In this article, we provide an overview of the new Bank of Tanzania (Financial Consumer Protection) Regulations 2019 (the Regulations) which were published in Government Notice No. 884 on 22 November 2019.
In summary the Regulations:
- Introduce a variety of protections for consumers in terms of how financial service providers offer, market and deal with complaints related to the financial services that they offer to consumers; and
- Set out the powers that the Bank of Tanzania has in terms of enforcing non-compliance with the Regulations.
Key definitions under the Regulations
- Financial education means imparting financial knowledge, skills and influencing financial behaviour of consumers to enable them to manage their personal financial matters and make informed decisions
- Financial consumer protection means laws, institutions, practices and policies to safeguard consumer rights, enable consumers to make informed financial decisions and ensure fairness in the provision of products and services by financial service providers
- Financial service provider means an institution licensed, regulated and supervised by the Bank of Tanzania
- Senior management for the purpose of Regulation 6 includes the chief executive officer, head of function, any other senior officer reporting to the chief executive officer and any other person other than members of the Board of Directors who participates in making decisions that affect the whole or substantial part of the business of the financial service provider
Governance by Financial Service Providers
Regulation 4 provides for a general provision that every financial service provider shall have in place a structure of governance that will ensure the effective implementation of consumer protection in accordance with the provisions of the Regulations.
Furthermore, Regulation 5 imposes responsibilities on the board of directors of the financial service provider (to include the overseeing of the implementation of a compliant financial consumer protection policy, ensuring that senior management has adequate processes in place for providing information necessary for the monitoring of these initiatives and to employ or appoint staff with sufficient knowledge in this regard. Regulation 6 also sets out the responsibilities of the senior management which are similarly wide ranging and include monitoring the compliance of the financial service provider in all aspects of its operations and identifying any financial products offered by the financial service provider that are a particular risk from a consumer protection compliance perspective.
In addition, the Regulations place an obligation on a financial service provider to adopt policies that are consistent with its own size and risk profile, which simultaneously allows it to discharge its obligations under the Regulations. Attached to this at Regulation 7(2) is the requirement that the financial service provider put in place adequate information management systems for measuring, monitoring, controlling and reporting any consumer protection issues.
Regulation 8 requires that appropriate financial consumer protection policies are in place and that these policies would include:
- the roles and responsibilities for consumer protection at all levels
- compliance risk management practices for consumer protection that facilitates the identification, measurements, monitoring and control of risks
- information sharing of consumer protection among functional units including complaint statistics, fraud reports and legal claims
- disclosure in respect of accountability, transparency, complaint handling process and other redress channels
- review of financial products or services to identify, monitor and control consumer protection risks
- adequate control mechanisms to safeguard consumers' assets against incidences of fraud, misappropriation and misuse
- procedures that aim to protect consumers' deposits and other assets against internal and external fraud or misuse regarding consumers' accounts
- periodic audit for control systems to ascertain consumer protections adequacy and effectiveness to guard against breaches
- regular update systems to guide against possible security lapses and
- periodic internal risk assessment to identify and assess data security risks on systems and appropriate control to restrict and monitor access to the database containing the consumers' information
It is required that a financial service provider annually reviews its consumer protection policies and submits to the Bank of Tanzania the revised policies (indicating all changes) not later than thirty days after the Board of Directors approved the new policy. Regulation 9 also requires that every financial service provider reports consumer protection matters to the Bank of Tanzania in the form and at the time prescribed by the Bank of Tanzania.
Fair and Equitable Treatment of Consumers
Regulation 10 requires that financial service providers do not discriminate consumers. Regulation 11 sets out that every financial service provider or, importantly, its agent does not employ unfair business practices in dealing with its consumers. Regulation 11(2) defines what could be considered unfair business practices including abusive debt recovery practices (as defined within the Regulations), granting overdraft services and charging fees without prior opt-in by the consumer and any bundling or tying of its products.
Regulation 16(1) sets out that the financial service provider shall provide a consumer contract that clearly sets out the rights and obligations of all parties to the transaction. Whilst the Regulations do not require the contract between the financial service provider to be "fair", Regulation 16(2) sets out when the contracts will be considered "unfair" and this is where there is a significant imbalance between the two parties' rights and obligations. Regulation 16(2) then sets out a non-exhaustive list as to the type of provisions that would be considered "unfair" and these include limitation of liability of the financial service provider in the event of total or partial non-performance of contractual obligations, providing for termination without notice to the consumer or excluding or limiting the right of the consumer to pursue legal action.
