LogoRegulatory Alerts
2021-02-24

Instruction No. 001/GR/2021 on the Operating Procedures of the Payment Incidents Central

The Governor of the Bank of Central African States (BEAC) issued Instruction No. 001/GR/2021 to define the operational procedures for the Payment Incidents Central (CIP) within the CEMAC region. The instruction mandates that all regulated financial institutions must join the CIP and contribute data to three specific databases: the Regional File of Clients and Bank Accounts (FRCB), the Payment Incidents File (FIP), and the Irregular Payment Instruments File (FIPI). It establishes strict timelines for data declaration, defines the unique banking identifier (IBU) system, and outlines comprehensive data protection rights for clients, including access, rectification, and erasure of personal information.

Banque des Etats de l'Afrique Centrale logo

Cameroon

Banque des Etats de l'Afrique Centrale

Click to view thumbnail

BANQUE DES ÉTATS DE L’AFRIQUE CENTRALE

The Governor

INSTRUCTION NO. 001/GR/2021 DEFINING THE OPERATING PROCEDURES OF THE PAYMENT INCIDENTS CENTRAL

No.: SEQ.026/2021

TABLE OF CONTENTS

CHAPTER I – DEFINITIONS AND OBJECT ....................................................................................3 CHAPTER II – PROTECTION OF PERSONAL DATA .............................................6 CHAPTER III – OPERATING PROCEDURES OF THE REGIONAL FILE OF CLIENTS AND BANK ACCOUNTS................................................................8 CHAPTER IV – OPERATING PROCEDURES OF THE PAYMENT INCIDENTS FILE..........................................................................................................18 CHAPTER V – OPERATING PROCEDURES OF THE FILE OF IRREGULAR PAYMENT INSTRUMENTS.......................................................................20 CHAPTER VI – CALCULATION AND RECOVERY PROCEDURES FOR THE LIBERATING PENALTY.......................................................................................................22 CHAPTER VII – DETERMINATION OF THE AMOUNT OF THE FINE AND RECOVERY PROCEDURES ........................................................................................24 CHAPTER VIII – CONSULTATION AND COMMUNICATION PROCEDURES TO REGULATED INSTITUTIONS OF INFORMATION CONTAINED IN THE CIP FILES ...........................................................................................................24 CHAPTER IX – CONSULTATION PROCEDURES BY ECONOMIC AGENTS OF CIP INFORMATION .................................................................25 CHAPTER X – ESTABLISHMENT OF A CALL CENTER FOR THE CIP ..........................26 CHAPTER XI – TRANSITIONAL AND FINAL PROVISIONS.............................................26

The Governor of the Bank of Central African States (BEAC),

Having regard to Regulation No. 03/16/CEMAC/UMAC/CM of December 21, 2016, relating to payment systems, means, and incidents, in its Articles 210, 219, 224, 226, and 227,

Having regard to Regulation No. 04/18/CEMAC/UMAC/COBAC of December 21, 2018, relating to payment services in the CEMAC,

Having regard to Instruction No. 001/GR/2018 of August 10, 2018, from the Governor of the BEAC relating to the definition of the scope of interoperability and interbanking of monetary payment systems in the CEMAC,

Issues the Instruction whose content follows:

CHAPTER I – DEFINITIONS AND OBJECT

Article 1: For the purposes of this Instruction, the terms below are defined as follows:

