Brief Overview
A Credit Reference Bureau (hereinafter referred to as a “CRB”) is defined under the Bank of Tanzania (Credit Reference Bureau) Regulations, issued under Government Notice Number 416 of 2012 (hereinafter referred to as “the Bureaux Regulations”) as an entity specialised in the collection and sale of credit performance information for individuals and companies. The main purpose of a CRB is to collect information from various banks, financial institutions and non-financial entities and provide comprehensive consumer credit information (hereinafter referred to as a “Credit Report”) to public and private lenders. A Credit Report issued by a CRB is sold to interested lenders to help them make informed lending decisions.
Registration of a CRB in Tanzania.
In Tanzania, any incorporated limited liability company can register itself with the Bank of Tanzania (hereinafter referred to as “the BOT”) as a CRB as provided under Regulation 6 and 7 of the Bureaux Regulations. The application must be accompanied by the necessary documentation including, but not limited to, a copy of the certificate of incorporation, a document that supports the value of the applicant’s capital base and source of funds, feasibility study and business plan, declaration from the shareholders and directors as well as an overview of operations to be taken by the entity. The BOT has discretionary powers on whether it approves or rejects the application.
Upon approval by the BOT, a CRB shall receive a licence that remains valid unless revoked. The licence, once granted, is not transferable. In the event of termination of the business or the licence being revoked, a CRB shall be required to surrender its licence to the BOT. Moreover, any change in the shareholding structure of a CRB requires prior approval from the BOT.
Legal Framework of CRBs in Tanzania.
CRBs shall collect and store credit information in their respective databases and the BOT shall determine what information can be shared when requested by a customer. The credit information can be collected from borrowers, data providers such as individuals and government agencies and any other entities.
Authorised users (vetted by CRBs after nomination) are the only individuals or entities that are allowed to access the credit information in CRBs’ respective databases. Authorised users must execute an agreement with a CRB for access and usage of credit information. The access to the database shall be granted by way of user codes and passwords that are changed on a regular basis by the CRB.
Furthermore, authorised users shall be allowed to access the credit information from the database only for permissible purposes (Regulation 3 of the Bureaux Regulations) and shall not be allowed to sell, transfer or use the credit information for purposes other than those allowed under the Bureaux Regulations. It is important to note that, an authorised user is not allowed to access credit information of an individual or entity without their prior written consent. If it is realized that the access was sought without a written consent, the authorised user shall be suspended from accessing the database and may be restricted from accessing the database in the future. This is also in line with the provisions of the Personal Data Protection Act, Chapter 395B, Act Number 11 of 2022.
Data providers such as banks, financial institutions and non-banking entities are required, under Regulation 25 of the Bureaux Regulations, to enter into agreement with a CRB that will stipulate the conditions for supplying, obtaining and using credit information. The data provider shall have the obligation of providing complete, accurate and timely proprietary credit information that accurately identifies the data subject. The data provider shall be liable for any error or inaccuracies in the credit information submitted to a CRB.
The BOT shall provide every CRB with access to its Credit Reference Databank (computerized mechanism created to receive and supply credit information institutions authorized by the BOT regarding credit transaction of customers, including off balance sheet operations). The access granted shall authorize any CRB to obtain a copy of the credit information as received from data providers. No other users are permitted to access it.
The Bureaux Regulations also provide for the rights of data subjects, powers of the BOT over CRBs and penalties for a CRB that contravenes any provision of the Bureaux Regulations.
Imogen Homanga – Legal Officer
Note: This is not a legal opinion, and the contents hereof are not meant to be relied upon by any recipient unless our written consent is sought and explicitly obtained in writing.
