Credit Reporting System (CRS) Regulation

---

CRS Regulation Final (Website) (31-3-2017)-2.docx Union of Myanmar Central Bank of Myanmar Order No. 5/2017 1378 ME, Taungku Month, Waxing 4th Day (March 31, 2017)

In order to establish and operate a Credit Information Department and a Credit Information Reporting System, the Central Bank of Myanmar has been granted powers under Section 184 of the Financial Institutions Law. Accordingly, the following rules and regulations are hereby promulgated.

Chapter 1: Names and Definitions

Names

1. These rules shall be known as the Credit Information Reporting System Rules.

Definitions 2. The terms used in these rules shall carry the meanings assigned under the Financial Institutions Law. In addition, the following terms shall have the specified meanings: (a) "Credit Information" refers to information concerning individuals' economic and financial responsibilities, including guarantors of such individuals, records of past credit repayment, publicly disclosed information, and data enabling the assessment of creditworthiness. (b) "Credit Information Department" refers to the department defined under Section 2, Subsection (b) of the Financial Institutions Law. (c) "Registered Credit Bureau" refers to a bureau registered for the purpose of maintaining information on loans and individual credit data, tasked with supervising financial institutions. (d) "Credit Reporting Agencies (CRA)" refers to entities responsible for collecting, processing, and reusing credit information, including preparing credit reports and other related services. (e) "Credit Reporting Service Providers (CRSPs)" refers to entities established under the law, including commercial credit information reporting companies, private credit information departments, or registered credit bureaus, that operate credit reporting functions. (f) "Credit Information System (CRS)" refers to the system comprising entities, rules, regulations, technology, and information that facilitate the exchange of credit data among financial institutions for CRA operations. (g) "Licensed Credit Bureau" refers to a bureau licensed by the Central Bank to operate credit reporting functions, including commercial credit information reporting companies and private credit information departments. (h) "Credit Report" refers to reports issued by CRSPs, containing information on financial institution clients' credit, overdue amounts, and timely repayment records. (i) "Financial Institution Customer/Client" refers to any individual or legally established entity that has a loan agreement, outstanding credit balance, or other official financial transaction recorded in the CRS. (j) "Commercial Credit Company" refers to a company engaged in assessing credit risk, evaluating loan repayment capacity, or facilitating loan disbursement through various financial instruments. (k) "Objection" refers to a dispute or claim regarding the accuracy of information in a credit report, including changes to data. (l) "Information Providers" refer to: (1) banks and non-bank financial institutions; (2) other entities that submit credit data to a department; (3) third parties with agreements to access data for risk assessment; and (4) entities or individuals designated by the Central Bank. (m) "Consent" refers to the authorized permission granted by financial institution clients, documented in writing, for their credit data to be included in the CRS. (n) "Negative Information" refers to data concerning defaults, outstanding debts, failures, legal disputes, court judgments, and collateral held for overdue loans. (o) "Positive Information" refers to data concerning financial institution clients' compliance with agreements, including guarantees, collateral, repayment capacity, loan amounts, and remaining balances. (p) "Authorized Users" refer to individuals permitted to access processed data in a credit information department, including employees of information providers, CRSPs, and staff designated by the Central Bank.

Chapter 2: Central Bank's Roles and Powers regarding the Credit Information Reporting System 3. (a) The Central Bank may: (1) Formulate and implement credit information policies; (2) Issue, suspend, or cancel licenses for CRSPs; (3) Establish rules and conditions for licensed CRSPs; (4) Monitor compliance with Central Bank regulations, orders, guidelines, and operational procedures by CRS participants; (5) Ensure that CRA companies and credit information departments provide comprehensive services through appropriate methods; (6) Guide financial institutions to participate, and support non-financial institutions; (7) Advise CRS participants on policies, responsibilities, and operational procedures for risk assessment; (8) Impose administrative sanctions on CRS participants; (9) Supervise CRA operations. (b) The Central Bank shall establish necessary funding and mechanisms to effectively supervise and audit CRS participants. (c) The Central Bank may access credit data from CRSPs, information providers, or authorized users in real-time. (d) The Central Bank may issue additional guidelines for CRA shareholders upon application. (e) The Central Bank may amend its rules and conditions to ensure efficiency, reliability, and security in the CRS. (f) The Central Bank may allow new information providers to participate in the CRS upon verification of their active role. (g) Under Subsection (f), the Central Bank or other supervisory authorities may issue additional guidelines for new participants. (h) The Central Bank shall designate specific notices and formats for CRA operations, including client rights and data processing. (i) The Central Bank may access data from CRA companies and commercial credit reporting companies free of charge for supervisory, operational, and accounting purposes. (j) The Central Bank may access data from any CRS to maintain efficiency, reliability, and security. (k) Under Subsections (b) and (g), the Central Bank may access data for supervisory, auditing, and operational purposes. (l) The Central Bank may adjust the initial capital requirement for establishing a CRA over time.