  • Member or Participant: Any Regulated Entity that has signed the membership agreements with the Payment Incidents Central.
  • Economic Agent: Any person receiving a payment by check, commercial paper, payment card, electronic wallet, or any other electronic payment instrument, by transfer, or by direct debit.
  • Central Bank or BEAC: Bank of Central African States.
  • Biometrics: Principle based on the recognition of the physical or biological characteristics of a natural person, notably the characteristics of their fingers, face, eyes, voice, or DNA, in order to obtain irrefutable proof of the uniqueness of their identity.
  • CEMAC: Economic and Monetary Community of Central Africa.
  • CCIP: Central module of the CIP platform installed at the BEAC.
  • CIP: Payment Incidents Central.
  • Client: Holder or owner of a bank or payment account with a Regulated Entity.
  • COBAC: Central African Banking Commission.
  • QR Code (Quick Response) or QR Code: Quick response code, a type of two-dimensional barcode consisting of black modules arranged in a square on a white background, the arrangement of which defines the information contained in the code.
  • USSD Code (Unstructured Supplementary Service Data): Interactive technological communication protocol that allows triggering a service on each GSM-compatible mobile device.
  • CRA: Regional Call Center.
  • Personal Data: Any information relating to an identified or identifiable natural person by reference to an identification number attached to their civil status data and their biometric, physical, or biological characteristics.
  • Regulated Entity or Regulated: Any legal person that issues, manages, or accepts payment means. These include:
    • credit institutions within the meaning of the Convention of January 17, 1992, harmonizing Banking Regulation in the States of Central Africa;
    • microfinance institutions within the meaning of Regulation No. 1/17/CEMAC/UMAC/COBAC of September 27, 2017, relating to the conditions for exercising and controlling microfinance activity in the CEMAC;
    • payment institutions defined in Article 6 of Regulation No. 04/18/CEMAC/UMAC/COBAC relating to payment services in the CEMAC;
    • and the administrations of National Treasuries, the Financial Services of national postal administrations, any other legal person authorized by national laws to issue, manage payment instruments or means, or execute payment orders defined in Article 3 of Regulation No. 04/18/CEMAC/UMAC/COBAC relating to payment services in the CEMAC.
  • FIP: Payment Incidents File.
  • FIPI: File of Irregular Payment Instruments.
  • FRCB: Regional File of Clients and Bank Accounts.
  • Manager: The BEAC as owner and manager of the CIP.
  • GIMAC: Central African Monetary Interbank Group.
  • IBU: Unique Banking Identifier.
  • PCIP: Participant module of the CIP platform installed at participants' premises, allowing them to create and generate their declarations to the CCIP.
  • RIB: Bank Identity Statement.
  • IS: Member's Information System.
  • SYSTAC: Central African Tele-compensation System.
  • SYGMA: Automated High-Value System.

Article 2: This Instruction defines the operating procedures of the CIP and its scope of application. It concerns regulated entities, their clients, and economic agents. Any member of the CIP must strictly implement the provisions of this Instruction.

Article 3: The CIP comprises three files as per Article 210 of Regulation No. 03/16/CEMAC/UMAC/CM of December 21, 2016, on payment systems, means, and incidents: the FRCB, the FIP, and the FIPI.

Article 4: Membership in the CIP and the feeding of the three files referred to in Article 3 above are mandatory for every regulated entity. Any regulated entity existing on the date of entry into force of this Instruction is required to regularize its situation no later than one hundred and eighty (180) days from this entry into force date.

Article 5: Any client of a regulated entity is required to comply with the provisions of this Instruction regarding the provision of their personal data, notably biometric data for natural person clients, which are essential for their identification and the functioning of the CIP files.

Article 6: Regulated entities are required to communicate to the BEAC all information required for the feeding of the FRCB, FIP, and FIPI. They cannot invoke professional secrecy against the BEAC.

CHAPTER II – PROTECTION OF PERSONAL DATA

Article 7: Any natural person client of a regulated entity, who proves their identity by presenting an IBU or through biometric authentication in the FRCB, or by a valid official identity document, has the right to request and obtain from the BEAC:

  1. on-site consultation at the premises of BEAC Agencies of all or part of the personal nominative information or data concerning them registered in the CIP files;
  2. the provision of a copy of all or part of the personal nominative information or data concerning them registered in all or part of the CIP files;
  3. the correction or rectification of all or part of the personal nominative information or data concerning them registered in all or part of the CIP files that are inaccurate;
  4. the erasure of data recorded concerning them.

All rights provided for in the above paragraph, with the exception of the right to erasure, are open to the representatives of legal persons.

The client of a regulated entity also has the right to demand, as appropriate, from the BEAC, to rectify, complete, or update the personal data concerning them that are inaccurate or incomplete.

When the concerned client's request is made in writing, regardless of the medium, the BEAC provides them free of charge within thirty (30) days, proof justifying that it has carried out the operations requested according to the cases referred to in the previous paragraph.

Article 8: The exercise of the rights provided for in Article 7 above is open to heirs of an ongoing estate, to representatives, and to duly authorized corporate representatives, justifying their status as heirs or representatives.

For the exercise of the rights of consultation, communication, rectification, and erasure provided for in Article 7 above, outside of the IBU issued by the BEAC and biometric authentication in the CIP, the certified true copy of the birth certificate, national identity card, residence permit, and passport are the only official identity documents admitted.

Article 9: The exercise of the right of consultation is done by a written request, by letter with acknowledgment of receipt, or by any other secure and reliable electronic writing procedure established by the BEAC guaranteeing the authentication of the requester. The request is addressed to the head of the nearest BEAC Agency or to the National Directorate of the BEAC. Consultation takes place by appointment set by the head of the BEAC Agency, in response to the request. The appointment must take place no later than fifteen (15) days from the receipt of the written request.

Article 10: The exercise of the right of communication and the right of rectification provided for in Article 7 above is done by a written request with acknowledgment of receipt addressed to the BEAC, or by any other secure and reliable electronic writing procedure established by the BEAC guaranteeing the authentication of the requester.

