Prudential Standards on Agency Banking (No. 01-2016/BSD)

BANK SUPERVISION DIVISION PRUDENTIAL STANDARDS No. 01-2016/BSD: AGENCY BANKING September 2016

2 TABLE OF CONTENTS

1. PREFACE ................................................................................................................ 3
2. APPLICATION & APPROVAL PROCESS .............................................................. 4
3. TRANSACTION SETTLEMENT & TECHNOLOGY REQUIREMENTS ................. 12
4. OVERSIGHT & GOVERNANCE ............................................................................ 15
5. AGENCY OPERATIONAL REQUIREMENTS........................................................ 18
6. ANTI-MONEY LAUNDERING AND COMBATING FINANCING OF TERRORISM (AML/CFT) REQUIREMENTS ...................................................................................... 19
7. CONSUMER PROTECTION, AWARENESS & EDUCATION ............................... 20
8. REPORTING REQUIREMENTS............................................................................. 22
9. AMENDMENT TO THE PRUDENTIAL STANDARDS........................................... 23
10. EFFECTIVE DATE ................................................................................................. 23

3

1. PREFACE 1.1. Short Title 1.1.1. These Prudential Standards may be referred to as “Prudential Standards on Agency Banking.” 1.2. Authority 1.2.1 These Prudential Standards are issued in terms of the Banking Act [Chapter 24:20]. 1.3. Application 1.3.1 These Prudential Standards on Agency Banking set out the framework and minimum criteria to be observed by a banking / non-bank financial institution when contracting the services of an entity to provide banking services on its behalf. Wherever the term “banking institution(s)” is used in these Prudential Standards, it shall be read to include non-bank financial institutions that are licensed and / or supervised by the Reserve Bank of Zimbabwe. 1.4. Definitions 1.4.1 The following terms used in these Prudential Standards shall be taken to have the meaning assigned to them hereunder. Agent: an entity contracted to facilitate the provision of a specific range of banking services to customers of a registered banking institution under a valid agency agreement in the manner specified in these Standards. Agency Banking or Agent Banking: refers to the provision of banking services through agents or third-party intermediaries by registered banking institutions. Banking institution: means a banking institution that has been authorized by the Reserve Bank of Zimbabwe to contract an agent for purposes of agency banking. Banking activity: refers to banking activities as specified in the Banking Act [Chapter 24:20] which the specified banking institution has been authorised to conduct.

4 Third party service providers: means parties other than the principal and agent who are in contract with either the principal or agent specifically relating to the existing agency banking relationship. 1.5. Purpose & Scope 1.5.1 These Prudential Standards: a) provide a framework for agency banking in Zimbabwe; b) aim to facilitate and promote the implementation of agency banking; and c) are issued with the intention of enabling banking institutions to provide cost effective transacting to the banking public, thereby promoting financial inclusion. 1.6. Responsibility 1.6.1 The ultimate responsibility and accountability for the effective implementation of provisions of these Prudential Standards lies with the banking institutions authorized by the Reserve Bank of Zimbabwe to conduct agency banking activities. 1.6.2 Banking institutions are wholly responsible and liable for all actions or omissions of their agents. This responsibility extends to actions of the agent even if not authorised in the contract, for as long as they relate to the provision of banking services or matters. 2. APPLICATION & APPROVAL PROCESS 2.1. Application for Approval of Agency Banking 2.1.1 A registered banking institution may contract the services of an entity to provide services on its behalf, subject to obtaining prior written approval of the Registrar of Banking Institutions. 2.1.2 The application for the approval of agency banking shall be supported by the following documents: a. Board approval of the agency banking model; b. A business plan of future operations and development of the agency banking for a

