Sri Lanka Consumer Protection Act 2023 PDF
Document Details
Uploaded by Deleted User
2023
Dr. P. Nandalal Weerasinghe
Tags
Related
- Bank Subsidiaries and Affiliates PDF
- Bank Subsidiaries and Affiliates PDF
- Credit and Collection PDF
- AZ IOBSP 10 - CREDIT À LA CONSOMMATION ET CRÉDIT DE TRÉSORERIE PDF
- Ley Complementaria a la Ley de Protección al Consumidor (Perú) PDF
- IOBSP M11 - L'environnement réglementaire du regroupement de crédit (PDF)
Summary
This document is a set of regulations issued by the Central Bank of Sri Lanka on Financial Consumer Protection. The regulations aim to ensure financial system stability and provide protection for consumers of financial institutions.
Full Transcript
Y%S ,xld m%cd;dka;%sl iudcjd§ ckrcfha.eiÜ m;%h w;s úfYI The Gazette of the Democratic Socialist Republic of Sri Lanka EXTRAORDINARY wxl 2344$17 - 2023 wf.d...
Y%S ,xld m%cd;dka;%sl iudcjd§ ckrcfha.eiÜ m;%h w;s úfYI The Gazette of the Democratic Socialist Republic of Sri Lanka EXTRAORDINARY wxl 2344$17 - 2023 wf.daia;= ui 09 jeks nodod - 2023'08'09 No. 2344/17 - wednesday, august 09, 2023 (Published by Authority) PART I : SECTION (I) — GENERAL NOTICES OF THE CENTRAL BANK OF SRI LANKA THE MONETARY LAW ACT REGULATIONS made by the Monetary Board of the Central Bank of Sri Lanka under Section 10(c) of the Monetary Law Act, No. 58 of 1949 (Chapter 422). Dr. P. Nandalal Weerasinghe, Chairman of the Monetary Board and Governor, Central Bank of Sri Lanka Colombo, 08th August, 2023 Financial Consumer Protection Regulations WHEREAS the objectives of the Central Bank of Sri Lanka (Central Bank) as enshrined in the provisions of Section 5 of the Monetary Law Act, No. 58 of 1949 require the Central Bank to ensure financial system stability; 1A- G 40073 - 26 (08/2023) This Gazette Extraordinary can be downloaded from www.documents.gov.lk 2A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 AND WHEREAS in order to ensure financial system stability, it is essential that the financial institutions operate in compliance with all legal and regulatory requirements thereby enabling the financial consumers of such institutions to receive a competitive service in a just and equitable manner; AND WHEREAS it is equally essential for the consumers of the financial institutions to be able to submit their complaints and grievances to a responsible institution for relief; AND WHEREAS it is desirable to supplement the consumer protection framework provided by the Banking Act Direction No. 08 of 2011 on Customer Charter of Licensed Banks, issued under Sections 46(1) and 76(J) (1) of the Banking Act, No. 30 of 1988, last amended by the Banking Act, No. 46 of 2006 and the Financial Customer Protection Framework issued under Section 12 of the Finance Business Act, No. 42 of 2011 and Section 34 of the Finance Leasing Act, No. 56 of 2000; Now, the Monetary Board of the Central Bank of Sri Lanka (Monetary Board) acting under and in terms of Section 10(c) of the Monetary Law Act, No. 58 of 1949 make Regulations as follows. 1. Citation 1.1 These Regulations shall be cited as the Financial Consumer Protection Regulations No. 01 of 2023 and shall come into operation on the date which completes the period of six months from the date of these Regulations except for Regulations 15, 17, 18.3, 43, 44, 45, 46 and 47 which shall come into operation on the date which completes the period of twelve months from the date of these Regulations. 1.2 These Regulations shall apply to Financial Service Providers regulated by the Central Bank. Authorized Primary Dealers, Authorized Money Brokers and the participants of the Payment and Settlement Systems shall comply with these Regulations to the extent such Regulations are relevant to their operations. 1.3 In the event of any inconsistency between the provisions of these Regulations and any other subsidiary legislation issued by the Central Bank in connection with financial consumer protection, these Regulations shall prevail. 2. Authority of the Central Bank 2.1 The Central Bank shall have the power to monitor, evaluate, and examine Financial Service Providers on the implementation of these Regulations and perform activities connected with maintaining public trust and confidence in the financial system of Sri Lanka. 2.2 For this purpose, the Central Bank, may, from time to time, issue, circulars, guidelines, and codes of conduct with a view of ensuring compliance with these Regulations by Financial Service Providers and may carry out market conduct supervision, and any other investigations, as appropriate. 2.3 For the purposes of these Regulations, any officer or any other person authorised by the Central Bank in writing, may at any time examine the books, records, accounts, documents, information and other activities of Financial Service Providers. The Central Bank, if deemed necessary, may seek the assistance of relevant regulatory authorities for any investigation to be carried out on the conduct of any Financial Service Provider. 3. Under these Regulations, any officer or any other person authorised by the Central Bank in writing, may do one or more of the following to ensure compliance by Financial Service Providers with these Regulations; i. require any Financial Service Provider to furnish information considered to be necessary within such time period or at such intervals and in such manner or form as specified; ii. require any Financial Service Provider to produce books, records, files, registers, and such other documents of such Financial Service Provider, maintained in print, electronic or any other form, and to provide authenticated copies of such books, records, files, registers and such other documents in any form as required; I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 3A Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 iii. enter the premises or storage area of any Financial Service Provider and examine books, records, files, registers, and such other documents of such Financial Service Provider, maintained in print, electronic or any other form, and obtain copies, authenticated or otherwise, of such books, records, files, registers and such other documents in any form; and iv. call for information by notice in writing from any person who may be acquainted with or is aware of or is in possession of or appears to have information regarding the conduct of business of any Financial Service Provider and, if required, call such person for an interview. 4. Market Conduct Supervision 4.1 With a view to safeguard rights and interests of the financial consumers, any officer or any other person authorised by the Central Bank shall carry out or cause to carry out examinations pertaining to market conduct of Financial Service Providers, having considered the business of the Financial Service Providers, market and nature, scale and complexity of the matter under consideration. 4.2 Any officer or any other person authorised by the Central Bank shall submit a report on market conduct to the Monetary Board, after the completion of each examination, and such report shall contain an analysis of any material violations of these Regulations or any other circulars, guidelines, or codes of conduct issued hereunder or any unfair, unsound or improper business practices and provide recommendations to prevent such violations or practices. 4.3 The Central Bank as and when deemed necessary may; i. require any Financial Service Provider to comply with the provisions of these Regulations or circulars or guidelines or codes of conduct issued hereunder when such Financial Service Provider has contravened or failed to comply with, immediately or within such time period as may be specified therein; ii. require any Financial Service Provider to take necessary action to correct the conditions resulting from such practice or contravention; iii. issue a show cause letter or warning letter to any Financial Service Provider on the possible regulatory action under these Regulations; and iv. refer any violation or concerned matter to the relevant regulatory department/s of the Central Bank for further investigations or regulatory actions. 5. It shall be the duty of every person of the Financial Service Provider to comply with any requirement imposed on him/ her under these Regulations. No person shall - i. fail to provide any information or produce any book, record, file, register or such other document, material or object required under these Regulations; ii. fail to attend in person when called for an interview; iii. provide false, incomplete, incorrect or misleading information, book, record, file, register or such other document, material or object; or iv. obstruct the officer or any other person authorised by the Central Bank in performing his/her duties under these Regulations. 