Skip to document content Skip to main menu Skip to search

Bank of Tanzania (Credit Reference Bureau) Regulations, 2012

Government Notice 416 of 2012

Bank of Tanzania (Credit Reference Bureau) Regulations, 2012
This is the latest version of this Government Notice.
Citation
Government Notice 416 of 2012
Primary work
Bank of Tanzania Act
Date
28 December 2012
Language
English
Publication
Download PDF (4.1 MB)
Collections
Related documents
Ask AI
Ask questions and understand this document faster using AI.
Skip to document content
Tanzania
Bank of Tanzania Act

Bank of Tanzania (Credit Reference Bureau) Regulations, 2012

Government Notice 416 of 2012

(Made under section 70(1))

Part I – Preliminary provisions

1. Citation

These Regulations may be cited as the Bank of Tanzania (Credit Reference Bureau) Regulations, 2012.

2. Application

These Regulations shall apply to all credit reference bureaux.

3. Interpretation

In these Regulations, unless the context requires otherwise—Act” means the Bank of Tanzania Act;[Cap. 197]adverse information” means the denial of credit or change in the conditions and terms of the credit based on credit information contained in a credit report;authorized user” means a person authorized by a credit reference bureau to receive credit reports;Bank” means the Bank of Tanzania;Borrower” includes a credit applicant and any other party to the credit who has applied for or obtained a credit from a data provider;consent clause” means a written consent signed by a credit applicant which consents to data providers obtaining from, or exchanging with, or disclosing all credit information relating to the credit applicant to the Credit Reference Databank, banks, financial institutions or credit reference bureaux;credit” means an obligation to disburse a sum of money in exchange for the right to repayment of the sum disbursed and outstanding which may include the payment of interest or other charges on such sums and any extension of the due date of a debt security or of any other right to payment of a sum of money;credit applicant” includes borrower and any other party to the credit who has applied for or obtained a credit from a provider of the data arising from an agreement between the two;credit agreement” means an agreement between the creditor and the borrower that sets out the rights and obligations of parties on the disbursement and the repayment of the credit;credit history” means all credit information about a borrower which is recorded or retained in any form by a credit reference bureau;credit information” means any information including but not limited to information about a person’s specific identification, full name, date of birth, place of residence, previous places of residence, marital status, spouse’s name, place of employment, previous places of employment, paying habits, outstanding debt obligations, assets and inquiries made of credit history or information relating to a legal entity or business that would identify the legal entity or business information on incorporation, tax, directors, governance, outstanding debt obligations, assets, inquiries made on credit history and other business details;credit reference bureau” means an entity specialized in the collection and sale of credit performance information for individuals and companes;Credit Reference Databank” means a computerized mechanism created by the Bank to receive and supply credit information to banks, financial institutions, credit reference bureaux and other institutions authorized by the Bank, regarding the credit transaction of customers, including off balance sheet operations;credit report” means information issued by credit reference bureau containing all or part of data subjects’ credit history;data provider” means a person, business or government agency providing credit information to a credit reference bureau;data subject” means an individual or a business entity whose data could be collected, processed and disclosed to third parties in the credit information sharing system;director” means a person appointed to carry out functions that are usually carried out by a member of board of director of a company incorporated under Companies Act and Companies Decree;[Cap. 112]guarantor” means a person who assumes the legal liability and guarantees the creditor by means of a written pledge, to fulfill the effective obligations of the borrower in case the later is not able to fulfill the same;manner of payment” means the manner in which a borrower has repaid a specific credit and, is displayed by a character that represents the current payment status of the credit;minimum capital requirement” means paid up capital and fixed assets directly related to the provision of credit reference bureau services;personal information” means information other than credit information about an individual’s character, reputation; medical information, physical, life style or about any other matter relating to the individual;permissible purposes” means(a)verifying accuracy of the credit information or resolving disputes;(b)conducting credit investigation, affordability assessments and credit scoring on new credit applications and renewal of existing credit facilities;(c)executing credit agreements; and(d)conducting and executing financial fraud detection and financial fraud prevention services or other similar types of offences;search inquiry” means a request made by an authorized user, for credit information from the credit reference bureau;significant shareholder” means a shareholder having five percent or more of the voting shares of a credit reference bureau.

