Consumer protection act eng.pdf

Full Transcript

Y%S ,xld m%cd;dka;%sl iudcjd§ ckrcfha.eiÜ m;%h
w;s úfYI
The Gazette of the Democratic Socialist Republic of Sri Lanka
EXTRAORDINARY
wxl 2344$17 - 2023 wf.daia;= ui 09 jeks nodod - 2023'08'09
No. 2344/17 - wednesday, august 09, 2023

(Published by Authority)

PART I : SECTION (I) — GENERAL
NOTICES OF THE CENTRAL BANK OF SRI LANKA

THE MONETARY LAW ACT

REGULATIONS made by the Monetary Board of the Central Bank of Sri Lanka under Section 10(c) of the Monetary Law
Act, No. 58 of 1949 (Chapter 422).

Dr. P. Nandalal Weerasinghe,
Chairman of the Monetary Board and
Governor,
Central Bank of Sri Lanka
Colombo,
08th August, 2023

Financial Consumer Protection Regulations

WHEREAS the objectives of the Central Bank of Sri Lanka (Central Bank) as enshrined in the provisions of Section 5 of
the Monetary Law Act, No. 58 of 1949 require the Central Bank to ensure financial system stability;

1A- G 40073 - 26 (08/2023)
This Gazette Extraordinary can be downloaded from www.documents.gov.lk
2A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

AND WHEREAS in order to ensure financial system stability, it is essential that the financial institutions operate in compliance
with all legal and regulatory requirements thereby enabling the financial consumers of such institutions to receive a competitive
service in a just and equitable manner;

AND WHEREAS it is equally essential for the consumers of the financial institutions to be able to submit their complaints
and grievances to a responsible institution for relief;

AND WHEREAS it is desirable to supplement the consumer protection framework provided by the Banking Act Direction
No. 08 of 2011 on Customer Charter of Licensed Banks, issued under Sections 46(1) and 76(J) (1) of the Banking Act, No.
30 of 1988, last amended by the Banking Act, No. 46 of 2006 and the Financial Customer Protection Framework issued
under Section 12 of the Finance Business Act, No. 42 of 2011 and Section 34 of the Finance Leasing Act, No. 56 of 2000;

Now, the Monetary Board of the Central Bank of Sri Lanka (Monetary Board) acting under and in terms of Section 10(c) of
the Monetary Law Act, No. 58 of 1949 make Regulations as follows.

1. Citation

1.1 These Regulations shall be cited as the Financial Consumer Protection Regulations No. 01 of 2023 and shall come
into operation on the date which completes the period of six months from the date of these Regulations except for
Regulations 15, 17, 18.3, 43, 44, 45, 46 and 47 which shall come into operation on the date which completes the
period of twelve months from the date of these Regulations.

1.2 These Regulations shall apply to Financial Service Providers regulated by the Central Bank. Authorized Primary
Dealers, Authorized Money Brokers and the participants of the Payment and Settlement Systems shall comply with
these Regulations to the extent such Regulations are relevant to their operations.

1.3 In the event of any inconsistency between the provisions of these Regulations and any other subsidiary legislation
issued by the Central Bank in connection with financial consumer protection, these Regulations shall prevail.

2. Authority of the Central Bank

2.1 The Central Bank shall have the power to monitor, evaluate, and examine Financial Service Providers on the
implementation of these Regulations and perform activities connected with maintaining public trust and confidence
in the financial system of Sri Lanka.

2.2 For this purpose, the Central Bank, may, from time to time, issue, circulars, guidelines, and codes of conduct with
a view of ensuring compliance with these Regulations by Financial Service Providers and may carry out market
conduct supervision, and any other investigations, as appropriate.

2.3 For the purposes of these Regulations, any officer or any other person authorised by the Central Bank in writing,
may at any time examine the books, records, accounts, documents, information and other activities of Financial
Service Providers. The Central Bank, if deemed necessary, may seek the assistance of relevant regulatory authorities
for any investigation to be carried out on the conduct of any Financial Service Provider.

3. Under these Regulations, any officer or any other person authorised by the Central Bank in writing, may do one or more
of the following to ensure compliance by Financial Service Providers with these Regulations;

i. require any Financial Service Provider to furnish information considered to be necessary within such time period or
at such intervals and in such manner or form as specified;

ii. require any Financial Service Provider to produce books, records, files, registers, and such other documents of such
Financial Service Provider, maintained in print, electronic or any other form, and to provide authenticated copies of
such books, records, files, registers and such other documents in any form as required;
 I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 3A
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

iii. enter the premises or storage area of any Financial Service Provider and examine books, records, files, registers,
and such other documents of such Financial Service Provider, maintained in print, electronic or any other form, and
obtain copies, authenticated or otherwise, of such books, records, files, registers and such other documents in any
form; and

iv. call for information by notice in writing from any person who may be acquainted with or is aware of or is in possession
of or appears to have information regarding the conduct of business of any Financial Service Provider and, if required,
call such person for an interview.

4. Market Conduct Supervision

4.1 With a view to safeguard rights and interests of the financial consumers, any officer or any other person authorised
by the Central Bank shall carry out or cause to carry out examinations pertaining to market conduct of Financial
Service Providers, having considered the business of the Financial Service Providers, market and nature, scale and
complexity of the matter under consideration.

4.2 Any officer or any other person authorised by the Central Bank shall submit a report on market conduct to the
Monetary Board, after the completion of each examination, and such report shall contain an analysis of any material
violations of these Regulations or any other circulars, guidelines, or codes of conduct issued hereunder or any unfair,
unsound or improper business practices and provide recommendations to prevent such violations or practices.

4.3 The Central Bank as and when deemed necessary may;

i. require any Financial Service Provider to comply with the provisions of these Regulations or circulars or guidelines
or codes of conduct issued hereunder when such Financial Service Provider has contravened or failed to comply
with, immediately or within such time period as may be specified therein;
ii. require any Financial Service Provider to take necessary action to correct the conditions resulting from such
practice or contravention;
iii. issue a show cause letter or warning letter to any Financial Service Provider on the possible regulatory action
under these Regulations; and
iv. refer any violation or concerned matter to the relevant regulatory department/s of the Central Bank for further
investigations or regulatory actions.

5. It shall be the duty of every person of the Financial Service Provider to comply with any requirement imposed on him/
her under these Regulations. No person shall -

i. fail to provide any information or produce any book, record, file, register or such other document, material or object
required under these Regulations;
ii. fail to attend in person when called for an interview;
iii. provide false, incomplete, incorrect or misleading information, book, record, file, register or such other document,
material or object; or
iv. obstruct the officer or any other person authorised by the Central Bank in performing his/her duties under these
Regulations.

