LogoRegulatory Alerts
2022-05-22

Ministerial Resolution No. 36 of 2019 on the Executive Bylaws of Law No. 9 of 2019 Regulating Credit Information Exchange

The Kuwaiti Minister of Finance, acting on the Central Bank of Kuwait’s proposal, issued executive bylaws that establish comprehensive licensing and operational frameworks for credit information companies. The regulations mandate strict data accuracy, secure automated systems, and a structured complaint resolution process requiring customers to file disputes within fifteen days while companies investigate and rectify errors promptly. Furthermore, the bylaws impose ongoing Central Bank supervision over data retention, service pricing, and risk management to ensure transparency and reliability in the national credit information exchange.

Central Bank of Kuwait logo

Kuwait

Central Bank of Kuwait

Click to view thumbnail

CHAPTER ONE: The Law Regulating the Exchange of Credit Information, and its Executive Bylaws THE LAW REGULATING THE EXCHANGE OF CREDIT INFORMATION, AND ITS EXECUTIVE BYLAWS. 2) The Ministerial Resolution No. 36 of 2019 Regarding the Issuance of the Executive Bylaws of Law No. 9 of 2019 Regulating the Exchange of Credit Information. 1 Ministry of Finance Ministerial Resolution No. 36 of 2019 (1) Regarding the Issuance of the Executive Bylaws of Law No. 9 of 2019 Regulating the Exchange of Credit Information The Minister of Finance Having reviewed the Law No. 9 of 2019 Regulating the Exchange of Credit Information, and based on the proposal by the Central Bank of Kuwait, Resolved: Article (1) The attached provisions of the executive bylaws of the Law No. 9 of 2019 regulating the Exchange of Credit Information shall apply. Article (2) This resolution shall come into effect from the date of its publication in the official gazette. Minister of Finance Dr. Nayef Falah Al-Hajraf Issued on Thulhijja 4, 1440 H., Coinciding with August 5, 2019

(1) Published in Al-Kuwait Al-Youm, Edition No. 1459, 65th Year, on Sunday, Thul-Hijja 24, 1440 H. corresponding to 25/08/2019.

CHAPTER ONE: The Law Regulating the Exchange of Credit Information, and its Executive Bylaws THE LAW REGULATING THE EXCHANGE OF CREDIT INFORMATION, AND ITS EXECUTIVE BYLAWS. 2) The Ministerial Resolution No. 36 of 2019 Regarding the Issuance of the Executive Bylaws of Law No. 9 of 2019 Regulating the Exchange of Credit Information. 2 The Executive Bylaws of Law the No. 9 of 2019 Regulating the Exchange of Credit Information(1) Chapter One: Rules and Terms for licensing a Credit Information Company Article (1) A register of the licensed credit information companies is prepared by, and maintained with, the Central Bank of Kuwait (CBK). The CBK’s Board of Directors shall specify the required data/information to be included in this register. Article (2) Applications for establishing credit information companies shall be submitted to the CBK along with the following:

  1. Name and address of the applicant.
  2. Market and feasibility studies for the establishment of the company setting out its objectives, services, service pricing mechanism and organizational structure.
  3. A copy of the company’s memorandum and articles of association, a statement of the founders and their qualifications, experiences and equity stake.
  4. Value of the company’s capital.
  5. Proposed name of the company.
  6. Any other information, data or documents requested by the CBK. The applications shall be presented to the CBK’s Board of Directors for initial approval or rejection, taking into consideration the market’s need for establishing such a company. Article (3) The company should complete the establishment formalities within a period of six months from the date of the CBK’s initial approval. This period may be extended for a similar period/periods subject to CBK’s prior approval based on a written request setting out the justifications for such an extension. Article (4) Upon completion of the establishment formalities, the company should submit to the CBK an application for obtaining a license to be engaged in the activities of credit reporting and credit rating services, and enlisted in the credit information companies register with the CBK, subject to payment of the charges determined by virtue of a decision of the CBK’s Board of Directors. The application should be accompanied with the following documents:

(1) Published in Al-Kuwait Al-Youm, Edition No. 1459, 65th Year, on Sunday, Thul-Hijja 24, 1440 H. corresponding to 25/08/2019.

