2024-09-01
Added · Updated
The Banque de la République du Burundi issued Circular No. 002/SP/2024 to regulate the authorization, operation, and supervision of Payment Aggregation Institutions (PAIs). The regulation mandates a minimum capital of 200 million Burundian Francs, strict governance and data protection standards, and comprehensive anti-money laundering compliance for all applicants. It further establishes detailed requirements for licensing documentation, incident reporting, client fund segregation, dispute resolution, and ongoing regulatory reporting.
BANQUE DE LA REPUBLIQUE
DU BURUNDI
LE GOUVERNEUR
CIRCULAR NO. 002/SP/2024 ON PAYMENT AGGREGATION INSTITUTIONS, ISSUED PURSUANT REGULATION NO. 002/2024 AMENDING REGULATION NO. 001/2017 RELATING TO PAYMENT SERVICES AND THE ACTIVITIES OF PAYMENT INSTITUTIONS.
Having regard to Law No. 1/34 of December 2, 2008, establishing the Statutes of the Banque de la République du Burundi; Having regard to Law No. 1/17 of August 22, 2017, governing banking activities; Having regard to Law No. 1/07 of May 11, 2018, establishing the national payment system; Having regard to Regulation No. /2024 amending Regulation No. 001/2017 relating to payment services and the activities of payment institutions.
The Banque de la République du Burundi, hereinafter referred to as the "Central Bank", enacts: this circular.
The Banque de la République du Burundi, hereinafter referred to as the "Central Bank", enacts:
Article 1: Definition
For the purposes of this circular, a "Payment Initiation Service Provider", hereinafter referred to as a "payment aggregation institution", is a provider of payment initiation, aggregation, or facilitation services. It is a company that offers a service allowing a natural or legal person to order payments (e.g., transfers) from an account held with another institution (bank, payment institution, etc.) other than the one where their account is opened.
Article 2: Object and Scope
This circular governs the conditions and procedures for applying for and obtaining authorization, as well as the operating rules for payment aggregation institutions authorized by the Central Bank.
Article 3: Conditions for Obtaining Authorization
No one may carry out the activities of a payment aggregation institution without prior authorization from the Central Bank.
The main conditions subject to which authorization is granted are as follows:
1. Minimum Share Capital Every payment aggregation institution must have a minimum share capital, fully paid up at the time of authorization, amounting to two hundred million Burundian Francs (200,000,000 BIF).
2. Governance and Internal Control Authorization can only be obtained if the payment aggregation institution has adequate governance and internal control for its activity. In this regard, the institution must have put in place effective internal management mechanisms to monitor and control its financial operations, as well as to assess and manage risks related to its activities.
3. Qualifications of Management The managers of a payment aggregation institution must demonstrate appropriate qualifications in financial management, competence, and experience in the payment services sector. This requirement aims to ensure that the persons heading these establishments possess the necessary skills to manage a complex and sensitive financial activity.
4. Protection of Sensitive Payment Data. Every payment aggregation institution must implement an appropriate system to guarantee the security of its clients' personal data. This includes protection against data breaches, fraud prevention, and compliance with data confidentiality regulations.
5. Compliance with Anti-Money Laundering and Counter-Financing of Terrorism Rules. Every payment aggregation institution must comply with current regulations regarding the fight against money laundering and the financing of terrorism. In this regard, it must establish mechanisms for detecting and reporting suspicious activities, as well as for verifying the identity of clients, ordering parties, and beneficiaries of funds, in accordance with identification procedures. Every payment aggregation institution must not only meet these conditions at the time of obtaining authorization but also throughout its activity. This means it must continuously respect capital requirements, organizational, control, and security standards, as well as anti-money laundering and data protection regulations. In the event of continuous non-compliance with these conditions, the Central Bank has the power to withdraw the authorization of the payment aggregation institution, which results in the cessation of its activities.
Article 4: Required Documents In order to protect consumers against fraud, in addition to the documents in Annex 2 of this circular, the information required to constitute the application file for authorization as a payment aggregation institution is as follows:
Article 5: Notification of Decision
Within three (3) months following the receipt of the complete application file for authorization, the Central Bank informs the applicant of the acceptance or refusal of the authorization. The Central Bank provides reasons for any refusal of authorization.
Article 6: Maintenance of Authorization
When any change among the conditions that led to the granting of authorization affects the accuracy of the information and supporting documents provided in accordance with Article 4 of this circular, the payment aggregation institution must inform the Central Bank without delay.
Article 7: Withdrawal of Authorization
The Central Bank may withdraw the authorization granted to a payment aggregation institution if said institution:
The Central Bank is required to provide reasons for any withdrawal of authorization and to inform the interested party. The Central Bank makes the withdrawal of authorization public, notably on its website and in the Official Bulletin of Burundi.
Article 8: Notification of Incidents
In the event of a major operational or security incident, the payment aggregation institution must inform the Central Bank without delay. When the incident has or is likely to have repercussions on the financial interests of users of its payment services, the payment aggregation institution must promptly inform them of the incident and all available measures it has taken to mitigate the harmful effects of the incident.
Upon receipt of the notification referred to in paragraph 1, the Central Bank shall immediately communicate the important details of the incident to the National Financial Intelligence Unit, and, after assessing the relevance of the incident to other concerned authorities, inform them accordingly. Based on this notification from paragraph 2, the Central Bank and competent authorities shall take, where necessary, all measures required to protect the immediate security of the financial system.