6. Where the Monetary Board, based on a report made under Regulation 4, is of the opinion that any Financial Service
Provider -

i. is carrying on or is likely to carry on its business, following unfair, unsound or improper practices, which are detrimental
to the interest of its financial consumers; or
ii. has contravened or failed to comply with any provisions of these Regulations, or any, circulars, guidelines, codes of
conduct issued hereunder;
the Monetary Board may do one or more of the following;
4A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

a. Direct the Financial Service Provider to cease any such practice;
b. Direct the Financial Service Provider to take necessary action to correct the conditions resulting from such practice
or contravention;
c. Direct the Financial Service Provider to revise the features, terms or conditions of any financial product or service;
d. Direct the Financial Service Provider to remove any financial product or service from the market;
e. Direct the Financial Service Provider to remove any advertising material from the market or media;
f. Direct the Financial Service Provider to compensate or refund financial consumers;
g. Publish the name of the Financial Service Provider as a Financial Service Provider on which the Monetary
Board has serious supervisory concerns; and
h. Direct relevant regulatory department/s to initiate regulatory actions against the Financial Service Provider.

7. Without prejudice to Regulation 2 and rights of the disputed parties to initiate court proceedings, the Central Bank shall
provide an alternative dispute resolution mechanism for aggrieved financial consumers of Financial Service Providers.
The process and procedures with regard to the alternative dispute resolution mechanism are explained under Regulation
47.

GOVERNANCE BY FINANCIAL SERVICE PROVIDERS

8. Responsibility of the Board of Directors

The Board of Directors of the Financial Service Provider or the Management Committee/ Executive Committee in the
case of a foreign bank (hereinafter referred to as ‘the Board’) shall be responsible to strengthen its financial consumer
protection framework by:

i. approving and adopting financial consumer protection policies and procedures appropriate to the Financial Service
Provider and overseeing and reviewing such policies and procedures in compliance with the provisions of these
Regulations, or circulars, guidelines, codes of conduct issued hereunder;
ii. ensuring that an appropriate structure with procedures, systems and resources are in place for effective implementation
of financial consumer protection policies, including internal controls and codes of conduct for employees and agents/
third parties appointed by the Financial Service Provider;
iii. appointing an officer from Key Management Personnel to oversee the inancial consumer protection function and
report to the Board periodically.
iv. ensuring that the Key Management Personnel monitors, evaluates the financial consumer protection activities, reports
to the Board semi-annually and corresponds with the Central Bank; and
v. ensuring that all employees and agents/ third parties appointed by the Financial Service Provider are adhering to the
financial consumer protection requirements set out in these Regulations. For this purpose, the Board shall ensure that
an appropriate monitoring mechanism is in place to assure compliance with these Regulations.

9. Responsibility of the Key Management Personnel

The responsibilities of the Key Management Personnel of the Financial Service Provider appointed by the Board shall
include but not limited to:

i. implementation of suitable mechanisms to coordinate and collaborate among other internal business units to ensure
that the financial consumer protection policies and procedures are in compliance with these Regulations and circulars,
guidelines, codes of conduct issued hereunder;
ii. monitoring, evaluating and reporting on financial consumer protection activities, including complaint data and
operational reports;
iii. overseeing and supervising the operations of any agent and/or third party who is providing financial products and/
or services to ensure financial consumer protection;
iv. identification of financial products and services that carry compliance risks on financial consumer protection and
initiate actions to manage such risks;
 I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 5A
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

v. ensuring deployment of staff who have sufficient knowledge and expertise in carrying out financial consumer protection
activities; and
vi. ensuring the provision of relevant training for employees, agents and third parties appointed by the Financial Service
Provider, engaged with financial consumers on matters related to these Regulations, such as policies, procedures,
systems, etc.

10. Responsibility of the Operational Management Personnel

The responsibilities of the Operational Management Personnel of the Financial Service Provider shall include but not
limited to:

i. implementation of policies, procedures and systems relating to financial consumer protection adopted by the Financial
Service Provider in compliance with these Regulations and circulars, guidelines, codes of conduct issued hereunder;
ii. maintenance of records and information on activities related to financial consumer protection; and
iii. submission of periodic reports on activities related to financial consumer protection required by the Key Management
Personnel or the Board.

11. Internal Controls

11.1 The Financial Service Provider shall have effective internal controls to ensure that its financial consumer protection
policies, procedures and systems are implemented throughout the business in compliance with these Regulations,
and circulars, guidelines, codes of conduct issued hereunder and consistent with business strategy, including the
risk profile and structures.

11.2 The Financial Service Provider shall have proper mechanisms for identifying, recording, monitoring, controlling
and reporting issues relating to financial consumer protection.

11.3 The Financial Service Provider shall have a proper mechanism to comply with the requirements of complaint
handling procedure stipulated under these Regulations.

12. Policies and Procedures

12.1 The Financial Service Provider shall have appropriate financial consumer protection policies and procedures
which include, but not limited to the following:

i. Description of roles and responsibilities of employees engaged in financial consumer protection activities, at
all levels;
ii. Identification, measurement, monitoring and control of risks relating to compliance with applicable Regulations,
circulars, guidelines, codes of conduct and internal procedures on financial consumer protection;
iii. Sharing relevant critical information of financial consumers with internal and external parties;
iv. Disclosure of information including the complaint handling process and other alternative dispute resolution
mechanisms;
v. Evaluation of financial products and services to identify, measure, monitor and control risks related to financial
consumer protection;
vi. Data security and privacy;
vii. Complaint handling procedure;
viii. Internal controls to safeguard financial consumers’ assets against incidents of fraud, theft, misappropriation
and misuse and procedures to resolve such cases; and
ix. Periodic auditing practices covering areas such as internal control systems, control system breaches and lapses,
risk management practices, data security, information management systems, etc. to ascertain adequacy of the
financial consumer protection framework.
6A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

12.2 The Financial Service Provider shall review its financial consumer protection policies and procedures at least once
in every two years and obtain the approval of the Board for any changes.

FAIR TREATMENT AND RESPONSIBLE BUSINESS CONDUCT

13. Formulation of Accessibility Policy

13.1 The Financial Service Provider shall formulate and implement an accessibility policy with a view to enhance fair
and equal access to financial products and services, irrespective of the social status, physical ability, marital status,
race, caste, gender, age, religion and financial literacy of the financial consumer.
13.2 The accessibility policy shall include but not limited to:
i. documents, communication and information accessibility.
ii. websites and mobile applications accessibility.
iii. infrastructure accessibility.
iv. cards, Automated Teller Machines (ATMs) and other similar services accessibility.
13.3 The Financial Service Provider shall not issue any policies or circulars which may encourage discrimination or
inaccessibility.
13.4 Accessibility policy shall be available to the general public in accessible formats.

