Credit Bureau Cambodia

english     khmer

Prakas On Credit Reporting

PRAKAS (LAW) ON CREDIT REPORTING

This is an unofficial translation

The Governor of the National Bank of Cambodia

  • With reference to the Constitution of the Kingdom of Cambodia
  • With reference to the Royal Kram NS/RKM/0196/27, dated January 26, 1996 promulgating the Law on the Organization and Conduct of the National Bank of Cambodia
  • With reference to the Royal Kram NS/RKM/1206/036 of December 29, 2006 promulgating the Law on the amendment of article 14 and 57 of Organization and Functioning of the National Bank of Cambodia
  • With reference to the Royal Kram NS/RKM/1199/1, dated November 18, 1999 promulgating the Law on Banking and Financial Institutions
  • With reference to the Royal Decree NS/RKT/0508/526 of May 13, 2008 on the appointment of His Excellency Chea Chanto as Governor of the National Bank of Cambodia, in equivalent to Senior Minister;
  • Pursuant to the request of the General Directorate of Supervision
  • Pursuant to the agreement reached at the meeting of the senior officials of the National
    Bank of Cambodia, dated on 09 May, 2011.

CHAPTER 1 - GENERAL PROVISIONS

Article 1: Purpose

The purpose of this Prakas is to enable an adequate framework for the establishment of a credit reporting system in Cambodia with the aim of strengthening reliable, competitive and responsible lending.

Article 2: Definitions

2

“Adverse Action”: means the denial of credit, or change in the conditions and terms of the credit or loan based on information contained in a credit report.

“Authorized Users”: means each of the final persons that will have authorized access (uploading and downloading) to the database. It includes designated employees of Data Providers, employees of CRSPs and designated employees of the National Bank of Cambodia (NBC).

“Business Day”: means days on which banks in Cambodia are open for business transactions.

“Code of Conduct”: means the rules and regulations governing the operations of credit reporting system (CRS) in an agreement between the NBC and the Authorized Users.

“Commencement Date”: means the date that CRS will start providing credit reporting activities (CRA) to their data providers and authorized users.

“Consent”: means a written and voluntary authorization signed by the consumer allowing data providers to input his/her information into CRS and share with authorized users for permissible purposes provided in this Prakas.

“Consumer”: means any legal or natural person whose data has been or might have been included in CRS in spite of a contractual relation with a lender or a lending application signed by him/her or any other legitimate purposes.

“Covered Entities”: means the entities as defined in the Law on Banking and Financial Institutions, and other financial institutions obtained approval from the NBC.

“Credit Information”: means information related to economic and financial obligations of a consumer, including the payment history, guarantees, publicly available information and any other relevant data for credit decision making.

“Credit Reporting System” (CRS): means institutions, rules and standards, technology and data which enable exchange of credit information among all covered entities.

“Credit Reporting Activities” (CRA): means any activities that fall under the scope of this Prakas, including the provision of credit reports and other relevant services.

“Credit Reporting System Service Providers” (CRSPs): means any entities that conduct credit reporting activities and obtain license from the NBC.

“Data Providers”: means (i) covered entities, and (ii) any other entities that service credit in any forms and voluntarily furnish information to the CRS.

“Positive Credit Information/Credit Data”: means consumer’s information or data, including loan applications, and total credit exposures such as loan size, maturity, terms and conditions, and collaterals.


“Negative Credit Information”: means information relating to overdue, past due, chargeoff, or delinquent status of credit transactions between consumer and data provider.

3

“Rules of Reciprocity”: means set of norms defining the level of mutual information exchange and cooperation between data providers.

“Advisory Council” means an advisory committee formed by data providers, independent experts, board of directors, the NBC and other relevant authorities.

CHAPTER 2 - ESTABLISHMENT OF A CREDIT REPORTING SYSTEM AND LICENSING

Article 3: Establishment of a credit reporting system


Credit Reporting System which will be established must be set up of an efficient, safe and reliability with the aim of ensuring fair and equal treatment to Data providers and other credit market participants.

The CRS shall be subject to an oversight by the NBC.

Article 4: Prohibition

1. No person may engage in credit reporting activities or hold himself out to the public as engaging in credit reporting activities without license from the NBC.

