Regulation No. 15/2002/CM/UEMOA on Payment Systems in the Member States of UEMOA

UNION ECONOMIQUE ET MONETAIRE OUEST AFRICAINE UEMOA

REGLEMENT N° 15/2002/CM/UEMOA RELATIF AUX SYSTEMES DE PAIEMENT DANS LES ETATS MEMBRES DE L’UNION ECONOMIQUE ET MONETAIRE OUEST AFRICAINE (UEMOA)

LE CONSEIL DES MINISTRES DE L’UNION ECONOMIQUE ET MONETAIRE OUEST AFRICAINE (UEMOA)

Having regard to the Treaty of the West African Economic and Monetary Union (UEMOA) dated January 10, 1994, particularly Articles 6, 7, 16, 21, 42, 43, 44, 45, 95, 96, 98, 112 and 113; Having regard to the Treaty of November 14, 1973 establishing the West African Monetary Union (UMOA), particularly Article 22; Having regard to the opinion of the Statutory Experts Committee dated September 13, 2002; On the joint proposal of the UEMOA Commission and the BCEAO; Enacts the Regulation as follows:

PREMIERE PARTIE : DISPOSITIONS GENERALES TITRE PRELIMINAIRE : Definitions Article 1 For the purpose of applying the provisions of this Regulation, the following terms shall be understood as: BCEAO: Central Bank of West African States, referred to in this Regulation as the Central Bank; Beneficiary: a person designated in a payment order to receive funds; Payment card: a card issued by the bodies referred to in Article 42 allowing its holder to withdraw or transfer funds; Withdrawal card: a card issued by the bodies referred to in Article 42 allowing exclusively its holder to withdraw funds; Qualified electronic certificate: an electronic certificate further meeting the requirements defined in Article 26 of this Regulation; Electronic certificate: an electronic document attesting to the link between electronic signature verification data and a signatory; Recipient: a person expected to receive the message of data as well as the payment to follow; Electronic signature creation device: hardware or software intended to apply electronic signature creation data; Electronic signature verification device: hardware or software intended to apply electronic signature verification data; Secure electronic signature creation device: a device that meets the requirements defined in Article 23; Electronic signature creation data: elements specific to the signatory, such as public cryptographic keys, used to create the electronic signature; Electronic signature verification data: elements, such as public cryptographic keys, used to verify the electronic signature; Writing: all forms of expression having a readable meaning; Sender: a person who issues the payment order and on whose behalf the transfer is made. The term may also refer to the sending bank that receives the payment order; Intermediary: a person who, on behalf and for the account of another, sends, receives or stores messages of data. The intermediary is subject to the same obligations as its principal; Message of data: information created, sent or received by electronic or optical processes or means or analogous processes or means, notably the exchange of computerized data, electronic messaging, telegraph, telex, facsimile and image-check; E-money: a monetary value representing a claim on the issuer which is stored on an electronic support or a support of the same nature, issued against the handover of funds in an amount whose value is not less than the emitted monetary value and accepted as a means of payment by companies other than the issuer. As an electronic storage medium for monetary value based on a technical support, e-money can be used to make payments to companies other than the issuer without necessarily involving bank accounts in the transaction. E-money may be based on a hardware support such as a smart card or any other similar means. It may also be based on software integrated into a personal computer; Book money: any instrument or process on paper or electronic support admitted by this Regulation as a valid means of payment; OHADA: Organisation for the Harmonisation in Africa of Business Law Payment order: an unconditional instruction, in the form of a message of data, given by a sender to a receiving bank to make available to a beneficiary a determined or determinable sum of money. Payment made at the request of the beneficiary, regardless of the means used, does not constitute a payment order; Electronic wallet: a prepaid payment card, i.e., on which a certain sum of money has been loaded, allowing electronic payments of limited amounts; Electronic certification service provider: any person who issues electronic certificates or provides other services in relation to electronic signatures; Qualification of electronic certification service providers: the act by which a third party, referred to as a qualification body, attests that an electronic certification service provider provides services conforming to particular quality requirements; Signatory: any person who operates an electronic signature creation device; Secure electronic signature: an electronic signature that further meets the following requirements: • be specific to the signatory; • be created by means that the signatory may keep under his exclusive control; • guarantee with the act to which it is attached a link such that any subsequent modification of the act is detectable; Electronic signature: a data resulting from the use of a process meeting the conditions defined in Article 23 of this Regulation; Remote payment (Telepayment): a technical process that allows the transfer of a payment order at a distance by using instruments or mechanisms for issuing orders without physical contact between the various parties (participants); UEMOA: West African Economic and Monetary Union, referred to in this Regulation as the Union; UMOA: West African Monetary Union; Electronic transfer: a series of operations starting with the payment order of the ordering party carried out by electronic or electronic means of payment in order to make funds available to a beneficiary. It may notably be carried out by means of a bank card, an electronic wallet or by the remote payment process or any other electronic mode of payment.