14. Non-discrimination

14.1 The Financial Service Provider shall not discriminate against financial consumers on grounds not relevant to
provision of financial services applied for, such as social status, physical ability, marital status, race, caste, gender,
age, religion, financial literacy, etc. However, these Regulations shall not prevent the Financial Service Provider
from providing exclusive financial products and services.
14.2 The Financial Service Provider shall provide special attention to financial consumers such as elderly, physically
disabled, low income and low financial literate to ensure fair access to all financial products and services.

15. Infrastructure

15.1 The Financial Service Provider shall comply with general laws regarding accessibility, such as facilitating differently
abled and elderly financial consumers, when constructing new buildings and physical infrastructure.
15.2 The Financial Service Provider shall take necessary actions to improve accessibility in installing and processing
ATMs and other automated equipment by enabling screen reader and other accessibility features.
15.3 The Financial Service Provider shall provide cards (Debit and Credit) with accessibility features at the request of
the financial consumer.

16. Signature Verification

The Financial Service Provider shall ensure that the signature of the financial consumer including electronic means of
signature is unambiguous and acceptable for verification purposes. Thumbprint shall be treated equally to the conventional
signature.

17. Web Accessibility

17.1 All web contents shall be perceivable, operable, understandable and robust.
17.2 Web accessibility shall include but not limited to:
i. Font size, colour and colour contrast adjustability.
ii. Full navigability and ability to function with the keyboard.
iii. Full readability with screen readers.
 I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 7A
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

iv. All web elements shall be appropriately labelled or alternative text shall be used.
v. All security, protection or safety features shall be provided in text and audio options.
vi. Adequate time shall be provided to perform all functions.

17.3 Mobile applications accessibility shall include but not limited to:
i. Font size, colours and colour contrast, and background colour adjustability.
ii. Full navigability when using mobile applications.
iii. Full readability with screen readers.
iv. All mobile application elements shall be appropriately labelled or alternative text shall be used.
v. All security, protection or safety features shall be provided in text and audio options.
vi. Adequate time shall be provided to perform all functions.

18. Information Accessibility

18.1 The Financial Service Provider shall provide all necessary documents in accessible formats at the request of the
financial consumer.
18.2 The Financial Service Provider shall grant permission to the financial consumer to have assistance from a person
who has been authorised by the financial consumer by way of a letter of authority, a power of attorney or a board
resolution, as the case may be.
18.3 The Financial Service Provider shall provide adequate facilities to use assistive technology and equipment.

19. Unfair Business Practices

19.1 The Financial Service Provider or its agent/ third party appointed by the Financial Service Provider shall not
employ or engage in unfair business practices to the detriment of financial consumers.
19.2 The Financial Service Provider shall not act in bad faith or negligently in providing financial products and services
to financial consumers.
19.3 For the purposes of Sub- Regulation 19.1, “unfair business practices” shall include, but not limited to the following
practices involving, unfair, deceptive or abusive acts:
i. Abusive debt recovery practices;
ii. Requiring payment of un-accrued (future) interest/ early settlement fees on credit facilities, exceeding the
levels permitted by the Central Bank, if any;
iii. Automatically increasing credit limits without prior consent of the financial consumer;
iv. Imposing excessive fees, penalties, future interest, and charges compared to the cost involved;
v. Imposing fees and charges without prior written notice;
vi. Changing the agreed terms and conditions on financial products and services without written consent of the
other party;
vii. Deducting payments and fees automatically for credit facilities that are tied to deposit account(s) without
written consent of the financial consumer, using clauses imposing an obligation on the financial consumer;
viii. Bundling and tying practices on financial products or services unduly limiting financial consumers’ choices;
ix. Unduly delaying processing of requests of financial consumers;
x. Imposing any unfair terms and conditions at any time with respect to the rights and obligations of financial
consumers; and
xi. Preventing financial consumers from termination of contracts, change of the Financial Service Provider or
financial product/ service.

20. Sales Practices

The Financial Service Provider shall:
i. Formulate unambiguous and adequate sales policies and procedures for the sale of financial products and services;
ii. Ensure persons engaged in activities related to sales/ marketing/ promoting products and services are trained and
knowledgeable in key features, risks, important terms and conditions and act fairly and reasonably adhering to its
procedures, practices and codes of conduct;
8A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

iii. Avoid aggressive sales practices and reckless or negligent sale of unsuitable financial products or services to financial
consumers, during the sales process;
iv. Not understate or dismiss warnings or cautionary statements in any form of sales, including written sales materials;
v. Take all appropriate/ reasonable steps to identify and prevent or manage conflicts of interest between the Financial
Service Provider and the financial consumer to prevent the adverse impact of such conflicts on financial consumers;
and
vi. Disclose actual and potential conflict of interest to financial consumers, in the case of advisory services and third-
party products.

21. Unfair Contract Terms

21.1 The contract terms shall be considered unfair where there is an imbalance in rights and obligations to the detriment
of the financial consumer, including but not limited to:
i. Termination of contracts or alteration of clauses by the Financial Service Provider without prior notice to the
financial consumer in writing or through newspaper notice or any other appropriate way within a reasonable
time before such changes are made;
ii. Making unilateral change to a contract without stating the circumstances under which the change could be
made;
iii. Limiting the liability of the Financial Service Provider unfairly and disproportionately in the event of total
or partial non-performance of contractual obligations;
iv. Binding the financial consumer while the corresponding obligation on the Financial Service Provider is
disproportionate;
v. Excluding or limiting the liability of the Financial Service Provider to losses caused to the financial consumer
by misrepresentation, negligence or misleading information on its products or services;
vi. Excluding or limiting the liability of the Financial Service Provider with respect to actions or commitments
undertaken by their employees, agents or third parties appointed by the Financial Service Provider;
vii. Giving the Financial Service Provider the ability to transfer its rights and obligations under the contract, without
the consent of the financial consumer, where such action may reduce the rights of the financial consumer;
viii. Excluding or limiting the rights of the financial consumer to take legal action in the event of a breach of
contract; and
ix. Implying clauses to waive any protection to the financial consumer provided by Acts, directions, Regulations,
circulars, guidelines or codes of conduct.

21.2 The Financial Service Provider shall provide all the contractual documents to the financial consumer within a
reasonable time before signing the contract.