4. Principles of credit reference bureau

(1)The basic principles of operation of a credit reference bureau shall be the collection, processing and protection of credit information in accordance with these Regulations.
(2)The credit information maintained by the credit reference bureau shall not be transferred outside the United Republic except in such cases as the Bank may determine.

Part II – Licensing

5. Prohibition operating without license

(1)A person shall not conduct business of a credit reference bureau without a license issued by the Bank.
(2)Any person who contravenes the provision of sub regulation (1) shall—
(a)in the case of a person, be liable to a fine of Tanzania shillings ten million;
(b)in the case of a company, directors of such company shall be personally liable.

6. Eligibility

Any incorporated limited liability company shall be eligible to apply for a credit reference bureau license.

7. Application for a license

(1)Any person who intends to conduct the business of a credit reference bureau shall in writing apply for a license to the Bank.
(2)The application referred to under sub-regulation (1) shall be accompanied by—
(a)certified copies of the certificate of incorporation and Memorandum and Articles of Association;
(b)documents that support the value of applicant’s capital base as well as sources of funds;
(c)feasibility study and business plan showing organizational structure, internal monitoring procedures, mission statement and goals, market analysis, ownership structure, governance structure, management structure, description of projected investments, projected financial statements for a minimum of three years, analysis of profitability and business continuity plan;
(d)description of the applicant’s business premises and suitability for credit reference bureau activities;
(e)particulars of the directors and key management personnel concerned with the management of the business, including their educational and professional background;
(f)declaration from significant shareholders and directors stating whether any of them has ever been—
(i)convicted of any offence;
(ii)the subject of civil case in connection with the credit or credit reporting business;
(iii)refused any license other than a driving license.
(g)an overview of operations including a description of systems, design of data collection and dissemination, management processes, development schedule of the software required for operation, characteristics of products and services to be provided to users, policy on service provision, proposed security and control measures to prevent improper access to credit information, operational manuals designed to ensure that credit information provided is accurate and updated, the proposed fee and cost structure of products;
(h)proof of payment of non refundable license application fee; and
(i)any other documents and information as the Bank may require.
(3)The Bank shall, within ninety days after the day of receipt of an application, grant or refuse to grant the license and communicate the reasons for its refusal to the applicant.
(4)An applicant whose application has been refused by the Bank may appear before the panel constituted by the Bank to defend his application orally and if the Bank is satisfied by such defense, it shall grant the license.

8. Validity of license

A license issued under these Regulations shall remain valid unless revoked.

9. Notice to revoke a license

Where the Bank intends to suspend or revoke a license, it shall issue a written notice and assign reasons of its intention to the licensee.

10. Application for review

The licensee shall have the right, within twenty one working days from the day of receipt of the notice of intention to suspend or revoke a license, to apply to the Bank for review of such intention by stating the reasons and provide further information to be considered by the Bank.

11. Surrender of license

Where a licensee terminates business or has its license revoked, the licensee shall be required to surrender the license to the Bank.

12. Transfer of a license

A license issued under these Regulations shall not be transferred.

13. Minimum capital requirements

The Bank shall prescribe a minimum paid-up capital for credit reference bureaux.

14. Change in ownership

Any change in the significant shareholding structure of a credit reference bureau shall require prior approval of the Bank.

Part III – Governance of credit reference bureau

15. Composition and responsibilities of Board

(1)The Board of Directors of a credit reference bureau shall consist of not less than five members the majority of whom shall be non-executive.
(2)The chairperson of the Board shall be a non-executive member of the Board.
(3)A Board member shall not serve as a balanceoard member in more than one credit reference bureau.
(4)Board members of credit reference bureau shall—
(a)have overall understanding of a credit reference bureau operations and information technology systems;
(b)provide effective oversight of credit reference bureau affairs;
(c)ensure regulatory compliance;
(d)review and approve policies and procedures; and
(e)ensure a credit reference bureau maintains at all times effective system for internal control.