5 minimum period of two (2) years from the date of the application including:- i. The proposed number of agents, the target locations over a two (2) year period and benefits to be derived; ii. The services to be provided through agents; iii. Analysis of the relevant market over the past two (2) years; iv. Description of the agent management structure to be used by the banking institution; and v. Projections on the contribution of the proposed agents to the banking institution’s business. c. Qualifying criteria for engaging agents including outreach, competence and integrity amongst others; d. Service Level Agreements (SLAs) with any third party service providers; e. Risk management, internal controls, operational procedures and any other policy and procedures relevant to the management of the agency banking, as well as a description of the technology to be used; f. Proposals for compliance with Know Your Customer (KYC) and Anti-Money Laundering (AML) and Combating Financing of Terrorism (CFT) requirements; and g. The bank’s standard agency banking contract. 2.1.3 Every contract between a banking institution and an agent shall contain at a minimum, the following information: a. The rights, expectations, responsibilities and liabilities of the banking institution and the agent; b. A statement that the agent shall not perform bank management functions, make management decisions, or act or appear to act in a capacity equivalent to that of a member of management or an employee of the banking institution; c. Details of permissible banking services to be rendered by the agent; d. Transaction limits for individual customer payments and receipts;

6 e. Business hours of the agent in relation to the services offered under the agency agreement; f. Remuneration for the agent, including all relevant commissions or fees; g. Measures to mitigate risks associated with agency banking services including cash security, security of agent premises and insurance policies; h. A statement on the need to comply with the Banking Act and Anti-Money Laundering and Combating of Financing of Terrorism requirements on an on-going basis; i. A statement that all information or data that the agent collects in relation to agency banking services, whether from the customers, the banking institution or from other sources, is the property of the banking institution; j. A statement that the agent is required to preserve confidentiality of customer information at all times; k. Requirement for the agent to deliver transaction support documents at regular pre￾specified intervals to the banking institution for record keeping purposes; l. Technical description of electronic devices provided to the agent by the banking institution; m. Responsibility for payment of expenses (directly or indirectly) relating to the activities of the agent; n. Responsibility for provision of infrastructure and the role of third party service providers, where applicable; o. A statement that the cost of services accessed through outlets of an agent of a banking institution will not exceed the cost that would be incurred at conventional bank branches; p. A statement to the effect that employees of an agent shall not be treated as employees of the banking institution and the rights and duties of such shall be agreed upon between the banking institution and the agent; q. A framework for changing the terms of the contract and stipulations for default and

7 termination of the contract; r. A transition clause on the rights and obligations of the institution and the agent upon termination or cessation of the agency contract; s. Measures that will be taken by the banking institution to address instances of non￾compliance by the agent; t. Provision for dispute resolution between the banking institution and the agent; and u. A provision that the agency banking services shall be subject to regulatory review and that the Reserve Bank of Zimbabwe shall have free, full and timely access to the internal systems, documents, reports, records, staff and premises of the agent in so far as the agency banking business is concerned and shall exercise such powers as it may deem necessary. 2.1.4 The banking institution and the agent may provide for other terms as they may mutually consider necessary for the effective implementation of the agency banking arrangement. Any banking institution that wishes to vary the terms of its earlier agreement as approved by the Reserve Bank of Zimbabwe, shall be required to submit a copy of the revised contract to the Reserve Bank of Zimbabwe for approval. 2.1.5 The Reserve Bank of Zimbabwe may request the applicant to provide such additional information as it may require for the purposes of determining the application. 2.1.6 Applicants for the establishment of an agency banking network must ensure that they meet minimum regulatory requirements with respect to key financial indicators including, but not limited to, capital adequacy and liquidity. Further, the banking institution must have a track record of compliance with relevant laws, regulations, circulars and directives. 2.1.7 Within 30 days after receipt of the completed application and submission of all requested information and documents, the Reserve Bank of Zimbabwe, may either decline the application or approve the application with or without conditions and will communicate such decision to the banking institution in writing. 2.1.8 Where the Reserve Bank of Zimbabwe declines an application, it shall state the reasons for declining the application.

8 2.2. Agent Appointment Agent Eligibility 2.2.1 An entity intending to be appointed as an agent is required to have operated a lawful commercial activity for at least 6 months preceding the date of application to become an agent and such commercial activity must be ongoing. 2.2.2 The following shall be eligible for appointment as an agent:- a) company incorporated in terms of the Companies Act [Chapter 24:03] or the Private Business Corporations Act [Chapter 24:11]; b) sole proprietorship/organisation licensed in terms of the relevant laws/by laws; c) partnership registered in terms of the relevant law; d) cooperative society registered in terms of the Co-operative Societies Act [Chapter 24:05]; e) a parastatal registered in terms of the relevant legislation; f) government-owned institution; g) educational institution registered in terms of the Education Act [Chapter 25:04]; Zimbabwe Council for Higher Education Act [Chapter 25:27]; individual state universities Acts of Parliament; individual private university charters, and the Manpower Planning and Development Act [Chapter 25:02]; h) non-governmental organizations registered in terms of the Private Voluntary Organizations Act [Chapter 17:05]; and i) financial institutions regulated by a financial sector regulator. 2.2.3 Where an agent to be contracted is subject to any regulatory authority under any written law or is a public entity, the banking institution shall ensure that the agent has obtained the consent of the regulatory authority or the appropriate oversight body or authority prior to being appointed an agent and complies with the laws under which the said entity operates. 2.2.4 Employees of a banking institution or employees of related companies and their immediate families shall be permitted to run or manage an agent of the same banking institution provided the contract is awarded on an arms’ length basis.