22. Fraud and Misuse of Financial Consumer Assets

22.1 The Financial Service Provider shall have adequate policies and procedures in place to protect financial consumers’
deposits and other assets from internal or external fraud or misuse and to manage potential risk of such fraud and
misuse.
22.2 The Financial Service Provider shall have clear policies and procedures to resolve cases of suspected fraud or
misuse involving financial consumers’ deposits and other assets.

23. Timely Response and Contacting a Financial Consumer

23.1 The Financial Service Provider shall respond to a financial consumer’s request for information clearly, timely
and in writing or electronically, through the preferred communication channels and either in Sinhala, Tamil or
English, as preferred by the financial consumer, within a reasonable time period.
23.2 The Financial Service Provider shall maintain a record of the financial consumer site visits for recovery purposes,
including date and time of the visit, names of the officers who visited and the financial consumer’s response in
brief.
 I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 9A
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

23.3 When making telephone contact with a financial consumer, the person shall introduce himself or herself, the
name of the Financial Service Provider on whose behalf the financial consumer is contacted and the purpose of
contacting.
23.4 The Financial Service Provider shall maintain call recordings and a call register of call centers and shall retain
such records considering the data retention requirements.
23.5 When obtaining a physical signature, the Financial Service Provider shall obtain a signature for security/ contractual
documents outside the premises of the place of business only if a reasonable circumstance arises upon request of
a financial consumer and in the presence of an authorised officer from the Financial Service Provider.

24. Advertisement and Sales Promotion

24.1 The Financial Service Provider shall:
i. advertise/ promote suitable financial products or services based on financial consumers’ needs and capabilities;
ii. avoid misuse of footnotes, disclaimers, or fine prints to prevent a financial consumer from reading relevant
information fairly. Such items should be of sufficient size and of sufficient duration to enable an average
viewer to comprehend;
iii. ensure advertisement and sales materials do not contain misleading or false information or omit information
that is important for the financial consumer to make a decision;
iv. be liable for the statements made in advertising and sales materials;
v. not use marketing strategies which may harm financial consumers by taking advantage of the financial
consumers’ condition;
vi. provide financial consumers with actively opt-in to receiving marketing materials, and easy means to opt-out
from receiving marketing materials at a later point in time; and
vii. include the contact details of the Financial Service Provider and credit rating (if available) and state that the
respective Financial Service Provider is supervised by the Central Bank, in all advertisements and marketing
materials.

24.2 The remuneration of employees and agents attached to marketing/ sales shall not be solely based on the sales
volume/ target but give consideration to encourage responsible business conduct, interests and circumstances of
the financial consumer.

25. Product Suitability and Design

25.1 The Financial Service Provider shall:
i. gather and record information about the financial consumer to determine the suitability of the financial product(s)
or service(s) to be offered or recommended to the financial consumer;
ii. assess the financial consumer’s ability to fulfil terms and conditions associated with the financial product or
service;
iii. identify a maximum debt service/ income ratio (percentage of financial consumer’s disposable income that can
be allocated to service debt) to assess the risk of over-indebtedness of a financial consumer by using sources
such as the Credit Information Bureau (CRIB), etc.; and
iv. based on the aforementioned information and criteria, determine that a financial product or service is suitable
for the particular financial consumer before entering into a contract.

25.2 The Financial Service Provider shall:
i. offer financial products or services that are suitable to the varying needs, risk profiles and interests of the types
of financial consumers for whom they are intended (the target market), having regard to the characteristics of
that target market;
ii. not alter, bundle, or modify financial products to distort the features of the product which can place the financial
consumer in a disadvantageous position; and
iii. offer rates/ fees/ prices commensurate with the market-related rates/ fees/ prices, cost structure of the Financial
Service Provider, regulatory requirements, etc.
10A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

26. Sale or Transfer of Debt or Any Other Product or Service

The Financial Service Provider shall take the following actions, where the sale or transfer of debt or any other financial
product or service without borrowers’ consent is permitted by law or the Financial Service Provider intends to cease
operating, merge with, or transfer all or part of its operations to another party:
i. notify the affected financial consumer of a sale or transfer within a reasonable number of days and the remaining debt
obligation or outstanding position of the product/ service;
ii. provide the financial consumer with information as to where to make payments; and
iii. provide the financial consumer with the acquirer’s or purchaser’s, or transferee’s contact information.

27. Conduct of an Agent or Third Party Appointed by the Financial Service Provider

27.1 Where the Financial Service Provider appoints an agent/ third party, it shall enter into a formal agency or third
party contract and comply with these Regulations, as applicable.
27.2 The Financial Service Provider shall be legally liable for the actions and omissions of their agents and third parties.
27.3 The Financial Service Provider shall be required to perform due diligence before contracting any agent or third
party.
27.4 The Financial Service Provider shall be required to continuously monitor the performance of their agents and
third parties.
27.5 The Financial Service Provider shall enter into a non-disclosure agreement with the agents/ third parties deployed
in its businesses to preserve the duty of secrecy of the information of financial consumers.
27.6 The Financial Service Provider shall provide a financial consumer upon request with details of agents and third
parties appointed for financial consumer services and the code of conduct issued to them requiring them to refrain
from doing any of the following but not limited to:
i. harassing financial consumers;
ii. disclosing financial consumer information to unauthorized parties;
iii. giving false or misleading information about products/ services; and
iv. undue influence on financial consumers or the general public to buy or get involved in the products/ services
of the Financial Service Provider.

28. Debt Recovery

28.1 The Financial Service Provider shall ensure that the debt recovery processes are transparent, courteous and fair,
devoid of undue pressure, intimidation, harassment, humiliation or threat on the financial consumer.
28.2 The Financial Service Provider shall ensure that sales proceeds from foreclosure assets are immediately applied
on recovery of the credit facility, and the financial consumers shall be informed and refunded with the balance, if
any subject to other provisions in applicable laws. Further, the Financial Service Provider shall provide a report
on the sale of collateral, which includes but not limited to the process involved, total sales proceeds, all incidental
expenses/ costs and the net proceeds, to the financial consumer within reasonable time period from date of sale/
transfer of title of the asset.
28.3 The Financial Service Provider shall not engage in any of the following:
i. Contacting friends, employer, relatives or neighbours of a financial consumer for any information other than
information or verification of employment status, telephone numbers or address, except where:
a. the person has guaranteed the loan; or
b. the person has been nominated to be contacted by the financial consumer.
ii. Requiring any persons listed in the (i) above to offset the debt, except where the person has acted as a guarantor.
iii. Unnecessary or excessive contact or communication with a person, beyond what is reasonable in the
circumstances.
iv. Disclosing the existence of a debt to a third party (including friends, family, etc.).
v. Making any misrepresentation in connection with a debt, such as its characteristics, the amount owed, the
Financial Service Provider’s legal rights or the potential legal consequences for any person if the debt is not
paid.
vi. Public shaming.
 I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 11A
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

vii. Calling or visiting the work place of the financial consumer to seek repayment, except with the prior consent
of the financial consumer.
viii. Threatening to harm or harming any person.
ix. Threatening to seize, or seizing, property which has not been provided as collateral.
x. Threatening to damage, or damaging property.
xi. Making contact with financial consumers in person or by other means such as telephone between the hours
of 9.00 pm and 6.00 am, for the purpose of debt recovery.