16. Appointment of board member and senior management

(1)A credit reference bureau shall not appoint any person to a post of senior management or member of a board of directors without obtaining prior approval from the Bank.
(2)Where a member of senior management or board of directors of any credit reference bureau ceases to hold the post of senior management or board of director, the credit reference bureau shall, within seven working days notify the Bank of the cessation and reasons thereof.

Part IV – Collection of credit information

17. Nature of information

(1)Credit information collected and stored in the credit reference bureau database shall include the borrower’s information and credit history.
(2)Credit information to be shared under these Regulations shall be determined by the Bank.

18. Sources of information

Credit information may be collected from a borrower, data providers and other entities engaged in regular basis in the extension of credit to borrowers, guarantors or any other parties to a credit.

19. Search inquiries

(1)A record shall be maintained of all search inquiries made on data subject’s credit history.
(2)The record referred to sub-regulation (1) shall include date of the search inquiry, name of the authorised user and location of the authorised user.
(3)Where a search inquiry results show that there is no record of the credit subject, a record shall be created and maintained on the subject of the search inquiry including the date of the search inquiry, the name of the authorised user and the purpose of the search inquiry.

Part V – Prohibited information

20. Prohibited information

(1)A credit reference bureau shall not maintain in its database or include in the credit report any information relating to the borrower’s race, creed, colour, ancestry, ethnic origin, religious or political affiliation, state of health or criminal record except financial fraud and other similar types of offences.
(2)A credit reference bureau shall not place any additional information in the database relating to—
(a)information as to judgment six years after the judgment was filed unless the borrower confirms that it remains unpaid in whole or in part and such information appear in the credit history;
(b)information as to any judgment against a person unless mention is made of the name and where available, the address of-the judgment creditor as given at the date of entry of the judgment and the amount;
(c)information as to the bankruptcy or liquidation of a person, after six years from the date of the bankrupt’s discharge or liquidations finalization;
(d)information regarding any judgment, collection or debt that is statute barred after six years unless it is accompanied by evidence appearing in the credit history that recovery in not barred by the expiration of a limitation period;
(e)information as to the payment or non-payment of taxes and lawfully imposed fines after six years;
(f)information as to writs that were issued against the person more than twelve months after their issuance;
(g)any adverse information where more than six years have expired since the adverse information was placed in the database or last reaffirmed; or
(h)any other information as may be prescribed by the Bank.

Part VI – Obligations of the credit reference bureau

21. Collected information

Every credit reference bureau shall take all necessary precautions to ensure that all credit information received or collected is—
(a)properly and accurately recorded, maintained, collated; synthesized or processed in a timely manner;
(b)obtained from reliable sources which shall take responsibility for the accuracy, completeness and timeliness of the information;
(c)properly placed in the correct credit history;
(d)protected against loss, including adequate business continuity plans, data back up and disaster recovery facilities; and
(e)protected against unauthorized access, use, modification or disclosure.

22. Credit reports

(1)A credit reference bureau shall implement the following measures in relation to credit reports—
(a)establish controls and procedures to be applied when authorized users request credit reports from the credit reference bureau;
(b)maintain automated logs and audit trails of all accessed credit information by authorized users;
(c)maintain logs and audit trails of proven or suspected breaches of security that would include details of credit history affected, details of the breach, and any action taken as a result of an investigation;
(d)review, on a regular basis, password controls of all credit reference bureau personnel and authorized users;
(e)monitor, on a regular basis, patterns of usage of credit reports by authorized users, with a view to detecting and investigating any unusual or excessive usage;
(f)where necessary, conduct workshops in relation to these Regulations and, in particular, good security practices for the benefit of authorized users and other stakeholders that may be deemed relevant; and
(g)create operational guidelines to ensure adequate protection to minimize the risk of unauthorized or in appropriate access of the credit reference bureau database or interception of communications made to, and from the credit reference bureau database.