2. No person other than a legal entity incorporated under the Law on Commercial Enterprises shall be licensed to carry out credit reporting activities.

3. This article does not apply to the NBC in the operations of credit reporting activities.

Article 5: Application for License

Any person interested in carrying out credit reporting activities shall apply for a license
from the NBC following assigned sample of application for license.

Article 6: Documentation for the License Application

Any application for a license shall be accompanied by the following information and
supporting documents:

a) Relevant documents regarding the legal status of the company.
b) Statements of the founders’ previous experience in the field of banking and credit,
including name list of the stakeholders, amount invested and relation of investments with other companies.
c) Board Members shall be composed with adequate qualifications.
d) Management Team with University degree or relevant experience in the credit market, banking, or financial sector.
e) Organizational structure, three (3) years projection for the operations of the CRS, information systems, internal procedures and manual of operations.
f) Feasibility study according to the business plan, infrastructure to support the business or relevant agreements with other providers.
g) Ownership and governance structure including the composition of the Board of Directors and selection criterion.


4


h) Continuity plan.
i) Proposed pricing policies.
j) Code of Conduct and other relevant rules for the functioning of the system.
k) Declaration of interested parties to adhere the Code of Conduct.
The NBC shall require other relevant documents deem necessary for assessing the application.

Article 7: Application Procedures


All applicants shall send the application in writing together with all the relevant documentation to the NBC.
Within 90 days after the satisfactory receipt of the application, supporting documents and
fee payment, the NBC shall issue a notice to the applicant in writing with the approval or refusal of
the application.


CHAPTER 3
PRINCIPLES REGARDING THE USE OF INFORMATION

Article 8: Purposes of CRS Services


The credit reporting service will be provided with following purposes:
a) To evaluate the creditworthiness and over indebtedness of a consumer in relation to a credit or loan application.
b) To support the NBC in its supervisory role to monitor credit flow of the financial system, analyze data to produce financial stability reports, and to supervise banking and financial institutions.
c) To evaluate credit risks, and/or to review or give a credit or loan.
d) To evaluate risks associated with the transactions of deferred payments.
e) To allow the consumer to confirm the accuracy of his or her information in a credit report.
f) To evaluate or audit the efficiency, reliability and legal compliance of the CRS.
The information contained in the CRS shall not be used for different purposes other than the ones established under this article unless specific consumer’s consent is obtained.


Article 9: Obligations of Relevant Parties to Ensure Data Quality

Credit Reporting System Service Providers (CRSPs) and Data Providers shall use their best endeavors to make sure that the Consumers’ information collected, used or disclosed is accurate, complete and up-to date. The data shall be collected by lawful and fair means and shall include only necessary information such as valid identification and credit payment history of the consumer. CRSPs and Data Providers shall be accountable for the followings:


1. CRSPs shall :
a) Establish adequate procedures to ensure completeness and veracity of the information;

b) Ensure that data is updated on constant basis according to the code of conduct;


5
c) Establish adequate mechanisms for data correction and deletion ensuring that all users accessing incorrect data during the previous 3 months are sufficiently informed and notified of the error and correct the data according to the times frames as set out in the Code of Conduct and establish adequate mechanisms to ensure that all users that have access to the data in the last 3 months are aware of such error and receive the correct information, and that a copy is also sent to the Consumer;

d) Be accountable to data providers, users, consumers for any data errors that have occurred during the processing or distribution of credit information as a result of gross negligence or reckless behavior. CRSPs shall:

Correct data immediately and establish adequate mechanisms to ensure that all users that have accessed the data in the last 3 months are aware of such material error and receive the correct information after being updated;

Receive a copy of the updated report and provide to the consumer with the primary address held in file by the CRSPs;

Be liable for any claim from the consumers that may result in a substantial damage of the consumer’s financial reputation, as a consequence of gross negligence or reckless behavior;

Make all reasonable efforts to mitigate damages suffered by the consumer for data errors.


e) Shall be liable to data provider, authorized user, the NBC, or any third party for any claim in connection with any delay, interruption or failure of providing credit information or statistical reports, unless they are resulting from governmental orders, sabotages, riots, vandalism, ISP denial of service, or any other cause that is beyond the CRS’s reasonable control;


f) Not transfer, sell or rent any credit information submitted by data providers, or authorized users.