6. Where the Monetary Board, based on a report made under Regulation 4, is of the opinion that any Financial Service Provider - i. is carrying on or is likely to carry on its business, following unfair, unsound or improper practices, which are detrimental to the interest of its financial consumers; or ii. has contravened or failed to comply with any provisions of these Regulations, or any, circulars, guidelines, codes of conduct issued hereunder; the Monetary Board may do one or more of the following; 4A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 a. Direct the Financial Service Provider to cease any such practice; b. Direct the Financial Service Provider to take necessary action to correct the conditions resulting from such practice or contravention; c. Direct the Financial Service Provider to revise the features, terms or conditions of any financial product or service; d. Direct the Financial Service Provider to remove any financial product or service from the market; e. Direct the Financial Service Provider to remove any advertising material from the market or media; f. Direct the Financial Service Provider to compensate or refund financial consumers; g. Publish the name of the Financial Service Provider as a Financial Service Provider on which the Monetary Board has serious supervisory concerns; and h. Direct relevant regulatory department/s to initiate regulatory actions against the Financial Service Provider. 7. Without prejudice to Regulation 2 and rights of the disputed parties to initiate court proceedings, the Central Bank shall provide an alternative dispute resolution mechanism for aggrieved financial consumers of Financial Service Providers. The process and procedures with regard to the alternative dispute resolution mechanism are explained under Regulation 47. GOVERNANCE BY FINANCIAL SERVICE PROVIDERS 8. Responsibility of the Board of Directors The Board of Directors of the Financial Service Provider or the Management Committee/ Executive Committee in the case of a foreign bank (hereinafter referred to as ‘the Board’) shall be responsible to strengthen its financial consumer protection framework by: i. approving and adopting financial consumer protection policies and procedures appropriate to the Financial Service Provider and overseeing and reviewing such policies and procedures in compliance with the provisions of these Regulations, or circulars, guidelines, codes of conduct issued hereunder; ii. ensuring that an appropriate structure with procedures, systems and resources are in place for effective implementation of financial consumer protection policies, including internal controls and codes of conduct for employees and agents/ third parties appointed by the Financial Service Provider; iii. appointing an officer from Key Management Personnel to oversee the inancial consumer protection function and report to the Board periodically. iv. ensuring that the Key Management Personnel monitors, evaluates the financial consumer protection activities, reports to the Board semi-annually and corresponds with the Central Bank; and v. ensuring that all employees and agents/ third parties appointed by the Financial Service Provider are adhering to the financial consumer protection requirements set out in these Regulations. For this purpose, the Board shall ensure that an appropriate monitoring mechanism is in place to assure compliance with these Regulations. 9. Responsibility of the Key Management Personnel The responsibilities of the Key Management Personnel of the Financial Service Provider appointed by the Board shall include but not limited to: i. implementation of suitable mechanisms to coordinate and collaborate among other internal business units to ensure that the financial consumer protection policies and procedures are in compliance with these Regulations and circulars, guidelines, codes of conduct issued hereunder; ii. monitoring, evaluating and reporting on financial consumer protection activities, including complaint data and operational reports; iii. overseeing and supervising the operations of any agent and/or third party who is providing financial products and/ or services to ensure financial consumer protection; iv. identification of financial products and services that carry compliance risks on financial consumer protection and initiate actions to manage such risks; I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 5A Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 v. ensuring deployment of staff who have sufficient knowledge and expertise in carrying out financial consumer protection activities; and vi. ensuring the provision of relevant training for employees, agents and third parties appointed by the Financial Service Provider, engaged with financial consumers on matters related to these Regulations, such as policies, procedures, systems, etc. 10. Responsibility of the Operational Management Personnel The responsibilities of the Operational Management Personnel of the Financial Service Provider shall include but not limited to: i. implementation of policies, procedures and systems relating to financial consumer protection adopted by the Financial Service Provider in compliance with these Regulations and circulars, guidelines, codes of conduct issued hereunder; ii. maintenance of records and information on activities related to financial consumer protection; and iii. submission of periodic reports on activities related to financial consumer protection required by the Key Management Personnel or the Board. 11. Internal Controls 11.1 The Financial Service Provider shall have effective internal controls to ensure that its financial consumer protection policies, procedures and systems are implemented throughout the business in compliance with these Regulations, and circulars, guidelines, codes of conduct issued hereunder and consistent with business strategy, including the risk profile and structures. 11.2 The Financial Service Provider shall have proper mechanisms for identifying, recording, monitoring, controlling and reporting issues relating to financial consumer protection. 11.3 The Financial Service Provider shall have a proper mechanism to comply with the requirements of complaint handling procedure stipulated under these Regulations. 12. Policies and Procedures 12.1 The Financial Service Provider shall have appropriate financial consumer protection policies and procedures which include, but not limited to the following: i. Description of roles and responsibilities of employees engaged in financial consumer protection activities, at all levels; ii. Identification, measurement, monitoring and control of risks relating to compliance with applicable Regulations, circulars, guidelines, codes of conduct and internal procedures on financial consumer protection; iii. Sharing relevant critical information of financial consumers with internal and external parties; iv. Disclosure of information including the complaint handling process and other alternative dispute resolution mechanisms; v. Evaluation of financial products and services to identify, measure, monitor and control risks related to financial consumer protection; vi. Data security and privacy; vii. Complaint handling procedure; viii. Internal controls to safeguard financial consumers’ assets against incidents of fraud, theft, misappropriation and misuse and procedures to resolve such cases; and ix. Periodic auditing practices covering areas such as internal control systems, control system breaches and lapses, risk management practices, data security, information management systems, etc. to ascertain adequacy of the financial consumer protection framework. 6A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 12.2 The Financial Service Provider shall review its financial consumer protection policies and procedures at least once in every two years and obtain the approval of the Board for any changes. FAIR TREATMENT AND RESPONSIBLE BUSINESS CONDUCT 13. Formulation of Accessibility Policy 13.1 The Financial Service Provider shall formulate and implement an accessibility policy with a view to enhance fair and equal access to financial products and services, irrespective of the social status, physical ability, marital status, race, caste, gender, age, religion and financial literacy of the financial consumer. 