Guidelines Concerning Digital Credit for Financial Institutions

GUIDELINES CONCERNING DIGITAL CREDIT FOR FINANCIAL INSTITUTIONS March 17, 2022

Guidelines Concerning Digital Credit For Financial Institutions Page 2 of 19 1.00 INTRODUCTION These guidelines prescribe the internal control and complementary consumer protection requirements for financial institutions pursuant to Sections 39 of the New Financial Institutions Act of 1999 (New FIA) and the Consumer Protection and Market Conduct Regulations No. CBL/RSD/004/2020. These guidelines require all licensed financial institutions and their respective branches and agents to adhere to the minimum standards set forth and implement effective credit risk management controls and consumer protection procedures in digital credit that are applicable to all customers. 1.10 SCOPE These guidelines are applicable to all banks and non-bank financial institutions and licensed mobile money entities intending to offer Digital Credit (hereinafter: Digital Credit Providers). 2.00 CITATION These Guidelines shall be cited as Guidelines Concerning Digital Credit for Financial Institutions in Liberia. 3.00 OBJECTIVES The objectives of these guidelines are to: I. Broaden the scope of financial services and promote financial inclusion to the un-banked and under banked population without risking the safety and soundness of the financial system and standards of consumer protection. II. Prescribe standards by which third parties may be contracted by a financial institution to provide digital credit on behalf of the financial institution through the third-party’s platform; III. Enable financial institutions to carry out digital credit in a cost￾effective and prudent manner;

Guidelines Concerning Digital Credit For Financial Institutions Page 3 of 19 IV. Provide a set of minimum standards of data and network security, customer protection and risk management to be adhered to by financial institutions, their branches and agents in the conduct of digital credit; and V. Mitigate potential risks that may arise from the provision of digital credit. 4.00 DEFINITIONS In these guidelines, the following definitions shall apply, unless the context otherwise stated: I. Central Bank means the Central Bank of Liberia II. Digital Credit as defined in the Consumer Protection & Market Conduct Regulation No. CBL/RSD/004/2020. III. Third-party Service Providers and Operators - are institutions licensed by the Central Bank that are engaged in operating and/or providing services related to e-payment products, schemes or systems, as well as the management of channels like electronic payment gateway, ATM Switch, POS Gateway, E-Commerce Gateway etc., usually acting as an intermediary for multilateral routing, switching and processing of payment transactions; IV. Digital Credit Providers as prescribed in these guidelines shall mean an authorized financial institution as described in Sub-section 1.1 of these guidelines. V. Digital Credit Channel shall mean an interaction channel required to offer Digital Credit product: i. Online channel – customer’s access channel to the products and services made available by the institution through the internet; ii. Mobile channel – customer’s access channel to the products and services made available by the institution through a (GSM USSD/App) network;

Guidelines Concerning Digital Credit For Financial Institutions Page 4 of 19 iii. Other digital channels – customer’s access channels to the products and services made available by the institution other than an online channel or mobile channel; 5.00 PRODUCT APPROVAL PROCESS 5.10 A Digital Credit Provider wishing to provide digital credit shall submit to the Central Bank an application as detailed in the Guidelines concerning the Introduction of Financial Products and Services and any other information that may be required by the Central Bank, including: I. A business plan for the provision of digital credit indicating, at least: i. Description of the product to be offered; ii. Geographical areas that will be covered; iii. Information Communication & Technology (ICT) to be used. II. Description of roles and responsibilities of financial institutions and other third party in the entire digital credit product chain; III. Agreements entered with Third Party Intermediaries and other parties involved in the provision of the intended product; IV. Risk mitigation processes in respect of the digital credit product; V. Terms and conditions for users and copies of proposed customer disclosure documentation and consumer redress process. 5.20 As part of the approval process, Digital Credit Providers shall submit the below: I. A completed questionnaire annexed (I) to these Guidelines, of which it is an integral part, identified with the name ‘[Digital Credit Questionnaire – Institution designation –Product name of the product in question; and II. The design of the alternative disclosure as specified in Sub-section 5.7.5 of the Consumer Protection and Market Conduct Regulation No. CBL/RSD/004/2020.

