Capital Markets and Securities Authority Electronic Trading Guidelines 2015

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 March 2011 TANZANIA CAPITAL MARKETS AND SECURITIES (ELECTRONIC TRADING) GUIDELINES 2015 TABLE OF CONTENTS Guidelines

1. Citation and commencement
2. Definitions
3. Approval of Authority required
4. Trading in listed securities
5. Application
6. Certificate of registration
7. Effect of refusal of registration
8. Renewal of registration
9. Suspension of registration
10. Cancellation of registration
11. Automatic cancellation of registration
12. Security of data
13. Operational capacity
14. Systems modification
15. Client information
16. Duplicate orders
17. Independent assessment
18. Order/trade confirmation
19. Investment advice
20. Outsourcing
21. Monthly reporting
22. Cooperation with Authority
23. Collective investment schemes
24. Offer of securities
25. Electronic prospectus

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 1 Jan 2015 DRAFT CAPITAL MARKETS AND SECURITIES AUTHORITY (ELECTRONIC TRADING) GUIDELINES 2015 IN EXERCISE of the powers conferred by ………….of the Capital Markets and Securities Authority Act 1994, the Capital Markets and Securities Authority has made the following guidelines –

1. Citation and commencement These guidelines may be cited as the Capital Markets and Securities (Electronic Trading) Regulations 2015 and shall come into operation on ………………..2015.
2. Definitions In these guidelines, unless the context requires otherwise, “Act” means the Capital Markets and Securities Act 1994; “Authority” means the Authority established under the Act. “Dealer” means a -dealer licensed by the Authority under the Capital Markets and Securities Act; “Dealer services” means the provision of services by a broker￾dealer as an agent for his clients in connection with their purchase or sale of securities, and includes the provision of any other matter reasonably incidental or ancillary to the provision of such services; “collective investment scheme” has the same meaning ascribed to it under the s2 of the Act; “electronic communications network” means a computer network that electronically matches the orders of buyers and sellers of securities; “electronic prospectus” means a prospectus relating to an offer of securities to the public which is distributed via the Internet, a computer network, CD-ROMs, floppy disks or any other electronic medium;

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 2 Jan 2015 “investment adviser” means an investment adviser licensed under the Act, and “investment advisory services” shall be construed accordingly; “electronic securities services provider” means any person approved by the Authority to offer securities services through an electronic platform in securities; “listed securities” means securities that have been listed or admitted to trading on a securities exchange; “other electronic medium” means hand held or wireless, or voice activated or SMS messaging, trading or communications devices; and “Securities exchange” has the same meaning ascribed to it in section 2 of the Act. 3. Approval of Authority required (1) No person may offer securities services in Tanzania through the Mobile Phone, Internet or other electronic medium without the prior written approval of the Authority. (2) No person may, for remuneration, offer Dealer services or investment advisory services in respect of a security or units of a collective investment scheme in Tanzania through the mobile phone, internet or other electronic medium without the prior approval of the Authority. (3) No person may offer a security or units of a collective investment scheme for sale in Tanzania through the Mobile Phone, Internet or other electronic medium other than in compliance with these guidelines. (4) Securities services or offer of securities or units of a collective investment scheme for sale will be deemed to be taking place in Tanzania if – (a) it is provided by an organisation located in Tanzania; or (b) it is targeted at Tanzania investors.

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 3 Jan 2015 4. Trading in listed securities (1) The Authority will not grant permission to any mobile, internet trading service that facilitates the trading of securities listed in Tanzania other than through a securities exchange in compliance with its rules. (2) Securities exchanges may provide electronic trading services to dealers that use a service supplied by the exchange provided that they comply with these guidelines and obtain the prior written approval of the Authority. (3) Dealers and electronic securities services providers may supply their own electronic communication services provided that they comply with these guidelines and obtain the prior written approval of the Authority. (4) Dealers and electronic securities services providers may use mobile phone, internet services supplied by other organisations (computer and/or internet service providers) provided that they comply with these guidelines and obtain the prior written approval of the Authority. (5) Applicants shall provide details of the service to be provided and shall demonstrate compliance with these guidelines. (6) Applicants shall have the systems, controls and procedures of the electronic services independently audited by a systems audit firm approved by the Authority prior to consideration of the application by the Authority. 5. Application (1) An application for registration as an electronic securities service provider shall be made in such form and contain such information as the Authority may from time to time require. (2) An application for registration as an electronic securities service provider shall be accompanied by such fee as shall be prescribed from time to time by the Authority.

