Central Bank Resolution Establishes Rules for Credit Bureau Service (“Cadastro Positivo”) Managers

On September 11, 2020, the Brazilian Central Bank published Central Bank Resolution No. 14 of September 9, 2020 (” Resolution BCB No. 14″) which consolidates the rules on the registration process of database managers for the receipt of supplementary information dealt with in Law No. 12,414 of June 9, 2011 (“Law No. 12,414”) coming from institutions authorized to operate by the Central Bank. This in reference to the credit bureau service “Cadastro Positivo”, which registers positive data based on credit payment histories.

The new rules also deal with processes of cancellation of said registration, communication of appointment or dismissal of the director in charge and communication of changes in the control group, in addition to the procedures for the provision of information by consortium administrators to database managers.

Resolution BCB No. 14 provides for the receipt of information related to compliance with payment requirements, as regulated by Law No. 12,414, which establishes rules for the protection of registration data and fulfillment of conditions by database managers.

Resolution BCB No. 14 also specifies the documents and information that must be submitted to the Central Bank in each procedure provided for by the Resolution.

1. Process for Registration of Database Managers

Among the requirements set forth in Resolution BCB No. 14, the following are necessary regarding the process of registering database managers:

  • Designation of the director responsible for database management and the director responsible for information security policy, accompanied by the documents required for such designation of directors, as specified below;
  • Declaration, signed by the database manager, stating that he meets the requirements established in clauses II to IV of Art. 2 of Decree No. 9,936, of July 24, 2019;
  • Authorization, signed by the members of the control group, to the Central Bank for access to their information contained in public or private registration systems and information, including administrative or judicial processes or procedures of any nature, observing the provisions in the section of rules that must be observed by Consortium Administrators regarding the provision of information;
  • Declaration, signed by the members of the control group, of compliance with the conditions established in Art. 8 of Resolution nº 4.737, of July 29, 2019;
  • Declaration, signed by the database manager, with the identification of the natural or legal persons that are part of its control group, as well as the respective equity interest;
  • Declaration, signed by the members of the control group, that they are aware of the legal and regulatory obligations to which they are subject, as defined by the Central Bank;
  • Copy of the balance sheet of the database manager for the last fiscal year, audited by an independent auditor registered with the Securities and Exchange Commission of Brazil;
  • In the case of a data bank manager in operation on July 25, 2019 who has opted for the provision as set out in Art. 2, § 5 of the aforementioned Decree No. 9,936 of 2019:
    • Copy of the balance sheet for the last fiscal year, audited by an independent auditor registered with the Securities and Exchange Commission, of the controlling or associated legal entities that have assumed joint and several liability for the performance of the manager’s financial obligations; and
    • Copy of the documents that formalize the assumption by the controlling or associated legal entities of joint and several liability for the financial obligations of the database manager; and
  • Information for identification and qualification of the members of the control group.

 

2. Process of appointing the Director Responsible for Database Management and the Director Responsible for Information Security Policy

The requirements for designating directors responsible for database management, as well as the director responsible for information security policy, must also be met. The respective process must be filed with the Central Bank within 10 (ten) days of the date of designation, and must be accompanied by the following:

  • Personal information of the designated director, for identification and qualification purposes, as well as the defined term of office;
  • Declaration, signed by the database manager and the designated director, of compliance with the conditions established in Art. 8 of Resolution No. 4.737, of 2019;
  • Authorization, signed by the designated director, to the Central Bank of Brazil for access to its information contained in public or private registration systems and information, including administrative or judicial processes or procedures, of any nature, observing the provisions in the section of rules that must be observed by the Consortium Administrators regarding the provision of information;
  • Declaration, justified and signed by the database manager, that the designated director meets the technical qualification requirement established in Art. 10 of the aforementioned Resolution No. 4.737; and
  • Resumé of the designated director.

It is also worth mentioning that, in cases of dismissal of the director responsible for database management or of the director responsible for the information security policy of the respective function, the Central Bank must be informed of such withdrawal within 3 (three) business days from the date of the event.

 

3. Process to be followed in the case of Change in the Control Group

If there is a change in the control group of the database manager, this process must be communicated to the Central Bank within 15 (fifteen) business days from the day of the event, and must also be accompanied by the following documents and information:

  • Declaration, signed by the database manager, identifying the new natural or legal persons that are part of its control group, as well as the respective equity interest;
  • Information about the purchase and sale contract, the corporate act or the instrument that formalizes the operation;
  • Authorization, signed by the members of the control group, to the Central Bank of Brazil for access to their information contained in public or private registration systems and information, including administrative or judicial processes or procedures, of any nature, observing the provisions in the section of rules that must be observed by the Consortium Administrators regarding the provision of information;
  • Declaration, signed by the members of the control group, of compliance with the conditions established in Art. 8 of Resolution nº 4.737, of July 29, 2019;
  • Declaration, signed by the database manager, identifying of the natural or legal persons that are part of its control group, as well as the respective equity interest; and
  • Information for identification and qualification of the members of the control group.

In this regard, it is important to emphasize that these conditions do not apply to transfers of corporate control to legal entities in which there is no change in the board of persons listed as final controllers of the database manager.

 

4. Process of Cancellation of the Registration on Request

In order for the process of requesting cancellation of database manager registration to be duly documented, the following measures must be observed:

  • Registered filing of the request before the Central Bank of Brazil; and
  • Presentation of a declaration of responsibility, in the form defined by the Central Bank of Brazil.

 

5. Documents and Information necessary for fulfillment of the Processes

In addition to the abovementioned conditions, the Annex to Resolution BCB No. 14 determines the obligatory requirement of certain documents and information necessary for the fulfilment of the referred processes, as well as establishes rules that must be observed by the Consortium Administrators with respect to the provision of information by them.

Thus, only with the complete presentation of all documentation required by the regulations in question to the Central Bank of Brazil, may these processes be considered duly fulfilled.

Resolution BCB No. 14 enters into force on October 1, 2020 and repeals Circular No. 3,670, of October 2, 2013, and Circular No. 3,955, of July 29, 2019.

Attentive to these and other measures, Demarest’s Banking and Financial team is available to assist you in any matters related to the topic. For further information, please feel free to contact us.