9 Agent Selection & Due Diligence 2.2.5 Banking institutions shall have clear, well documented Agent Due Diligence policies and procedures to mitigate risks, including a provision for the conduct of periodic due diligence checks at specified intervals and a list of early warning signals and corrective actions to ensure proactive agent management. 2.2.6 The minimum agent selection criteria shall include:- a. possession of a valid business licence; b. operating at permanent business premises or in possession of a valid lease agreement, for rented premises; c. established core business which has been in existence for at least six (6) months; and d. possession of appropriate infrastructure and human resources to be able to provide the services with the necessary degree of efficiency and security. 2.2.7 The banking institution shall conduct assessment and due diligence (Know-Your-Agent) on the business owner and business operations, which include: a. financial position and credit profile of the business; b. integrity, personal qualities and reputation of the business owner; c. knowledge, capability and competence to conduct agency banking services; and d. ability of the agent to control operational risks related to agency banking, particularly for agents representing multiple approved banking institutions. 2.3. Permissible Activities 2.3.1 An approved agent of a banking institution shall be permitted to conduct any or all of the following banking activities, which should be specified in the agency contract: a. Cash deposit and withdrawal; b. Bill payment (utilities, taxes, rates, subscriptions etc.); c. Internal funds transfer; d. Balance enquiry; e. Generation and issuance of mini statements;

10 f. Collection and submission of documents including account opening, loan application, cheque book request and collection of credit card and RTGS forms and correspondences for customers; g. Loan disbursement and cash repayment of loans; h. Opening of low cost / basic accounts, as may be approved by the Reserve Bank of Zimbabwe from time to time; and i. Any other activity as the Reserve Bank of Zimbabwe may, from time to time, permit. 2.3.2 It shall be the responsibility of the banking institution to determine, based on agent risk assessment, which services a particular agent may provide. 2.4. Operational / Transactional Limits 2.4.1 Subject to any applicable regulatory limits, banking institutions shall establish limits for the provision of services agreed upon with their agents. Limits shall be set for each agent and where applicable, for each type of transaction. 2.4.2 The limits must be prudent and bear a relation to the agent’s capacity, volume of cash moved by the agent, and the risks associated with the agent’s locality for conducting agency banking. 2.5. Prohibited Activities 2.5.1 An agent shall not be permitted to carry out any of the following banking activities: a. Cheque deposit and encashment of cheques; b. Currency exchange transactions; c. Provide cash advances; d. Provide guarantees on any transactions; e. Grant loans or carry out any appraisal function for purposes of granting a loan or any other facility; and f. Provide, render or hold itself out to be providing or rendering any banking service which is not specifically permitted in the contract.

11 2.5.2 An agent is not permitted to sub-contract another entity to carry out agency banking on its behalf. 2.6. Operational Manuals and Policies 2.6.1 Further to the agency contract, banking institutions shall provide agents with such operational manuals and risk management policy documents as shall be necessary for rendering services to customers efficiently. 2.6.2 In this regard, it is the duty and responsibility of the banking institution to assess the implementation of such policies and adherence to the provisions of the agency contract through regular audits. 2.7. Termination of Agency Contract 2.7.1 In addition to the provisions for termination of the agency contract as may be set out in the contract, an agency contract shall be terminated if an agent: a. Is guilty of a criminal offence involving fraud, dishonesty or other financial impropriety; b. Is being dissolved or wound up through court order or otherwise; c. Dies or becomes mentally incapacitated, in the case of a sole proprietor; and d. Fails to hold or renew a valid business licence. 2.7.2 Further, termination of a contract may be by mutual agreement between the banking institution and the agent. In addition, the closure / deregistration of the banking institution by the Reserve Bank of Zimbabwe will result in termination of any agency agreements. 2.8. Non-Exclusivity of Agency Agreement 2.8.1 No contract between an institution and an agent shall be exclusive. An agent may provide agent banking services to as many banking institutions as it can accommodate at any given time, provided the agent has separate contracts for the provision of such services with each institution. 2.8.2 Further, the agent should demonstrate the capacity to manage the transactions for the

