Circulaire No. 001-2019 on Minimum Functional Requirements for Management Software and Information System Security for SGI, BTCC, SGO, and SG-FCTC

West African Economic and Monetary Union (UEMOA) Regional Council for Public Savings and Financial Markets CIRCULAR No. 001-2019 ON THE MINIMUM FUNCTIONAL REQUIREMENTS FOR MANAGEMENT SOFTWARE AND INFORMATION SYSTEM SECURITY FOR MANAGEMENT AND INTERMEDIATION COMPANIES (SGI), CUSTODIAN ACCOUNT-KEEPING BANKS (BTCC), COLLECTIVE INVESTMENT SCHEME MANAGEMENT COMPANIES (SGO), AND CREDIT SECURITIZATION FUND MANAGEMENT COMPANIES (SG-FCTC)

The General Secretariat of the Regional Council for Public Savings and Financial Markets (CREPMF) wishes to inform Management and Intermediation Companies (SGI), Custodian Account-Keeping Banks (BTCC), Collective Investment Scheme Management Companies (SGO), and Credit Securitization Fund Management Companies (SG-FCTC) that, pursuant to Article 27 of the General Regulation on the organization, operation, and supervision of the Regional Financial Market of UEMOA, they must comply with the specifications of the Information System attached as an annex to this circular.

Furthermore, SGI, BTCC, SGO, and SG-FCTC are reminded that any change in business management software must be subject to prior approval by the Council.

This Circular takes effect from its date of publication.

Done in Abidjan, on 21 MAY 2019

Address: Joseph ANOMA Avenue, 01 B.P. 1878 Abidjan 01/Côte d'Ivoire Tel.: (225) 20 21 57 42 / 20 31 56 20 Fax: (225) 20 33 23 04 Website: http://www.crepmf.org Email: sg@crepmf.org

SPECIFICATIONS FOR THE INFORMATION SYSTEM OF MANAGEMENT AND INTERMEDIATION COMPANIES (SGI), CUSTODIAN ACCOUNT-KEEPING BANKS (BTCC), COLLECTIVE INVESTMENT SCHEME MANAGEMENT COMPANIES (SGO), AND CREDIT SECURITIZATION FUND MANAGEMENT COMPANIES (SG-FCTC)

This specification document aims to define the minimum functional requirements for business management software and the security of the Information System for Management and Intermediation Companies (SGI), Custodian Account-Keeping Banks (BTCC), Collective Investment Scheme Management Companies (SGO), and Credit Securitization Funds (FCTC).

SECTION I: DEFINITIONS Article 1: Definitions The following terms are understood as:

IT Incident: Any event that is not part of the standard functioning of a service and causes, or may cause, an interruption or a reduction in the quality of that service. Business Management Software: Software used by the SGI, BTCC, SGO, or SG-FCTC to automatically manage business processes (production, logistics, accounting, HR, etc.). Audit Trail: Chronological recording of system activities showing all additions, deletions, and changes made to the system, allowing an operation to be reconstructed and controlled from its origin to its completion. Business Continuity Plan: A formalized strategic document, regularly updated, for disaster or major incident response planning. Its objective is to minimize the impacts of a crisis or natural, technological, or social disaster on business activity (and thus the sustainability) of a company. User Profile: A description of a user showing the rights they are granted within the software. FIX Protocol: FIX (Financial Information Exchange) is a message standard developed to facilitate the exchange of information related to stock market transactions. RPO (Recovery Point Objective): The RPO quantifies the data that an Information System may be required to lose as a result of an incident. Usually, the RPO expresses a duration between the incident causing data loss and the most recent date of data that will be used to replace the lost data. RTO (Recovery Time Objective): The RTO represents the maximum acceptable duration of interruption during which a resource (computer, system, network, software, etc.) may be non-functional following a failure or disaster.

SECTION II: SPECIFICATIONS FOR BUSINESS MANAGEMENT SOFTWARE OF SGI, BTCC, SGO, AND SG-FCTC Article 2: Specifications for Business Management Software of SGI The minimum specifications for the business management software of SGI are listed below:

2.1 Client Management ✓ Creation, modification, consultation, activation/deactivation of clients; ✓ Client file (name, first name, date of birth, place of birth, country, city, nationality, profession, address, phone, email, ID type, ID number, issue date, expiration date, place of issue, photo, etc.); ✓ Client profile; ✓ History of modifications to client information; ✓ Client status (active, inactive, deactivated); ✓ Generation of the AML (Anti-Money Laundering) or KYC (Know Your Customer) file.

