DECISION 03-02/ 2013

In accordance with Article 36, paragraph 1, sub-paragraph 1.17, Article 65, paragraphs 1 and 2 of the Law on the Central Bank of the Republic of Kosovo, and in accordance with Article 15 of the Regulation on Credit Register, the Executive Board of the Central Bank of the Republic of Kosovo, at a meeting held on, issued the following:

Instruction

On Credit Registry

Article 1

Introduction

Instruction for Credit Registry of Kosovo (CRK) is guidance on credit reporting. As such itapplies to financial institutions determined by the Central Bank to be credit providers, including all licensed banks and microfinance institutions, and the non-bank financial institutions and insurance companies licensed to deal with special credit activities.

Article 2

Purpose

  1. The CRK is a internet based system and developed to operate as a web application. The purpose of this system is to support the process of assessment of credit customers for banks and licensed microfinance institutions, as well as non-bank financial institutions and insurance companies in their righteous decision-making.
  2. CRK system is mandatory for use by credit providers and as such is monitored by the CBK as a regulator of the financial industry. Legal structure is defined in the Regulation on Credit Registry.
  3. Credit providers have direct access to the CRK system. They should record in the system data on individual credits for natural and legal entities, as well as be able to withdraw from the system credit reports of the applicant / individual borrower.

Article 3

Terms and definitions

  1. Terms and definitions defined for the implementation of this Directive are in accordance with the Regulation on Credit Registry and have the following meanings:
  2. “borrower” means a natural person or a legal entity undertaking a credit obligation.
  3. “co-borrower” means a natural person or a legal entity that assumes a credit obligation together with another natural person or legal entity.
  4. “guarantor” means a natural person or a legal entity that undertakes a legal obligation to return the loan in case of failure of loan repayment by the primary borrower.
  5. “credit Registry ” means a Credit Registry operatingas a centralized system for collection and distribution of information between credit providers.
  6. “consent” means the expression of an agreement from the data subject in a clear, free, special and informed manner for the credit provider to access a data subject’s credit reports in the Credit Registry and for sending credit information of the data subject to the Credit Registry.
  7. “credit” means any loan or direct or indirect commitment to disburse money in exchange for a right to repayment of the amount disbursed and outstanding and a right to the payment of interest or other charges on such amount, to any extension of the due date of a debt, to any bank/insurance guarantee or letter of credit issued, and to any commitment to acquire a right to payment of a sum of money. The term “credit” also includes overdrawn balances on deposit accounts, or overdrafts. The term “credit” shall not include inter-bank credits, purchase of securities of Guvernment debt and purchase of all debt securities in secondary market.
  8. “credit provider” means any licensed banks, any licensed microfinance institution, a non-bank microfinance institution licensed for special credit activity, or an insurance company licensed for special credit activity (issuance of guarantees).
  9. “credit report” means any communication, written or electronic, of any information from the Credit Registry related to the credit state or exposure of a natural person or legal entity.
  10. “instruction” means a written recommendation issued by the Central Bank that is of general application and is binding in its entirety and directly applicable.
  11. . “data reporter " means a legal entity thatreports data in credit registry system. Data providers are:any licensed banks, any licensed microfinance institution, a non-bank microfinance institution licensed for special credit activity, or an insurance company licensed for special credit activity (issuance of guarantees).
  12. .“electronic signature” means the signature defined as such in the Law on Information Society Services.
  13. . “data subject” means a legal person or a legal entity in respect of which Credit Registry information is collected and a credit report is compiled. The data subject is also referred to as a client – one who has used credit services or applied for a credit, including borrowers and co-borrowers, guarantors and other related persons.
  14. . “natural person” means an individual.
  15. . “legal entity” means any organization, including a business organization, that has a separate legal identity different from its members, owners or shareholders.
  16. . “negative information” means information relating to a delay in repayment of a credit by the borrower and any other form of violation of obligations related to the loan.
  17. .“positive information” means information relating to the repayment of the credit on time by the borrower and fulfilling the obligations related to the loan.
  18. . “credit exposure” means a total credit amount issued to a borrower.