23. Authorizes users

(1)Every credit reference bureau shall, upon nomination of a person to be an authorized user, conduct due diligence to satisfy itself that the prospective user maintains an excellent reputation arid conducts business legally.
(2)Every credit reference bureau shall develop a standard application form to be used when an authorized user requests approval to access the credit reference bureau’s database.
(3)Every credit reference bureau shall execute an agreement with an authorised user for access and usage of information maintained by the credit reference bureau.
(4)Authorized users shall be granted access to credit reference bureau database by way of user codes and passwords changed on a regular basis.
(5)An authorized user shall—
(a)be allowed to obtain credit reports from a credit reference bureau for permissible purposes; and
(b)not sell, transfer or otherwise use the credit information obtained from the credit reference bureau for purposes other than those outlined in the definition of permissible purposes.
(6)Where an authorized user fails to comply with any of the conditions set out under these Regulations, the credit reference bureau shall immediately suspend authorized user’s access to information maintained by credit reference bureau.

24. Access to the credit reference bureau database

(1)An authorized user may only access a credit reference bureau database with the written consent of a borrower on whom a search inquiry is to be conducted.
(2)Any subsequent search inquiry made to monitor or review payment performance of the borrower in respect of a credit being granted as a result of the initial search inquiry shall not require a written consent before its commencement.
(3)An authorized user shall maintain a hard copy of the written consent, along with a copy of the person’s credit application, and surrender the hard copy at the request of the Bank or the credit reference bureau.
(4)Where a credit reference bureau finds that an authorized user has not obtained the prior written consent of the borrower, it shall suspend the access to the credit reference bureau database to that authorised user in respect of that credit inquiry.
(5)The credit reference bureau may refuse future access to the credit reference bureau database by an authorized user who fails to comply with a requirement to obtain a written consent.

Part VII – Obligations of data providers

25. Data providers obligations

(1)Every data provider shall enter into an agreement with credit reference bureau that stipulates the conditions for supplying, obtaining and using credit information.
(2)A data provider shall undertake to provide complete, accurate and timely proprietary credit information that accurately identifies the data subject.
(3)Where credit information is found to be inaccurate by the credit reference bureau or the accuracy of credit information is challenged by the data subject, the data provider shall promptly investigate, when requested by the credit reference bureau and the investigation shall be completed within fifteen working days.
(4)A data provider shall be held responsible for any errors or inaccuracies in the credit information submitted to the credit reference bureau.

26. Access to Credit Reference Databank

(1)The Bank shall provide every credit reference bureau with automated access to the Credit Reference Databank through an interface constructed by the credit reference bureau.
(2)Every credit reference bureau shall, prior to construction of the interface, provide the Bank with an action plan for the interface construction for analysis and approval.
(3)Every credit reference bureau shall ensure the constructed interface has adequate security, control and protection measures.
(4)The access granted via the approved interface shall authorize every credit reference bureau to obtain a copy of the credit information as received from the data providers and no other uses shall be permitted.

Part VIII – Data subject rights and protection

27. Consumer relations centre

Every credit reference bureau shall establish a consumer relations center to deal with all requests made by the data subjects on credit information stored in the credit reference bureau database.

28. The right to information and data

(1)A data subject shall have the right to—
(a)know the type of information shared or to be shared in the credit reference system;
(b)have access to a credit report related to that specific data subject;
(c)request a free copy of data subject’s credit report once every twelve months; and
(d)challenge information contained in the credit report.
(2)The request may be completed via fax, telephone, mail, internet and in person indicating proper identification to the credit reference bureau.
(3)The credit report from the credit reference bureau shall be in hard copy or ineditable electronic format.