Article 2 This Regulation aims at establishing a legal framework regarding payment systems in the member states of UEMOA.

TITRE I : Des participants Article 3 The Central Bank ensures the proper functioning and security of payment systems. It takes all necessary measures to organize and ensure the efficiency and solidity of interbank clearing payment systems and other payment systems within the Union and with third countries.

Article 4 Banks and financial institutions referred to in Articles 3 and 4 of the Law on Banking Regulation may participate in any payment system. They are subject to the specific rules applicable to said systems without prejudice to the provisions of this Regulation.

TITRE II : Des operations Article 5 Settlement operations of banking and financial institutions carried out through a payment system are defined under the conditions set by the rules governing said system.

Article 6 Notwithstanding any contrary provision, transfer orders introduced into an interbank payment system in accordance with the operating rules of said system are enforceable against third parties and the estate, and cannot be annulled until the expiration of the day on which a judgment opening a judicial reorganization or asset liquidation procedure is rendered against a participant, even on the grounds that such judgment has been issued. These provisions also apply to transfer orders that have become irrevocable. The moment at which a transfer order becomes irrevocable in the system is defined by the operating rules of said system.

Article 7 Notwithstanding any contrary provision, clearing performed in a clearing house or at a Clearing Access Point in compliance with the operating rules of the relevant interbank payment system, is enforceable against third parties and the estate and cannot be annulled solely on the grounds that a judgment opening a judicial reorganization or asset liquidation procedure is rendered against a participant in said system.

TITRE III : De la promotion et de l'utilisation des moyens scripturaux de paiement Article 8 Any natural or legal person established in one of the member states, possessing a regular income as defined by an instruction of the Central Bank, has the right to open an account with a bank, as defined by Article 3 of the Law on Banking Regulation, or with postal financial services. In case of refusal to open an account by three successive establishments, the Central Bank may designate a bank ex officio which shall be required to open an account entitling the holder to minimum banking services.

Article 9 Any merchant, within the meaning of the OHADA Uniform Act on General Commercial Law, is required to open an account with postal financial services or a bank established in a member state. He shall indicate the domiciliation and number on invoices or other documents by which he claims payment. Default interest is not due, notwithstanding any notice, summons, contractual clause or contrary provision, as long as the indications provided in the preceding paragraph have not been communicated to the debtor.

Article 10 The opening of a deposit account entitles the holder to minimum banking services including: account management; provision of at least one payment instrument, surrounded by necessary security measures; the ability to make transfers (domiciliation, collection and payment) from this account; the ability to make direct debits from this account; the receipt and clearing of payment operations on behalf of the client; the issuance to the client of quarterly account statements and, upon request, Bank or Postal Identity Statements. Additional usage conditions for the account, as well as penalties incurred in case of misuse or fraud, shall be specified in the account opening agreement.