Article 4

Data recording

  1. Data recordingon borrowers, credits, related persons and collateral in the credit registry system must be done not later than by the end of the next working day after the approval of the credit. This can be done in two ways, manually and through the file. Credit providers will decide which form to use.
  2. There are three files for data reporting in the credit registry : credits, persons and collateral.
  3. Credit file
  4. Credit file consists of detailed information on the credit provider, loans and borrowers.
  5. Information required (mandatory) on the credit provider are: Name of theinstitution (credit provider) and the branch of credit provider.
  • The information required on the borrower are: Name, surname (for natural persons), status, official address, place, municipality, date of birth /registration, place of birth / registration.
  • The information required on the loan are: credit identification number, sector, amount approved, amount distributed, outstanding amount, the type of period (month / year / day), frequency of payment, payment amount, currency, date of approval, disbursement date, maturity date, collateral used, the value of the collateral, asset classification.

2.2Related persons file

  • Registration of creditrelated persons is done through second file, as guarantor or co-borrower. In the case of a legal entity, personal data of the owner or legal entity's contact person shall be registered.
  • In the case of business companies / partnerships, personal data of the owner / partners and the person / persons authorized shall be registered.
  • In the case of a corporation, personal data of shareholder / shareholders who own more than one- third of the stock, as well as personal data of authorized person who can represent the corporation shall be registered.
  • In the case of NGOs (nongovernmental organizations), registration of personal data of the authorized person / persons who can represent the organization is required. In all cases, if the number of authorized persons is more than two, personal details of two persons with higher positions must be registered.
  • Personal data to be registered are as following:
  • Date of birth / Date of registration
  • Place of birth / Place of registration
  • Profession/Main activity
  • Marital status (for natural persons only)
  • Monthly income
  • History of insolvency
  • Comments (notes on penalties etc.)
  • Yes/Nostatements (outstandingcredits, fines, etc.)

2.2.2The following data are required to be reported in relation to credit information.

  • Credit identification number (unique identification number generated by the lending institution)
  • Lending institution
  • Type of credit (loan, overdraft, credit card, other loan asset, letter of credit, guarantees, other credit obligations). Currency and amount of loan
  • Credit period, including the date of approval, date of delivery and the date of maturity
  • Classification (it is standard when registering new credit approved)
  • Purpose of loan

2.2.3For credits which involve collateral, credit institutions are required to record the registration number of the collateral, the assessed value in Euro, as well as a description of the collateral.

For categories of collateral that do not possess registration system, instead of the registration number the type of collateral must be reported.

2.3Collateral file

Through collateral file is reported credit related collateral. Pre-defined types of collateral must be transferred to the type of collateral. The serial number, amount and description of the collateral, the collateral provider's identification number and information on whether the collateral is registered in the pledgeregistry or not must be recorded.

Article 5

Data updating

  1. Credit provider institutions must update the status of each active credit according to the state of the last calendar day of each month. This update must be made no later than the fifteenth of following month, through file classification. Data updates can be done more frequently if required, but the end of the month update still must to be performed.
  2. In addition to the remaining amountthe credit classification category also must be reported also. Remaining credit balance should be classified at minimum, based on the delays. There are five classification categories of remainingcredit: standard credit- standard credit with normal performance which can be up to 30 days past due; monitoring sub-standardcredits 31-60 days past due; under standard sub-credits 61-90 days past due; doubtful credits91-180 days past due; lostcredits more than 180 days past due.
  3. Credit provider institutions must update creditsthat are considered as inactive but still have amount of unpaid balance. Credits that have been paid on time according to the contract must also be reported as liquidated. Credits that are classified as "Written off" must be reported with accurateremaining amount of the credit. Credits once reported as liquidated or written off can not be reported with other status.

Article 6

Data quality

Data reporters in the credit registry system are responsible for data accuracy and quality. Credit Registry shall take all reasonable steps to ensure that information on personal data collected, used or disclosed is accurate, complete and up to date.