Guidelines Concerning Digital Credit For Financial Institutions Page 5 of 19 6.00 DIGITAL CREDIT ALTERNATIVE DISCLOSURE REQUIREMENTS 6.10 Digital Credit Providers shall in reference to Sub-sections 5.7 of the Consumer Protection and Market Conduct Regulation No. CBL/RSD/004/2020 adhere to the following disclosure requirements: 6.20 If offering digital credit products and where the digital credit channels used does not allow provision of the Truth-in-lending Disclosure form as prescribed by the Regulations on Consumer Protection and Market Conduct, Digital Credit Providers shall provide specific information to consumers: I. in writing, II. transparent, and III. sequentially broken down in the appropriate number of windows/ screens in a manner that requires a consumer to clearly acknowledge acceptance and understanding of the provided information. 6.30 This alternative disclosure must be made available to consumers before they commit to the product using simple language explaining the meaning of the disclosed information. 6.40Minimum information (key facts) to be provided to a borrower must include: I. loan amount with indication of any prepaid financial charges and the amount received; II. total repayment amount with indication of interest charges and total fees and charges; III. terms of the loan with indication of regular payment amounts and payment frequency; IV. Annual Percentage Rate with indication of Annual Interest Rate and Total cost of credit; V. any other potential additional charges (e.g. overdue loan charges, prepayment, etc.); and VI. consequences in the event of loan default (i.e. actions to be taken by lender). 6.50 When designing alternative disclosure, Digital Credit Providers should be guided by the following principles:

Guidelines Concerning Digital Credit For Financial Institutions Page 6 of 19 I. That products have been tested on Consumer focus group(s)- and adopt design that will incentivize borrowers to read, focus and help understand the key terms and conditions and their obligations; II. use cost-effective tweaks to the menu design, “opt-out” framing, and screens that summarize “key facts” in a clear and simple manner; III. provide consumers a full picture of the price of the loan (the all-in price) before they legally commit to a loan agreement; IV. provide a clear presentation of repayment due dates, amounts, and penalty fees and when they will be assessed; V. present a full accounting of any other products or services that are bundled with the loan (e.g., companion deposit product, mandatory insurance policy); and VI. Provide customers with access to the credit history being generated from their digital loans. 6.60 In addition to the above, all Digital Credit Providers offering a digital credit product for an amount of credit exceeding US$33.00 or its equivalent in Liberian dollars shall be required to provide full Truth-in-lending Disclosure as prescribed in Sub-section 5.70 of the Consumer Protection and Market Conduct Regulation No. CBL/RSD/004/2020. These must be made available to consumers both digitally (e.g. via weblink), and (upon consumer request) physically (e.g. at branch). 7.00 PROHIBITION A Digital Credit Provider shall: I. Not enter into contracts with customers who are not legally eligible to contract, such as due to age or infirmity. II. Not link credit products and not excessively bundle credit products with other services. III. Not include unfair or risky contract clauses in contracts that could be detrimental to consumers.

Guidelines Concerning Digital Credit For Financial Institutions Page 7 of 19 IV. Not include termination fees, penalties or delays to any consumer who wants to switch to a competitor for credit. V. Not automatically extend a credit product once the previous credit has not been paid off without the consumer’s explicit request. VI. Not use platforms/systems/technology that are not approved by the Central Bank of Liberia. 8.00 CREDIT RISK MANAGEMENT 8.10 As a supplement to the Central Bank Risk Management Guideline BSD1/01/10, all Digital Credit Providers shall establish a digital credit risk management framework and seek to: i. identify and classify the risks involved with providing digital credit (and ideally measure risks); ii. evaluate, assess, and analyze the risks; iii. evaluate and plan to minimize these risks; iv. develop risk treatments; and v. monitor and review the results of risk treatment. 8.20 All Digital Credit Providers shall be required to maintain sound and acceptable policies and practices to prudently manage and control their credit portfolio and exposure to credit risks. The credit risk management framework should provide, at minimum, a credit policy and credit review process. 8.30 The risk register should be a living document that is re-assessed and updated on a pre-defined period basis or on occurrence of a major or unexpected event. 8.40 Identified digital credit risks should be added to providers’ risk matrix as part of their risk management framework and used to monitor, report, and reassess risks on an on-going basis. 8.50 Maintain minimum credit records on all borrowers to facilitate periodic internal review of borrower and identification of the borrower. The record shall include name of borrower, age, amount, type of business (where applicable), gender, purpose segment and tenure of credit. 8.60 The credit policy should be clearly documented, and shall delineate the