2. Data providers shall:
a) Be accountable for any incorrect information sent to CRSPs;
b) Be liable for any claim from the consumers regarding errors that are material to a substantial damage of customer’s financial reputation, as a consequence of gross negligence or reckless behavior in compliance with the decision made under the conflict resolution mechanisms provided in Article 26 of this Prakas;
c) Mitigate damages suffered by consumer for data errors by establishing all necessary
policies and procedures.

Each data provider shall have its own credit decision making rules. The credit information and other services provided by the CRS shall be considered as one of the tools for credit risk decision process, but the decision shall not be made solely on the basis of the credit information obtained from the CRS.

Article 10: Data Security


CRSPs and data providers shall ensure the integrity and security of the database at all times. To prevent misuse or unauthorized access, data loss or data corruption, all necessary steps must be possessed the following rules:


1. CRS shall have systems, processes and procedures to ensure data recovery and disaster
plans to prevent data loss or data corruption;

a) Access to the database will be restricted to authorized users only;

6

b) CRSPs shall establish adequate mechanisms to ensure that data will be used only for permissible purposes or other lawful purposes with consumer’s consent according to article 8 of the present Prakas.


2. Data providers shall ensure the availability of adequate security measures, policies and procedures. Security measures policies for the operation of the CRS shall be approved by the Board of Directors of the CRSP and the NBC. The measures adopted should be reflected from a technical, organizational and technological view.

Article 11: Data Retention Period


1. Information collected by CRS will be distributed among data providers for a period of ten (10) years from the payment or settlement deadline in case of positive information;
2. Court judgment data will be distributed after three (3) years from the execution date;
3. Bankruptcy data will be distributed for a period of five (5) years from the date of discharge;
4. Negative information will be distributed for a period of three (3) years from the payment deadline.


Article 12: Consumer Rights

CRS and relevant parties shall ensure:
a) Individual’s rights regarding their data will be respected;
b) The CRSPs shall establish a dedicated unit with clear rules and procedures to handle claims and requests from individuals regarding their data;
c) No data related to consumer’s political tendency, beliefs, color, race, and personal private information will be collected and stored in the CRS;
d) Data will be collected for the permissible purposes provided under the article 8. Data collected or used for different purposes than the ones stated under the article 8 will need unambiguous consumer’s consent.

CHAPTER 4 DATA PROVIDERS

Article 13: Covered Entities


1. All Covered Entities are required to contribute positive and negative information to the CRS on a monthly basis. Any failure to contribute and/or access data shall be subject to sanctions provided under applicable laws;
2. Consumers’ consent shall be obtained for data collection and data access. The NBC will establish a standard consent form to be used by all covered entities;
3. A timeframe of nine (9) months to adapt their systems to provide data on a monthly basis is granted;
4. There will be no discrimination between any data providers and the CRS shall provide service under fair conditions to all participants.


Article 14: Other Data Providers and Users


7

1. Non covered entities shall contribute data and access data to the CRS once the prior consumer’s consent and the NBC is obtained;

2. All data providers and users whether regulated by the NBC or not, will be subject to the same rules, obligations, and sanctions, as provided in this Prakas;

3. Under the rules of reciprocity, entities, that do not report all required information, will not be able to access all information submitted to the CRS by other data providers;

4. The NBC can mandate the participation of new data providers when their activity in Cambodian credit market is perceived to be significant by the NBC.

CHAPTER 5 - MANAGEMENT OF CREDIT REPORTING SYSTEM


Article 15: Corporate Governance

1. Any CRSP operating in Cambodia shall be controlled by Board of Directors which shall be composed of at least seven (7) members, one of which shall be a representative of the NBC, and another one shall be an independent director.

2. The members of the Board shall have adequate qualifications on banking and financial system. No person shall be a member of the Board of Directors of the CRS if he or she has been convicted of any of the followings:

a) Crime;
b) Theft, forgery, fraud or breach of trust;
c) Misappropriation of work;
d) Usury;
e) Money laundering and financing terrorism;
f) Issuing dishonored cheques;
g) Personal bankruptcy, receivership or liquidation of assets.

