LogoRegulatory Alerts
2018-10-30

Ordinance No. 62 of 30.10.2018 on the Procedure for Storage, Use, and Destruction of Documents and Data by Pension Insurance Companies

The Commission for Financial Supervision issued Ordinance No. 62 to establish the mandatory procedures for pension insurance companies regarding the storage, use, and destruction of documents and data related to supplementary pension insurance. The regulation mandates specific minimum retention periods for various document types, strict physical and environmental standards for storage facilities, and controlled access protocols to ensure data integrity and confidentiality. It further regulates the destruction process through expert commission review and allows for the outsourcing of storage activities under strict liability and oversight requirements.

Financial Supervision Commission Bulgaria logo

Bulgaria

Financial Supervision Commission Bulgaria

Click to view thumbnail

ORDINANCE No. 62 of 30.10.2018 on the Procedure for Storage, Use, and Destruction by Pension Insurance Companies of Documents and Data Related to the Activity of Supplementary Pension Insurance

Publ. - State Gazette, No. 94 of 13.11.2018, effective from 19.11.2018; amended and supplemented, No. 60 of 20.07.2021; amended, No. 70 of 20.08.2024

Adopted by Decision No. 1023-N of 30.10.2018 of the Commission for Financial Supervision

Section I General Provisions

Art. 1. This Ordinance regulates the procedure for storage, use, and destruction by pension insurance companies of documents and data related to the activity of supplementary pension insurance.

Art. 2. (1) The management body of the pension insurance company adopts rules for the storage, use, and destruction of documents and data related to the activity of supplementary pension insurance. (2) The rules regulate:

  1. the retention periods for individual types of documents and data;
  2. the specific measures and procedures applied by the company in connection with the storage, use, and destruction of documents and data related to the activity of supplementary pension insurance;
  3. the responsible units and employees for implementing the measures and procedures under item 1;
  4. the rules of work of the expert commission under Art. 9, para. 1. (3) The pension insurance company submits the rules under para. 1 to the Commission for Financial Supervision within a 7-day period from their adoption, respectively from the adoption of amendments and supplements thereto.

Section II Storage of Documents and Data

Art. 3. (Amended and supplemented - State Gazette, No. 60 of 2021; amended, No. 70 of 2024) (1) Unless another retention period is provided for the respective type of documents or data in a normative act, the pension insurance company stores documents and data related to the activity of supplementary pension insurance for the following minimum periods:

  1. (supplemented - State Gazette, No. 60 of 2021) instructions for investing the funds of the supplementary pension insurance funds and the funds for making payments, and the analyses and proposals prepared in connection with this - 5 years from the making of the respective investment;
  2. (amended - State Gazette, No. 60 of 2021) information on prices and their sources, on the basis of which the valuation of assets and liabilities of the pension insurance company and of the funds managed by it is carried out, and decisions on the choice of prices for asset valuation - 5 years from the valuation;
  3. biometric tables and actuarial calculations - 5 years from the approval of new ones;
  4. documents certifying the compliance of the members of the management and supervisory bodies, procurators, the responsible actuary, and persons under Art. 123v, para. 1 and 4 of the Social Security Code with the requirements provided for these persons in the Social Security Code - 5 years from the termination of the legal relationship with the respective person;
  5. minutes from the meetings of the management and supervisory bodies of the pension insurance company and of the general meeting of shareholders - 5 years from the holding of the respective meeting;
  6. (amended - State Gazette, No. 70 of 2024) contracts with external contractors, the responsible actuary, investment intermediaries, investment consultants, trustee banks, depositaries, insurance companies under Art. 246a, para. 1 of the Social Security Code, and insurance intermediaries - 5 years from the termination of the contract;
  7. monthly, quarterly, and annual reports for supervisory purposes and queries submitted to the Commission for Financial Supervision - 5 years from the expiration of the period to which they relate;
  8. reports and accounts prepared by the specialized internal control service, the risk management unit, and the unit, respectively the person, conducting internal audit - 5 years from their preparation;
  9. reports on the activity of the company's bodies submitted to the general meeting of shareholders, for which no special retention period is provided - 5 years from the meeting of the general meeting of shareholders at which the respective report was considered;
  10. applications for participation, applications for resumption of insurance, and documents related thereto, when no insurance legal relationship has arisen with the respective person - 2 years from the receipt of the application;
  11. (amended - State Gazette, No. 70 of 2024) applications for change of participation, applications for transfer of funds, applications for change of PEPP provider, and documents related thereto, when the respective application has been annulled or the procedure for change of participation, respectively - for transfer of funds or for change of PEPP provider, has been terminated - 2 years from the date under Art. 8, para. 2, respectively - Art. 18, para. 2 of Ordinance No. 3 of 2003 on the procedure and manner for change of participation and for transfer of accumulated funds of an insured person from one fund for supplementary pension insurance to another corresponding fund managed by another pension insurance company (State Gazette, No. 90 of 2003) or the date of receipt of the application by the accepting PEPP provider;
  12. documents outside those specified under items 1 - 11 - for a period determined in the rules under Art. 2, para. 1 while complying with applicable personal data protection requirements;
  13. other documents for which no special retention period is provided in the normative regulation and in the rules under Art. 2, para. 1 - 1 year from the cessation of use of the document. (2) Longer periods than those specified in para. 1 may be determined in the rules under Art. 2, para. 1 while complying with applicable personal data protection requirements. (3) When two different retention periods are provided for a specific document on different grounds, the longer one shall apply. (4) While complying with applicable personal data protection requirements, specific documents and data may continue to be stored after the expiration of the periods under para. 1, respectively para. 2, at the discretion of the expert commission under Art. 9, para. 1.