Article7

Data security

Credit Registry shall take all measures to ensure the implementation and enforcement of all rules and procedures approved by the CBK, dealing with security and protection of information from unathorised accesses, disclosures or modifications.

Article 8

Informations disclosed in credit report

  1. Credit Registry may disclose information identifying a natural person including:
  • Date of information registration,
  • Name,
  • Previous and actual address,
  • Fiscal Number
  • The number of the identification document (ID),
  • Passport number
  • Place and date of birth,
  • Occupation,
  1. Credit Registry may disclose information that identify the legal entity, including:
  • Date of information entry,
  • Name of the business or company,
  • Business registration Number,
  • Creation date,
  • Commercial name,
  • Business registration Address,
  • Commercial address,
  • Name of director / directors,

Article 9

Users Access Management

  1. Credit Registry Division manages the credit registry system and the access of institutions to it, namely its users.
  2. Access to the credit registry system is made ​​after meeting the criteria required by the CBK, in particular criteria for an authorized access relating to the security and protection of data from unauthorized access.
  3. Only users authorized by credit institutions or those authorized by CBK can access credit registry system. Each user in order to access the system must possess an authorization certificate which is generated at the CBK. Based on the applications for these certificates, the credit registry generates certificates and proceeds with the necessary steps to enable access to the system. Institution authorization should be confirmed through forms approved by the credit registry and are mandatory to be delivered to CBK.
  4. For credit provider institutionsuser there are two levels of access on the credit registry system:

4.1 The first level allows research of information on credit applicants / borrowers.

4.2Second level allows researching, reporting, updating and modifying / (correcting) data.

  1. Credit provider institutions determine the level of rights to their users and notify the credit registry about that. Based on these notifications, credit registry classifies the rights to access the system.
  2. Credit Registry demands from credit providerinstitutions to provide prior notification on the terminationof user authorization for any reason (e.g. transfer to other position or termination of work contract). Notifications must be made at least 7 working days before the end of user access authorization.

Article 10

Security

  1. The purpose of this order is to establish procedures that will serve CRK system users by providing a controlled, sustainable, and safe environment of information.
  1. This instruction will affect the increase of user’s efficiency and their and data subject protection.To successfully implement this objective, a high level of confidence must operate between CRK system, its users and data subjects. CRK system users must be ensured that information recorded on the borrower's system will not be abused.
  1. Subjects of data must be ensured that their privacy is preserved and that their information will be used with responsibility by CRK system users.
  2. Credit Registry and CRK system users shall be ensured on the transparency of operations by preserving confidentiality of the information recorded in the CRK system.
  1. CBK’s Information Management Department is responsible for the maintenance of security policies. Appropriate security measures minimize the risk and enable the achievement of higher levels of security standards.

Article 11

Responsibilities of users

  1. For any additional data obtained from CRK system on data subjects, CRK system users should treat this data with responsibly and apply on them the policy of confidentiality.
  2. Users should define appropriate security measures to prevent:

2.1Unauthorized access to personal data, their change, deletion or loss;

2.2Unauthorized transfer;

2.3Processing and misuse of personal data;

Article 12

Exchange of credit information with foreign countries

Personal information that are owned or controlled by Credit Registryshall not be transferred to any organization abroad except as provided for by the Regulation on Credit Register.

Article 13

CRK Consultation

  1. Only credit providers may consult the CRK system. Credit providers can obtain a credit report for each client (loan applicants / borrowers) only after they have obtained written or electronic signature of clients to access the clients’ credit report.
  2. Credit providers will access to:
  3. General personal information on client;
  4. Clients’ personal loans, the remaining aggregate loans based on loan types and classification categories; Type and number of loans; Data on category of each classification for each loan, including currency, approved amount and remaining amount; For unpaid loans, will appear loans classified with W. Loans that are completed (liquidated) shall not appear on the report. The identity of credit providers will not show.
  5. Customer credit-related roles: Clients may have five different roles in relation to loans that are non-personal loans. He / She may be an owner/partner/shareholder of the business organization or a person authorized by the borrowing organization. Clients can be guarantee / co-borrower in relation to any loan. All of these loans will appear on the aggregated credit report based on the roles of the client and loan classification category. The data on presented loans include the category of classification, currency, approved amount and the remaining amount.
  6. Collaterals used by the client:The client may utilize collaterals related to his / her personal loans or other loans. All collaterals used appear on the credit report.The data presented on collaterals consist of the registration number of the collateral, its value in euro, as well as a description of the collateral.