29. Free Market

29.1 The Financial Service Provider shall:
i. not engage in exclusive arrangements with agents or merchants hindering market access to other Financial
Service Providers; and
ii. operate systems which are open and interoperable.
29.2 The Financial Service Provider shall:
i. display the business license, registration or appointment obtained from the Central Bank, latest audited financial
statements, credit rating with underlying specifications, key contact details of the person handling complaints,
business hours and holiday notices, in a prominently visible position at the public places of business, including
outlets of the Financial Service Provider; and
ii. publish the latest annual effective and nominal interest rates of deposits and lending products, foreign currency
exchange rates, details of fees, commissions and any other charge with the effective date as applicable on the
official website of the Financial Service Provider and display the same in a prominently visible position at the
public place of business, including outlets of the Financial Service Provider.

30. Financial Consumer Education and Awareness

30.1 Financial Education and Awareness Programs
i. The Financial Service Provider shall formulate policies and procedures and implement sufficient number of
financial education and awareness programs, either on its own or in partnership with industry associations or
in collaboration with the Central Bank/ agencies promoting financial literacy.
ii. Financial education tools may include but not limited to printed brochures, flyers, booklets, posters, videos,
presentations, interactive loan calculators, key messages, etc.
iii. The Financial Service Provider shall educate financial consumers on legal provisions related to its financial
products/ services.
30.2 The Financial Service Provider shall provide financial consumers with specific warnings related to over-
indebtedness, such as consequences of multiple borrowing and late repayments with a special attention on vulnerable
groups through financial education and awareness programs.

DISCLOSURE AND TRANSPARENCY

31. The Financial Service Provider shall maintain an official website and update its contents in a timely manner ensuring
adequate disclosure and transparency of its business activities, products and services.

32. The Financial Service Provider shall disclose or provide all the relevant information and documents at any stage of a
contract, in a complete, clear, concise, accurate, not misleading and timely manner in the language preferred by the
financial consumer either in Sinhala, Tamil or English and explain salient features of such information to the financial
consumer.

33. The Financial Service Provider shall provide copies of the offer letter, agreement and other relevant legal documents to
the financial consumer at the time of execution of such documents or within a reasonable time period giving due attention
to perfection requirements provided by the law.
12A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

34. Information on Financial Products and Services

34.1 The Financial Service Provider shall provide accurate and not misleading information (whether written, oral or
visual) in advertisements, marketing material or any material related to financial products or services.
34.2 The information provided shall be in plain and comprehensible language in either Sinhala, Tamil or English, as
preferred by the financial consumer.
34.3 Any written communication provided by the Financial Service Provider shall:
i. be in a font, size, spacing and placement of content that makes communication easy to read for the financial
consumer; and
ii. contain and highlight key features of the given financial product or service such as Annual Effective Rate of
Interest (AER), tenor of the facility, fees charges and main risks.
34.4 The Financial Service Provider shall provide a financial consumer with documents, including Key Fact Documents,
applications, offer letters, agreements, forms, receipts and statements relating to the financial product or service
in writing, including electronic means.
34.5 The Financial Service Provider shall provide clarifications if financial consumers have any query regarding the
information provided or disclosed.
34.6 The Financial Service Provider shall obtain a written confirmation from the financial consumer that the details of
the products or services and their terms and conditions were received, explained and understood prior to accepting
the offer.
34.7 The Financial Service Provider shall notify affected financial consumers at least thirty (30) calendar days in
advance of the amendments or alterations being made to the range of services it provides.
34.8 The Financial Service Provider shall convey information in a clear and transparent manner via digital channels
and Financial Service Providers shall be required to;
i. make available the key information prominent in digital channels, with secondary layers of information provided
for further details;
ii. make available the offline channels to obtain further information and assistance;
iii. keep the order and flow of information provided via mobile channels to enhance transparency and comprehension;
iv. disclose pricing and key terms and conditions before the transaction is completed in digital transaction process;
and
v. make available user interfaces via mobile apps/ channels that are user-friendly and easy to navigate with
adequate security features.

35. Key Facts Document

35.1 Financial Service Providers shall have a standardised document in the form of a “Key Facts Document” in either
printed or electronic form for its products/ services written in simple language in Sinhala, Tamil and English,
which shall be made available to the prospective financial consumers and displayed on the corporate website.
35.2 Key Facts Documents shall contain the following basic information with regard to loan products:
i. Key features of the product/ service, including the nature of the product, annual effective rate of interest,
penalties, other charges and fees and commissions.
ii. Procedures to be followed to obtain the product/ service.
iii. Main terms and conditions.
iv. Complaint handling procedure.
35.3 This document shall contain the following basic information with regard to deposit products:
i. Key features of the financial product/ service, including the nature of the product, annual effective interest
rate, financial and other benefits to financial consumers, including incentives and promotions.
ii. Minimum balance requirements, account opening fees, account maintenance fees, account closure fees and
the availability and coverage of the deposit insurance.
iii. Any restrictions on opening accounts, closing accounts, premature withdrawals, transferring funds by financial
consumers, and policies and procedures on dormant accounts and abandoned properties.
iv. Complaint handling procedure.
v. Procedures for unauthorized or mistaken transactions.
 I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 13A
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

36. Disclosure of Terms and Conditions

The Financial Service Provider shall disclose all the terms and conditions of financial products and services relevant to
the financial consumer in the contractual documents, which includes but not limited to:
i. rights and responsibilities of the financial consumer;
ii. rights and responsibilities of the Financial Service Provider;
iii. key risks to the financial consumer;
iv. interest rates, costs, commissions, fees and charges relevant to the product or service;
v. method of computing interest charges;
vi. notification to financial consumers on changes to the contract;
vii. penalties and other remedies in the event of a breach of contract;
viii. contact information of the Financial Service Provider’s financial consumer service;
ix. terms and conditions that may lead to termination of the contract;
x. cancellation/ termination and portability procedures of financial products and services ;
xi. any compensation/ charges/ penalty applicable in case of pre-mature withdrawal/ termination/ early settlement/
switching of a product or service by the financial consumer;
xii. procedure and latest contact details of the Financial Service Provider on handling complaints and alternate dispute
resolution mechanisms such as Financial Ombudsman in Sri Lanka and the Central Bank;
xiii. the rules regarding:
a. reporting of suspicious transactions and above-the-threshold transactions to the Financial Intelligence Unit;
b. the reporting procedures that the financial consumer should follow in case of stolen cards/ financial instruments
and the manner in which such liability to be accepted by the Financial Service Provider and by the financial
consumer; and
xiv. the disclosure of financial consumer information to a party legally authorised to obtain such information.