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 4 Jan 2015 (3) An application for registration as an electronic securities service provider shall at the minimum include details of satisfactory arrangements that are in place to – (a) ensure confidentiality of information in such a way that information is only accessible to an authorized person or system; and in particular that satisfactory measures are in place to prevent – (i) unwanted disclosure of personal data, transactions, activity and presence on the electronic system; (ii) misappropriation of identification; (iii) impersonation, leading to unauthorised (illegal) transactions; (iv) unauthorised usage and inability to detect such malpractices in a timely fashion and/or identify the perpetrator; (v) attacks from third parties designed to interrupt the service or aimed at the service becoming an agent for an attack against another electronic communication system; (vi) analysis of data by unauthorized third parties; (b) safeguard the integrity of the service including controls to prevent – (i) non-compliance with rules and regulations issued by the Authority, leading to illegal transactions, fraud or malpractice; (ii) presentation of incorrect data, whether unintentionally or maliciously; (iii) false presentation, or the use of incomplete information for transactions; (iv) manipulation of data; (v) viruses, leading to loss of data, unauthorized access to or manipulation of data, unavailability or threat of unavailability of systems; (vi) cyber extortion, selling data stolen from (or illegally obtained from) service providers; (c) ensure the availability of the service in the event that – (i) the site is not reachable, and that there is no possibility to get or to give information;

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 5 Jan 2015 (ii) that parts of the site are not reachable either through a denial of service, attack or lack of capacity; or (iii) that the provider of the service is unable to give timely access to the site or parts of the site; (d) ensure that satisfactory alternative arrangements and contingency plans are in place to ensure that business can continue in the event of a large-scale disruption; (e) ensure that the identity of the person or system accessing the service is properly verified by the use of PINs, passwords, electronic signatures which comply with the required authentication methods or such other approved mechanism so as to exclude unauthorized access; (f) ensure that satisfactory arrangements are in place so that a Dealer can at all times uniquely identify each and every order during the different stages of processing; (g) ensure that orders placed through its systems are fairly allocated in accordance with the rules of the relevant securities exchange where applicable; (h) ensure there is a clear audit trail to address risks arising from – (i) the opening, modification or closing of a client account; (ii) any transaction with significant financial consequences; (iii) any authorisation granted to a client to exceed a limit; (iv) any granting, modification or revocation of systems access rights or privileges. (4) A Dealer or electronic securities services provider applicant shall– (a) have an agreement with clients to whom it offers electronic securities services that contains appropriate and prominent risk disclosures highlighting the risks associated with electronic transactions;

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 6 Jan 2015 (b) have appropriate arrangements in place to assess a client’s suitability to undertake securities transactions; (c) have appropriate arrangements in place to approve a client’s account for day trading; (d) display a prominent statement on its system which indicates as “This mobile phone, electronic medium has been approved by the Capital Markets and Securities Authority. The Authority shall not be liable to any action in damages suffered as a result of this approval”; (e) have adequate risk management systems for controlling exposure to clients; (f) have an adequate number of suitably qualified staff under the control of a senior manager to control and monitor transactions and render clients services in accordance with the rules and regulations; (g) either have suitably qualified staff to operate and maintain the systems used for electronic securities services or have an irrevocable agreement with a suitably qualified third party provider for the operation and maintenance of those systems; (h) be responsible for settlement of each and every trade executed through the electronic communication service that it utilises. (5) A securities exchange may specify its own requirements, in addition to these guidelines for allowing a dealer to connect to a system operated by the exchange. (6) A dealer or electronic securities services provider applicant shall provide the Authority with details as to how it will satisfy itself as to the true identity of a person opening an account and what measures it intends to take to ensure that the account will be maintained and operated by the person opening the account. (7) An application for approval of electronic securities services to be operated on behalf of a dealer or electronic securities services