3. A Chief Executive Officer shall be nominated by the Board of Directors. No person shall act as Chief Executive Officer if:

a) he has been convicted of any crimes;
b) he is a minor or legally disable;
c) he has been convicted of an offence involving theft or fraud causing financial loss;
d) he has been removed from an office on account of abuse of office or corruption in the immediate ten (10) years ;
e) he has been convicted of an offence involving dishonesty;
f) he is a CEO or acts in the Board of Directors of any of the data provider;

4. CRSP shall establish a dedicated unit to put into practice the consumer’s rights, CRS’s operations, and security measures;

5. The Board of Directors shall be responsible for ensuring that the CRS is prudently managed and complies with any applicable laws and regulations.


CHAPTER 6 - OPERATIONS OF THE SYSTEM


Article 16: Data Sources

8

1. The CRS will collect, load, and disseminate credit information and related data about individuals and firms from the following sources:

a) covered entities , users and other data providers; and
b) other public information available via lawful means.
2. CRSPs shall be able to access to publicly available information and other sources,

including:

a) An institution or organization in charge of business registers, immovable property and other property rights;
b) An institution or organization in charge of keeping identification files such as National ID, family book, passport or tax number.
3. The CRSPs may collect data on court judgments and insolvency proceedings when available and obtained through lawful means.


Article 17: Collection and Distribution


1. CRS will collect, process, and store credit information obtained from the data providers and other data sources according to the best possible knowledge, including operational guidelines to protect data from misuse, unauthorized access, loss, or system failure. CRS will introduce quality control procedures to ensure the continuity of the service.

2. Data providers shall submit their complete loan portfolios according to the layout and format established by the CRSPs in agreement with the Advisory Council. The initial format will follow the layout indicated in ANNEX 1 (file layout). It will include two parts, one containing identifiable information of the borrower and guarantor and another relating to the credit transaction data.


3. Data providers shall provide the first file within ninety (90) days, beginning from being notified the commencement date.


a) The CRS shall load all relevant data that complies with the File Layout received from the data providers within a period of 5 business days since the receipt of data.

b) All data providers shall provide a complete update of their credit information every month, at least dated on the fifth (5) of next month.

c) The file shall be provided in the format established by the Boards and approved by the Council.

4. CRSPs shall be responsible for the CRS database and shall provide the credit information services to covered entities, data providers and other authorized users under this Prakas, the code of conduct, or any applicable regulations of the NBC.

5. CRSPs shall be responsible for data leakage as of a result of system failure or data misuse by its employees.

6. Credit information shall not be sold or disclosed by any of the covered entities, data providers, or any users to a third party. Covered entities, data providers, or authorized users, shall not use the information obtained from the CRS to provide services to third parties or to conduct marketing campaigns, other than their existing customers.

9

7. CRSPs may modify the terms and conditions of the service to guarantee or improve the performance of the service. CRS shall send a notice to the data providers within 60 days before the new conditions come into effect.


Article 18: Access to Credit Reporting System (CRS)


1. All covered entities shall use the CRS to analyze the payment behavior of the applicant whenever they receive any new loan application, or renewal or extension of an existing credit facility, regardless of the loan amount.

a) Access to the CRS shall be only restricted to data providers or authorized users under the terms established in the code of conduct.

b) The CRSPs shall establish processes, procedures and rules for determining authorized users to be authorized.

2. Other non regulated data providers shall submit credit information and access the CRS on a voluntary basis, subject to the rules of reciprocity and code of conduct.

3. The CRSPs shall ensure that the service is, secure, stable and usable, and shall ensure that the credit reporting system is fully capable of serving data providers and authorized
users.

4. CRSPs shall not be responsible for non-authorized access that occurs as a consequence of the sharing or disclosure access codes or passwords with third parties by any data provider or authorized user.

5. All data providers and authorized users shall be subject to the security measures procedures adopted and contained under the code of conduct.


Article 19: Other Services.


CRSPs shall request for guidance from the Advisory Council prior to introducing any new services or products. The council shall produce a report with their conclusions based on fairness of the product for all creditors and impact on consumers. The council shall provide the report to the CRSPs within 30 days from the requested date.