The right of communication and the right of rectification provided for in Article 7 above can be exercised directly by a written request, with acknowledgment of receipt, addressed to the head of the nearest BEAC Agency, with a copy to the National Director of the country of the Agency seized.

The BEAC is required to respond, by letter with acknowledgment of receipt, or by any means leaving a written trace attesting to receipt by the applicant, including authenticated electronic writing, no later than thirty (30) days from the receipt of the communication or correction request.

The response is addressed to the applicant either through the regulated entity that transmitted the request to the BEAC, or directly to the applicant when the request was introduced directly.

Article 11: Corrections or rectifications accepted by the BEAC are transcribed and recorded in the CIP files and communicated to all account holders through the CIP communication channels.

Article 12: Any natural person who proves their identity under the conditions provided by Article 7 above, who is no longer the holder of any valid account or payment instrument and is no longer subject to any registration in the payment incidents file and the irregular payment instruments file, has the right to request and obtain from the BEAC the erasure in all CIP files of any personal data concerning them.

The erasure request cannot be made less than one (01) year and eight (08) days after the closure of all accounts attached to an IBU.

The erasure request introduced by the heirs or successors of a deceased person for data concerning them cannot be made less than one (01) year and eight (08) days after the closure of the liquidation of the estate.

Article 13: The right to erasure provided for in Article 7 above is exercised by a written request, by letter with acknowledgment of receipt, or by any other secure and reliable electronic writing procedure established by the BEAC guaranteeing the authentication of the requester. The request is addressed to the head of the nearest BEAC Agency, with a copy to the National Director of the country of the Agency seized.

The BEAC is required to respond, by letter with acknowledgment of receipt, no later than ninety (90) days from the receipt of the erasure request, after having confirmed to it by all account holders attached to the IBU the closure of these accounts and the absence of unregularized and unexpired incidents.

Article 14: The Central Bank is responsible for the collection and processing of personal data of natural person clients exclusively for the functioning of the CIP in the CEMAC countries.

Personal data processed in the CIP can only be processed if they have previously been collected legally and lawfully with the consent of the concerned client, and if the client has been informed of the purpose of this processing.

Article 15: Any natural person has the right to oppose, for legitimate reasons, the processing of personal data concerning them, except when this processing responds to a legal or regulatory obligation.

Article 16: Violation by the BEAC of the rights provided for in Articles 7 to 15 above is subject to sanctions provided by the national legislation of the country of residence of the applicant or the CEMAC country where the account or accounts registered in the FRCB is held.

CHAPTER III – OPERATING PROCEDURES OF THE REGIONAL FILE OF CLIENTS AND BANK ACCOUNTS

Article 17: The FRCB is fed exclusively by declarations from Participant Regulated Entities.

Any Participant Regulated Entity performs in the FRCB the declaration of the personal identification data of its natural or legal person clients and of their accounts held by it.

Article 18: The registration of a natural or legal person in the FRCB gives rise to the attribution or confirmation by the BEAC of a Unique Banking Identifier (IBU).

The IBU is an alphanumeric code that allows unique and certain identification of any holder of a bank or payment account opened in the CEMAC.

It allows linking all accounts opened in the name of a person in all CEMAC countries as well as all payment instruments they hold.

The constitution and functioning of the IBU are defined in Articles 28 to 43 below.

Article 19: Declarations of personal data of natural person clients cover the following data:

  • IBAN, RIB, or account number;
  • maiden name;
  • married name;
  • first name;
  • sex;
  • date of birth;
  • country of birth;
  • place of birth;
  • mother's names and first names;
  • father's names and first names;
  • client's nationality;
  • client's profession;
  • guardianship or not of the person;
  • client status (Active / Deceased);
  • type of identification document;
  • identification document number;
  • date of issuance of the identification document;
  • end of validity date of the identification document;
  • place of issuance of the identification document;
  • country of issuance of the identification document.

Article 20: Declarations of legal person clients by the regulated entity must include the following data:

  • IBAN, RIB, or account number;
  • date of creation of the legal person and its duration of life;
  • trade name;
  • acronym of the trade name;
  • legal form;
  • economic activity sector;
  • commercial register number;
  • tax identification number or equivalent;
  • registered office (Country and City);
  • client status (Active / Suspended).

Article 21: Any declaration of a bank account or payment account must include data on:

  • the physical or legal nature of the account-holding client;
  • the type of account, notably deposit account, savings account, current account, check account, escrow or guarantee account, payment account;
  • the nature of the account, notably individual account, joint or indivisible plural account, professional business account;
  • the IBAN and RIB of the account;
  • currency code;
  • the status of the account, notably if it is Active, Blocked, Closed, or subject to a succession or liquidation regime.

