, the Data Provider or User directly or indirectly controls;
7. a company controlled directly or indirectly by a person or entity controlling the Data Provider or User;
8. any other category of persons deemed related to the Data Provider or User by BFM.

Solvency Report: Communication of credit information made by a CIB, on written or electronic support or any other manner, concerning the client's credit history or payment record of commitments as well as other relevant data collected by the CIB to determine the client's eligibility or credit history, repayment capacity for loans, or payment of financial commitments.

Scoring or Credit Scoring: Statistical methodology developed from information collected by a CIB, which allows evaluating the solvency or risk profile of a credit applicant.

Value-Added Services: Services developed by a CIB, related to or derived from any computer processing or statistical analysis, or consolidation of information provided by Users, Data Providers, or other duly authorized sources based on software or otherwise.

Information Processing: Operation or set of operations and/or technical procedures, automated or not, electronic or manual, which allow collecting, compiling, organizing, storing, analyzing, elaborating, selecting, extracting, comparing, sharing, transmitting, correcting or erasing information contained in a Database.

User: Credit institution, service companies, or other Data Providers having the right to access a CIB's Information Database under a contract with the CIB, in order to obtain Solvency Reports and all other services provided by a CIB, in accordance with the provisions of this law.

Article 3: Scope of Application

This law applies to CIBs, Data Providers and Users exercising their activities on the territory of the Republic of Madagascar as well as to their respective Clients.

---

TITLE II. ON THE ROLE OF THE CENTRAL BANK OF MADAGASCAR

Article 4: Regulatory and Supervisory Authority

BFM is the regulatory and supervisory authority for CIB activities.

In this capacity, BFM controls the proper application by CIBs, Supervised Entities and Unsupervised Entities of this law, regulatory texts or instructions issued for its application.

The Banking and Financial Supervision Commission, in coordination with BFM, is authorized within the framework of its controls resulting from the law on the activity and supervision of credit institutions to verify the proper application of the law by credit institutions.

Article 5: Regulatory and Supervisory Mission

As regulatory and supervisory authority, BFM is authorized to:

• examine any Approval application for exercising CIB activity;
• grant Approval to CIBs;
• develop management standards and those related to all credit information services governed by this law;
• control exercise conditions, appropriate conduct rules and acceptable practices regarding credit information;
• ensure that CIBs, Data Providers, and Users implement advanced security procedures to protect their systems and databases and apply international standards and best practices ensuring confidentiality, protection and preservation of all Client data and rights;
• impose disciplinary sanctions and coercive measures provided by this law against a CIB or Data Provider in case of violation of the provisions of this law or all regulatory texts issued for its application;
• approve the Code of Conduct established by CIBs and ensure its application;
• issue all implementation instructions for this law;
• establish rules regarding Approval applications;
• establish the list of Data Providers.

BFM's liability cannot be engaged for Information or fact disclosures made in execution of its regulatory and supervisory mission under this law.

Article 6: Control Procedures

In exercising its mission, BFM conducts off-site and/or on-site controls.

To this end, BFM has:

• Access to complete databases, books, registers, contracts, meeting minutes and any other document in the possession or under the control of an administrator, executive or employee of any CIB.
• The right to require any administrator, director, employee, auditor of a CIB to provide information or produce books, registers or documents in their possession or under their control, including the power for BFM to fix by instruction the content and periodicity of reporting.

The control by BFM for compliance with this law, regulatory texts or instructions issued for its application may, as necessary, extend to any structure managing, storing, preserving, safeguarding, providing or using data or Credit Information. Neither Data Providers nor Users nor CIBs may oppose controls carried out by BFM, by any other duly mandated audit institution or by any duly authorized supervisory authority under the prevailing law.

Data Providers may not invoke professional secrecy against BFM in the performance of its regulatory and supervisory missions for CIB activities.

Article 7: Cooperation Agreement

BFM may conclude, within the framework of this law's application, a cooperation agreement with other regulatory authorities, other public administrations or national or foreign bodies responsible for investigation.

Furthermore, BFM's control of a Data Provider under this law, when the latter is subject to a regulatory authority as applicable, is exercised in coordination with the latter without prejudice to specific provisions applicable to said Data Provider.

TITLE III ON THE GRANTING AND WITHDRAWAL OF APPROVAL FOR A CIB

Article 8: Approval

No one may exercise the activity of a CIB without having previously been approved by BFM.