Article 14

Customer’s credit history

  1. Customer's credit history shows any credit of the client that had a different classification category from standard loans during the return period of five years, from the time of reporting full credit return. For each such case, will appear the classification category, currency, amount approved, and the remaining amount. If the category of classification of active loan is different from standard loan, it will appear in the section of customer’s personal loans. From the time when such a loan is returned, it appears on the section of customer's credit history.
  2. For audit and harmonisation purposes, any loan provider can download loan portfolio by CRK system. CRK system can be consulted only by persons authorized from credit providers and only from computers connected to the internet and equipped with an authorizing certificate issued by CBK. Any consultation will be charged according to the tariffs approved by CBK.
  3. Individuals who are credit entities have the right to see their credit report. They may send a written request to any bank or to the credit registry of CBK. Also the same report can be taken through the internet by means of the portal for citizen access, in the web application raportikreditor.org, which is offered free of charge.

Article 15

Data protection and data storage period

All data are protected under the data protection principles. Privacy of each individual is guaranteed. Credit data will be kept for up to five (5) years after the last update. Loans classified in the category W shall be submitted up to seven (7) years after the last update with the remaining amount zero. After this period, the data will be archived.

Article 16

Role of CBK

  1. CBK will manage and maintain the system of CRK. Banking Supervision Department will have full access to CRK data system. These credit data / reports will be verified with the relevant books of credit providers. For analytical and statistical purposes data access to the CRK system of data can have the department of financial stability and economic analysis and the department of statistics.
  2. CBK may provide the credit report of the credit borrower or credit provider, to third parties if required by law or court order.

Article 17

Borrower’s rights

  1. CRK and loan providers will offer a summary of borrower’s rights at the time of application and it shall also be included for each credit report. CBK regulate borrower’s disputes according to the following procedure:
  2. If the borrower has any complaint in relation to his / her credit report he / she should first attempt to resolve the issue with the credit provider by addressing an appeal.
  3. By accepting the appeal, the relevant institution shall inform the credit registry, review and respond to the complaint within five (5) working days. Data subject should confirm his/her agreement or disagreement with the decision taken.
  4. Financial institution responsible for reporting of data in case of error identification can correct data like:
  • Name/Surname
  • Business ID number
  • Name of guarantee
  • Data changes can occur only after the submission of the relevant documents proving the inadequacy of current data.
  • If the borrower agrees with the decision,the financial institution must notify the CBK and close the case.
  • If the borrower does not agree with the decision, he / she may complain to the Division of Appeal in CBK. The borrower must complete the complaint form specifying the contested information in his / her credit report and provide valid identification number.
  • Appeals Division will review the appeal and prepare a response within ten (10) working days.
  • Appeals Division at the time of receipt of the complaint must ensure that all relevant data are presented in the form of the complaint and that are submitted by the borrower or by an authorized person. Appeals Division, in cooperation and consultation with the Division of Credit Registry and the Banking Supervision Department will prepare the answer to claimants.
  • Appeals Division will complete the response after receiving information from the financial institution to which the disputed data are reported.
  • Notes of complaint review shall be recorded and maintained by the Appeals Division.
  • If the CBK concludes that data presented in the credit report is incorrect, then the Division of Credit Registry shall require the reporting institution to make the correction of data reported incorrectly.
  • After reviewing the case the following data can be changed:
  • Classification
  • Incorrect information of monthly instalment
  • Loan balance
  • Effective date
  • If the borrower does not agree with the reply received from CBK may address a complaint to the competent authorities.

Article 18