Article 9: Requirements for the Protection of Client Funds
Every payment aggregation institution must protect all funds that have been received from users of its payment services:
Article 10: Dispute Resolution
Every payment aggregation institution must put in place and apply appropriate and effective procedures for the resolution of complaints from payment service users regarding rights and obligations. Every payment aggregation institution must respond, on paper or, if the payment service provider and the payment service user have agreed otherwise, on another durable medium, to complaints from payment service users. This response addresses all points raised in the complaint and is transmitted within an appropriate timeframe and no later than fifteen (15) business days following the receipt of the complaint. In exceptional situations, if a response cannot be given within fifteen business days for reasons beyond the control of the payment service provider, the latter sends an interim response clearly justifying the additional time needed to respond to the complaint and specifying the final date by which the payment service user will receive a definitive response. In any case, the timeframe to receive a definitive response does not exceed thirty-five (35) additional business days.
Article 11: Information to Clients
Every payment aggregation institution is required to communicate to its clients, the flat fees per transaction or based on transaction volume, before entering into a business relationship with them. Furthermore, every payment aggregation institution must communicate to the client the type of assistance service it offers to clients, its availability, and the channels by which it can be reached (e-mail, telephone, etc.). It must also precisely inform the client of the registration process to be followed.
Article 12: Reporting Obligation
Every payment aggregation institution must communicate to the Central Bank, within a maximum period of fifteen (15) calendar days, starting from the end of the concerned month, data related to its activity for the previous month, in accordance with the template appearing in Annex 1 to this circular.
Article 13: Sanctions
The Central Bank determines the regime of sanctions applicable in case of infringement of the provisions of this circular and takes all necessary measures to ensure its application.
Article 15: Transitional Provisions
Payment aggregation institutions authorized before the entry into force of this Circular are required to comply with the provisions of said Circular within a period of six (6) months from its entry into force.
Article 16: Entry into Force
This Circular enters into force on the day of its publication in the Official Bulletin of Burundi and on the website of the Central Bank.
Done in Bujumbura, on July 30, 2024
Edouard Normand BIGENDAKO Governor
ANNEXE 1: MONTHLY REPORT ON THE ACTIVITIES OF PAYMENT AGGREGATION INSTITUTIONS
NAME OF THE INSTITUTION: .................................................... ADDRESS OF THE INSTITUTION: .................................................... Address for transmission of the report: RapportSFN@brb.bi
a. Monitoring of payment operations
Outgoing Payments
| Op Num | Date of Operation | Operation Reference | Sender's Name and First Name | Valid ID or Passport No. | Phone Number | Nationality | Amount Transferred | Currency Used | Rate Used | Destination Country and City | Beneficiary Name | Operation Status | Reason for Non-Settlement | Fees Paid by Sender |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Incoming Payments
| Op Num | Date of Operation | Operation Reference | Beneficiary's Name and First Name | Valid ID or Passport No. | Phone Number | Nationality | Amount Received | Currency Used | Rate Used | Purpose of Transfer | Origin Country and City | Sender Name | Operation Status | Reason for Non-Settlement | Fees Charged | | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | :--- | | | | | | | | | | | | | | | | |
b. Monitoring of suspicious transactions identified in the system
5.1. Suspicious Incoming Payments
| No. | Description | Country of Origin | Beneficiary | January | February |
|---|---|---|---|---|---|
| Volume | Value | ||||
5.2. Suspicious Outgoing Payments
| No. | Description | Destination Country | Ordering Party | January | February |
|---|---|---|---|---|---|
| Volume | Value | ||||
ANNEXE 2: DOCUMENTS TO BE PROVIDED FOR AN APPLICATION FOR AUTHORIZATION OF A PAYMENT AGGREGATION INSTITUTION
A. APPLICATION FORM FOR AUTHORIZATION
| 1. | NAME OF APPLICANT (as it appears on the registration register) | |
|---|---|---|
| 2. | CATEGORY OF LICENSE REQUESTED | |
| 3. | APPLICANT CONTACTS | |
| Physical Address: | Plot No. | |
| Building Name | ||
| Floor Level | ||
| Avenue | ||
| City | ||
| P.O. Box | ||
| Landline Phone | ||
| Fax | ||
| Mobile Phone | ||
| E-mail Address |
B. IDENTITY OF SHAREHOLDERS
| No. | NAME | ADDRESS | NATIONALITY | OCCUPATION | NUMBER OF SHARES HELD IN SHAREHOLDING | TELEPHONE & EMAIL |
|---|---|---|---|---|---|---|
| 1. | ||||||
| 2. | ||||||
| 3. |
C. 5. IDENTITY OF ADMINISTRATORS AND MANAGERS
| No. | NAME | NATIONALITY | POSITION HELD | EDUCATION LEVEL | TELEPHONE & E-MAIL |
|---|---|---|---|---|---|
| 1. | |||||
| 2. | |||||
| 3. |
D. OTHER INFORMATION:
| 1. | Indicate if any of the partners / managers / shareholders have shares in another company authorized by the Central Bank |
|---|---|
| 2. | Is there a previous application that was rejected or cancelled by the Central Bank? (If yes, provide details) |
| 3. | Others (to be specified). |
E. DECLARATION OF SHAREHOLDERS:
We, the undersigned, hereby declare: a) that the information mentioned in this document is true and conforms to reality; b) that we are not declared bankrupt and have never been found guilty of fraud or dishonesty in Burundi and/or elsewhere.
| No. | Name and Surname | Signature |
|---|---|---|
| 1. | ||
| 2. | ||
| 3. |