Guidelines Concerning Digital Credit For Financial Institutions Page 8 of 19 below minimum standards to address data privacy and protection, complaint resolution, responsible pricing and fair and respectful treatment of consumers for digital credit: I. Design and include consumer protection as an objective and customer centricity objectives targeted with features to meet the needs of customer segments, gender or individual customers for whom they are intended. II. Standardize interest rate and fee disclosure. III. Specify limits on collection and data retention periods. IV. Adequate procedures on how and where to complain and timeline for resolution. V. Detailed policies and procedures for granting and collection of digital credit. VI. Clearly define roles and responsibilities of responsible parties. VII. Clearly outline the roles and responsibilities of Third-Party Intermediaries concerning the product. VIII. Analysis of product performance per customer segment and investigate reasons for inactivity or cancellation. IX. The Credit Policy shall outline procedures for Digital credit payments to be made directly to the bank or Mobile Wallet account of the Digital Credit Providers via the platform/system of the Third-Party Intermediary. 9.0 DIGITAL LOAN THRESHOLD No digital loans shall exceed the threshold of US$400 (Four Hundred United States Dollars or its equivalent in Liberian Dollars). 10.0 DISPUTE RESOLUTION 10.1 In addition to the requirements as specified in Section 6.00 of the Consumer Protection and Market Conduct Regulation No. CBL/RSD/004/2020, a Digital Credit Provider shall adopt timely, clear and responsive complaint resolution practices for Digital Credit including the below requirements: I. Describe and forward a summary of In-house dispute resolution mechanisms to all customers.

Guidelines Concerning Digital Credit For Financial Institutions Page 9 of 19 II. There should be no clauses requiring provider to be indemnified for legal fees to enable low-income customers to effectively access recourse mechanisms. III. Provide many channels for customer contractual notifications as possible including mechanisms through which customers interact with Digital Credit Providers, such as SMS channels, agent outlets, in addition to websites and newspaper. 10.2 A Digital Credit Provider must ensure the following: I. Its complaints handling processes and procedures are available to consumers free of charge; II. Make available a dedicated, toll-free number for consumers to discuss/lodge complaints. III. Complaints should be lodged and discussed with a Digital Credit Provider: i. orally or in writing; ii. by multiple channels suitable to the nature, scale and complexity of the financial service provider’s business such as by phone, post, email, website, social media, SMS and via agents and branches; iii. in any event, by the Digital Credit Channel through which the financial service that the complaint relates to has been provided. IV. Staff and agents of financial service providers who interact with consumers must be adequately trained. V. Investigate a complaint fairly, competently, diligently and impartially; VI. Obtain additional information required from the complainant, within the financial service provider and from any relevant third party; VII. Make their decision on the complaint based on a fair and objective assessment of all the circumstances of the case; VIII. Give the consumer reasons for their decision to reject a complaint; and IX. Comply promptly with any redress or remedial action offered to the complainant.