12 different banking institutions, including adequate risk management systems and structures in place. Due regard shall be made to the space, technological and human capacity and adequacy of funds or float of the agent. 2.8.3 Agents are required to disclose to the incoming banking institution, any existing agency banking agreements in place and to the existing banking institution the potential agency banking agreement with an additional banking institution. 3. TRANSACTION SETTLEMENT & TECHNOLOGY REQUIREMENTS 3.1 Settlement of Transactions 3.1.1 The technology to be used by the registered banking institution should be able to provide adequate security for transmitting information from the agent to the banking institution. The banking institution should develop mechanisms that enable the agent to report any transaction as and when it occurs. 3.1.2 Banking institutions shall also develop suitable offline operational processes for its agents, where there is limited network connectivity in its areas of operations. To this end, banking institutions should ensure that the agents are capable of providing limited services. 3.1.3 The policy should be clear on the range of services that may be offered by an agent in the event of failure of the communication system used in processing transactions. 3.1.4 Banking institutions shall provide their agents with settlement positions for reconciliation of transactions in a timely manner. 3.2 Minimum Information Technology Requirements for the Operation of Agency Banking 3.2.1 Banking institutions should establish internal policies, procedures, systems and controls to support agency banking at all stages. Such policies and procedures shall be consistent with standard technology in the industry with respect to hardware and software. 3.2.2 In establishing systems and infrastructures to support agency banking, banking institutions should ensure that systems comply with the following minimum requirements:

13 a. agency banking transactions must be conducted with devices which are able to: i. transmit transaction information in a secure manner over secure data channels; ii. carry out electronic transactions on real time basis to ensure that customers get immediate value for successful transactions; iii. execute payment instructions instantly and immediately reverse any incomplete transaction arising from error, system failure, power outage or other defects; iv. allow handling under different user profiles for administration, maintenance and operation; v. provide device authentication during session activation and transaction processing at host level; vi. process or generate transactional documents or receipts, which may include electronic receipts or acknowledgements such as SMS confirmation; and vii. ensure that all transactions carried out are within the set limits and support time out features; b. the Payment Acceptance Devices must be able to support minimum 2-factor authentication for agent and customer registration; c. the technology deployed shall comprise a set of interoperable infrastructure modules that work seamlessly over a secured network with end-to-end encryption from the financial institution to the agent; d. at the payment acceptance end point, devices should support effective password management and should not store the sensitive customer information e.g. PIN; e. should be robust in managing infrastructure capacity to support agency banking services; f. should maintain an audit trail which is available on request; and g. all settlement information details should be preserved for a minimum period of 5 years. 3.2.3 To ensure integrity of agency banking services, banking institutions shall at all times put

14 in place adequate measures to monitor the safety, security and efficiency of the agency banking IT architecture being used to prevent any tampering or manipulation by any person. 3.3 Third-Party Service Providers 3.3.1 Banking institutions may enter into a written contract with a third-party service provider for the provision of the following services in respect of its agency banking: a. Technology platform; b. Agent selection, in line with the banking institution’s qualifying criteria; c. Agent network management; d. Agent training; e. Equipment provision; f. Equipment maintenance; and g. Any other activities as may be approved by the Reserve Bank of Zimbabwe. 3.3.2 An appropriate service level agreement must be put in place for all third-party service arrangements. 3.3.3 The provision of any services as specified in 3.3.1 above by a third party service provider shall not constitute agency banking. 3.3.4 Any third party service provider, who wishes to render agency banking services, shall be required to terminate its services as third party service provider and follow the application process for agency banking services, as specified in these Prudential Standards. 3.3.5 Notwithstanding the appointment of a third party service provider for the provision of support services, the banking institution shall remain liable for the agency banking services. 3.3.6 Further, the banking institution is responsible for ensuring compliance of both the agent and third party service provider with the standards and requirements of the Prudential Standards.