2.2 Client Account Management ✓ Creation, modification, deactivation (closure) of client securities accounts; ✓ Creation, modification, deactivation (closure) of client cash accounts; ✓ History of modifications to client account information; ✓ Recording of movements on securities and cash accounts with reference to supporting documents; ✓ Consultation and generation of the securities portfolio (in volume and value) for any date (past or present); ✓ Consultation of the movement statement for client cash accounts; ✓ Consultation of the movement statement for client securities accounts; ✓ Account status (active, inactive, dormant, deactivated); ✓ Generation of information related to account management.

2.3 Securities Management ✓ Addition, modification, deactivation of securities; ✓ Management of security symbol changes (notably following the listing of a security); ✓ Recording of amortization schedules for debt securities; ✓ Management of repayment or coupon payment deadlines.

2.4 Price Updates Manual or automatic updates via file import.

2.5 Portfolio Management ✓ Investment profile configuration; ✓ Monitoring of investments according to client risk profiles; ✓ Portfolio valuation; ✓ Addition, modification, cancellation of holds; ✓ Pricing management; ✓ Monitoring of balances after blocking pending operations; ✓ Generation of management reports.

2.6 Securities Transaction Management ✓ Subscription processing; ✓ Centralization and allocation of security subscriptions; ✓ Entry (addition, modification, cancellation) of buy and sell orders; ✓ Receipt of orders transmitted via electronic media (internet, etc.); ✓ Timestamping; ✓ Consultation of the history of modifications to order information; ✓ Import of executions; ✓ Generation of the order book to be executed; ✓ Transaction allocation; ✓ Processing of settlement/delivery of securities; ✓ Management of suspense items.

2.7 Cash Operations Management ✓ Cash operations (deposit, withdrawal, transfer, etc.); ✓ Cash holds; ✓ Cash withdrawal or deposit, with receipt printing and fund allocation to the client; ✓ Cash transfers from account to account; ✓ Reporting (operations journal, queries by amount, nature (checks, cash)); ✓ Generation of cash receipts.

2.8 Reconciliation Management ✓ Generation of securities account balance statements (by depositary account number); ✓ Management of various reconciliations; ✓ Reconciliation statements.

2.9 Securities Operations (OST) Management ✓ Processing of Security Events (ESV); ✓ Monitoring of debt security schedules; ✓ Capital increases; ✓ Nominal division; ✓ Share consolidation; ✓ Merger and absorption of securities.

2.10 Reporting Management ✓ Generation and generation of the reporting package (order book before and after execution, trade advice, execution report, transaction journal); ✓ Operations journal (queries by amount, nature, etc.).

2.11 Accounting Management ✓ Chart of accounts configuration; ✓ Configuration of operations and journals; ✓ Opening and closing of fiscal years; ✓ Generation of accounting journals; ✓ Generation of the general ledger (with at least six columns) and the general ledger; ✓ Generation of financial statements. If the SGI software does not include an accounting module, it must have an interface between this software and the accounting management software, in order to reduce manual posting operations.

Article 3: Specifications for Business Management Software of BTCC The minimum specifications for the business management software of BTCC are listed below:

3.1 Client Management ✓ Creation, modification, consultation, activation/deactivation of clients; ✓ Client file (name, first name, date of birth, place of birth, country, city, nationality, profession, address, phone, email, ID type, ID number, issue date, expiration date, place of issue, photo, etc.); ✓ Client profile; ✓ History of modifications to client information; ✓ Client status (active, inactive, deactivated); ✓ Generation of the AML or KYC file.

3.2 Client Account Management ✓ Creation, modification, deactivation (closure) of client securities accounts; ✓ Creation, modification, deactivation (closure) of client cash accounts; ✓ History of modifications to client account information; ✓ Recording of movements on securities and cash accounts with reference to supporting documents; ✓ Consultation and generation of the securities portfolio (in volume and value) for any date (past or present); ✓ Consultation of the movement statement for client cash accounts; ✓ Consultation of the movement statement for client securities accounts; ✓ Account status (active, inactive, dormant, deactivated); ✓ Generation of information related to account management.