Chapter 3: Licensing of Credit Reporting Service Providers

Application for License 4. (a) Applicants must contribute an initial capital of at least 3,000 million Myanmar Kyat. (b) Applicants must submit the following documents to the Central Bank: (1) Company registration certificate, articles of association, and establishment documents; (2) Main office location and branch offices for commercial operations; (3) Audited financial statements, balance sheets, shareholder lists, capital amounts, and operational details; (4) Approved initial capital and paid-up amount; (5) Key personnel qualifications and experience; (6) Board of directors' composition, appointment procedures, and organizational structure; (7) Three-year business plan, IT systems, internal operational procedures, and operational manuals; (8) Central Bank's verification of clean financial records and experienced personnel; (9) Contingency plans for continuous operation and data recovery; (10) Approved financial reserves; (11) Agreements with information providers and authorized users for system operation; (12) Letter of Intent to submit data to the CRS. (c) Foreign entities must additionally provide: (1) Credit rating report from an approved international agency; (2) Confirmation from the home country's supervisory authority regarding licensing and director qualifications; (3) Capital adequacy and paid-up capital status in the home country and globally. (d) The Central Bank may request additional supporting documents upon application.

Issuance of License 5. The Central Bank shall: (a) Review applications under Article 4 and approve licenses if requirements are met. (b) Issue licenses without a fixed validity period. (c) Reject applications if: (1) required documents are incomplete; (2) information is inaccurate or misleading; or (3) key personnel lack relevant experience. (d) Notify applicants of approval or rejection within three months of complete submission. (e) Publish the licensing decision publicly.

License Fees 6. (a) License holders shall pay: (1) a license fee of 0.1% of the initial capital; and (2) an annual fee of 0.1% of the paid-up capital as of April 2 each year. (b) Annual fees must be paid within one month after the license issuance date, not exceeding the due date.

Obligations of License Holders 7. License holders shall: (a) Comply with Central Bank rules and conditions. (b) Undergo supervisory audits by the Central Bank. (c) Commence operations within 12 months of license issuance. (d) Cooperate with the Central Bank's on-site and off-site audits. 8. License holders shall not transfer their licenses to other parties.

Chapter 4: Data Collection, Processing, and Access

Purposes of Data Collection and Processing 9. Credit information may be collected and processed for: (a) Loan approval, risk assessment of individual clients' repayment capacity or creditworthiness; (b) Supporting Central Bank supervision and audits; (c) Evaluating debt repayment capacity regarding interest and principal; (d) Verifying the accuracy of clients' own data in credit reports; (e) Reviewing economic policies; (f) Reconciliation between banks and financial institutions; (g) Ensuring CRS efficiency, reliability, and security for supervisory responsibilities.

Data Collection and Processing 10. (a) CRSPs shall collect, process, and store credit data from information providers and other sources, following guidelines to prevent misuse, unauthorized access, or technological deficiencies. (b) CRSPs shall implement internal operational procedures to ensure continuous service quality. (c) Newly admitted information providers may access data only with client consent. (d) Information providers shall: (1) submit the first credit report within 90 days of system launch; and (2) submit complete monthly data by the fifth day of the following month. (e) CRSPs shall enter received monthly data into the CRS within five days, using approved formats. Changes to formats require Central Bank approval. (f) CRSPs are responsible for all electronic databases and shall share data with financial institutions and authorized users. (g) CRSPs ensure data accuracy, prevent employee misuse, and maintain technological standards. 11. Financial institutions shall submit complete data to CB-approved CRSPs using standard formats, covering three years: the first section for borrower/guarantor information, and the second for loan details.

Data Submission 12. (a) Financial institutions shall submit positive and negative credit data to CRSPs using approved formats. (b) Data submission must follow agreed rules between providers and CRSPs. (c) Financial institutions shall update systems to enable monthly submissions within the specified timeframe. (d) CRSPs must distinguish between information providers and serve all CRS participants uniformly.

Data Access 13. (a) Financial institutions may access the CRS for any loan amount, new loans, repayments, or extensions, based on repayment records and risk assessment. (1) Authorized users and information providers may access data under consent agreements. (2) CRSPs shall establish procedures, methods, and rules for authorized access. (3) CRSPs must ensure full accessibility for providers and users, maintaining reliability, stability, and availability. Note: CRSPs are not liable for consequences arising from unauthorized disclosure of access codes or passwords by third parties. (4) All information providers and authorized users must comply with CB-approved operational points and procedures. (b) Financial institutions other than the Central Bank may access the CRS based on client consent. (c) All CRS participants shall utilize the system for data access and sharing.