15 4. OVERSIGHT & GOVERNANCE 4.1 Banking institutions shall be responsible and accountable for the effective and continuous management of risks arising from the agency banking arrangements, including financial, legal, reputational, operational, technological, compliance and anti￾money laundering/ counter financing of terrorism (AML/CFT) risks. This is to ensure, that agency banking is conducted in a reliable, safe and efficient manner. 4.2 A sound internal control environment should include sign offs by risk, compliance and internal audit functions. 4.3 Board Of Directors & Senior Management 4.3.1 The Board of Directors and Senior Management of an approved banking institution shall be responsible for proper management of the risks associated with agency banking. The board should establish clear guidance regarding agency banking and risk strategy, including risk limits for agency banking and appropriate risk management systems to manage financial and non-financial risks to which customers and the banking institution are exposed. 4.3.2 In exercising its responsibilities, the Board of Directors shall:- a. be responsible for approving policies and procedures that: i. articulate how the banking institution will conduct its agency banking services including policies related to agent selection, management, monitoring, operations, compliance and service quality; ii. ensure that all risks associated with agency banking are identified and mitigated; iii. ensure adequate infrastructure to support agency banking, including system and technology requirements; iv. ensure continuity of agency banking services in the event of disruption, through formulation of an appropriate Business Continuity Plan and contingency arrangements; v. specify consumer protection measures, including protection of customer confidentiality, awareness and education strategies and redress system for

16 agency banking; and vi. ensure that agency banking activities are monitored and comply with the minimum Prudential Standards, relevant legislation and regulatory requirements and the financial institution internal rules, policies and procedures. b. review management reports for compliance with the approved risk management policies and regulatory requirements for agency banking; c. ensure that persons responsible for administering the risk management policies for agency banking possess the requisite competence; d. approve an appropriate agency banking contract and appointment of eligible agents based on established criteria; e. ensure that the internal audit function regularly reviews agency banking operations to assess compliance with internal controls and risk management; and f. assess the adequacy of controls of outsourced activities through internal or external audits as mandated under relevant outsourcing agreements. 4.3.3 Further, senior management shall: a. select credible agents with suitable outlets in line with the approved selection criteria; b. ensure that appointed agents are adequately trained to provide approved banking services; c. provide agents with such operational manuals and risk management policy documents as shall be needed for rendering services to customers efficiently; d. update and modify existing risk management policies and processes to cover current or planned agency banking; e. develop a risk management program for agency banking to ensure oversight of the agent’s activities or functions; f. ensure that appropriate controls are incorporated into its system in order to assure compliance with relevant regulations; and g. assess adequacy of controls of third party service providers through regular audits.

17 4.3.4 The institution shall provide agents with sufficient training to enable the agents to adequately perform the operations. Such training must include the proper identification of customers, customer service, information confidentiality, cash security, record keeping, financial education and liquidity management, among other matters. 4.4 Assurance Functions Risk Management 4.4.1 The Risk Management function must conduct a comprehensive assessment of risks inherent to agency banking and the adequacy of the risk mitigation measures in place during the development and implementation of the agency banking model. 4.4.2 Risk management must conduct a comprehensive assessment of an agent’s creditworthiness and put in place a commensurate limit structure for the agent. 4.4.3 Risk management is responsible for developing a risk management program for agency banking operations, focusing on potential operational and liquidity risk threats. In this regard, a business continuity management plan should be developed to mitigate any significant disruption, discontinuity or gap in the agents’ functions. Compliance Function 4.4.4 The banking institution’s compliance function should ensure that proper controls are incorporated into the agency banking system so that all relevant compliance issues are fully addressed. 4.4.5 In this regard, the Compliance function should incorporate agency banking operations into ongoing compliance monitoring activities. Any compliance breaches noted shall be reported to senior management through periodic reporting. Internal Audit 4.4.6 The banking institution shall ensure that the scope and coverage of internal audit reviews are commensurate with the complexity and risks inherent in agency banking activities. Further, the banking institution must ensure that the Internal Audit function is staffed with personnel who have sufficient technical expertise to perform the expanded role.