Article 20: Pricing Policies


1. CRSPs may charge fees, charges or penalties for its services, based on a transparent policy in accordance with the services provided.

2. The CRSPs shall obtain approval from the NBC for any amendments to the pricing policy prior to the enactment. The NBC shall consider such application and related documents, and either approve or decline within 15 business days.


CHAPTER 7 - CONSUMER RIGHTS


Article 21: Notification of Consumer Rights

10


1. By way of a consent clause, data providers shall notify the consumer on any loan application, renewal or extension of the relevant credit information being submitted to the CRS. The consent clause shall include the followings:

a) Name of the data provider;
b) Purpose of collection the credit information;
c) Name and address of the CRSP;
d) Means to access the credit information in case there is a need to correct or modify
the credit information.
e) Covered entities and non-covered entities, when become data providers, shall include notification of consumer rights in the loan application form and establish a standard consent form as provided in annex II and III, respectively.

2. When an adverse action against a consumer has taken place, as a result of a CRS enquiry, the data provider shall notify the consumer accordingly within 5 business days.

Article 22: Confidentiality


1. The credit information is confidential and shall only be used for the permissible purposes set forth in the article 8. Confidentiality shall be strictly implemented and data providers or authorized users shall not sell or otherwise provide such credit information to any third party.

2. Only authorized employees of the users, the NBC, and the CRSPs can access the information and always for the strict performance of their duties. The CRSPs shall take all necessary measures to ensure that CRS’s directors and employees regularly maintain the confidentiality of credit information. The CRSPs shall take all reasonable measures to prevent unauthorized access to credit information, and shall establish and enforce security policies and procedures to govern the access to the credit information.


3. The NBC shall have free access to the CRS to obtain credit information for its oversight functions of covered entities, as well as other information pertaining to the non-covered entities to monitor the overall financial stability.

4. The NBC shall have access to the CRS in order to fulfill its oversight functions to maintain the efficient, transparent, fair and legal operations of the CRS.

5. Directors and employees of CRSPs, authorized users and employees of data providers shall sign confidentiality agreements prior to gaining access to credit information or the CRS.


Article 23: Right over Information

1. Consumers shall be entitled to request disclosure of any data pertaining to him/her once a year, per copy.

a) The report shall be provided to the consumers within ten (10) business days from the receipt of the request to the primary address held in file at the CRS. The consumer can request an immediate report at assigned rate of the CRSPs.

b) The consumers shall sufficiently identify themselves prior to gaining access to their credit information.

c) The CRSPs shall provide the consumer a copy of all their credit information once per year, including the name and list of the data providers that have accessed their credit information within the last six (6) months.

11

2. The consumers shall be entitled to request for correction of any incorrect or incomplete credit information at any time.

a. When a request for correction of incorrect or incomplete credit information is received, the CRSPs shall inform relevant data provider and send all relevant information to that data provider in order to investigate and correct the credit information within ten (10) business days.

b. The CRSPs shall inform the consumer at the primary address held in the file at the CRS no later than ten (10) business days after receiving the response from the relevant data provider of the result of the complaint.

3. A detailed consumer rights procedure shall be made available at all data provider’s premises and their respective websites or at the CRSPs premises and website.

CHAPTER 8
OVERSIGHT


Article 24: Roles of the National Bank of Cambodia

1. The NBC has the authority to set up any regulations to control and oversee all credit reporting activities, including any relationship with service providers or data providers and authorized users regarding the efficiency and fair functioning of the CRS.

2. The NBC has authorities to:

a) issue, suspend and de-license of the CRSPs;
b) monitor the compliance with the rules, regulations, code of conduct, terms,
procedures and operating systems;
c) supervise the adequacy of mechanisms in ensuring continuity of the services,
including the entry and exit requirements and other requirements;
d) monitor all implementation of resolutions adopted by the Advisory Council;
e) require the CRSPs to adopt necessary measures enabling the mandatory participation
of all covered entities and the voluntary participation of non-covered entities
operating in the credit market; and
f) penalize and sanction all parties interacting with the CRS, including but not limited
to data providers, authorized users and consumers.


