Cra. Patricia Prezioso – Consulting Manager at EY Uruguay
Recently the Central Bank of Uruguay (BCU) published a Regulatory Project that intends to introduce modifications to the Compilation of Regulation and Control Norms of the Financial System (RNRCSF) for the purpose of regulating credit granting entities.
The entities reached will have the obligation to register and align with the requirements (information and documentation, which will be analyzed by the Superintendency of Financial Services (SSF) prior to obtaining the corresponding authorization) and for this, many will have to face new challenges.
Credit granting entities must appoint a compliance officer
What are credit granting entities?
They are those individuals and legal entities that, without being credit management companies or financial services companies, regularly and professionally grant loans with their own resources or with loans granted by certain third parties.
It is important to note that entities that grant loans to their staff, suppliers of goods and non-financial services that grant commercial credit to their clients, and social security organizations that grant loans to their affiliates and beneficiaries are excluded.
The financing of credit granting entities
It is established that they may be financed with their own resources or with credits granted by certain third parties that are detailed below:
- Individuals who are directors or shareholders of the same.
- National or foreign financial intermediation institutions.
- International credit or development promotion organizations.
- Foreign pension funds or investment funds subject to a regulatory authority.
- Any other legal entity of a financial line of business, financial trust or patrimony of a similar nature.
It should be clarified that financing received from those listed above will not be admitted when it is structured in such a way that natural or legal persons not admitted indirectly assume the risk of the credit operation.
Do credit granting entities have to register or request authorization from the BCU?
It is important to note that the project distinguishes between the credit-granting entities with the highest activity and those with the least activity, based on the amount of loans granted at the end of the fiscal year. Credit-granting entities with greater activity are considered to be those whose credits granted at the end of the fiscal year exceed the equivalent of 100,000 UR (one hundred thousand indexable units), quoted at the value of the date of said closing. However, the Superintendency of Financial Services, by well-founded resolution, may incorporate into this regime those entities whose credits granted are less than the equivalent of 100,000 UR (one hundred thousand readjustable units).
Only the most active credit-granting entities, prior to the start of their activities, will have the obligation to register in the registry kept by the Superintendence of Financial Services and for this they must present certain information and documentation related to the business.
In relation to the cancellation of the registration, the most active credit granting entities must submit to the Superintendence of Financial Services an authenticated copy of the minutes of the meeting of the corporate body that resolved to cease their activities as such, in which they must include the reasons that led to such determination.
Other issues referred to in the Regulatory Project
It refers to administration and security systems. In this sense, only natural persons may act as administrators or directors of the credit granting entities and the latter must comply with the security regulations established by the General Directorate of Company Supervision (DIGEFE).
It also refers to the outsourcing of services provided by credit granting entities. They must request the authorization of the Superintendence of Financial Services for the contracting of third parties for the provision in their favor of those services inherent to their line of business that, when they are fulfilled by the entity itself, are subject to the powers of regulation and control. of the aforementioned SSF. It should be clarified that:
- Outsourcing does not imply in any case the exemption or limitation of the responsibility that the law or regulations impose on the institutions for the breach of their obligations.
- Customer acceptance cannot be outsourced.
- They must have policies and procedures established in writing to ensure effective identification, measurement, control and monitoring of risks (both present and future) associated with outsourcing agreements made.
Likewise, the project applies to credit granting entities certain regulations included in the RNRCSF regarding:
- Prevention of money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction (LAFT).
- Protection for the user of financial services.
- Transparency and market conduct.
- Information and documentation.
- Sanctioning and procedural regime.
Among other things, credit granting entities must appoint a compliance officer, report suspicious or unusual operations, as well as the conditions of contracts with clients. They must also designate a person responsible for handling claims, a person responsible for the information system and implement a code of ethics.
Consequently, credit granting entities should, in principle, carry out a GAP Analysis that implies:
- Identify those information and documentation requirements required by the regulations.
- Review said information and documentation and identify those unresolved and/or partially resolved requirements.
- Determine the support activities to be carried out to meet the unresolved and/or partially resolved requirements.
- Define a roadmap with the activities to be carried out for registration and subsequent operation, deadlines and whether or not they require external support.
The entities reached should carry out, at a minimum, the following activities:
- Evaluate the structure to operate according to this new framework.
- Review the business plan, as well as the assumptions that support it.
- Review process design and internal control framework.
- Review the definition of critical business processes.
- Review the design of the continuity plan for critical business processes.
- Review the design of computer security controls.
- Review of the LAFT manual, among others.
The project is available at the following link.