Guidelines Concerning Digital Credit For Financial Institutions Page 10 of 19 10.3 Digital Credit Providers must investigate a complaint as soon as reasonably possible and, in any event, must comply with the following timing requirements, where Day 1 is the date on which the complaint is made: I. Two (2) business days from Day 1: acknowledge receipt of the complaint in writing and tell the complainant by when they can expect a response and by what means; II. At most 10 business days from Day 1: the Digital Credit Provider must advise the complainant in writing of the outcome of the investigation of the complaint and any consequential redress for the complainant. 11.0 LOAN CLASSIFICATION I. Digital credit shall be classified on a daily basis, with the use of a computerized loan tracking system capable of daily monitoring of the status of loan releases, collection and arrears, income accruals and any loan restructurings or refinancing; such system shall be capable of monitoring non-performing loans and portfolio at risk at an institutional, branch and loan officer levels. II. Digital Credit accommodations shall be classified in accordance with CBL Prudential Regulations Regarding Microfinance Lending. 12.0 DATA PRIVACY AND USAGE I. Digital Credit Providers shall document policies and ensure that Third Party Intermediaries use cost-effective methods to the menu design for informed consent with opt-in/opt-out options. II. Digital Credit Providers shall ensure constant review of data privacy standards. III. Digital Credit Providers shall manage Third-party Service Providers and Operators to protect customer data. 13.0 INFORMATION SHARING

Guidelines Concerning Digital Credit For Financial Institutions Page 11 of 19 I. Notwithstanding Section 12.0 above, information on prospective borrower shall be shared amongst Digital Credit Providers to prohibit delinquent borrowers from requesting digital credits from other Digital Credit Providers. 14.0 REPORTING REQUIREMENTS Digital Credit Providers are required to submit to the Central Bank the following reports as specified in the annex below: I. The Digital Credit Provider shall send to the CBL the information elements from Annex 1 reflecting any significant changes that are introduced in the contracting process or in the functionalities of the digital channel used for the provision of a digital credit product. This report shall be submitted at least ten (10) working days before the date foreseen for the entry into force of said changes. II. Monthly classification of loan portfolio in the format prescribed by the Central Bank. III. Monthly Profile Return (MPR) should be submitted by the tenth (10th) day in the succeeding month. The information requested under these Guidelines shall be sent to the Director for Regulation and Supervision Department. 15.0 AMENDMENTS The Central Bank may amend these guidelines from time to time to take in account evolving developments in the digital lending space. These guidelines shall take effect as of March 17, 2022, and remain in force until otherwise advised by the Central Bank. All inquiries concerning these guidelines should be addressed to: Director of Regulation and Supervision Central Bank of Liberia Corner of Lynch and Ashmun Streets Monrovia, Liberia

Guidelines Concerning Digital Credit For Financial Institutions Page 12 of 19 SIGNED: ____________________________________ CENTRAL BANK OF LIBERIA

Guidelines Concerning Digital Credit For Financial Institutions Page 13 of 19 Annex 1. QUESTIONNAIRE 1 Institution identification 1.1 Name 1.2 Code 2 General information on the credit product 2.1 Product name [Product commercial identification] 2.2 Targeted persons [Characterization of the target customer (age group, …)] 2.3 Product sales channels Online Mobile Other channels 2.4 Starting date of product provision via digital channels Mobile Online Other Channels 2.5 Digital channel classification (if applicable) General (customers only) General (customers only) General (customers only) General (for customers and non-customers) General (for customers and non￾customers) General (for customers and non-customers) Specific (customers only) Specific (customers only) Specific (customers only) Specific (for customers and non-customers) Specific (for customers and non￾customers) Specific (for customers and non-customers) 2.6 Identification of the external company that developed the software, if applicable 3 Contracting process and provision of information to the customer Mobile Online Other Channels 3.1 Functionalities available in the contracting process Credit application by the consumer Credit application by the consumer Credit application by the consumer Simulation / Disclosure Simulation / Disclosure Simulation / Disclosure