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 7 Jan 2015 provider shall be accompanied by a statement from the dealer or electronic securities services provider detailing the contingency arrangements that will be put into effect in the event that the supplier of the service is unable to continue to provide the service. (8) An application for approval for an electronic securities services shall be accompanied by a copy of the report of the audit required under clause 4(6). 6. Certificate of registration (1) The Authority may, if it is satisfied that the applicant is eligible for registration as an electronic securities services provider, grant a certificate of registration to the applicant on payment of the prescribed fee. (2) The certificate of registration as an electronic services provider shall be valid for three years. (3) The Authority shall not be liable to any action in damages suffered as a result of its registration or non-registration of an applicant as an electronic service provider. 7. Payment of registration fees (1) In addition to the requirements set out in clause 5 the validity of the certificate of registration shall be subject to payment of fees as prescribed from time to time by the Authority. (2) Requirements of these guidelines as they apply to initial registration shall also apply throughout the continued validity of the registration. 8. Renewal of Registration An application for renewal of registration shall be made three months prior to the expiration of the certificate of registration and shall be accompanied by such fee as shall be prescribed by the Authority 9. Suspension of registration (1) The Authority may, if it considers it necessary or in the public interest to do so, by order in writing, suspend the registration of

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 8 Jan 2015 electronic service provider or place restrictions on the use of the service for such period as may be specified in the order or impose on the electronic service provider a fine not exceeding shillings 200 million where the Authority is of the opinion that a mobile phone, internet trading service provider – (a) has failed to remain in compliance with any conditions subject to which certificate of registration was granted under these regulations; (b) has otherwise failed to comply with any requirement of the Act or of any regulations or direction made or given thereunder; (c) has failed to furnish such information related to the internet trading service as may be required by the Authority; (d) has failed to submit periodical returns as required by the Authority; (e) has furnished wrong, false or misleading information; (f) has not co-operated in any enquiry or inspection conducted by the Authority; or (g) has had its certificate of registration to operate as an electronic securities service provider suspended by the Authority. (2) Provided that no such order shall be made except after giving the service provider an opportunity of being heard. 10. Cancellation of registration (1) The Authority may, if it considers necessary for the protection of investors so to do, make an order in writing, cancel the registration of the service provider where the Authority is of the opinion that the cause of suspension of registration under clause 9 continues during the period of such suspension, or electronic service provider whose registration has been suspended – (a) has been found guilty of fraud, or convicted of a criminal offence; (b) has had its registration to operate as an electronic securities services provider cancelled by the Authority; (c) has not complied with a direction of the Authority. (2) Provided that no such order shall be made except after giving the electronic service provider an opportunity of being heard.

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 9 Jan 2015 11. Automatic cancellation of registration A certificate of registration granted under these guidelines shall stand cancelled automatically if an electronic securities service provider to whom such certificate has been granted – (a) ceases to be an electronic securities services provider; (b) voluntarily surrenders the certificate of registration to the Authority; or (c) is wound up by a Court order. (d) fails to apply for renewal of registration within the period prescribed under clause 8 12. Security of data (1) To reduce the risk of third party interception of information sent between a client's device and the system of an electronic securities service provider, the system shall to use some form of encryption. (2) The encryption shall apply to all orders being entered and to any communication with clients that contains confidential information. (3) The system shall use a firewall to prevent intrusions by unauthorized persons including crackers or hackers, who may obtain unauthorized access to a computer system by bypassing passwords or otherwise breaching computer security. (4) The system shall enable configuration to allow auto-logoff in case of inactivity of the electronic device. (5) Electronic securities service providers shall demonstrate that they have in place a written security policy based on or containing these guidelines as part of their security policy. 13. Operational Capacity Operational capacity shall be re-evaluated at regular intervals and internet trading service providers shall give the Authority details of the procedures for undertaking such an evaluation, the time at which such an evaluation will be undertaken, and a copy of the results of such evaluation. 14. Systems Modification Mobile Phone, electronic securities service providers shall provide the Authority, in advance, with information relating to any significant