18 4.4.7 The Internal Audit function should conduct independent reviews of agency banking processes/arrangements to ensure compliance with the agency banking policies and procedures, and to ensure the integrity of management information system and reports on agency banking activities. 4.4.8 The Internal Audit function should also conduct risk-based audit reviews to ensure that the agents are operating in accordance with the terms and conditions of the agreement and following the rules, regulations and Prudential Standards issued. 4.4.9 Further, Internal Audit are also responsible for forming a view on the third party service providers by conducting appropriate audits of the same as mandated under relevant outsourcing agreements. External Audit 4.4.10 The banking institution’s External Auditor should review and attest to the adequacy of the agency banking systems and processes. 4.4.11 External auditors should immediately inform the bank of any material weaknesses or irregularities that, in their opinion, might affect the financial condition of the banking institution or have additional risk implications. 5. AGENCY OPERATIONAL REQUIREMENTS 5.1 Designated Branches, Branding And Advertisement 5.1.1 Banking institutions shall designate specific branches to be administratively responsible for agents operating in their respective branch localities. 5.1.2 In respect of agents which are not banking or financial institutions, the use of protected words like “bank”, “finance”, “financial institution”, “financial intermediary” or their derivatives or any other word suggesting that the agent is itself a financial institution is prohibited in line with the Banking Act. 5.1.3 In advertising its agent service network, the banking institution shall not in any form misrepresent the agent as a banking institution or mislead the public as to the services available at the agent’s premises. 5.1.4 Promotional material shall be designed and branded in a manner which is clear to the

19 customer that the service is being provided on behalf of a registered banking institution. An agent shall display its principal(s)’ name and logo in a conspicuous manner. 5.1.5 Advertising of agency banking services through various media shall be strictly the preserve of the banking institution. Advertisements by agents shall be restricted to display of banners at the agent’s branch and the display or distribution of any promotional material that may be provided by the banking institution. 5.2 Publication of List of Agents and Locations 5.2.1 Banking institutions shall publish an updated list of all their agents and their locations on their websites and in annual reports. In addition, financial institutions may publish a comprehensive list of agents on flyers, corporate gifts and such other publications as it deems appropriate. 5.2.2 The publications containing the list of their agents shall be disseminated to all branches and may also be disseminated to the institution’s agents. 5.3 Relocation, Transfer and Closure of Agent Premises 5.3.1 The banking institution shall ensure that no agent shall relocate, transfer or close its agency banking premises without notifying and obtaining prior written consent of the the banking institution. 5.3.2 Banking institutions shall ensure that prior notice of not less than 14 days is provided to customers in the event of relocation or closure of agent business of a specific agent. 5.3.3 The notice of intended relocation or closure shall be conspicuously affixed on the agent’s business premises and it shall state the date on which the relocation or closure shall take effect. 6. ANTI-MONEY LAUNDERING AND COMBATING FINANCING OF TERRORISM (AML/CFT) REQUIREMENTS 6.1 Banking institutions shall ensure that proper AML/CFT monitoring processes exist for agency banking. The necessary actions to be taken by agents in this regard should be communicated to the agents and the agents’ compliance monitored. 6.2 Accordingly, banking institutions are required to provide mandatory training to their

20 agents on AML/CFT requirements upon establishment of the agency relationship. 6.3 Banking institutions shall ensure that suspicious transactions can be isolated for subsequent investigation. Banking institutions shall develop an IT based automated system to generate suspicious transaction reports before introducing the agency banking services. 7. CONSUMER PROTECTION, AWARENESS & EDUCATION 7.1 Customer Protection Measures 7.1.1 Agency banking involves dealing with a large number of first time customers, often with low financial literacy level. In order to gain their trust and confidence in banking products, banking institutions are required to ensure that adequate measures for customer protection, awareness and dispute resolution are in place. 7.1.2 Banking institutions shall be fully responsible and accountable to the customers for activities and conduct of appointed agents, including any complaints against the agents. 7.1.3 Banking institutions are, therefore, required to implement appropriate measures to ensure that adequate safeguards for customer protection and preservation of customer confidentiality are in place. 7.2 Minimum Consumer Protection Requirements 7.2.1 As a minimum, the following customer protection requirements shall be complied with at all times: a. Appointed agents shall not charge the customer any fee, apart from the standard fee charged by the banking institution and shall not introduce any financial product or service at their discretion; b. An agent shall display a list of charges or fees applicable for each service which are payable to the institution by the customers; c. There must be clear identification/logo and name of the bank and responsible branch together with contact address/telephone number displayed in a visible manner on the agent’s premises; d. An agent shall not misrepresent to the public that it is a banking institution;