Art. 4. (1) The pension insurance company stores documents and data in special premises that ensure their physical preservation, protection from infringement, and arrangement in a manner suitable for searching. (2) The premises under para. 1 shall not be used for other purposes. (3) The premises under para. 1 must meet the following requirements:

  1. they must be fire-safe;
  2. they must be dry, easily ventilated, and isolated from direct sunlight;
  3. sewage, heating, and gas heating pipelines must not pass through them;
  4. the electrical installation must be enclosed; the use of open lighting and heating appliances is not permitted;
  5. the spatial arrangement must ensure easy and convenient access to the stored documents;
  6. they must be equipped with means to restrict physical access through reliable locking systems and with means for emergency access. (4) The following temperature-humidity regime parameters must be maintained permanently in the premises under para. 1:
  7. for documents on paper carriers: temperature from 14 to 18 °C and relative humidity of 50 ± 5 percent;
  8. for data carriers in electronic form: temperature 18 °C ± 2°C and relative humidity of 40 percent ± 5 percent. (5) For control of temperature-humidity parameters, there must be a thermometer and hygrometer or thermo-hygrograph in the premises under para. 1, with data recorded weekly in a logbook. (6) Twice a year, a thorough cleaning of the premises under para. 1 is carried out, combined with disinfection, disinsection, and deratization.

Art. 5. (1) Access to the premises under Art. 4, para. 1 is granted only to:

  1. employees of the company, respectively of the specialized external contractor, responsible for the storage of documents;
  2. in the presence of the employees under item 1 - employees of the company, whose official duties include the use of documents stored in the premises or data carriers in electronic form, and employees of state control bodies. (2) A record is kept for every visit and use of documents and data carriers in electronic form from the premises under Art. 4, para. 1.

Section III Use of Documents and Data

Art. 6. The pension insurance company, its employees, and persons to whom it has entrusted certain activities by contract:

  1. may use documents and data related to the activity of supplementary pension insurance only in connection with its implementation;
  2. are obliged to maintain the confidentiality of documents and data and may provide them to third parties only in cases provided for by law.

Art. 7. (1) The removal of originals of documents and data carriers in electronic form outside the pension insurance company, respectively outside the premises under Art. 4, para. 1 of the external contractor, for their provision to external users is carried out after written permission of the persons managing and representing the pension insurance company, or of an employee of the company expressly authorized by them. When documents are sent by letter signed by the persons managing and representing the pension insurance company, the preparation of a separate written permission is not required. (2) For the removal and return of documents and data carriers in electronic form under para. 1, a handover-receipt protocol is prepared, in which the specific documents, respectively carriers, that are provided are described. (3) Before providing an external user with an original of a document or a data carrier in electronic form, a copy of the original, respectively the carrier, is made, which is stored until the return of the original, respectively the carrier. (4) In case of loss and damage established after the return of documents or data carriers in electronic form, a protocol is prepared, which is submitted to the persons managing and representing the pension insurance company.

Section IV Destruction of Documents and Data

Art. 8. Documents and data related to the activity of supplementary pension insurance are destroyed only after the expiration of the periods under Art. 3, para. 1, respectively para. 2, unless the conditions under para. 3 of the same article are met.

Art. 9. (1) Destruction is carried out after an assessment of the grounds for this by an expert commission, established by order of the persons managing and representing the pension insurance company. (2) The expert commission conducts a review of documents and data and assesses the need for their destruction at least once a year. (3) The expert commission prepares a protocol describing the types of documents and data subject to destruction, and their subject matter and quantity. (4) The destruction of documents and data described in the protocol under para. 3 is carried out after prior approval by the persons managing and representing the pension insurance company.

Art. 10. Destruction is carried out in a manner that does not allow the restoration of documents and data and unauthorized access to them.