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 10 Jan 2015 changes to its systems or any changes to the functionality of its systems identifying the areas and the reasons for the change. In the event that the changes to the system are deemed to be material, the electronic service provider shall lodge with the Authority a copy of its testing and implementation strategies. In addition, the Authority may be present and participate during testing of the systems before the changes are introduced into live operation. 15. Client information (1) Any electronic securities service system accessed by clients shall provide the following information in plain English and Kiswahili language and in an easily accessible form – (a) a basic explanation of securities trading; including definitions of common terms used on the screen of the electronic device; (b) a general statement and information regarding the manner in which orders are accepted, processed, settled and cleared electronic device; (c) disclosure about the risks of securities trading, including the risk of systems outages and failures and any alternative means of placing orders; (d) procedures to cancel pending orders during a system failure; (e) a glossary explaining key investment terms and concepts such as: (i) the differences between the various types of orders that may be placed (including a market order, a limit order); (ii) notice that a market order may be executed at a price higher or lower than the quote displayed on the website at the time of order entry; (iii) an explanation of how the client's orders are executed; (iv) any situations in which clients may not receive an execution; (v) any restrictions on the types of orders that clients can place; and (vi) how market volatility can affect clients' orders. (f) the regulations affecting client/dealer relationship, arbitration rules, investor protection rules. (g) a hyperlink to the website/page on the website of the relevant securities exchange displaying guidelines rules/regulations/circulars.

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 11 Jan 2015 (h) a “Terms of Use” policy document which shall be approved by the Authority. (2) Ticker/quote/order book displayed on the system shall display the time stamp as well as the source of such information against the given information. 16. Duplicate orders The system shall have mechanisms to prevent executions of unintended duplicate orders. 17. Independent assessment The Authority may employ technical experts to undertake an independent assessment of the operational capacity and security of a system, for which approval is sought, and may charge to the applicant the costs incurred, subject to the applicant agreeing in advance to a maximum charge. 18. Order/Trade Confirmation (1) Trade confirmations and contract notes shall be sent to the client. Subject to the rules of the securities exchange where applicable, these may be sent by email or sms on condition that the dealer – (a) notifies the Authority and the exchange concerned of the intention to use electronic trade confirmations and/or contract notes one month in advance; and (b) obtains prior written consent from the clients concerned. (2) Any trade confirmations and/or contract notes sent by email or sms shall be digitally signed by electronic signature. 19. Investment Advice (1) No person shall offer investment advice electronically for payment unless they are licensed by the Authority to provide such advise. (2) Dealers may sponsor chat rooms or bulletin boards for clients or anyone online (collectively referred to as "forums") where specific recommendations are made by participants in response to questions posed by other participants, provided that – (a) the following disclaimer is made prominently at the forum's point of entry and on the banner along with the dealer's name and/or logo indicating as follows:

