Key features of the Financial Consumer Protection Regulations
Download Article

Key features of the Financial Consumer Protection Regulations

Ms. Dinali Gunasekara & Mr. Uween Jayasinha

The Financial Consumer Protection Regulations No. 01 of 2023 [‘the Regulations’] were made by the Monetary Board of Sri Lanka in terms of the provisions of the Monetary Law Act No. 58 of 1949 and was published by Gazette Extraordinary No. 2344/17 dated 9th of August 2023.[1] The principal objective of the Regulations is to regulate the business affairs and conduct of Financial Service Providers [‘FSPs’], by creating a regulatory and supervisory framework in the financial services sector, promoting fair competition and equitable practices in the financial services sector, and establishing a grievance redressing mechanism for consumers of financial services. Further, the Regulations were specifically made to supplement existing consumer protection laws such as the Banking Act Direction on the Customer Charter of Licensed Banks and the Financial Customer Protection Framework.


Application and Operation

The Regulations are applicable to all FSPs regulated by the Central Bank of Sri Lanka [‘CBSL’]. For the purposes of the Regulations, an ‘FSP’ is interpreted to include all Commercial Banks, Specialised banks, Finance Companies, Leasing Companies, Authorised Primary Dealers, Authorised Money Brokers, Microfinance Companies, a participant of the Payment and Settlement System, or any other financial institution approved by the Monetary Board.[2] Of note is that the Regulations are also applicable to foreign banks and financial institutions in Sri Lanka, through the imposition of regulatory requirements to be satisfied by their Boards and Directors and key management personnel.[3]

In terms of Regulation 1.1, the Regulations shall come into effect on the 8th of February 2024. However, the provisions in Regulations 15, 17, 18.3, 43, 44, 45, 46, and 47 shall come into effect on the 8th of August 2024.


Key Features of the Regulations

The Regulations create a framework that provides for: i) the supervision of the market conduct of FSPs; ii) the governance of FSPs; iii) fair treatment and responsible business conduct; iv) transparency and disclosure in the financial services sector; v) complaint handling and redress mechanisms; and vi) the protection of consumer assets and information.

The key features of the framework of the Regulation are briefly discussed below.


i) Supervision of the market conduct of FSPs

Regulation 2 grants the CBSL the authority to monitor, evaluate, and examine any FSP, in respect of their implementation of the Regulations, and to take measures to maintain public trust and confidence in the financial system of Sri Lanka. Accordingly, officers or persons authorised by the CBSL are entitled to take a range of measures to ensure that FSPs comply with the Regulations, including requiring FSPs to furnish their books, records, files, and other necessary information, and entering the premises or storage areas of an FSP and examining any books or records.[4]

In terms of Regulation 4, officers and persons authorised by the CBSL may also inspect and carry out examinations on the market conduct of FSPs, with a view to identifying any violations of the Regulations or any unfair, unsound, or improper business practices. Whenever it is deemed necessary, the CBSL also require and direct an FSP to comply with specific provisions of the Regulations and other circulars or codes of conduct, take action to remedy the conditions arising from violations of the Regulations or improper business practices, or issue ‘show cause’ or warning letters as a precursor to commencing regulatory or legal action.[5]

If, upon the findings made by an examination into an FSP, the Monetary Board is of the opinion that the FSP is carrying on, or likely to carry on, unfair, unsound, or improper practices that are detrimental to financial consumers, or that the FSP has failed to comply with the Regulations, the Monetary Board is empowered to issue a range of directives, including, requiring the FSP to remove its financial products and advertising material from the market or compensate or refund financial consumers, prescribing the name of the FSP as being an entity with serious concerns, or instituting regulatory action against the FSP.[6]


ii) Governance of FSPs

The Regulations also regulate the governance of FSPs by setting creating a framework of managerial responsibilities, internal controls, and policies and procedures. Regulations 8, 9, and 10 set out specific responsibilities and duties that are required to be fulfilled by the Board of Directors, key management personnel, and operational management personnel of an FSP. Furthermore, Regulation 11 requires FSPs to implement internal controls on consumer protection, including mechanisms to identify record, and report financial consumer protection issues and complaints. Additionally, Regulation 12 states that FSPs shall implement consumer protection policies and procedures that involve disclosure of employees engaged in financial consumer protection, disclosure of complaint handling processes, evaluation of financial products for risks to financial consumer protection, and data security & privacy. 


iii) Fair treatment and responsible business conduct

The Regulations set out a robust framework to encourage fair treatment of financial consumers by FSPs. Regulations 13, 15, 16, and 17 contain provisions requiring FSPs to have a comprehensive Accessibility Policy to facilitate fair and equal access to all products and services, as well as ensuring fair and equal access to physical infrastructure and digital services, such as websites, mobile applications, and e-signature verification. Regulation 14 also specifically prohibits FSPs from discriminating financial consumers on grounds not relevant to the provision of non-exclusive financial services, such as social status, physical characteristics, marital status, race, caste, gender, religion, or financial literacy.

