Banco Nacional de Angola (“BNA”) has recently published Notice 8/23 of 17 July. In accordance with and for the purposes of Article 148 of the Law on the General Regime of Financial Institutions[1], approved by Law 14/21 of 19 May (“LRGIF”), this Notice establishes the Accounts Database[2] (“BDC”), which is managed and operated by the BNA.
The purpose of the BDC is (i) to centralise, manage and monitor the reporting of information provided by the Financial Institutions (as defined below) regarding deposit and payment accounts and related information, namely agents and transactions, and (ii) to be the repository of such information in order to collaborate in the dissemination of macroeconomic indicators, evaluation studies and statistics.
The Notice applies to: (i) commercial banks, (ii) investment banks, (iii) development banks, (iv) mutual agricultural credit banks and other companies classified as such by law in accordance with Article 24(3) of the LRGIF, (v) electronic money institutions, and (vi) payment service providers (defined as “Financial Institutions”). These Financial Institutions are required to report to the BNA all information relating to bank and payment accounts opened by them, in accordance with the terms and conditions to be set out in specific regulations governing the operation of the BDC.
Financial Institutions are responsible for the information they provide to the BDC and for amending and correcting the information contained in the BDC, on their own initiative or at the request of their clients, in the event of errors or omissions.
Failure to comply with the obligation to report constitutes an offence provided for and punishable under the LRGIF.
With regard to the personal data reported and included in the BDC, the management and operation of the BDC and the transfer of personal data must be ensured in accordance with the applicable legislation on the protection of personal data. Taking into account the public interest underlying the establishment and management of the BDC and the legal obligation binding on financial institutions under the Notice and the LRGIF, the consent of the data subject for the processing of personal data will be dispensable. However, compliance with other legal requirements relating to data protection must always be ensured. These include, where applicable, notification to the data subject, notification to or authorisation by the Data Protection Authority and compliance with the general principles applicable in this area.
The Notice entered into force on 17 July 2023.
[1] Lei do Regime Geral das Instituições Financeiras.
[2] Base de Dados de Contas.