3.3 Securities Management ✓ Addition, modification, deactivation of securities; ✓ Management of security symbol changes (notably following the listing of a security); ✓ Recording of amortization schedules for debt securities; ✓ Management of repayment or coupon payment deadlines.

3.4 Price Updates ✓ Manual or automatic updates via file import.

3.5 Portfolio Monitoring ✓ Investment profile configuration; ✓ Monitoring of investments according to client risk profiles; ✓ Portfolio valuation; ✓ Addition, modification, cancellation of holds; ✓ Pricing management; ✓ Monitoring of balances after blocking pending operations; ✓ Generation of management reports.

3.6 Securities Transaction Management ✓ Transaction allocation; ✓ Processing of settlement/delivery of securities; ✓ Management of suspense items.

3.7 Cash Operations Management for Accounts Dedicated to Securities Operations ✓ Cash operations (deposit, withdrawal, transfer, etc.); ✓ Cash holds; ✓ Cash withdrawal or deposit, with receipt printing and fund allocation to the client; ✓ Cash transfers from account to account; ✓ Reporting (operations journal, queries by amount, nature (checks, cash)); ✓ Generation of cash receipts.

3.8 Reconciliation Management ✓ Generation of securities account balance statements (by depositary account number); ✓ Management of various reconciliations; ✓ Reconciliation statements.

3.9 Securities Operations (OST) Management ✓ Processing of Security Events (ESV); ✓ Monitoring of debt security schedules; ✓ Capital increases; ✓ Nominal division; ✓ Share consolidation; ✓ Merger and absorption of securities.

3.10 Reporting Management ✓ Generation and generation of the reporting package (order book before and after execution, trade advice, execution report, transaction journal); ✓ Operations journal (queries by amount, nature, etc.).

3.11 Accounting Management ✓ Chart of accounts configuration; ✓ Configuration of operations and journals; ✓ Opening and closing of fiscal years; ✓ Generation of accounting journals; ✓ Generation of the general ledger (with at least six columns) and the general ledger; ✓ Generation of financial statements. If the BTCC software does not include an accounting module, it must have an interface between this software and the accounting management software, in order to reduce manual posting operations.

Article 4: Specifications for Business Management Software of SGO The minimum specifications for the business management software of SGO are listed below:

4.1 Client Management ✓ Creation, modification, consultation, activation/deactivation of clients; ✓ Client information form for natural or legal persons; ✓ History of modifications to client information; ✓ Client status (active, inactive, deactivated); ✓ Generation of the AML or KYC file.

4.2 Management of Unit Holders' and Shareholders' Accounts ✓ Creation, modification, deactivation (closure) of unit/share and cash accounts for clients; ✓ History of modifications to client account information; ✓ Consultation and generation of unit/share portfolios for any date (past or present); ✓ Consultation of the movement statement for client cash accounts; ✓ Consultation of the movement statement for client unit/share accounts; ✓ Account status (active, inactive, deactivated); ✓ Generation of information related to account management; ✓ Deposit and withdrawal of cash by unit holders or shareholders; ✓ Processing of subscriptions/redemptions at known and unknown Net Asset Value (NAV); ✓ Generation of the register of shareholders or unit holders; ✓ Recording of subscriptions and redemptions; ✓ Processing of dividend distributions to unit holders or shareholders.

4.3 Asset Management ✓ Creation of securities: shares, bonds with amortization schedules (amortization on security, on capital, constant annuity, bullet) and treasury bills; ✓ Purchase and sale of securities; ✓ Consultation of movements on securities; ✓ Securities portfolio valuation and calculation of valuation differences and accrued and withheld interest; ✓ Processing of Security Events (ESV); ✓ Generation of portfolios; ✓ Generation of reports related to management standards (classification and asset allocation rules, management orientation, etc.); ✓ Daily calculation of commissions and fees (valuation, custody, management, etc.) based on assets, net assets, or securities portfolio valuation.

4.4 Cash Management of the Collective Investment Scheme ✓ Funding and withdrawal from cash accounts held at the depositary; ✓ Recording and monitoring of time deposits; ✓ Calculation of accrued interest on financial accounts (time deposits, remunerated demand deposits, etc.) at each NAV calculation.

4.5 Portfolio Securities Operations Management ✓ Capital increases; ✓ Nominal division; ✓ Share consolidation; ✓ Security assimilation and merger and absorption of securities.