13.2 The accessibility policy shall include but not limited to: i. documents, communication and information accessibility. ii. websites and mobile applications accessibility. iii. infrastructure accessibility. iv. cards, Automated Teller Machines (ATMs) and other similar services accessibility. 13.3 The Financial Service Provider shall not issue any policies or circulars which may encourage discrimination or inaccessibility. 13.4 Accessibility policy shall be available to the general public in accessible formats. 14. Non-discrimination 14.1 The Financial Service Provider shall not discriminate against financial consumers on grounds not relevant to provision of financial services applied for, such as social status, physical ability, marital status, race, caste, gender, age, religion, financial literacy, etc. However, these Regulations shall not prevent the Financial Service Provider from providing exclusive financial products and services. 14.2 The Financial Service Provider shall provide special attention to financial consumers such as elderly, physically disabled, low income and low financial literate to ensure fair access to all financial products and services. 15. Infrastructure 15.1 The Financial Service Provider shall comply with general laws regarding accessibility, such as facilitating differently abled and elderly financial consumers, when constructing new buildings and physical infrastructure. 15.2 The Financial Service Provider shall take necessary actions to improve accessibility in installing and processing ATMs and other automated equipment by enabling screen reader and other accessibility features. 15.3 The Financial Service Provider shall provide cards (Debit and Credit) with accessibility features at the request of the financial consumer. 16. Signature Verification The Financial Service Provider shall ensure that the signature of the financial consumer including electronic means of signature is unambiguous and acceptable for verification purposes. Thumbprint shall be treated equally to the conventional signature. 17. Web Accessibility 17.1 All web contents shall be perceivable, operable, understandable and robust. 17.2 Web accessibility shall include but not limited to: i. Font size, colour and colour contrast adjustability. ii. Full navigability and ability to function with the keyboard. iii. Full readability with screen readers. I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 7A Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 iv. All web elements shall be appropriately labelled or alternative text shall be used. v. All security, protection or safety features shall be provided in text and audio options. vi. Adequate time shall be provided to perform all functions. 17.3 Mobile applications accessibility shall include but not limited to: i. Font size, colours and colour contrast, and background colour adjustability. ii. Full navigability when using mobile applications. iii. Full readability with screen readers. iv. All mobile application elements shall be appropriately labelled or alternative text shall be used. v. All security, protection or safety features shall be provided in text and audio options. vi. Adequate time shall be provided to perform all functions. 18. Information Accessibility 18.1 The Financial Service Provider shall provide all necessary documents in accessible formats at the request of the financial consumer. 18.2 The Financial Service Provider shall grant permission to the financial consumer to have assistance from a person who has been authorised by the financial consumer by way of a letter of authority, a power of attorney or a board resolution, as the case may be. 18.3 The Financial Service Provider shall provide adequate facilities to use assistive technology and equipment. 19. Unfair Business Practices 19.1 The Financial Service Provider or its agent/ third party appointed by the Financial Service Provider shall not employ or engage in unfair business practices to the detriment of financial consumers. 19.2 The Financial Service Provider shall not act in bad faith or negligently in providing financial products and services to financial consumers. 19.3 For the purposes of Sub- Regulation 19.1, “unfair business practices” shall include, but not limited to the following practices involving, unfair, deceptive or abusive acts: i. Abusive debt recovery practices; ii. Requiring payment of un-accrued (future) interest/ early settlement fees on credit facilities, exceeding the levels permitted by the Central Bank, if any; iii. Automatically increasing credit limits without prior consent of the financial consumer; iv. Imposing excessive fees, penalties, future interest, and charges compared to the cost involved; v. Imposing fees and charges without prior written notice; vi. Changing the agreed terms and conditions on financial products and services without written consent of the other party; vii. Deducting payments and fees automatically for credit facilities that are tied to deposit account(s) without written consent of the financial consumer, using clauses imposing an obligation on the financial consumer; viii. Bundling and tying practices on financial products or services unduly limiting financial consumers’ choices; ix. Unduly delaying processing of requests of financial consumers; x. Imposing any unfair terms and conditions at any time with respect to the rights and obligations of financial consumers; and xi. Preventing financial consumers from termination of contracts, change of the Financial Service Provider or financial product/ service. 20. Sales Practices The Financial Service Provider shall: i. Formulate unambiguous and adequate sales policies and procedures for the sale of financial products and services; ii. Ensure persons engaged in activities related to sales/ marketing/ promoting products and services are trained and knowledgeable in key features, risks, important terms and conditions and act fairly and reasonably adhering to its procedures, practices and codes of conduct; 8A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 iii. Avoid aggressive sales practices and reckless or negligent sale of unsuitable financial products or services to financial consumers, during the sales process; iv. Not understate or dismiss warnings or cautionary statements in any form of sales, including written sales materials; v. Take all appropriate/ reasonable steps to identify and prevent or manage conflicts of interest between the Financial Service Provider and the financial consumer to prevent the adverse impact of such conflicts on financial consumers; and vi. Disclose actual and potential conflict of interest to financial consumers, in the case of advisory services and third- party products. 21. Unfair Contract Terms 21.1 The contract terms shall be considered unfair where there is an imbalance in rights and obligations to the detriment of the financial consumer, including but not limited to: i. Termination of contracts or alteration of clauses by the Financial Service Provider without prior notice to the financial consumer in writing or through newspaper notice or any other appropriate way within a reasonable time before such changes are made; ii. Making unilateral change to a contract without stating the circumstances under which the change could be made; iii. Limiting the liability of the Financial Service Provider unfairly and disproportionately in the event of total or partial non-performance of contractual obligations; iv. Binding the financial consumer while the corresponding obligation on the Financial Service Provider is disproportionate; v. Excluding or limiting the liability of the Financial Service Provider to losses caused to the financial consumer by misrepresentation, negligence or misleading information on its products or services; vi. Excluding or limiting the liability of the Financial Service Provider with respect to actions or commitments undertaken by their employees, agents or third parties appointed by the Financial Service Provider; vii. Giving the Financial Service Provider the ability to transfer its rights and obligations under the contract, without the consent of the financial consumer, where such action may reduce the rights of the financial consumer; viii. Excluding or limiting the rights of the financial consumer to take legal action in the event of a breach of contract; and ix. Implying clauses to waive any protection to the financial consumer provided by Acts, directions, Regulations, circulars, guidelines or codes of conduct. 