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 12 Jan 2015 (i) “the dealer does not intend to make or endorse the recommendations made in the forums; (ii) that information on this site does not constitute advice and shall be treated with caution as whatever is entered represents only the opinion of the persons taking part; and (b) if dealers arrange for third parties to participate in the forums, the broker-dealer discloses the identity and professional experience of such participants and any compensation arrangements and any other association the dealer has with such participants”. 20. Outsourcing (1) Notwithstanding entering into outsourcing arrangements with a third party supplier of electronic services, dealers and electronic communications networks shall not contract out of their core functions and regulatory obligations. (2) Dealers and electronic securities shall consider the following matters when negotiating an outsourcing arrangement – (a) notification and reporting requirements; (b) the kind of access that might be needed by the dealer or electronic securities services provider, its auditor, the Authority; (c) intellectual property and information ownership rights, confidentiality agreements and Chinese Walls; (d) the need for, and adequacy of, any guarantees or indemnities; (e) compliance with the dealer’s or Electronic Communications Network’s own policies, for example on information security; (f) arrangements to ensure business continuity and the extent to which facilities that provide the outsourcing are or are not available to provide business continuity for third parties; (g) approval process for changes to outsourcing arrangements; and (h) agreed conditions for terminating outsourcing arrangements. (3) The Authority will expect dealers and electronic entering into outsourcing arrangements with a supplier of internet trading services to enter into a service level agreement that includes – (a) qualitative and quantitative performance targets;

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 13 Jan 2015 (b) evaluation of performance, for example by third parties, internal audits, self certification; and (c) remedial action and escalation processes for dealing with inadequate performance. (4) A dealer or electronic securities provider that enters into an outsourcing arrangement with a supplier of electronic securities services shall have appropriate contingency arrangements in place in the event that the supplier of the service is unable to continue to provide a service. 21. Monthly reporting (1) Electronic securities service providers shall provide monthly reports to the Authority on the reliability of the service. (2) These reports shall show – (a) the number of users of the system as at the end of the month as follows: (i) for securities exchanges, the number of dealers; (ii) for dealers and electronic securities, the number of clients. (b) the daily average number of transactions (of all types) processed by the system during the month and the highest number of transactions processed by the system on a single day during the month; (c) the percentage of the scheduled time for availability for which the service was not available; and (d) the reason for non-availability. 22. Cooperation with Authority (1) To assist the Authority in investigating instances of suspected insider trading, market manipulation, or other market abuses, Electronic securities service providers shall provide full and prompt responses to all requests for information by the Authority. (2) Information displayed on the website of an internet trading service provider shall be kept in an accessible form for a minimum of twelve months.

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 14 Jan 2015 23. Collective Investment Schemes (1) Every advertisement for a collective investment scheme targeting investors in Tanzania shall comply with the Capital Markets Authority (Advertisements) Regulations G.N. No. 15 of 1997 and a hard copy of the relevant electronic system shall be submitted to the Authority. (2) If the website supports multimedia presentation then a script and description of the presentation shall also be submitted. (3) Advertisements shall not be false, misleading, disparaging or deceptive. Information on the website is required to be updated and current, and outdated information is required to be appropriately removed or archived in order to avoid confusion. (4) With regard to dealings in units of collective investment schemes on the Internet, all the proper operational procedures, including client identity authentication, shall be followed and all applicable regulations complied with. (5) Where information or documents are required to be delivered to holders of interests in collective investment schemes, such notices may be delivered by any media provided that the media permits effective communication and the investors concerned have consented to the use of the specified media for the delivery of specified communications. (6) Where information or documents are distributed by electronic means to investors in accordance with their consent, the Authority requires that paper copies are made available to these investors if they revoke their consent and ask to obtain paper copies. (7) Documents on a website shall remain available for as long as it is necessary for investors to have a reasonable opportunity to access or read them. As in the case of paper documents, investors shall have the opportunity to retain the information by printing or downloading the documents or have ongoing access equivalent to personal retention. (8) Consent to receive information through electronic means shall be obtained from investors in a manner that assures its authenticity and