Article 25: Advisory Council

1 The “Advisory Council” shall consist of 5 to 11 members.
2 The “Advisory Council” shall be chaired by the NBC and shall meet at least twice a year or more often when necessary.
3 In order to ensure efficiency, reliability and safety of the system, the “Advisory Council” shall hold regular meeting to agree the followings:

a) The strategic vision of the credit reporting system in Cambodia;
b) The format and content of the credit information file layout;
c) The operational rules governing the CRS;
d) The update periods of credit information, data loading, and disclosing;

12

e) The design of all products and services of the CRS and the various delivery
methods, including security measures and technologies;
f) The participation of new members;
g) The adequacy of technology and homogenization of the IT services to provide data;
h) The content of the operational and technical manuals relating to security, operations,
consumer’s rights, dispute resolution and any substantial amendment;
i) The content of the code of conduct;
j) The adequacy of services and products provided and pricing policies;
k) The educational programs for credit officers to use data properly;
l) The recommendations to the CRSPs regarding the provision of the service or the
conduct of the data providers or users.

Article 26: Dispute Resolution Mechanism

1. Any complaint regarding the accuracy or the credit information shall be submitted to the CRSP for investigation.
2. Once a complaint is received, the CRSP shall investigate the dispute and respond within 10 business days from the date of receipt, by:


a) Investigate the accuracy of the compliant or others;
b) Respond in writing to the complainant outlining the decision;
c) Correcting any incorrect or incomplete credit information within 10 business days.
3. A Consumer dissatisfied with the decision may appeal to the NBC within 10 business
days.


4. If the Consumer is not satisfied with the NBC’s decision, further appeal may be made to the Court.

CHAPTER 9
OFFENCES AND PENALTIES

Article 27: Offences

Data providers or authorized users, that has access to credit information in the CRS and uses such credit information for different permissible purposes of this Parkas, shall be liable to breaching the confidentiality and penalties under the Law on Banking and Financial Institutions.

Article 28: Penalties

Any person violates the provisions of this Prakas shall be liable for the following administrative penalties:
1. Any person who, acts either for his own account, or for the account of a legal person, by carrying out the CRA without a license, shall be liable for a fine from five (5) million to two hundred and fifty (250) million riels, without prejudice to the closure of the concerned institution;
2. Any person or legal entity or any data provider or authorized user, that uses the credit information obtained from the CRS for a different purposes other than the ones established under the Article 8 shall be subject to a fine from five (5) million to two hundred and fifty (250) million riels;

13

3. Any person whether or not the covered entities, shall be liable for a fine of four (4) million to ten (10) million riels, following the cases of:

a) he infringes any code of conduct or fails to provide complete and accurate credit information to the CRS within the timeframe provided;
b) he fails to respond to request for information by the NBC within the timeframe specified;
c) he knowingly provides the CRS with inaccurate or incomplete information regarding a consumer complaint or investigation;
d) he fails to comply with the deadlines for consumers’ rights.


4. Besides the above administrative penalties, any person infringes on the provision provided in this Prakas or the code of conduct shall be liable for disciplinary sanctions or penalties as provided in applicable law.

CHAPTER 10
TRANSITIONAL PROVISIONS

Article 29: Adoption Period

Data providers shall prepare their procedures, processes, and systems to the requirements provided by this Prakas within a period of nine (9) months, starting from this Prakas comes into effect.
After such period sanctions may be applied by the NBC.


CHAPTER 11
FINAL PROVISIONS


Article 30: Repeal


Prakas B7-06-073 on the Utilization and Protection of Credit Information; Prakas B7-06- 101 on the Implementation of Credit Information Sharing System Management Guideline; Prakas B7-06-102 on the Establishment of Board of Directors of Credit Information Sharing System; Prakas B7-06-103 on the Establishment of Management Committee of Credit Information Sharing System; Prakas B7-06-104 on the Establishment of Operators and Secretariats of Credit Information Sharing System are hereby repealed.


Article 31 Implementation


The General Secretariat, the General Directorate of Supervision, the Technical General
Directorate, the General Cashier, the General Inspection, all Departments and Unit under the
National Bank of Cambodia, all Banking and Financial Institutions under the NBC’s supervisory
authority and all relevant parties shall strictly implement this Prakas.

YOU ARE HERE:
php script encode decode php script encode decode