37. Information on Credit Facilities and Credit Instruments

37.1 The Financial Service Provider shall provide an application/ offer letter/ agreement to the financial consumer and
the application/ offer letter/ agreement, at minimum, must contain the following basic information, as applicable,
in addition to the information required under Regulation 34:
i. Name of the borrower
ii. Contract Number (Loan Reference Number)
iii. Amount Granted
iv. Date granted and the credit repayment period
v. Annual Effective Rate of interest and basis (Fixed or Floating)
vi. If floating, benchmark rate and frequency of rate revision
vii. Repayment schedule and frequency of instalments (daily, weekly, monthly or any other basis)
viii. Details of security/ collateral offered
ix. Breakdown of additional charges, commissions and other costs payable by the financial consumer such as
insurance, valuation, documentation, registration, etc. (if applicable)
x. Penal interest rate (per annum) in the event of delayed payment
xi. The recovery procedure in the event of default of payments by the financial consumer, including the timing and
the types of costs involved in repossession of assets, the procedure to be followed by the financial consumer
after repossession, any other types of charges as applicable, etc.
xii. Procedures to revoke or stop payment on a credit instrument by the financial consumer
xiii. Liability of parties in the event of unauthorized transactions on their accounts or fraud involving a credit
instrument
xiv. Consequences and costs to the financial consumer on using credit instrument to the account with insufficient
funds
xv. Terms and conditions of all tied or bundled financial products or services sold together with the credit facility
xvi. The conditions applicable for early settlement by financial consumer
14A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

37.2 For the purpose of this Regulation, “credit instrument” includes a document except paper money that serves as
evidence of a debt, including cheques, letters of credit, promissory notes, etc.

38. Provision of Account Statements

38.1 The Financial Service Provider shall provide a financial consumer with:
i. a periodic statement of every account the Financial Service Provider operates for the financial consumer, free
of charge, either in written or electronic form or according to the manner as agreed by the financial consumer
when entering into the principal contract with the Financial Service Provider;
ii. a closing statement when terminating or concluding a contract; and
iii. information on account balances upon request by the financial consumer.
38.2 The frequency in which statements are provided shall commensurate with the type of financial product or service,
its term and the type of clientele.
38.3 The statement referred to under Sub-Regulation 38.1(i) and (ii) shall contain the following information, as
applicable:
i. all transactions (date, type and amount);
ii. opening and closing balances;
iii. due date;
iv. amount due/ payable;
v. annual effective rate of interest; and
vi. fees and penalty charged (rate or percentage).

39. Settlement of Obligation

39.1 The Financial Service Provider shall provide a financial consumer who has fully settled the financial obligations
with a written declaration indicating the full settlement of the obligation.
39.2 The Financial Service Provider shall take measures to release the documents related to the property that is subject
to collateral of a credit facility to the financial consumer within seven (07) working days from the date of full
settlement of the obligation.

40. Information on Deposit Accounts

The Financial Service Provider in addition to the information required under Regulation 34 shall disclose the following
information to the financial consumer in the application/ mandate/ certificate/ pass book/ renewal notice, information
relating to:
i. balance of the account in an appropriate mode and frequency, as applicable;
ii. applicable annual effective interest rate/ yield rate/ profit sharing ratio;
iii. charges or fees for account opening and minimum balances;
iv. account maintenance fees;
v. responsibility of the financial consumer to keep the account access information confidential, including Personal
Identification Numbers and passwords linked to the account;
vi. limitations on the account functionality such as the number of withdrawals and transactions allowed free of charge;
vii. in the case of term deposits, a notice of renewal prior to the maturity date;
viii. availability and coverage of the deposit insurance;
ix. procedures and costs for the financial consumer to close the account; and
x. conditions to be classified as an inactive or dormant account and the consequences of an account becoming inactive
or dormant.

41. Notification of Changes in Terms and Conditions

41.1 The Financial Service Provider shall notify a financial consumer in writing, within a reasonable time, prior to
making changes to the agreed terms and conditions related to:
i. the annual effective rate of interest to be paid or charged on any account of the financial consumer;
 I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 15A
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

ii. any non-interest charge on any account of the financial consumer; and
iii. any other key product/ service feature or previously agreed on terms or conditions such as procedure for
cancellation, prepayment of loans and transfer of loan servicing.

41.2 The Financial Service Provider shall be required to notify the financial consumer when his/ her accounts become
inactive or dormant.

COMPLAINT HANDLING AND REDRESS MECHANISM

42. Policy and Procedures

42.1 The Financial Service Provider shall have a clear written policy and procedures ensuring appropriate mechanisms
are in place to receive, resolve with fair redress, compensation and respond to individual grievances and complaints
of financial consumers, including retention of such records.
42.2 The Financial Service Provider shall have a complaint handling mechanism or unit independent from business
units and supervised by a Key Management Personnel.
42.3 The Financial Service Provider shall conduct root cause analysis on complaint data and use such analysis to
improve their financial products and services, as a part of the duties of the risk management committee related to
operational risks or any other management committee overseeing the operational risk.

43. Complaint Handling Procedure of the Financial Service Provider

43.1 The mechanism for receiving complaints under Regulation 42 shall have multiple channels with clear procedures,
including help desk assistance, telephone numbers, dedicated email/ postal addresses and online web forms.
43.2 The mechanism referred to under Regulation 42 shall be free of charge, fair, accessible, transparent and independent
from business operations.
43.3 The Financial Service Provider shall acknowledge the complainant in writing, with contact details of the officer/
officers handling the complaint, within a reasonable time [preferably within five (05) working days].
43.4 The Financial Service Provider shall assign an officer to coordinate complaints in each branch/ office/ outlet.
43.5 The Financial Service Provider shall maintain records of all complaints for future reference.