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 15 Jan 2015 a record shall be retained. Consent shall be revocable by investors at any time and the means to revoke consent prominently displayed. Where consent is given by an investor that a communication (such as a notice to scheme holders) can be posted on the website to satisfy delivery to the investor, there shall be effective means to ensure that the investor is notified or made aware on a timely basis that new information exists. 24. Offer of Securities (1) An offer of securities or units of a collective investment scheme for sale in Tanzania by the publication of an electronic prospectus may only take place following approval of the prospectus by the Authority. (2) The information provided on a website including application and allotment procedures shall comply with all relevant legislation relating to the publication of a prospectus and the issue of securities. 25. Electronic Prospectus (1) Where an issue of securities or units of a collective investment scheme is offered online, adequate information shall be provided to investors, including an electronic prospectus, by using one or more of the following methods – (a) a full version of the prospectus is made available on the website, and which can be effectively read, printed, and downloaded; (b) a full version of the prospectus is made available via hyperlink to another website (for example, from the website of an intermediary to an issuer’s website), and which can be effectively read, printed, and downloaded; or (c) such other method, including e-mail, provided that the distribution method is clearly identified on the website and does not involve any charges; (2) There shall be a prominent statement on the website, which is capable of being seen or read with reasonable ease by investors accessing an electronic prospectus, that printed copies of the prospectus are also available, as well as where and how they can be obtained. The required prominence shall have regard to the font

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 16 Jan 2015 sizes used in the relevant web-page and the presentation of the information therein. This statement shall if possible be presented in type of the same size as the rest or the majority of the text in the page. (3) A prospectus shall be available to investors prior to their gaining access to an application form or the web-pages for the execution of an order to purchase securities, i.e. a prospectus shall be available “up front”. A prominent statement shall be placed on the website to advise investors to read the prospectus prior to submitting an application or executing an order. In this connection, the offerees are required to – (a) implement measures to ensure that investors can access a web-page for executing an order only if they have been given sufficient opportunity to read or access the electronic prospectus, e.g. the web-page for executing an order shall be preceded by web-pages containing the prospectus or a web-page containing a hyperlink to the prospectus; and (b) implement measures to ensure that investors can access a web-page for executing an order only if they have confirmed that sufficient opportunity has been given to them to read or access the electronic prospectus, e.g. a confirmation facility is provided on the web-page containing the prospectus or the hyperlink to allow investors to declare, for instance by clicking on the facility, that they have been provided with sufficient opportunity to access or read the relevant prospectus and the information disclosed therein; (c) unless and until investors have made a positive declaration referred to in paragraph (b) above they shall not be given access to the web-page for executing an order to purchase securities. (4) All reasonable steps shall be taken to ensure that electronic prospectuses are identical to the most up-to-date paper versions as authorised by the Authority. (5) An electronic prospectus shall contain the same entire content in the same sequence in all material aspects as in the paper version, without having to refer investors to other websites, for example by hyperlinks, for parts of the prospectus.

Capital Markets and Securities Authority (Electronic Trading) Guidelines 2015 17 Jan 2015 (6) A prospectus may be amended from time to time and the amendments, which shall be approved by the Authority, are sometimes incorporated into the paper version of the prospectus in the form of an addendum, before the prospectus is reprinted. Notwithstanding paragraph (5) above, the Authority generally would have no objection to the full incorporation of such amendments into the electronic version of the prospectus and the availability of such updated electronic version on the website, although its appearance may be different from the printed version. (7) The incorporation of a search facility or prompts to assist investors to navigate to or find different parts of the electronic prospectus is encouraged if this would enhance the comprehensibility, readability and legibility of the document. (8) A website shall clearly specify the areas that contain the electronic prospectus; hyperlinks from an electronic prospectus on a website to other documents or web-pages are not acceptable unless the other documents and information on the other web-pages are required to be made available for inspection and/or directly referred to in or form part of the prospectus. A hyperlink providing exit from the electronic prospectus to the previous start point is acceptable. (9) The offeror shall specify clearly – (a) the procedures for payment; (b) the procedures for refunding money to applicants; (c) the procedures for distribution of securities certificates or crediting the applicant's securities account in the event that an application is successful; (d) a description of any additional remuneration (such as fees, charges) that is to be paid by the applicant other than anything already specified in the prospectus; (e) the deadline for the submission of an application by the applicant.