Regulation 19 explicitly prohibits a FSPs from employing or engaging in unfair business practices. The term ‘unfair business practices’ has been interpreted to interpret practices such as abusive debt recovery methods, automatically increasing credit limits without consent, requiring payment of early/unaccrued interest (exceeding the permitted limits) imposing excessive fees, penalties, and future interest compares to the cost of the product or service, and bundling/tying products to limit consumer choices, and imposing unfair terms.[7] The Regulations also contain specific provisions to protect against unethical sales and promotional practices,[8] unfair contract terms,[9] fraud and misuse of consumer assets,[10] unethical or abusive debt recovery,[11] exclusive arrangements with agents or merchants,[12] and the undisclosed sale or transfer of debt or any financial product.[13]

Pertinently, the scope of the Regulations covers the agents and appointed third-parties of FSPs, and as such, liability for the actions and omissions of such agents and appointed third-parties has been extended to FSPs.[14]


iv) Disclosure and transparency

The Regulations impose strict disclosure and transparency requirements on FSPs. For instance, all FSPs are required to have a standardised ‘Key Facts Document’ containing specified details of loan products and deposit products.[15] Additionally, obligations are placed on FSPs to provide accurate information on all financial products and services, and to provide an application/offer letter/agreement disclosing prescribed details of any credit facility or instrument extended to the financial consumer.[16] Regulation 36 specifically requires FSPs to disclose all the terms and conditions applicable to the financial products and services offered by an FSP, and lists out particular types of terms and conditions are mandatorily required to be disclosed.  


v) Complaint handling and redressing mechanisms

In addition to requiring FSPs to implement comprehensive mechanisms to handle and redress complaints within prescribed timeframes,[17] the Regulations establish an alternate dispute resolution mechanism through the CBSL. Where a complaint has been made by a consumer against an FSP and the response given by the FSP is unsatisfactory, a complaint may be submitted by the consumer to the CBSL.[18] Thereafter, the CBSL shall assess the complaint and may issue appropriate instructions/recommendations to the FSP to amicably resolve the issue.[19] If the FSP fails to resolve the issue amicably, the CBSL may make a determination upon conducting necessary examinations and inquiries. In its determination, the CBSL is empowered to, among other things, direct the FSP to cease and desist from any activity and/or to compensate an affected financial consumer.[20]


vi) Protection of consumer assets and information

Regulation 48 imposes liability on FSPs for any loss caused due to fraud, misappropriation, and misuse of financial consumer assets, and imposes further obligations on FSPs to take disciplinary action against employees involved in fraud, misappropriation, and misuse of financial consumer assets.

Regulations 49, 50, 51, 52, and 53 impose several requirements on FSPs involving safeguarding the personal information and personal data of financial consumers. These requirements include obligations to formulate policies to maintain the confidentiality, security, and integrity of personal information, to limit the collection and use of data within the limits of the law and only for specified, explicit, and legitimate purposes, to implement appropriate security and control measures to protect and retain personal information for a minimum of six (06) years from the termination/expiration of contract, and to prevent the sharing of personal information with third-parties without prior consent or as permitted by written law. 


Benefits to the Financial Consumers

The passing of the Regulation is notable as it seeks to ensure fairness, ethical practices, and transparency in the financial services sector, and may serve to decrease incidents of financial consumers being exploited, deceived, or misled, particularly due to poor financial literacy and vulnerable financial circumstances. Additionally, the detailed procedure provided in the Regulations to regulate the market conduct of FSPs may serve to promote a more competitive and efficient financial services sector in Sri Lanka.


This brief is intended for informational purposes only and should not, under any circumstances, be used or construed as legal advice in any manner or form.


[1] The Financial Consumer Protection Regulations No. 01 of 2023 can be accessed at

[2] The Regulations, Regulation 54.

[3] The Regulations, Regulation 8.

[4] The Regulations, Regulation 3.

[5] The Regulations, Regulation 4.3.

[6] The Regulations, Regulation 6.

[7] The Regulations, Regulation 19.

[8] The Regulations, Regulations 20 and 24.

[9] The Regulations, Regulation 21.

[10] The Regulations, Regulation 22.

[11] The Regulations, Regulation 28.

[12] The Regulations, Regulation 29.

[13] The Regulations, Regulation 26.

[14] The Regulations, Regulation 27.

[15] The Regulations, Regulation 35.

[16] The Regulations, Regulations 34 and 37.

[17] The Regulations, Regulations 42, 43, 44, 45 and 46.

[18] The Regulations, Regulation 47.

[19] The Regulations, Regulation 47.3.

[20] Ibid.