21.2 The Financial Service Provider shall provide all the contractual documents to the financial consumer within a reasonable time before signing the contract. 22. Fraud and Misuse of Financial Consumer Assets 22.1 The Financial Service Provider shall have adequate policies and procedures in place to protect financial consumers’ deposits and other assets from internal or external fraud or misuse and to manage potential risk of such fraud and misuse. 22.2 The Financial Service Provider shall have clear policies and procedures to resolve cases of suspected fraud or misuse involving financial consumers’ deposits and other assets. 23. Timely Response and Contacting a Financial Consumer 23.1 The Financial Service Provider shall respond to a financial consumer’s request for information clearly, timely and in writing or electronically, through the preferred communication channels and either in Sinhala, Tamil or English, as preferred by the financial consumer, within a reasonable time period. 23.2 The Financial Service Provider shall maintain a record of the financial consumer site visits for recovery purposes, including date and time of the visit, names of the officers who visited and the financial consumer’s response in brief. I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 9A Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 23.3 When making telephone contact with a financial consumer, the person shall introduce himself or herself, the name of the Financial Service Provider on whose behalf the financial consumer is contacted and the purpose of contacting. 23.4 The Financial Service Provider shall maintain call recordings and a call register of call centers and shall retain such records considering the data retention requirements. 23.5 When obtaining a physical signature, the Financial Service Provider shall obtain a signature for security/ contractual documents outside the premises of the place of business only if a reasonable circumstance arises upon request of a financial consumer and in the presence of an authorised officer from the Financial Service Provider. 24. Advertisement and Sales Promotion 24.1 The Financial Service Provider shall: i. advertise/ promote suitable financial products or services based on financial consumers’ needs and capabilities; ii. avoid misuse of footnotes, disclaimers, or fine prints to prevent a financial consumer from reading relevant information fairly. Such items should be of sufficient size and of sufficient duration to enable an average viewer to comprehend; iii. ensure advertisement and sales materials do not contain misleading or false information or omit information that is important for the financial consumer to make a decision; iv. be liable for the statements made in advertising and sales materials; v. not use marketing strategies which may harm financial consumers by taking advantage of the financial consumers’ condition; vi. provide financial consumers with actively opt-in to receiving marketing materials, and easy means to opt-out from receiving marketing materials at a later point in time; and vii. include the contact details of the Financial Service Provider and credit rating (if available) and state that the respective Financial Service Provider is supervised by the Central Bank, in all advertisements and marketing materials. 24.2 The remuneration of employees and agents attached to marketing/ sales shall not be solely based on the sales volume/ target but give consideration to encourage responsible business conduct, interests and circumstances of the financial consumer. 25. Product Suitability and Design 25.1 The Financial Service Provider shall: i. gather and record information about the financial consumer to determine the suitability of the financial product(s) or service(s) to be offered or recommended to the financial consumer; ii. assess the financial consumer’s ability to fulfil terms and conditions associated with the financial product or service; iii. identify a maximum debt service/ income ratio (percentage of financial consumer’s disposable income that can be allocated to service debt) to assess the risk of over-indebtedness of a financial consumer by using sources such as the Credit Information Bureau (CRIB), etc.; and iv. based on the aforementioned information and criteria, determine that a financial product or service is suitable for the particular financial consumer before entering into a contract. 25.2 The Financial Service Provider shall: i. offer financial products or services that are suitable to the varying needs, risk profiles and interests of the types of financial consumers for whom they are intended (the target market), having regard to the characteristics of that target market; ii. not alter, bundle, or modify financial products to distort the features of the product which can place the financial consumer in a disadvantageous position; and iii. offer rates/ fees/ prices commensurate with the market-related rates/ fees/ prices, cost structure of the Financial Service Provider, regulatory requirements, etc. 10A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 26. Sale or Transfer of Debt or Any Other Product or Service The Financial Service Provider shall take the following actions, where the sale or transfer of debt or any other financial product or service without borrowers’ consent is permitted by law or the Financial Service Provider intends to cease operating, merge with, or transfer all or part of its operations to another party: i. notify the affected financial consumer of a sale or transfer within a reasonable number of days and the remaining debt obligation or outstanding position of the product/ service; ii. provide the financial consumer with information as to where to make payments; and iii. provide the financial consumer with the acquirer’s or purchaser’s, or transferee’s contact information. 27. Conduct of an Agent or Third Party Appointed by the Financial Service Provider 27.1 Where the Financial Service Provider appoints an agent/ third party, it shall enter into a formal agency or third party contract and comply with these Regulations, as applicable. 27.2 The Financial Service Provider shall be legally liable for the actions and omissions of their agents and third parties. 27.3 The Financial Service Provider shall be required to perform due diligence before contracting any agent or third party. 27.4 The Financial Service Provider shall be required to continuously monitor the performance of their agents and third parties. 27.5 The Financial Service Provider shall enter into a non-disclosure agreement with the agents/ third parties deployed in its businesses to preserve the duty of secrecy of the information of financial consumers. 27.6 The Financial Service Provider shall provide a financial consumer upon request with details of agents and third parties appointed for financial consumer services and the code of conduct issued to them requiring them to refrain from doing any of the following but not limited to: i. harassing financial consumers; ii. disclosing financial consumer information to unauthorized parties; iii. giving false or misleading information about products/ services; and iv. undue influence on financial consumers or the general public to buy or get involved in the products/ services of the Financial Service Provider. 28. Debt Recovery 28.1 The Financial Service Provider shall ensure that the debt recovery processes are transparent, courteous and fair, devoid of undue pressure, intimidation, harassment, humiliation or threat on the financial consumer. 28.2 The Financial Service Provider shall ensure that sales proceeds from foreclosure assets are immediately applied on recovery of the credit facility, and the financial consumers shall be informed and refunded with the balance, if any subject to other provisions in applicable laws. Further, the Financial Service Provider shall provide a report on the sale of collateral, which includes but not limited to the process involved, total sales proceeds, all incidental expenses/ costs and the net proceeds, to the financial consumer within reasonable time period from date of sale/ transfer of title of the asset. 