In the case of transformation of an account, notably a joint account into an individual or indivisible account, an individual account into a joint or indivisible account, a natural person account into a business account, the regulated entity must, on the one hand, close the initial account before opening the new account and, on the other hand, declare to the FRCB both the closure of the initial account and the opening of the new account.

Article 22: The regulated entity is required to declare to the FRCB, within twenty-four (24) hours of their realization:

  • any opening and any closure of any account to any new or existing client;
  • the creation of a new natural or legal person client or a representative;
  • any modification of data relating to the identification and legal, administrative situation of a client and/or an account;
  • any modification of data relating to the identification and legal, administrative situation of a representative, notably in case of end of mandate;
  • any request for rectification of invariable identification data of a client;
  • any suspension of the account relationship with a client;
  • any death of a natural person client or any cessation of activity or liquidation of a legal person.

For legal persons, all their natural person representatives designated to manage an account must be declared in the CIP with their own IBU, attached to the data (IBU and accounts subject to the mandate) of the legal person as long as the mandate relationship lasts.

Article 23: Modifiable data of the natural person are:

  • IBAN, RIB, or account number;
  • first name(s);
  • surname(s) of birth after the client has obligatorily provided an act of individuality;
  • marital surname;
  • sex;
  • client's nationality;
  • client's profession;
  • client's address;
  • client's economic activity sector;
  • guardianship or not of the person;
  • client status (Active / Deceased);
  • type of identification document;
  • identification document number;
  • date of issuance of the identification document;
  • end of validity date of the identification document;
  • place of issuance of the identification document;
  • country of issuance of the identification document;
  • banking situation ("No incident", "Banking prohibition account", "General banking prohibition");
  • judicial situation ("No judicial prohibition" / "Judicial prohibition").

Article 24: Non-modifiable data of the natural person are:

  • date of birth;
  • country of birth;
  • place of birth;
  • mother's names and first names;
  • father's names and first names;
  • date of start of judicial prohibition;
  • date of end of judicial prohibition.

The names and first names of the mother and father are modifiable in case of full adoption.

Article 25: Modifiable data of the legal person are:

  • trade name;
  • acronym of the trade name;
  • registered office (Country and City);
  • legal form;
  • economic activity sector;
  • commercial register number;
  • client status (Active / Suspended).

Article 26: Non-modifiable data of the legal person are:

  • date of creation of the legal person;
  • date of liquidation of the legal person;
  • date of start of judicial prohibition;
  • date of end of judicial prohibition.

Article 27: Any regulated entity that opens an account for a new client is required to declare it to the FRCB/CIP within twenty-four (24) hours under penalty of sanctions provided by Article 250 of Regulation No. 03/16/CEMAC/UMAC/CM of December 21, 2016, relating to payment systems, means, and incidents.

Any regulated entity is required to declare to the FRCB, according to procedures defined by the BEAC, within twenty-four (24) hours of having certain knowledge or of their communication by the client, any modification occurring in the personal data relating to the legal, administrative, and fiscal situation of the legal person client or relating to the civil status and biometric characteristics of the natural person client.

Article 28: Under penalty of nullity, the opening and management of any account by a regulated entity for the benefit of a client must give rise to the signing by both parties of a written convention, including electronic writing, of account opening and maintenance which specifies the rights and obligations of each party, the conditions and procedures for managing said account.

The account opening and maintenance convention must include in legible and clear characters a stipulation by which the client consents to authorize the collection and management of their personal data, including biometric data, by the regulated entity on behalf of the BEAC for the needs of the functioning of the CIP in respect of its purpose and in conformity with the legal and regulatory provisions framing this functioning.

The above provisions are prescribed under penalty of nullity of the convention.

Article 29: Any opening of an account for the benefit of a new client, declared by the regulated entity to the FRCB, gives rise to the attribution of a Unique Banking Identifier (IBU) to this client by the BEAC within twenty-four (24) hours following the declaration by the Participant of the civil status and biometric data of the natural person client or the administrative and fiscal data of the legal person client.

No account can give rise to debit operations if the client(s) holder(s), the representative(s) is or are not all attributaries of an IBU.

Clients holding an account or representatives signing on an account opened before the date of entry into force of this Instruction and who do not have an IBU are required no later than June 30, 2022, to carry out with their account holder(s) the formalities to regularize their situation in order to be attributed an IBU.

Upon expiration of the regularization period set in paragraph 3 above, any individual, joint, common, joint and several, or indivisible account, of business or under plural mandate, whose all holders, or representatives do not have an IBU, will be automatically declared to the

Share