It is prohibited to any entity other than a CIB to use a corporate name and trade name, advertising or in general all mentions or expressions making it appear that it is approved as a CIB or tending to create confusion on this subject.

Article 9: Application and Procedures for Approval

The Approval application is submitted in writing by the applicant, a legal entity, to BFM.

BFM will communicate a written response to any Approval application within ninety (90) calendar days from the date of submission.

A BFM instruction fixes the constituent elements of the Approval application file.

Article 10: Supplementary Information

BFM is authorized to collect any supplementary information deemed useful for processing the application.

The ninety (90) calendar day period provided in Article 9 above may be extended by BFM for an additional period not exceeding thirty (30) days from the submission of the completed file by the applicant.

Any refusal of Approval by BFM must be duly motivated and notified to the applicant.

Article 11: Prohibition of Assignment or Transfer of Approval

An applicant who has obtained BFM's Approval is authorized to exercise its activity throughout the territory of the Republic of Madagascar.

The Approval may not be subject to assignment or transfer, in any form whatsoever, except in cases subject to BFM's approval provided for in the first paragraph of Article 19 of this law.

Article 12: Suspension and Withdrawal of Approval

The suspension or withdrawal of Approval for a CIB is pronounced by BFM either:

1. at the request of the concerned CIB, subject to a twelve (12) month notice period;
2. ex officio when:

• the CIB voluntarily ceases its activities for a period of one (1) month;
• the CIB seriously or repeatedly fails to comply with its governing regulations;
• the CIB adopts behavior contrary to the Code of Conduct;
• the conditions to which Approval is subject are no longer met;
• the CIB is declared in judicial reorganization or judicial liquidation under the law on collective debt clearance procedures;
• the information transmitted to BFM supporting the Approval application has proven false or misleading;
• the CIB has not begun developing the credit information system necessary for carrying out its activities within six (6) months from the date of first publication in the Official Gazette and on BFM's website;
• the CIB has transferred its registered office outside the Republic of Madagascar, including following any merger by absorption or contribution to a new company.

3. As a sanction, under the provisions of Article 53 of this law.

In all cases, a prior notification to the suspension or withdrawal decision must be addressed by BFM to the concerned CIB by any means leaving a written record of receipt within a minimum period of one (1) month before the decision takes effect.

The notification clearly indicates the reasons for suspension or withdrawal, and BFM gives the CIB the opportunity to submit its observations within fifteen (15) days from receipt of the prior notification.

Article 13: Cessation of Activities

The CIB whose Approval has been suspended or withdrawn must cease its activities within the periods fixed by the withdrawal or suspension decision.

The CIB must take all necessary measures to transfer its entire Database to BFM as well as any electronic backup copy. The procedures for this transfer are fixed by BFM instruction.

Article 14: Prohibition to Exercise

The CIB, in case of withdrawal of Approval, may no longer exercise directly or indirectly the activities referred to in Article 28 below, subject to sanctions provided by this law.

The withdrawal of Approval for the CIB automatically extends to the CIB's offices and branches established on the territory of the Republic of Madagascar.

Article 15: Restoration of Approval

BFM may restore the Approval of a suspended CIB when the reasons for suspension have been regularized.

Article 16: Publication

BFM publishes the decisions granting, suspending, withdrawing and restoring the suspended Approval of a CIB in the Official Gazette as well as on its website.

The Approval takes effect the day following the date of first publication in the Official Gazette or on BFM's website.

BFM also communicates the withdrawal decision to Data Providers and Users.

The withdrawal decision may be subject to an appeal before the Council of State under common law conditions.

TITLE IV ON THE CONDITIONS FOR EXERCISING CIB ACTIVITIES

CHAPTER I ON CONDITIONS RELATED TO COMPANIES

Article 17: Legal Form, Social Capital and Guarantee Deposit of CIBs

CIBs are established in the form of a joint-stock company with fixed capital. They must have their registered office in Madagascar and their shares must be in registered form.

Every CIB must have a social capital of a minimum amount defined by BFM instruction, which must be fully paid up on the date of Approval.

A guarantee deposit, whose amount and procedures are fixed by BFM instruction, must be established with BFM before any grant of Approval.

Article 18: Participation Threshold

Data Providers or Users or Related Persons are authorized to acquire shares in a CIB up to five percent (5%) of the social capital, individually, and forty-nine percent (49%) collectively.

Article 19: [Text continues...]