28.3 The Financial Service Provider shall not engage in any of the following: i. Contacting friends, employer, relatives or neighbours of a financial consumer for any information other than information or verification of employment status, telephone numbers or address, except where: a. the person has guaranteed the loan; or b. the person has been nominated to be contacted by the financial consumer. ii. Requiring any persons listed in the (i) above to offset the debt, except where the person has acted as a guarantor. iii. Unnecessary or excessive contact or communication with a person, beyond what is reasonable in the circumstances. iv. Disclosing the existence of a debt to a third party (including friends, family, etc.). v. Making any misrepresentation in connection with a debt, such as its characteristics, the amount owed, the Financial Service Provider’s legal rights or the potential legal consequences for any person if the debt is not paid. vi. Public shaming. I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 11A Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 vii. Calling or visiting the work place of the financial consumer to seek repayment, except with the prior consent of the financial consumer. viii. Threatening to harm or harming any person. ix. Threatening to seize, or seizing, property which has not been provided as collateral. x. Threatening to damage, or damaging property. xi. Making contact with financial consumers in person or by other means such as telephone between the hours of 9.00 pm and 6.00 am, for the purpose of debt recovery. 29. Free Market 29.1 The Financial Service Provider shall: i. not engage in exclusive arrangements with agents or merchants hindering market access to other Financial Service Providers; and ii. operate systems which are open and interoperable. 29.2 The Financial Service Provider shall: i. display the business license, registration or appointment obtained from the Central Bank, latest audited financial statements, credit rating with underlying specifications, key contact details of the person handling complaints, business hours and holiday notices, in a prominently visible position at the public places of business, including outlets of the Financial Service Provider; and ii. publish the latest annual effective and nominal interest rates of deposits and lending products, foreign currency exchange rates, details of fees, commissions and any other charge with the effective date as applicable on the official website of the Financial Service Provider and display the same in a prominently visible position at the public place of business, including outlets of the Financial Service Provider. 30. Financial Consumer Education and Awareness 30.1 Financial Education and Awareness Programs i. The Financial Service Provider shall formulate policies and procedures and implement sufficient number of financial education and awareness programs, either on its own or in partnership with industry associations or in collaboration with the Central Bank/ agencies promoting financial literacy. ii. Financial education tools may include but not limited to printed brochures, flyers, booklets, posters, videos, presentations, interactive loan calculators, key messages, etc. iii. The Financial Service Provider shall educate financial consumers on legal provisions related to its financial products/ services. 30.2 The Financial Service Provider shall provide financial consumers with specific warnings related to over- indebtedness, such as consequences of multiple borrowing and late repayments with a special attention on vulnerable groups through financial education and awareness programs. DISCLOSURE AND TRANSPARENCY 31. The Financial Service Provider shall maintain an official website and update its contents in a timely manner ensuring adequate disclosure and transparency of its business activities, products and services. 32. The Financial Service Provider shall disclose or provide all the relevant information and documents at any stage of a contract, in a complete, clear, concise, accurate, not misleading and timely manner in the language preferred by the financial consumer either in Sinhala, Tamil or English and explain salient features of such information to the financial consumer. 33. The Financial Service Provider shall provide copies of the offer letter, agreement and other relevant legal documents to the financial consumer at the time of execution of such documents or within a reasonable time period giving due attention to perfection requirements provided by the law. 12A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 34. Information on Financial Products and Services 34.1 The Financial Service Provider shall provide accurate and not misleading information (whether written, oral or visual) in advertisements, marketing material or any material related to financial products or services. 34.2 The information provided shall be in plain and comprehensible language in either Sinhala, Tamil or English, as preferred by the financial consumer. 34.3 Any written communication provided by the Financial Service Provider shall: i. be in a font, size, spacing and placement of content that makes communication easy to read for the financial consumer; and ii. contain and highlight key features of the given financial product or service such as Annual Effective Rate of Interest (AER), tenor of the facility, fees charges and main risks. 34.4 The Financial Service Provider shall provide a financial consumer with documents, including Key Fact Documents, applications, offer letters, agreements, forms, receipts and statements relating to the financial product or service in writing, including electronic means. 34.5 The Financial Service Provider shall provide clarifications if financial consumers have any query regarding the information provided or disclosed. 34.6 The Financial Service Provider shall obtain a written confirmation from the financial consumer that the details of the products or services and their terms and conditions were received, explained and understood prior to accepting the offer. 34.7 The Financial Service Provider shall notify affected financial consumers at least thirty (30) calendar days in advance of the amendments or alterations being made to the range of services it provides. 34.8 The Financial Service Provider shall convey information in a clear and transparent manner via digital channels and Financial Service Providers shall be required to; i. make available the key information prominent in digital channels, with secondary layers of information provided for further details; ii. make available the offline channels to obtain further information and assistance; iii. keep the order and flow of information provided via mobile channels to enhance transparency and comprehension; iv. disclose pricing and key terms and conditions before the transaction is completed in digital transaction process; and v. make available user interfaces via mobile apps/ channels that are user-friendly and easy to navigate with adequate security features. 35. Key Facts Document 35.1 Financial Service Providers shall have a standardised document in the form of a “Key Facts Document” in either printed or electronic form for its products/ services written in simple language in Sinhala, Tamil and English, which shall be made available to the prospective financial consumers and displayed on the corporate website. 35.2 Key Facts Documents shall contain the following basic information with regard to loan products: i. Key features of the product/ service, including the nature of the product, annual effective rate of interest, penalties, other charges and fees and commissions. ii. Procedures to be followed to obtain the product/ service. iii. Main terms and conditions. iv. Complaint handling procedure. 