21 e. Agents should keep a register of incoming and outgoing documents; f. A customer complaints channel shall be established by the bank to receive and record customer complaints; g. In the provision of agency banking services, institutions shall use secure systems that ensure customer information confidentiality; h. Banking institutions shall carry out customer education on agency banking, including education on their rights and precautionary measures when transacting, including the protection of authentication information; i. Banking institutions shall have a business continuity plan to ensure uninterrupted services to the customers in case of failure or termination of agents; and j. Where an agent works on behalf of more than one bank, it shall ensure that there are no amalgamations or overlapping in the database of customers of different banks. 7.2.2 Customers shall be made aware that they may lodge any complaints regarding agency banking to the Reserve Bank of Zimbabwe. 7.3 Public Awareness 7.3.1 Public awareness is a key defense against fraud and identity theft and security breach. In this regard, banking institutions shall develop a public awareness program which aims to sensitize their agents and customers about their agency banking. Such awareness campaigns shall be through public awareness campaigns, brochures and other such programs as the nature of the banking institution’s products may require. 7.3.2 Banks are required to continuously evaluate their awareness programs for effectiveness, including tracking the number of customers who report fraudulent attempts to obtain their authentication credentials, the number of clicks on information security links on websites and the number of inquiries, among others. 7.4 Complaints Resolution 7.4.1 A banking institution offering agency banking services shall put in place a comprehensive complaints resolution system capable of efficiently and quickly

22 redressing customer complaints. 7.4.2 The complaints resolution system shall, at a minimum, be capable of: a. receiving and processing customers’ complaints around the clock, through SMS, letters and email; b. generating an acknowledgement of complaint with a unique complaint number; c. communicating acknowledgement to customer giving either the resolution or the complaint number and estimated time to resolution; d. redirecting the complaint to appropriate function for resolution; and e. keeping track or log of all complaints and give status of every complaint. 7.4.3 All customer complaints shall be addressed within a reasonable time and in any case not later than 14 days from the date of reporting or lodging the complaint. Approved institutions shall keep a record of all customer complaints and their redress thereof. 7.4.4 A banking institution shall widely publicize the dispute resolution mechanisms and the relevant contact information which shall be displayed at a conspicuous place at all branches and agents of the banking institution. 7.4.5 When a contract between a banking institution and agent is terminated, the bank shall issue a notice of the termination to be published within the locality where the agent was operating its business. 7.4.6 Further, banking institutions shall submit reports on disputes/grievances and resolution of the same to the Reserve Bank of Zimbabwe on a quarterly basis together with quarterly statistical returns as stipulated in 8. 8. REPORTING REQUIREMENTS 8.1 Every banking institution shall, at the end of every quarter and not later than the 14th day of the next month, submit to the Reserve Bank of Zimbabwe in the form prescribed by the Reserve Bank of Zimbabwe, data and other information on agent operations including information on: a. Details of operating agents with their names and addresses including changes, additions and terminations.

23 b. Nature, value, volume and geographical distribution of operations or transactions; c. Incidents of fraud, theft or robbery; and d. Nature and number of customer complaints and remedial measures taken. 9. AMENDMENT TO THE PRUDENTIAL STANDARDS 9.1 The Reserve Bank of Zimbabwe may, at any time, amend, delete, vary, add or change any provision of these Prudential Standards as deemed necessary and such amendment, deletion, variation, addition or change shall become effective from the date of notification to institutions by the Registrar. 9.2 Such notification may be effected through a circular, directive, notice, letter or other means, communicating the intention of the Reserve Bank of Zimbabwe. 10. EFFECTIVE DATE 10.1 The effective date of the Prudential Standards shall be 30 September 2016. 10.2 Enquiries on any aspect of the Prudential Standards should be referred to: The Registrar of Banking Institutions Reserve Bank of Zimbabwe P.O. Box 1283 HARARE ZIMBABWE Tel. No. +263 4 703 000