Article 11 In relations between merchants acting in the course of their business, they may not refuse payments or deposits of sums of money with an amount equal to or greater than the reference amount, made by transfer to an account opened with postal financial services or a bank, unless there is another appropriate scriptural means of payment to serve the payment of amounts below the reference amount. Furthermore, in their relations with each other or with their clients, merchants may not refuse payments or deposits of sums of money with an amount equal to or greater than the reference amount, made by pre-crossed or non-crossed check, unless there is another appropriate scriptural means of payment to serve the payment of amounts below the reference amount. The reference amount is fixed by order of the Minister in charge of Finance.

Article 12 Banks and postal financial services are required to declare to the Central Bank, specifying the reason provided by the client if applicable, any operation involving an amount fixed annually by order of the Minister in charge of Finance exceeding a certain threshold, carried out in cash, in a single transaction or in several transactions within a short time interval fixed by instruction of the Central Bank. They shall, in this case, advise the client to use another process, notably a transfer or certified check. However, this rule does not apply to: cash withdrawal of the balance of an account at the time of its closure; deposit of cash to refinance a debit account; deposit of cash by a person or company whose nature of activity requires the use of such process, notably public transport companies, supermarkets and gas stations.

Article 13 The regular use of scriptural payment means may result in a discount on the fees for making available and using said means. It may also lead to free account management.

Article 14 The client's payment period, calculated from the moment the initial payment instrument or order arrives at a bank counter (submission of a transfer order, deposit of a check for collection), until the moment the beneficiary's account is credited, is divided into three periods as defined: the preparation time before clearing which cannot exceed forty-eight (48) hours; the settlement period of the operation to the beneficiary bank's account imposed by the clearing system; the interval called "float period" located between the day the bank received funds on its account at the Central Bank (result of clearing) and the day they are credited to the beneficiary client's account, fixed at a maximum of three (3) days.

Article 15 Conditions related to the use of the account and payment instruments must be clearly specified to the client at the time of account opening and expressly mentioned in legible characters in the account opening agreement.

Article 16 In the course of their activities, banks and financial institutions will take appropriate information and awareness measures necessary to popularize scriptural payment means among their clients.

DEUXIEME PARTIE : DES MECANISMES DE SECURISATION DES SYSTEMES DE PAIEMENT TITRE I : De la preuve electronique Article 17 The provisions of this title apply to any information, regardless of its nature, taking the form of a message of data used in banking and financial transactions and in all payment systems.

Article 18 Written evidence or proof by writing results from a sequence of letters, characters, figures or all other signs or symbols having an intelligible meaning, regardless of the support and transmission methods.

Article 19 Electronic writing is admitted as evidence on the same terms as paper writing and has the same probative force, provided that the person from whom it originates can be duly identified and that it is established and preserved under conditions ensuring its integrity.

Article 20 The preservation of electronic documents must be carried out for a period of five years under the following conditions: the information contained in the message of data must be accessible for later consultation; the message of data must be preserved in the form in which it was created, sent or received, or in a form from which it can be demonstrated that it is not subject to modification or alteration in its content and that the transmitted document and the preserved document are strictly identical; information allowing the determination of the origin and destination of the message of data, as well as date and time indications of sending or receiving, must be preserved if they exist.

Article 21 Electronic signature consists of the use of a reliable identification process guaranteeing its link with the act to which it is attached. The reliability of an electronic signature process is presumed until proof to the contrary, when this process implements a secure electronic signature, established by means of a secure electronic signature creation device and when the verification of this signature relies on the use of a qualified certificate.

Article 22 An electronic signature cannot be declared inadmissible solely on the grounds that it is in electronic form or that it does not rely on a qualified certificate or that it is not created by a secure electronic signature creation device. A secure electronic signature linked to a qualified electronic certificate has the same probative force as a handwritten signature.