CHAPTER ONE: The Law Regulating the Exchange of Credit Information, and its Executive Bylaws THE LAW REGULATING THE EXCHANGE OF CREDIT INFORMATION, AND ITS EXECUTIVE BYLAWS. 2) The Ministerial Resolution No. 36 of 2019 Regarding the Issuance of the Executive Bylaws of Law No. 9 of 2019 Regulating the Exchange of Credit Information. 3

  1. Ministry of Commerce and Industry’s decision approving the establishment of the company.
  2. An authenticated copy of company’s memorandum and articles of association.
  3. The opening balance sheet approved by the auditor.
  4. A copy of the minutes of the company’s general assembly appointing the Board of Directors, the decisions issued by the Board of Directors electing the Chairman and appointing the company’s Chief Executive Officer, his deputies and assistants, subject to fulfillment of the requirements of Article (9) of the Law.
  5. A proof that the systems and technical equipment necessary for the operations of the company are available, including: a) Advanced and secure communication channels for exchanging data and information. b) Protection systems and insurance of all the company’s assets to ensure full protection of data and information. c) The company’s manuals for operating procedures, and risk management policies and measures including those for reducing the operational and legal risks associated with its activities. d) Disaster recovery and data/information restoration plans to be applied in case of emergency.
  6. Any other information, data or documents requested by the CBK. Article (5) The CBK’s Board of Directors shall issue a decision to list the company in the Register to be licensed to carry out credit reporting and credit rating services. The decision shall be published in the official gazette and the concerned company shall be notified thereof. The company shall not initiate its business before registration thereof in the register. Article (6) The companies registered in the Register of Credit Information Companies should notify the CBK of any intended amendment to their memorandum or articles of association. In case of the CBK’s initial approval of such amendments, the necessary procedures shall be taken to finalize the same in accordance with the provisions of the Companies Law.

CHAPTER ONE: The Law Regulating the Exchange of Credit Information, and its Executive Bylaws THE LAW REGULATING THE EXCHANGE OF CREDIT INFORMATION, AND ITS EXECUTIVE BYLAWS. 2) The Ministerial Resolution No. 36 of 2019 Regarding the Issuance of the Executive Bylaws of Law No. 9 of 2019 Regulating the Exchange of Credit Information. 4 As for the other amendments to be noted in the register, and do not require a corresponding amendment in the memorandum or articles of association, approval of the CBK’s Governor to amend the relevant entities shall be sufficient. Such amendment shall be issued by a decision from CBK’s Governor, and may not be implemented until after it is entered in the register with the Central Bank. Article (7) In accordance with the provisions of the Companies Law, the company may not cease its activity or merge with another company without the CBK’s prior approval. The CBK shall lay down the mechanism for transferring the credit data, information reports maintained by it, once expired, to the CBK. Chapter Two: Rules for Exchanging Credit Information Article (8) The purpose of the inquiry must be legitimate in order to obtain a credit report. For example:

  1. Issuance of a judicial ruling or court order.
  2. Granting, renewing or rescheduling loans, financing and credit facilities operations.
  3. Acceptance of guarantee or collateral.
  4. Evaluating creditworthiness, assigning credit ratings, and reviewing credit position of the credit applicant to assess his/her credit risk. Article (9) The inquirer is obliged to follow the company’s procedures to obtain the inquired credit data and information report, as follows: a) Submit the application according to the approved mechanisms. b) Adhere to the method and conditionsspecified by the company to obtain credit information reports. c) Pay the prescribed charges. d) Use the credit information report for the purpose for which it is requested, and not divulge the information and data contained therein to any third party.