44. Transparency of Complaint Handling Procedure of the Financial Service Provider

44.1 The Financial Service Providers shall provide financial consumers with information on the latest mechanisms
for handling complaints in the contractual documents. Further, the Financial Service Provider shall publish
the complaint handling procedure and other relevant information on handling complaints, indicating the latest
modification date to the complaint handling procedure, if any, on the official website of the Financial Service
Provider and by way of pamphlets, posters, etc.
44.2 The information referred to under Sub-Regulation 44.1 shall include:
i. available channels for submitting complaints, including contact details;
ii. timeline for complaint resolution;
iii. responsibility of the complainant at each stage of the process;
iv. obligations of the Financial Service Provider;
v. process of escalation to various levels, if not satisfied; and
vi. details of alternative dispute resolution mechanisms (Financial Ombudsman of Sri Lanka, Central Bank, as
applicable).

45. Conflict of Interests

45.1 The Financial Service Provider shall avoid conflicts of interest when handling complaints of financial consumers.
45.2 An officer shall not be involved in the processing of a complaint if such officer is a party to or a direct supervisor
to the relevant officer or has an interest in the complaint or complainant.
16A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

46. Timeframe for Resolving Financial Consumer Complaints by the Financial Service Provider

46.1 The Financial Service Provider shall, upon receipt of a complaint from the financial consumer, resolve such
complaint within 21 calendar days. However, if the Financial Service Provider is unable to resolve a complaint
within 21 calendar days, shall notify the complainant before the expiration of 21 calendar days, giving reasons
for the extension [maximum of three (03) months] and measures taken to resolve the matter so far.
46.2 However, the Financial Service Provider shall make all necessary arrangements to resolve complaints which require
urgent action within the earliest possible time, considering the impact, urgency and risk of both the Financial
Service Provider and the financial consumer.
46.3 In the event the Financial Service Provider is unable to provide redress for the complaint, the Financial Service
Provider’s position shall be clarified to the complainant within the timelines stipulated in Sub-Regulation 46.1
above.

47. Complaint Handling Procedure of the Central Bank

The Central Bank shall attend to complaints and grievances of financial consumers as an alternative dispute resolution
mechanism. However, financial consumers or Financial Service Providers are not restricted from pursuing legal proceedings
or any other dispute resolution mechanism at any time during the process.

47.1 Submission of Complaints to the Central Bank
i. Complainant may submit a complaint to the Central Bank when he/ she is not satisfied with the Financial Service
Provider’s response or the complaint has not been attended to in the manner provided under Regulation 43
and 46. However, in any case, the complaint shall be submitted to the Central Bank within a period not later
than one (01) year from the date of submission of the complaint to the Financial Service Provider.
ii. Submission of a complaint to the Central Bank shall be in the form and manner prescribed by the Central Bank.

47.2 The Central Bank shall cease processing the complaint if the financial consumer or the Financial Service Provider:
i. files a case in the Court of Law in connection with the complaint.
ii. uses undue influence or duress and in such case the Central Bank may take regulatory/ legal action, as applicable.

47.3 Determination by the Central Bank
i. The Central Bank, before making a determination, shall assess the complaint and may require the Financial
Service Provider to resolve the issue amicably with appropriate instructions/ recommendations/ comments.
ii. If the Financial Service Provider fails to resolve the complaint satisfactorily as per the Central Bank instructions/
recommendations/ comments and the Central Bank decides that the complaint requires a determination, the
Central Bank shall issue a determination on the complaint as the final solution of the Central Bank.
iii. The Central Bank shall make the determination based on these Regulations, best banking practices, in a fair
and just manner and shall not be required to comply with court procedures.
iv. In order to arrive at a determination, the Central Bank may call for additional information/ documents, call
for a hearing from all/ any party involved and/ or conduct a spot examination/ inquiry, as applicable.
v. The determination by the Central Bank on a complaint referred by a financial consumer is binding for the
Financial Service Provider if the financial consumer is agreed with the determination.
vi. The Central Bank shall deliver a written determination on the complaint within 90 days, subject to the
availability of all important information. However, depending on the complexity of the complaint in concern,
delivering a determination may be extended.
vii. The Central Bank shall, in determining a complaint, adhere to the general principles of natural justice.
viii. A complainant may, at any time, before delivery of the determination, withdraw a complaint in writing or
settle the complaint with the Financial Service Provider, then the complaint shall be considered as concluded.

47.4 Awards under the Central Bank Determination
i. The Central Bank may, upon making a determination of complaint under Sub-Regulation 47.3, require the
Financial Service Provider to do one or more of the following:
a. compensate and/ or refund the affected financial consumer;
 I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 17A
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

b. make corrections to erroneous data, information or statement;
c. cease or desist any activity/ operation which is the subject of the complaint;
d. make a formal apology; or
e. do or refrain from any other activity/ operation
f. take action as the Central Bank may deem appropriate.

ii. The Central Bank or any other officer authorised by the Central Bank may make recommendation advice/
views/ observations to the financial consumer as appropriate.

47.5 Complaints Involving Multiple Financial Service Providers
Where a complaint from the financial consumer involves more than one Financial Service Provider, the Central
Bank shall decide the responsibilities of each such Financial Service Provider in resolving the complaint.

PROTECTION OF FINANCIAL CONSUMERS’ ASSETS AND INFORMATION

48. Safeguarding Financial Consumer Assets

The Financial Service Provider shall:
i. be liable for the financial consumer’s loss due to fraud, misappropriation and misuse of the financial consumer’s
assets, unless proved that the loss occurred due to financial consumer’s negligence or fraudulent behaviour;
ii. take disciplinary action against employee(s) involved in a fraud, misappropriation and misuse of financial consumer’s
assets and report to the respective regulatory department/s of the Central Bank;
iii. continuously create awareness on fraudulent practices and financial consumers’ responsibility and measures to be
taken to safeguard against such threats;
iv. require financial consumers to update their records regularly and as and when the need arises to ensure data accuracy
and ultimately to enhance protection; and
v. create a convenient avenue through which financial consumers can make the required updates.

49. Confidentiality, Security and Integrity of Personal Information

49.1 The Financial Service Provider shall formulate and implement policies and procedures to ensure confidentiality,
security, and integrity of the personal information of financial consumers.
49.2 The Financial Service Provider shall not misuse and ensure that any of its employees or any other party acting on
its behalf does not misuse personal information of financial consumers.
49.3 The Financial Service Provider shall have appropriate policies and procedures, data protection measures and staff
training programs to prevent unauthorized access, alteration, disclosure, accidental loss or destruction of financial
consumer data.