Article 23 An electronic signature creation device may be considered secure only if it meets the requirements defined in paragraph 2 below and is certified as conforming to these requirements under the conditions provided by paragraph 3 above. A secure electronic signature creation device: must guarantee, by technical means and appropriate procedures, that the electronic signature creation data cannot be: established more than once and their confidentiality is ensured; found by deduction and the electronic signature is protected against any falsification; satisfactorily protected by the signatory against any use by third parties; must not entail any modification of the content of the act to be signed and must not prevent the signatory from having exact knowledge before signing it. A secure electronic signature creation device must be certified as conforming to the requirements defined in paragraph 1 by bodies approved by the Central Bank and according to rules defined by instruction taken for this purpose by it. The issuance of a conformity certificate is published in a newspaper authorized to receive legal notices or according to the modalities fixed by instruction of the Central Bank.

Article 24 The control of the implementation of the rules provided in the preceding article is ensured by the Central Bank services responsible for information system security.

Article 25 An electronic signature verification device must be evaluated and may be certified as conforming, according to the procedures defined by the Regulation and mentioned in paragraph 2 of Article 23 above, if it allows: to guarantee the identity between the electronic signature verification data used and those brought to the knowledge of the verifier; to ensure the accuracy of the electronic signature; to determine with certainty the conditions and duration of validity of the electronic certificate used as well as the identity of the signatory; to detect any modification having an impact on the conditions for verifying the electronic signature.

Article 26 An electronic certificate may be regarded as qualified only if it is issued by a qualified electronic certification service provider and includes: a mention indicating that this certificate is issued as a qualified electronic certificate; the identity of the electronic certification service provider as well as the State in which it is established; the name of the signatory and, if applicable, his capacity; the electronic signature verification data corresponding to the creation data of which it is derived; the indication of the beginning and end of the validity period of the electronic certificate as well as its identity code; the secure electronic signature of the electronic certification service provider issuing the electronic certificate; the conditions for using the electronic certificate, notably the maximum transaction amount for which this certificate can be used.

Article 27 An electronic certification service provider must meet the following requirements: provide proof of the reliability of the electronic certification services it provides; ensure the operation, for the benefit of persons to whom the electronic certificate is issued, of an directory service listing the electronic certificates of persons who request them; ensure the operation of a service allowing the person to whom the electronic certificate was issued, to revoke without delay and with certainty this certificate; ensure that the date and time of issuance and revocation of an electronic certificate can be determined with precision; employ personnel having the knowledge, experience and qualifications necessary for providing electronic certification services; apply appropriate security procedures and use systems and products guaranteeing the technical and cryptographic security of the functions they perform; take any provision likely to avoid falsification of electronic certificates; guarantee the confidentiality of electronic signature creation data during their creation and, if provided to the signatory, refrain from preserving or reproducing these data; ensure that, where both creation and verification data of the electronic signature are provided, the creation data correspond to the verification data; preserve, in electronic form, all information relating to the electronic certificate that may prove necessary for legal proof of electronic certification; use electronic certificate preservation systems guaranteeing that: the introduction and modification of data are reserved solely to persons authorized for this purpose by the provider; public access to an electronic certificate cannot take place without the prior consent of the certificate holder; any modification likely to compromise system security can be detected; verify, on the one hand, the identity of the person to whom an electronic certificate is issued, by requiring him to present an official identity document, on the other hand, the capacity claimed by this person and preserve the characteristics and references of the presented documents to justify this identity and this capacity; ensure at the time of issuance of the electronic certificate that the information it contains is exact and that the signatory identified therein holds the electronic signature creation data corresponding to the verification data contained in the certificate; provide in writing to the person requesting the issuance of an electronic certificate, before concluding a certification service contract and in an easily comprehensible language, the following information: modalities and conditions of use of the certificate, submission or not to the qualification of electronic certification service providers, modalities for contestation and dispute settlement; provide to persons relying on an electronic certificate the information provided in the preceding number; possess sufficient guarantees