35.3 This document shall contain the following basic information with regard to deposit products: i. Key features of the financial product/ service, including the nature of the product, annual effective interest rate, financial and other benefits to financial consumers, including incentives and promotions. ii. Minimum balance requirements, account opening fees, account maintenance fees, account closure fees and the availability and coverage of the deposit insurance. iii. Any restrictions on opening accounts, closing accounts, premature withdrawals, transferring funds by financial consumers, and policies and procedures on dormant accounts and abandoned properties. iv. Complaint handling procedure. v. Procedures for unauthorized or mistaken transactions. I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 13A Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 36. Disclosure of Terms and Conditions The Financial Service Provider shall disclose all the terms and conditions of financial products and services relevant to the financial consumer in the contractual documents, which includes but not limited to: i. rights and responsibilities of the financial consumer; ii. rights and responsibilities of the Financial Service Provider; iii. key risks to the financial consumer; iv. interest rates, costs, commissions, fees and charges relevant to the product or service; v. method of computing interest charges; vi. notification to financial consumers on changes to the contract; vii. penalties and other remedies in the event of a breach of contract; viii. contact information of the Financial Service Provider’s financial consumer service; ix. terms and conditions that may lead to termination of the contract; x. cancellation/ termination and portability procedures of financial products and services ; xi. any compensation/ charges/ penalty applicable in case of pre-mature withdrawal/ termination/ early settlement/ switching of a product or service by the financial consumer; xii. procedure and latest contact details of the Financial Service Provider on handling complaints and alternate dispute resolution mechanisms such as Financial Ombudsman in Sri Lanka and the Central Bank; xiii. the rules regarding: a. reporting of suspicious transactions and above-the-threshold transactions to the Financial Intelligence Unit; b. the reporting procedures that the financial consumer should follow in case of stolen cards/ financial instruments and the manner in which such liability to be accepted by the Financial Service Provider and by the financial consumer; and xiv. the disclosure of financial consumer information to a party legally authorised to obtain such information. 37. Information on Credit Facilities and Credit Instruments 37.1 The Financial Service Provider shall provide an application/ offer letter/ agreement to the financial consumer and the application/ offer letter/ agreement, at minimum, must contain the following basic information, as applicable, in addition to the information required under Regulation 34: i. Name of the borrower ii. Contract Number (Loan Reference Number) iii. Amount Granted iv. Date granted and the credit repayment period v. Annual Effective Rate of interest and basis (Fixed or Floating) vi. If floating, benchmark rate and frequency of rate revision vii. Repayment schedule and frequency of instalments (daily, weekly, monthly or any other basis) viii. Details of security/ collateral offered ix. Breakdown of additional charges, commissions and other costs payable by the financial consumer such as insurance, valuation, documentation, registration, etc. (if applicable) x. Penal interest rate (per annum) in the event of delayed payment xi. The recovery procedure in the event of default of payments by the financial consumer, including the timing and the types of costs involved in repossession of assets, the procedure to be followed by the financial consumer after repossession, any other types of charges as applicable, etc. xii. Procedures to revoke or stop payment on a credit instrument by the financial consumer xiii. Liability of parties in the event of unauthorized transactions on their accounts or fraud involving a credit instrument xiv. Consequences and costs to the financial consumer on using credit instrument to the account with insufficient funds xv. Terms and conditions of all tied or bundled financial products or services sold together with the credit facility xvi. The conditions applicable for early settlement by financial consumer 14A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 37.2 For the purpose of this Regulation, “credit instrument” includes a document except paper money that serves as evidence of a debt, including cheques, letters of credit, promissory notes, etc. 38. Provision of Account Statements 38.1 The Financial Service Provider shall provide a financial consumer with: i. a periodic statement of every account the Financial Service Provider operates for the financial consumer, free of charge, either in written or electronic form or according to the manner as agreed by the financial consumer when entering into the principal contract with the Financial Service Provider; ii. a closing statement when terminating or concluding a contract; and iii. information on account balances upon request by the financial consumer. 38.2 The frequency in which statements are provided shall commensurate with the type of financial product or service, its term and the type of clientele. 38.3 The statement referred to under Sub-Regulation 38.1(i) and (ii) shall contain the following information, as applicable: i. all transactions (date, type and amount); ii. opening and closing balances; iii. due date; iv. amount due/ payable; v. annual effective rate of interest; and vi. fees and penalty charged (rate or percentage). 39. Settlement of Obligation 39.1 The Financial Service Provider shall provide a financial consumer who has fully settled the financial obligations with a written declaration indicating the full settlement of the obligation. 39.2 The Financial Service Provider shall take measures to release the documents related to the property that is subject to collateral of a credit facility to the financial consumer within seven (07) working days from the date of full settlement of the obligation. 40. Information on Deposit Accounts The Financial Service Provider in addition to the information required under Regulation 34 shall disclose the following information to the financial consumer in the application/ mandate/ certificate/ pass book/ renewal notice, information relating to: i. balance of the account in an appropriate mode and frequency, as applicable; ii. applicable annual effective interest rate/ yield rate/ profit sharing ratio; iii. charges or fees for account opening and minimum balances; iv. account maintenance fees; v. responsibility of the financial consumer to keep the account access information confidential, including Personal Identification Numbers and passwords linked to the account; vi. limitations on the account functionality such as the number of withdrawals and transactions allowed free of charge; vii. in the case of term deposits, a notice of renewal prior to the maturity date; viii. availability and coverage of the deposit insurance; ix. procedures and costs for the financial consumer to close the account; and x. conditions to be classified as an inactive or dormant account and the consequences of an account becoming inactive or dormant. 41. Notification of Changes in Terms and Conditions 41.1 The Financial Service Provider shall notify a financial consumer in writing, within a reasonable time, prior to making changes to the agreed terms and conditions related to: i. the annual effective rate of interest to be paid or charged on any account of the financial consumer; I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 15A Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 ii. any non-interest charge on any account of the financial consumer; and iii. any other key product/ service feature or previously agreed on terms or conditions such as procedure for cancellation, prepayment of loans and transfer of loan servicing. 41.2 The Financial Service Provider shall be required to notify the financial consumer when his/ her accounts become inactive or dormant. COMPLAINT HANDLING AND REDRESS MECHANISM 42. Policy and Procedures 42.1 The Financial Service Provider shall have a clear written policy and procedures ensuring appropriate mechanisms are in place to receive, resolve with fair redress, compensation and respond to individual grievances and complaints of financial consumers, including retention of such records. 42.2 The Financial Service Provider shall have a complaint handling mechanism or unit independent from business units and supervised by a Key Management Personnel. 42.3 The Financial Service Provider shall conduct root cause analysis on complaint data and use such analysis to improve their financial products and services, as a part of the duties of the risk management committee related to operational risks or any other management committee overseeing the operational risk. 43. Complaint Handling Procedure of the Financial Service Provider 43.1 The mechanism for receiving complaints under Regulation 42 shall have multiple channels with clear procedures, including help desk assistance, telephone numbers, dedicated email/ postal addresses and online web forms. 