Section V Outsourcing of Activities to External Contractors

Art. 11. (1) The pension insurance company may entrust by written contract the activities for storage and/or destruction of documents to a specialized external contractor. In this case, the company:

  1. is liable for the actions of the external contractor as for its own actions;
  2. provides in the contract with the external contractor obligations for maintaining the confidentiality of the provided documents and information and for providing assistance from its side to the bodies and employees of the Commission for Financial Supervision in the exercise of their powers;
  3. monitors and evaluates risks associated with the outsourcing of activities, as well as their implementation by the external contractor. (2) The specialized external contractor and its employees and subcontractors are obliged to carry out the entrusted activities in compliance with the requirements established for the pension insurance company and the rules adopted by the company under Art. 2, para. 1. (3) The pension insurance company submits to the Commission for Financial Supervision a certified copy of the contract with the specialized external contractor within a 7-day period from its conclusion, respectively amendment or supplement, and notifies the Commission within a 7-day period from the termination of the contract.

Final Provisions

§ 1. In Ordinance No. 3 of 2003 on the procedure and manner for change of participation and for transfer of accumulated funds of an insured person from one fund for supplementary pension insurance to another corresponding fund managed by another pension insurance company (publ., State Gazette, No. 90 of 2003; amended and supplemented, No. 9 of 2004; amended, No. 85 of 2004, No. 50 of 2005; corrected, No. 52 of 2005; amended, No. 7 of 2006; amended and supplemented, No. 78 of 2011, No. 1 of 2016; amended, No. 62 of 2016; amended and supplemented, No. 10 of 2018) Art. 21b is repealed.

§ 2. In Ordinance No. 33 of 2006 on individual applications for participation in a fund for supplementary mandatory pension insurance and for resumption of insurance in a universal pension fund (title amended, State Gazette, No. 62 of 2016) (publ., State Gazette, No. 83 of 2006; amended, No. 57 of 2012; amended and supplemented, No. 64 of 2012, No. 67 of 2014, No. 62 of 2016, No. 10 of 2018) Art. 5a is repealed.

§ 3. In Ordinance No. 47 of 2012 on the requirements for information systems of pension insurance companies (State Gazette, No. 57 of 2012) in Art. 8, para. 3 the words "activities for scanning and/or storage" are replaced with "activity for scanning".

§ 4. The Ordinance is issued on the basis of Art. 123i1, para. 2 of the Social Security Code and is adopted by Decision No. 1023-N of 30 October 2018 of the Commission for Financial Supervision.

§ 5. The Ordinance enters into force from 19.11.2018.

Chairman: Karina Karaivanova

Transitional and Final Provisions to ORDINANCE No. 70 of 29.06.2021 on the Requirements for Funds for Making Payments (State Gazette, No. 60 of 20.07.2021)

§ 10. In Ordinance No. 62 of 30.10.2018 on the procedure for storage, use, and destruction by pension insurance companies of documents and data related to the activity of supplementary pension insurance (State Gazette, No. 94 of 2018) in Art. 3, para. 1 the following amendments and supplements are made:

  1. After the words "supplementary pension insurance funds" in item 1, "and funds for making payments" is added.
  2. In item 2, the words "for supplementary pension insurance" are deleted.

Transitional and Final Provisions to the Ordinance Amending and Supplementing Ordinance No. 63 of 8.11.2018 on the Requirements for the Content, Frequency of Preparation, and Deadlines for Submission of Supervisory Reports of Pension Insurance Companies and Funds Managed by Them (State Gazette, No. 70 of 20.08.2024)

§ 25. In Ordinance No. 62 of 30.10.2018 on the procedure for storage, use, and destruction by pension insurance companies of documents and data related to the activity of supplementary pension insurance (publ., State Gazette, No. 94 of 2018; amended and supplemented, No. 60 of 2021) in Art. 3, para. 1 the following amendments and supplements are made:

  1. In item 6, the words "trustee banks" are replaced with "trustee banks, depositaries, insurance companies under Art. 246a, para. 1 of the Social Security Code".
  2. Item 11 is amended as follows: "11. applications for change of participation, applications for transfer of funds, applications for change of PEPP provider, and documents related thereto, when the respective application has been annulled or the procedure for change of participation, respectively - for transfer of funds or for change of PEPP provider, has been terminated - 2 years from the date under Art. 8, para. 2, respectively - Art. 18, para. 2 of Ordinance No. 3 of 2003 on the procedure and manner for change of participation and for transfer of accumulated funds of an insured person from one fund for supplementary pension insurance to another corresponding fund managed by another pension insurance company (State Gazette, No. 90 of 2003) or the date of receipt of the application by the accepting PEPP provider;".
  3. Everywhere in the Ordinance, the word "commission" is replaced with "Commission".
Share