CHAPTER ONE: The Law Regulating the Exchange of Credit Information, and its Executive Bylaws THE LAW REGULATING THE EXCHANGE OF CREDIT INFORMATION, AND ITS EXECUTIVE BYLAWS. 2) The Ministerial Resolution No. 36 of 2019 Regarding the Issuance of the Executive Bylaws of Law No. 9 of 2019 Regulating the Exchange of Credit Information. 5 Article (10) Information and data providers must: a) Provide the company with customers’ data and credit information in accordance with the company’s procedures and rules approved by the CBK. b) Configure their systems to ensure that their customers’ credit data and information are provided to the company, and bear full responsibility for the accuracy, completeness and the update of data and information thereof in line with the forms and mechanisms that conform to the company’s procedures. c) Notify the company of any legal action taken against customers within, at least, ten business days from the date such action is taken, in accordance with the company’s applicable procedures and process. d) Notify the customers of their credit information as included in the credit information report. Chapter Three: Complaints Article (11) The customer shall have the right to submit a complaint to the company on the designated form in accordance with the company’s procedures,within fifteen days from the date of being notified of the report to object to the validity of the information and data in his/her credit information report. The company should, within three business days from the date of receiving the complaint, include the complaint in the automated system designated for registering complaints. Article (12) The company should, within fifteen days from the date of receiving the complaint, investigate the complaint and take the necessary actions to rectify any of the information and data in the credit information report, if an error is identified in the operations and processing carried out by the company, and notify the customer and the inquirer of the same. In case the company finds an error in the information and data submitted to it, the information and data provider should be notified, within five days from the date of receiving the complaint, to investigate the complaint and, accordingly, take the necessary corrective actions and inform the company of the same within three days. In all circumstances, the company should notify the customer no later than fifteen days from the date of receiving the complaint.

CHAPTER ONE: The Law Regulating the Exchange of Credit Information, and its Executive Bylaws THE LAW REGULATING THE EXCHANGE OF CREDIT INFORMATION, AND ITS EXECUTIVE BYLAWS. 2) The Ministerial Resolution No. 36 of 2019 Regarding the Issuance of the Executive Bylaws of Law No. 9 of 2019 Regulating the Exchange of Credit Information. 6 In case significant amendments were made to the credit information report as a result of investigation of the complaint by the company or the information and data provider, all inquirers, who previously inquired about, and obtain, the credit information report should be notified of such amendments within the three-month period before such amendments are processed. Article (13) Credit information reports issued during the investigation of the complaint should mention that a complaint is submitted and still under investigation. Article (14) The customer may file an appeal to the CBK within fifteen days from the date of receiving the result of investigation of his/her complaint. The Central Bank shall make a decision within fifteen days of the appeal. Chapter Four: The Rules governing the Company’s Business, Operations and Data Processing Article (15) The company shall: a) Introduce advanced automated systems and apply the necessary measures to ensure the confidentiality of information and data, and prevent illegal or unauthorized misuse thereof/access thereto. b) Not store or save customers’ information or data with any entity without CBK’s prior approval. c) Develop the matrix of authorities, and policies and procedures for the good conduct of the company’s business, including the rules, standards and technical channels to facilitate the exchange of information in accordance with the provisions of this law, and review thereof on a periodic basis to ensure the integrity of the databases. d) Issue standard forms for inquiries and credit information reports and set out the procedures to be followed in this regard. e) Prepare customers’ data and information forms to be adhered to by the credit data and information providers to ensure their completeness and soundness. f) Endorse corrective measures for any error identified in data and information resulting from data collection and processing, and develop the appropriate process for informing the concerned parties of such errors.

CHAPTER ONE: The Law Regulating the Exchange of Credit Information, and its Executive Bylaws THE LAW REGULATING THE EXCHANGE OF CREDIT INFORMATION, AND ITS EXECUTIVE BYLAWS. 2) The Ministerial Resolution No. 36 of 2019 Regarding the Issuance of the Executive Bylaws of Law No. 9 of 2019 Regulating the Exchange of Credit Information. 7 g) Develop a list of the services provided by the company including the charges for each service, and publish the CBK approved list on the company’s website. h) Publish the process and forms for submitting complaints on the company’s website. Article (16) The company must keep records of credit information and data for paid loans and financing facilities for at least ten years. Article (17) The company must have the latest equipment and technical channels for setting up and operating the systems and databases in accordance with international best practices in the field of information security and risk management. Article (18) The company should develop the systems and procedures for collecting, matching, recording, processing and analyzing customers’ credit information and data in a manner that ensures achievement of the company’s objectives. Article (19) The company must develop a customer credit rating system to be approved by the Central Bank of Kuwait in order to provide a digital rating according to statistical principles based on the current and historical credit behavior of the customer to assign the level of risk associated with the customer’s payment of future obligations. The company must also obtain the CBK’s prior approval before launching any new service or product. Article (20) The company should take the necessary actions to ensure the security of information and the confidentiality of data, and review these measures periodically. These measures should include, at a minimum, the following: a) Installing a physical security system to protect the site of databases and operation systems against all risks. b) Establishing an alternative emergency center for the company to face any potential risks or disasters, and conducting the periodic tests to ensure the readiness thereof.