There is also a requirement for financial service providers to have greater governance and control over its agents. Regulation 17 places the following two obligations on financial service providers in respect of agents requiring the financial service provider to (a) enter into a formal agency agreement; and (b) continuously monitor the performance of the agent.
Disclosure and Transparency
Regulation 23 requires that a financial service provider provides agreements to consumers that include certain key terms and conditions which includes:
(a) the rights and responsibilities of the consumer and financial service provider, including those conditions that may lead to termination
(b) all interest rates, costs, fees and charges
(c) notification to consumers of any changes to the agreement
(d) the penalties and other remedies in the event of breach
(e) the contact information for the financial service provider's consumer service and for dispute resolution services
The Bank of Tanzania will, as per Regulation 25, issue guidelines in relation to any charges or fees imposed on products or services offered by financial service providers. Regulation 25(2) requires that any financial service provider takes note of these guidelines and does not impose any charges that exceed this amount. The Bank of Tanzania must also approve any charges intended to be imposed on any new financial products to be introduced by the financial service provider.
Financial service providers will also be required to provide a key facts statement for its products or services to the consumer through a convenient channel. The consumer will also have to sign the key facts statement and any financial service provider must retain this signed version.
Regulation 30 requires that a financial service provider shall notify a consumer in writing any changes to the following: (a) interest rates to be paid or charged; (b) any non-interest charge on any account of a consumer; and (c) any other key product features or previously agreed terms or conditions such as procedures for cancellation, prepayment of loans and transfers of loan servicing.
Protection of Consumers' Assets and Information
Regulation 35 sets out that every financial service provider is liable for a consumers' loss that occurs through fraud, misappropriation or misuse of a consumers' assets that are held, administered or controlled by the financial service provider. The financial service provider will then also have to:
- take disciplinary action against the employees involved in the fraud, misappropriation or misuse
- promptly refund a consumer for the actual amount lost, unless it is proved that the consumer was negligent or fraudulent
- require consumers to update their details within the timeline specified by the Bank of Tanzania
- create a convenient avenue through which consumers can update their details
- continuously create awareness as to fraudulent practices and the consumers' responsibility to guard against threats
- require consumers to update their records as and when the need arises to ensure data accuracy and enhance protection
Regulation 36 also requires that financial service providers ensure that appropriate security and control measures are put in place to protect consumers' financial and personal information. Financial service providers cannot share consumers' information with a third party except with the consumer's consent or as is required by law.
Complaints Handling and Redress Mechanism
The Regulations give every consumer the right to file a complaint against a financial service provider. Regulations 43 and 44 then require that the financial service provider establishes a mechanism for receiving and processing consumer complaints and requires that the financial service provider provides information of this mechanism to the consumer.
Regulation 45 requires that every financial service provider develops a fair redress mechanism and compensation policy for an aggrieved consumer. The compensation policy must also be in line with the guidelines issued by the Bank of Tanzania and include details of compensation for erroneous debits, excess charges and financial loss to consumers due to staff negligence or fraudulent activities. Importantly Regulation 47 requires a financial service provider to avoid conflicts of interest when handling consumer complaints. The officer of the financial service provider shall not be involved in processing of the complaints if they are party to or have an interest in the complaint.
A consumer may also escalate its complaint to the Bank of Tanzania if the complainant has not received a response from the financial service provider (provided the time limit, which varies between six (6) hours to fourteen (14) days depending on the type of product that is the subject of the complaint, has expired) or if the complainant is dissatisfied with the decision provided that the complaint is escalated within 14 days of the complainant receiving the notification of the resolution from the financial service provider. Regulation 52 however sets out that in order for the Bank of Tanzania to intervene it must be satisfied that the financial service provider had handled the complaint to its finality and only if the complainant has suffered financial loss or material inconvenience. Regulation 53(1) dictates that a determination by the Bank of Tanzania shall be binding and conclusive on the parties, subject to the complainant or financial service provider having the option to judicially review the decision.
Enforcement and Sanctions
Regulation 60(1) provides that the Bank of Tanzania has a clear supervisory mandate in relation to the objective of financial consumer protection. This provides for powers to take pre-emptive measures to address non-compliance and Regulation 60(5) grants powers to the Bank of Tanzania to investigate any potential breaches of the Regulations through means including onsite examinations and complaint handling. The Bank of Tanzania can also impose a variety of penalties and sanctions on non-compliant financial service providers including a fine not exceeding TZS 20 million (approximately USD 8700) or a suspension of operations for a period not exceeding one year, amongst other severe penalties.