29. The right to challenge incorrect information

(1)A credit reference bureau shall inform the data subjects of their right to challenge the information maintained in the credit reference system at the time the data subject requests a copy of their credit report.
(2)Where a data subject believes that credit information maintained in the credit information system is inaccurate, erroneous or outdated, the data subject may notify the credit reference bureau of the disputed information.
(3)Where a credit reference bureau is challenged of issuing credit report containing inaccurate, erroneous or outdated information, it shall—
(a)within two working days from date of receipt of the challenge, endorse the disputed credit report with a note on specific items which are subject to dispute; until such time when the dispute is resolved;
(b)within fifteen working days from date of receipt of the challenge, investigate and correct the disputed credit information where the dispute emanates from the credit reference bureau;
(c)within two working days, inform the data provider about the findings of the investigation, where the investigation findings reveal that disputed credit information emanates from the data provider;
(d)notify the data subject of the outcome of the disputed credit information.
(4)A data subject whose disputed credit information has been corrected shall be provided with a correct credit report free of charge.
(5)Where the data provider maintains that the disputed information is accurate and the data subject maintains that disputed information is inaccurate, the data subject may appeal to the Bank.
(6)Where the investigation proves that the disputed information is correct, the credit reference bureau may charge the data subject for costs incurred in conducting the investigation.

30. Record of challenges

Every credit reference bureau shall maintain a record of challenged incorrect information in a format to be prescribed by the Bank.

31. Suspension to access

Where a data provider fails to respond or conclude challenges within fifteen working days, the credit reference bureau shall suspend access to credit information and report the occurrence to the Bank.

32. Fees

A credit reference bureau may charge a fee for its services and shall notify the Bank of its fee structure through periodic returns submitted to the Bank as specified under regulation 33(3).

Part IX – Powers of the bank

33. Powers of the bank

(1)The Bank shall have powers to license, regulate and supervise credit reference bureaux.
(2)In exercising its powers under subregulation (1), the Bank shall—
(a)inspect credit reference bureau premises and operations to ensure compliance to these Regulations;
(b)issue directive, guidelines and circulars for the better carrying out of its supervisory functions under these Regulations;
(c)impose sanctions on the credit reference bureau, their shareholders, directors or senior management upon non-compliance to these Regulations.
(3)Every credit reference bureau shall submit to the Bank periodic reports and statistics in a format and frequency prescribed by the Bank.

34. Inspections by the bank

(1)The Bank may conduct physical inspections to any credit reference bureau.
(2)The Bank may, before conducting physical inspection, issue a notice to the credit reference bureau.
(3)The credit reference bureau shall, during physical inspection, furnish any record and information requested by the Bank.
(4)The Bank shall, after conducting physical inspection, provide the credit reference bureau with a summary of findings on deficient areas requiring correction and the credit reference bureau shall provide an action plan for correction of the deficiencies.

Part X – General provisions

35. Sale of credit information

A credit reference bureau shall not, apart from its own business of selling credit report, sell, lease or transfer title to its credit information or any files unless such sale, lease or transfer is done to another credit reference bureau with approval of the Bank.

36. Retention period

Every credit reference bureau shall retain credit information maintained in its database until expiry of six years from the date of final loan repayment, bankruptcy, assignment or write-off and thereafter may archive the same.

37. Disposal of information

Where a credit reference bureau terminates business and surrenders its licence due to bankruptcy or liquidation, the credit information stored in its database shall be surrendered to the Bank by the receiver manager or liquidator.

38. Public awareness

Every credit reference bureau and data provider shall develop and maintain a program of public awareness relating to rights and protection of the data subjects.

39. Indemnification

(1)A credit reference bureau shall execute an indemnity agreement with the Bank to cover losses to the Bank resulting from incorrect credit report provided to authorized users.
A credit reference bureau shall be indemnified by a data provider for any type of action or damage awards that may result from inaccurate credit information reported to it, provided that the credit reference bureau has taken all reasonable measures to ensure the information was correctly processed.

40. Penalties and sanctions

(1)Without prejudice to penalties and actions prescribed under the Act, any person who fails to comply with provisions of these Regulations shall be-
(a)suspended from accessing the Credit Reference Databank;
(b)suspended from the office where that person is a director, officer or employee of a credit reference bureau;
(c)liable to a fine of not less than Tanzania shillings five hundred thousand for every day during which the non-compliance continues;
(d)where that person holds a credit reference bureau license, liable to revocation of that licence.

41. Revocation of G.N. No. 178 of 2010

The Bank of Tanzania (Credit Reference Bureau) Regulations, 2010 are hereby revoked.

History of this document

28 December 2012 this version
Commenced
06 December 2012
Assented to
To the top