CHAPTER ONE: The Law Regulating the Exchange of Credit Information, and its Executive Bylaws THE LAW REGULATING THE EXCHANGE OF CREDIT INFORMATION, AND ITS EXECUTIVE BYLAWS. 2) The Ministerial Resolution No. 36 of 2019 Regarding the Issuance of the Executive Bylaws of Law No. 9 of 2019 Regulating the Exchange of Credit Information. 8 c) Introducing backup systems and developing plans for safe retrieval of information and data to ensure business continuity in case of an emergency. d) Providing secure communication channels for exchanging information and data. e) Introducing protection systems/applications for programs and databases, and developing a contingency plan to avoid hacking/breaches. f) Establishing effective operational controls over the use of automated systems, databases and the privileges to access these systems. Chapter Five: Providing Information and Data Article (21) Information and data providers are responsible for the accuracy and integrity of data and information provided to the company, and must adhere to the rules and procedures adopted by the company in this regard. Chapter Six: Supervision over Company Article (22) The company’s activities are subject to the offsite and onsite supervision of the Central Bank of Kuwait to monitor compliance with the applicable laws and rules. The CBK has the right to request information, data and reports that ensure supervision over the company’s activities on the specific dates. Article (23) The Central Bank has the right to access, at any time, the company’s credit reporting system for obtaining credit data and information, and examining the systems to assess its efficiency, reliability, and compliance with the law, its executive bylaws and instructions issued in this regard. Article (24) The company should determine the charges for its services in proportion to the actual cost of each service, provided that prior approval must be obtained from the Central Bank on these charges or upon modification thereof. Article (25) The company should submit to the Central Bank its year-end financial statements, within three months as of the end of its fiscal year.

CHAPTER ONE: The Law Regulating the Exchange of Credit Information, and its Executive Bylaws THE LAW REGULATING THE EXCHANGE OF CREDIT INFORMATION, AND ITS EXECUTIVE BYLAWS. 2) The Ministerial Resolution No. 36 of 2019 Regarding the Issuance of the Executive Bylaws of Law No. 9 of 2019 Regulating the Exchange of Credit Information. 9 Article (26) The company must immediately notify the Central Bank of any breach of its systems and the procedures taken to mitigate operational and legal risks related to its activities. Article (27) The Governor of the Central Bank may, whenever necessary, instruct the company to suspend its business. The company, however, may resume its operations by virtue of instructions issued by the Governor after verifying that the necessary measures have been taken. Chapter Seven: General Provisions Article (28) After obtaining the CBK’s opinion, the Ministry issues instructions to companies and institutions subject to its supervision regarding the rules and controls of credit facilities connected to installment-based sales of goods and services in line with the CBK’s instructions regarding the rules for granting consumer loans and financing facilities. Article (29) Taking into consideration the provisions of the Companies Law, the credit information company in business when this law comes into effect shall adjust its status and be listed in the register with the CBK within a maximum period of six months from issue of these executive bylaws, and submit its adjustment plan to the CBK along with the decisions of its General Assembly concerning the phases of implementation of the measures to be taken as per a preset timeframe. Article (30) Upon completion of the adjustment plan, the company should apply for registration in the Register of Credit Information Companies with the Central Bank. Article (31) The Central Bank of Kuwait lays down the rules for transferring data and information available in its Center of Risk System to the company, and the rules for the CBK to obtain all credit data and information available in the company’s database.

Share