4.6 Pricing Management ✓ Configuration of rates to be charged for various commissions (brokerage, management, depositary, entry and exit fees, etc.).

4.7 Accounting Management ✓ Chart of accounts configuration; ✓ Configuration of operations and journals; ✓ Opening and closing of fiscal years; ✓ Configuration of Net Asset Value (NAV); ✓ Cancellation and validation of NAV; ✓ Generation of the journal; ✓ Generation of the general ledger (with at least six columns) and the general ledger; ✓ Generation of financial statements. If the SGO software does not include an accounting module, it must have an interface between this software and the accounting management software, in order to reduce manual posting operations.

Article 5: Specifications for Business Management Software of SG-FCTC The minimum specifications for the business management software of SG-FCTC are listed below:

5.1 Securities Holders Management ✓ Creation, modification, consultation, activation/deactivation of securities holders; ✓ Securities holders information form (natural or legal person); ✓ History of modifications to securities holders' information; ✓ Securities holder status (active, inactive, deactivated); ✓ Generation of the AML or KYC file.

5.2 Management of Unit Holders' and Shareholders' Accounts ✓ Creation, modification, deactivation (closure) of unit and cash accounts for securities holders; ✓ History of modifications to securities holders' account information; ✓ Consultation and generation of unit or debt security portfolios for any date (past or present); ✓ Consultation of the movement statement for securities holders' accounts; ✓ Account status (active, inactive, deactivated); ✓ Generation of information related to account management; ✓ Recording of subscriptions; ✓ Processing of distributions to securities holders.

5.3 Compartments Management ✓ Creation and configuration of compartments.

5.4 Credit Pool Selection ✓ Loading of credits to be securitized; ✓ Configuration of eligibility criteria; ✓ Simulation of financial flows.

5.5 Credit Management ✓ Recording of credit assignments; ✓ Generation of the amortization schedule for securitized credits; ✓ Generation of the credit runoff schedule; ✓ Recording and monitoring of security interests, guarantees, and accessories attached to credits; ✓ Recording and monitoring of financial derivatives; ✓ Recording and monitoring of credit recovery; ✓ Recording of reloads.

5.6 Pricing Management ✓ Configuration of rates to be charged for various commissions (credit manager, depositary, etc.).

5.7 Issued Securities Management ✓ Definition and saving of characteristics of asset-backed securities; ✓ Recording of asset-backed security issuances and generation of the projected amortization schedule for these securities; ✓ Generation of the runoff schedule for asset-backed security issuances with monthly, quarterly, semi-annual, or annual periodicity.

5.8 FCTC Cash Management ✓ Configuration and monitoring of the specially designated account; ✓ Recording and monitoring of cash borrowings and subordinated loans; ✓ Recording and monitoring of liquidity (demand deposits, treasury bills and bonds, etc.); ✓ Configuration of the allocation order for received funds; ✓ Calculation of operating costs at each payment to securities holders; ✓ Calculation of accrued interest on financial accounts (time deposits, remunerated demand deposits, etc.) at each payment to securities holders; ✓ Validation of the calculated distribution for securities holders; ✓ Payment to securities holders.

5.9 Accounting Management ✓ Chart of accounts configuration; ✓ Configuration of operations and journals; ✓ Opening and closing of fiscal years; ✓ Generation of the journal; ✓ Generation of the general ledger (with at least six columns) and the general ledger; ✓ Generation of financial statements. If the SG-FCTC software does not include an accounting module, it must have an interface between this software and the accounting management software, in order to reduce manual posting operations.

Article 6: Security Specifications for Business Management Software of SGI, BTCC, SGO, and SG-FCTC The management software for SGI, BTCC, SGO, and SG-FCTC must include the security specifications listed below:

6.1 Audit Trail The audit trail must be configured on the management software to guarantee the recording of actions performed by users of these software and thus ensure their traceability. Furthermore, access to this audit trail must be properly restricted, so that it is not accessible to privileged users such as software administrators.

6.2 User Authentication Access to the software must be via user authentication. This must prevent unauthorized persons from accessing the software.

6.3 Prohibition of Simultaneous Access with the Same User Account The Software should not allow the same user to open multiple sessions from a single or multiple machines.

6.4 User Profiles Each software must have the user profile management functionality. User profiles must prevent the accumulation of incompatible functions and guarantee that roles or