43.2 The mechanism referred to under Regulation 42 shall be free of charge, fair, accessible, transparent and independent from business operations. 43.3 The Financial Service Provider shall acknowledge the complainant in writing, with contact details of the officer/ officers handling the complaint, within a reasonable time [preferably within five (05) working days]. 43.4 The Financial Service Provider shall assign an officer to coordinate complaints in each branch/ office/ outlet. 43.5 The Financial Service Provider shall maintain records of all complaints for future reference. 44. Transparency of Complaint Handling Procedure of the Financial Service Provider 44.1 The Financial Service Providers shall provide financial consumers with information on the latest mechanisms for handling complaints in the contractual documents. Further, the Financial Service Provider shall publish the complaint handling procedure and other relevant information on handling complaints, indicating the latest modification date to the complaint handling procedure, if any, on the official website of the Financial Service Provider and by way of pamphlets, posters, etc. 44.2 The information referred to under Sub-Regulation 44.1 shall include: i. available channels for submitting complaints, including contact details; ii. timeline for complaint resolution; iii. responsibility of the complainant at each stage of the process; iv. obligations of the Financial Service Provider; v. process of escalation to various levels, if not satisfied; and vi. details of alternative dispute resolution mechanisms (Financial Ombudsman of Sri Lanka, Central Bank, as applicable). 45. Conflict of Interests 45.1 The Financial Service Provider shall avoid conflicts of interest when handling complaints of financial consumers. 45.2 An officer shall not be involved in the processing of a complaint if such officer is a party to or a direct supervisor to the relevant officer or has an interest in the complaint or complainant. 16A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 46. Timeframe for Resolving Financial Consumer Complaints by the Financial Service Provider 46.1 The Financial Service Provider shall, upon receipt of a complaint from the financial consumer, resolve such complaint within 21 calendar days. However, if the Financial Service Provider is unable to resolve a complaint within 21 calendar days, shall notify the complainant before the expiration of 21 calendar days, giving reasons for the extension [maximum of three (03) months] and measures taken to resolve the matter so far. 46.2 However, the Financial Service Provider shall make all necessary arrangements to resolve complaints which require urgent action within the earliest possible time, considering the impact, urgency and risk of both the Financial Service Provider and the financial consumer. 46.3 In the event the Financial Service Provider is unable to provide redress for the complaint, the Financial Service Provider’s position shall be clarified to the complainant within the timelines stipulated in Sub-Regulation 46.1 above. 47. Complaint Handling Procedure of the Central Bank The Central Bank shall attend to complaints and grievances of financial consumers as an alternative dispute resolution mechanism. However, financial consumers or Financial Service Providers are not restricted from pursuing legal proceedings or any other dispute resolution mechanism at any time during the process. 47.1 Submission of Complaints to the Central Bank i. Complainant may submit a complaint to the Central Bank when he/ she is not satisfied with the Financial Service Provider’s response or the complaint has not been attended to in the manner provided under Regulation 43 and 46. However, in any case, the complaint shall be submitted to the Central Bank within a period not later than one (01) year from the date of submission of the complaint to the Financial Service Provider. ii. Submission of a complaint to the Central Bank shall be in the form and manner prescribed by the Central Bank. 47.2 The Central Bank shall cease processing the complaint if the financial consumer or the Financial Service Provider: i. files a case in the Court of Law in connection with the complaint. ii. uses undue influence or duress and in such case the Central Bank may take regulatory/ legal action, as applicable. 47.3 Determination by the Central Bank i. The Central Bank, before making a determination, shall assess the complaint and may require the Financial Service Provider to resolve the issue amicably with appropriate instructions/ recommendations/ comments. ii. If the Financial Service Provider fails to resolve the complaint satisfactorily as per the Central Bank instructions/ recommendations/ comments and the Central Bank decides that the complaint requires a determination, the Central Bank shall issue a determination on the complaint as the final solution of the Central Bank. iii. The Central Bank shall make the determination based on these Regulations, best banking practices, in a fair and just manner and shall not be required to comply with court procedures. iv. In order to arrive at a determination, the Central Bank may call for additional information/ documents, call for a hearing from all/ any party involved and/ or conduct a spot examination/ inquiry, as applicable. v. The determination by the Central Bank on a complaint referred by a financial consumer is binding for the Financial Service Provider if the financial consumer is agreed with the determination. vi. The Central Bank shall deliver a written determination on the complaint within 90 days, subject to the availability of all important information. However, depending on the complexity of the complaint in concern, delivering a determination may be extended. vii. The Central Bank shall, in determining a complaint, adhere to the general principles of natural justice. viii. A complainant may, at any time, before delivery of the determination, withdraw a complaint in writing or settle the complaint with the Financial Service Provider, then the complaint shall be considered as concluded. 47.4 Awards under the Central Bank Determination i. The Central Bank may, upon making a determination of complaint under Sub-Regulation 47.3, require the Financial Service Provider to do one or more of the following: a. compensate and/ or refund the affected financial consumer; I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 17A Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 b. make corrections to erroneous data, information or statement; c. cease or desist any activity/ operation which is the subject of the complaint; d. make a formal apology; or e. do or refrain from any other activity/ operation f. take action as the Central Bank may deem appropriate. ii. The Central Bank or any other officer authorised by the Central Bank may make recommendation advice/ views/ observations to the financial consumer as appropriate. 47.5 Complaints Involving Multiple Financial Service Providers Where a complaint from the financial consumer involves more than one Financial Service Provider, the Central Bank shall decide the responsibilities of each such Financial Service Provider in resolving the complaint. PROTECTION OF FINANCIAL CONSUMERS’ ASSETS AND INFORMATION 48. Safeguarding Financial Consumer Assets The Financial Service Provider shall: i. be liable for the financial consumer’s loss due to fraud, misappropriation and misuse of the financial consumer’s assets, unless proved that the loss occurred due to financial consumer’s negligence or fraudulent behaviour; ii. take disciplinary action against employee(s) involved in a fraud, misappropriation and misuse of financial consumer’s assets and report to the respective regulatory department/s of the Central Bank; iii. continuously create awareness on fraudulent practices and financial consumers’ responsibility and measures to be taken to safeguard against such threats; iv. require financial consumers to update their records regularly and as and when the need arises to ensure data accuracy and ultimately to enhance protection; and v. create a convenient avenue through which financial consumers can make the required updates. 49. Confidentiality, Security and Integrity of Personal Information 49.1 The Financial Service Provider shall formulate and implement policies and procedures to ensure confidentiality, security, and integrity of the personal information of financial consumers. 