Guidelines Concerning Digital Credit For Financial Institutions Page 14 of 19 Proposal Conclusion of the credit agreement Conclusion of the credit agreement Conclusion of the credit agreement Indicate any other available functionalities 3.2 (Minimum) time foreseen for the contracting Process 3.3 Phases described to the customer before starting the contracting process Yes No 3.4 Mechanism for the customer to request the copy of the draft credit agreement before the conclusion of the credit agreement 3.5 Access to pre￾contractual information documents (Alternative disclosure and copy of the draft credit agreement) View only View only View only In the 'customer area' In the 'customer area' In the 'customer area' By email By email By email Download Indicate any other applicable 3.6 Means by which the institution checks that the Compulsory scroll through separate screens Compulsory scroll through separate screens Compulsory scroll through separate screens

Guidelines Concerning Digital Credit For Financial Institutions Page 15 of 19 customer has received the pre-contractual information Compulsory opening of a document Compulsory opening of a document Compulsory opening of a document Tick-box 'Read and accepted' Tick-box 'Read and accepted' Tick-box 'Read and accepted' Indicate any other applicable 3.7 Provision of information to the customer on the state of the contracting process Yes No If yes, specify how 3.8 Possibility of the customer uploading the documents required for the process Yes No 3.9 Means by which the concluded credit agreement is made available to the customer In the 'customer area' In the 'customer area' In the 'customer area' By email By email By email Download Indicate any other applicable 3.10 Possibility of withdrawal from the credit agreement directly via digital channels Yes No 3.11 Available means to clarify customers' doubts Chat Help line Help line Help line Warnings FAQs

Guidelines Concerning Digital Credit For Financial Institutions Page 16 of 19 Indicate any other applicable 3.12 Record of timestamps of the contracting process Phases Yes No 4 Security 4.1 Customer authentication procedures for first access Customer's password Customer's password Customer's password Biometric data Biometric data Biometric data Matrix card coordinates Matrix card coordinates Matrix card coordinates Assigned access code Assigned access code Assigned access code One-time password One-time password One-time password Tokens sent to the customer Tokens sent to the customer Tokens sent to the customer PIN Indicate any other applicable 4.2 Customer authentication procedures for subsequent access Password defined by the customer Password defined by the customer Password defined by the customer Biometric data Biometric data Biometric data Matrix card coordinates Matrix card coordinates Matrix card coordinates Assigned access code Assigned access code Assigned access code One-time password One-time password One-time password Tokens sent to the customer Tokens sent to the customer Tokens sent to the customer PIN Indicate any other applicable 4.3 Security mechanisms incorporated in digital channels Inactivity time￾out Inactivity time-out Inactivity time￾out Validation via SMS Validation via SMS Validation via SMS Indication of last login date Indication of last login date Indication of last login date Digital channel cipher/encryption Digital channel cipher/encryption Digital channel cipher/encryption

Guidelines Concerning Digital Credit For Financial Institutions Page 17 of 19 Data integrity in the digital channel Data integrity in the digital channel Data integrity in the digital channel Integrity of data stored in the institution's servers Integrity of data stored in the institution's servers Integrity of data stored in the institution's servers Indicate any other applicable 5 Other elements

Guidelines Concerning Digital Credit For Financial Institutions Page 18 of 19 Annex 2. Monthly Profile Return (MPR) Financial Institution: Reporting Month: Date of submission: Prepare by: Male Female LRD USD LRD USD Indicators Current month Current month Number of Customers Number of Active Customers Number of Borrowers Number of Active Borrowers % of Borrowers Number of Delinquent Borrowers Value/Volume LRD Value/Volume USD Value/Volume LRD Value/Volume USD Volume of Loans Disbursed Value of Loans Disbursed Volume of Loan Outstanding

Guidelines Concerning Digital Credit For Financial Institutions Page 19 of 19 Value of Loan Outstanding Value of Par>30 Volume of Payments in Arrears> 30 Day Value of Payments in Arrears> 30 Day Par>30 (%) Volume of Loans Written off Value of Loans Written off Current Portfolio: Principal Outstanding Interest Outstanding Average Loan Per Borrower Portfolio at risk=Par