50. Protection of Financial Consumer Personal Information

The Financial Service Provider shall be required:
i. to have appropriate security and control measures to protect financial consumers’ personal information and retain
it for a minimum period of six years from the termination/ expiration of contract, unless otherwise required by any
other law;
ii. not to share financial consumer’s personal information with a third party except with the financial consumer’s consent
or as required by the law;
iii. to retain key information, contractual documents and history of all the transactions for a minimum of six years from
the termination/ expiration of contract; and
iv. to retain all the source documents for a minimum of six years from the transaction date unless otherwise required by
any other law.
18A I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

51. Collection and Use of Data

51.1 The Financial Service Provider shall collect financial consumer’s personal information within the limits of any law,
direction, or guideline, only using lawful and fair means; and only for specified, explicit and legitimate purposes.
51.2 The Financial Service Provider shall have a policy and procedures for collecting and using personal information,
including means, purposes, and types of data that may be collected and retained, consistent with these Regulations
and other applicable laws.
51.3 Personal information should be collected, retained, and used in compliance with, in addition to these Regulations,
any other applicable laws, including Prevention of Money Laundering and Countering the Financing of Terrorism
in Sri Lanka and Data Protection.
51.4 The Financial Service Provider shall comply with data privacy and confidentiality requirements that limit the use
of financial consumer data exclusively for the purpose for which data is collected.
51.5 The Financial Service Provider may only use financial consumer's personal information:
i. for purposes that are consistent with the original purpose for which they were collected, provided that it was
reasonably apparent to, or would be reasonably expected by, the financial consumer; or
ii. with the informed consent of the financial consumer; or
iii. as otherwise required or permitted by these Regulations or any other law.
51.6 Financial consumers shall have a right to maintain his/ her privacy on disability (special needs).
51.7 The Financial Service Provider shall not use information related to any disability (special needs) of the financial
consumer for any purpose other than facilitating the financial consumer or protecting financial consumer’s rights.
51.8 The Financial Service Provider shall not reveal information on financial consumer’s disability (special needs) or
health status to any other party without prior consent of the financial consumer.

52. Sharing of Financial Consumer Information

The Financial Service Provider shall not share financial consumers’ information with a third party for any purpose,
including marketing, promotion and advertisement, unless:
i. the information is being disclosed for the purpose for which it was originally collected, provided that it was reasonably
apparent to, or would be reasonably expected by, the financial consumer; or
ii. with the informed consent of the financial consumer; or
iii. as otherwise required or permitted by these Regulations, a court of law or any other written law.

53. Financial Consumers’ Right to Access and Rectify their Personal Information

53.1 Upon request from a financial consumer, the Financial Service Provider shall provide them, except to any extent
prohibited by law, with access to any personal information about the financial consumer that is held by the Financial
Service Provider. Such access must be provided:
i. in a form that is likely to be understandable to the financial consumer;
ii. within a reasonable time; and
iii. at minimal or no cost to the financial consumer.
53.2 In the event where a financial consumer claims that any personal data held by the Financial Service Provider is
inaccurate or incomplete, the Financial Service Provider shall take appropriate steps within a reasonable time, to
review the claim, rectify it and inform any third party with whom the information had been shared previously.

INTERPRETATIONS

54. In these Regulations, unless the context requires otherwise:
“Abusive debt recovery” includes-
(a) unlawful collection of amounts due from borrowers;
(b) the use of any false statement; and
(c) intimidation, harassment and coercion.
 I fldgi ( ^I& fPoh - YS% ,xld m%cd;dka;s%l iudcjd§ ckrcfha w;s úfYI.eiÜ m;%h - 2023'08'09 19A
Part I : Sec. (I) - GAZETTE EXTRAORDINARY OF THE DEMOCRATIC SOCIALIST REPUBLIC OF SRI LANKA - 09.08.2023

“Accessible format” means electronic/ word format, and for Sinhala and Tamil, electronic/ word format with Unicode
fonts or any other mechanism facilitating elderly, disabled or financial consumers with low financial literacy.

“Accessibility” means providing equal and fair access to all financial services provided by Financial Service Providers.

“Assistive Technology and Equipment” means any item, piece of equipment, software program or product system that
is used to increase, maintain or improve the functional capabilities of persons with disabilities.

“Books, records, accounts, documents, and information” means books, records, accounts, documents or information
recorded or stored in any media, including paper and data stored in electronic, optical, magnetic or any information system.

“Bundling of product” means the sale of two or more financial products or services as one combined product or service
where the Financial Service Provider shall consider product suitability.

“Central Bank” means the Central Bank of Sri Lanka established under Monetary Law Act, No. 58 of 1949 (Chapter 422).

“Complaint” means dissatisfaction expressed by a financial consumer on a financial product or service and its related
aspects provided by the Financial Service Provider.

“Credit Facility” means an arrangement between the Financial Service Provider and a financial consumer to allow
borrowing of a particular amount of money for different purposes for a particular period of time, either on-balance sheet
or off-balance sheet credit facility.

“Financial Consumer” means a person or entity or legal body or where the context so permits a legal representative of
such consumer that uses, has used or potential user of any financial product or service provided by a Financial Service
Provider and does not include Financial Service Providers.

“Financial Consumer Protection” means laws, Regulations, circulars, directions, guidelines, policies and institutions to
safeguard consumer rights, enable consumers to make informed financial decisions and ensure fairness in the provision
of products and services by Financial Service Providers.

“Financial Service Provider” means a Licensed Commercial Bank, a Licensed Specialised Bank, a Licensed Finance
Company, a Specialized Leasing Company, an Authorized Primary Dealer, an Authorized Money Broker, a Licensed
Microfinance Company, a Participant of the Payment and Settlement System or any other financial institution approved
by the Monetary Board.

“Key Management Personnel” means those persons having authority and responsibility for planning, directing and
controlling the activities of the Financial Service Provider, directly or indirectly, including any executive director of the
Financial Service Provider.

“Operational Management Personnel” means officers who participate in day-to-day decision-making, including a manager
of a branch office of the Financial Service Provider or a person acting on behalf of the manager.

“Personal Information” means any information about an identified or reasonably identifiable financial consumer, including
personal identifiers and financial information.

“Products or Services” means any financial instrument/ activity/ transaction provided or offered by the Financial Service
Provider to the financial consumer.

“Tying of Products or Services” means the sale of two or more financial products and/ or services together without the
option of distinguishing them upon sale.

EOG 08-0087
PRINTED AT THE DEPARTMENT OF GOVERNMENT PRINTING, SRI LANKA.