49.2 The Financial Service Provider shall not misuse and ensure that any of its employees or any other party acting on its behalf does not misuse personal information of financial consumers. 49.3 The Financial Service Provider shall have appropriate policies and procedures, data protection measures and staff training programs to prevent unauthorized access, alteration, disclosure, accidental loss or destruction of financial consumer data. 50. Protection of Financial Consumer Personal Information The Financial Service Provider shall be required: i. to have appropriate security and control measures to protect financial consumers’ personal information and retain it for a minimum period of six years from the termination/ expiration of contract, unless otherwise required by any other law; ii. not to share financial consumer’s personal information with a third party except with the financial consumer’s consent or as required by the law; iii. to retain key information, contractual documents and history of all the transactions for a minimum of six years from the termination/ expiration of contract; and iv. to retain all the source documents for a minimum of six years from the transaction date unless otherwise required by any other law. 18A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 51. Collection and Use of Data 51.1 The Financial Service Provider shall collect financial consumer’s personal information within the limits of any law, direction, or guideline, only using lawful and fair means; and only for specified, explicit and legitimate purposes. 51.2 The Financial Service Provider shall have a policy and procedures for collecting and using personal information, including means, purposes, and types of data that may be collected and retained, consistent with these Regulations and other applicable laws. 51.3 Personal information should be collected, retained, and used in compliance with, in addition to these Regulations, any other applicable laws, including Prevention of Money Laundering and Countering the Financing of Terrorism in Sri Lanka and Data Protection. 51.4 The Financial Service Provider shall comply with data privacy and confidentiality requirements that limit the use of financial consumer data exclusively for the purpose for which data is collected. 51.5 The Financial Service Provider may only use financial consumer's personal information: i. for purposes that are consistent with the original purpose for which they were collected, provided that it was reasonably apparent to, or would be reasonably expected by, the financial consumer; or ii. with the informed consent of the financial consumer; or iii. as otherwise required or permitted by these Regulations or any other law. 51.6 Financial consumers shall have a right to maintain his/ her privacy on disability (special needs). 51.7 The Financial Service Provider shall not use information related to any disability (special needs) of the financial consumer for any purpose other than facilitating the financial consumer or protecting financial consumer’s rights. 51.8 The Financial Service Provider shall not reveal information on financial consumer’s disability (special needs) or health status to any other party without prior consent of the financial consumer. 52. Sharing of Financial Consumer Information The Financial Service Provider shall not share financial consumers’ information with a third party for any purpose, including marketing, promotion and advertisement, unless: i. the information is being disclosed for the purpose for which it was originally collected, provided that it was reasonably apparent to, or would be reasonably expected by, the financial consumer; or ii. with the informed consent of the financial consumer; or iii. as otherwise required or permitted by these Regulations, a court of law or any other written law. 53. Financial Consumers’ Right to Access and Rectify their Personal Information 53.1 Upon request from a financial consumer, the Financial Service Provider shall provide them, except to any extent prohibited by law, with access to any personal information about the financial consumer that is held by the Financial Service Provider. Such access must be provided: i. in a form that is likely to be understandable to the financial consumer; ii. within a reasonable time; and iii. at minimal or no cost to the financial consumer. 53.2 In the event where a financial consumer claims that any personal data held by the Financial Service Provider is inaccurate or incomplete, the Financial Service Provider shall take appropriate steps within a reasonable time, to review the claim, rectify it and inform any third party with whom the information had been shared previously. INTERPRETATIONS 54. In these Regulations, unless the context requires otherwise: “Abusive debt recovery” includes- (a) unlawful collection of amounts due from borrowers; (b) the use of any false statement; and (c) intimidation, harassment and coercion. I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 19A Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023 “Accessible format” means electronic/ word format, and for Sinhala and Tamil, electronic/ word format with Unicode fonts or any other mechanism facilitating elderly, disabled or financial consumers with low financial literacy. “Accessibility” means providing equal and fair access to all financial services provided by Financial Service Providers. “Assistive Technology and Equipment” means any item, piece of equipment, software program or product system that is used to increase, maintain or improve the functional capabilities of persons with disabilities. “Books, records, accounts, documents, and information” means books, records, accounts, documents or information recorded or stored in any media, including paper and data stored in electronic, optical, magnetic or any information system. “Bundling of product” means the sale of two or more financial products or services as one combined product or service where the Financial Service Provider shall consider product suitability. “Central Bank” means the Central Bank of Sri Lanka established under Monetary Law Act, No. 58 of 1949 (Chapter 422). “Complaint” means dissatisfaction expressed by a financial consumer on a financial product or service and its related aspects provided by the Financial Service Provider. “Credit Facility” means an arrangement between the Financial Service Provider and a financial consumer to allow borrowing of a particular amount of money for different purposes for a particular period of time, either on-balance sheet or off-balance sheet credit facility. “Financial Consumer” means a person or entity or legal body or where the context so permits a legal representative of such consumer that uses, has used or potential user of any financial product or service provided by a Financial Service Provider and does not include Financial Service Providers. “Financial Consumer Protection” means laws, Regulations, circulars, directions, guidelines, policies and institutions to safeguard consumer rights, enable consumers to make informed financial decisions and ensure fairness in the provision of products and services by Financial Service Providers. “Financial Service Provider” means a Licensed Commercial Bank, a Licensed Specialised Bank, a Licensed Finance Company, a Specialized Leasing Company, an Authorized Primary Dealer, an Authorized Money Broker, a Licensed Microfinance Company, a Participant of the Payment and Settlement System or any other financial institution approved by the Monetary Board. “Key Management Personnel” means those persons having authority and responsibility for planning, directing and controlling the activities of the Financial Service Provider, directly or indirectly, including any executive director of the Financial Service Provider. “Operational Management Personnel” means officers who participate in day-to-day decision-making, including a manager of a branch office of the Financial Service Provider or a person acting on behalf of the manager. “Personal Information” means any information about an identified or reasonably identifiable financial consumer, including personal identifiers and financial information. “Products or Services” means any financial instrument/ activity/ transaction provided or offered by the Financial Service Provider to the financial consumer. “Tying of Products or Services” means the sale of two or more financial products and/ or services together without the option of distinguishing them upon sale. EOG 08-0087 PRINTED AT THE DEPARTMENT OF GOVERNMENT PRINTING, SRI LANKA.