the enabling environment for digital financial services

The Enabling Environment for Digital Financial Services

Stefan Staschen

10 March 2016

Main determinants of success

RegulationAgentsIssuers

Transaction limitsRegistration

CustomersSign up

Active UseProduct design

PricingPlatformsAgents

Sign upTraining

Management (i.e. liquidity,

branding, equipment, etc.)

Business Models

ProviderProduct design

PricingPlatform

Basic Principles and Key Issues in Creating an Enabling Environment for DFS

Mohammad Moniruzzaman, 2009 CGAP Photo Contest3

Proportionality Proportionate regulation maximizes the net-benefit of regulation

Benefits CostsThis is best to be achieved following a risk-based approach that allows for rationalizing the use of scarce supervisory resources by focusing on issues posing the highest risk to the achievement of the regulatory objectives of inclusion, stability, protection, and integrity (I-SIP)

4

Level Playing FieldSame risks should be treated in the same way, different risks differently

No material differences between regulatory treatment of agents hired by banks and nonbanks, as long as they offer the same products

Regulation based on function, not on institutional type, e.g.• E-money accounts can

be issued by banks and nonbanks

• Agents can be used by various types of financial service providers

• Financial consumer protection rules apply to entire range of financial service providers

Provide scope for banks and different types of nonbanks (MNOs and others) to compete on equal footing

DFS regulation impacts every participant in the DFS value chain

FSP ClientAgent

DFS participant

Regulatory environment

Prudential regulation of banks and e-money issuers

1 Agent regulation2 KYC regulation3

Consumer protection regulation

4

6

Competition regulation

“Basic regulatory enablers” in digital financial services

Broad consensus about short list of most critical topics

1. E-money issuance

2. Agents

3. AML/CFT

4. Competition

5. Consumer protection

Nonbank players permitted?

Bank and nonbank agents?

Tiered, risk-based KYC structures?

Different types of institutions?

Tailored to specific risks?

Main issues

7

Ban

glad

esh

Gha

na

Indi

a

Ken

ya

Mya

nmar

Paki

stan

Rw

anda

Tanz

ania

Uga

nda

E-Money No Yes Yes Yes No No Yes Yes Yes 67%

Agent networks Yes Yes Yes Yes Yes Yes Yes Yes No 89%

Tiered KYC Yes Yes Yes Yes No Yes No Yes Yes 78%

Multiple institutions No Yes Yes Yes No No Yes Yes No 56%

Consumer protection Yes No No Yes No Yes No No Yes 44%

Overall score 60% 80% 80% 100% 20% 60% 60% 80% 60% 67%

A snapshot of basic enablers in nine countries CGAP has been working on

Positive regulatory changes in recent years

Areas in which change is relatively likely to happen soon

8

Regulating Nonbank E-Money Issuers

Md Farhad Rahman, 2013 CGAP Photo Contest 9

The banking part of DFS regulation

FSP ClientAgent

DFS participant





4

10


Bank Agent ClientNonbank (e.g.,

MNO)

What difference does it make for regulatory treatment?

Bank

Contractual relationship

It is important to draw clear lines between payment, e-money, and deposit

Payment Electronic money Deposit

Definition

Who can issue?

Prudential requirements

Deposit insurance

Transfer between two parties; Time

restricted (e.g. within T+3)

Special type of repayable funds with transaction

focus

“Repayable funds”, intermediation

Payment Service Providers

E-Money Institutions; regulated financial

institutions

Regulated financial

institutions

Low Medium High

NA In most cases not Typically yes

Fund safeguarding and fund isolation are two key regulatory provisions

Fund safeguarding

Maintain liquid assets equivalent to e-float

Restrictions on use of funds

Diversification of e-float fund holdings

Fund isolation

Ownership of funds

Trust account/escrow account

Issuer failure: hierarchy of claims

Transaction limits constitute additionalrisk mitigation measures

Maximum transaction values

Maximum value of individual transaction

Maximum monthly/periodic load

Maximum holdings

“Emerging regulatory enablers” in DFS

Paying interest to e-money holders

Typically not permitted in order to differentiate from

banking

Could be “pass through” of interest on pooled

account

Bringing e-money accounts under deposit insurance

Coverage limits too low or e-money excluded from

coverage

Pooled accounts in insured institutions can

provide coverage for each customer

How about the three models we introduced yesterday?

The pure bank model: Equity Bank• Using telco as channel• MVNO license provides access to SIM

The standalone payments model: bKash• MFS Guidelines: bank-led model• Behaves very similar to e-money model

The non-bank model: Airtel Money• In most countries directly licensed by the regulator• In a few it’s more complicated: e.g. Uganda, India

Basic enabler #1: Regulations permitting and governing e-money

India - yesNo nonbank e-money issuance, but:• Prepaid Payments

Instrument Issuers (Restrictions on cash-out/requirements to partner with banks)

• New: Payments banks

Pakistan - noDifferent types of banks can issue stored value accounts and MNOs have been permitted to own majority stake in banks

Bangladesh - noNot really, but –• bKash very much operates

like a nonbank e-money issuer

Rwanda - yesE-money issuer defined in PSP regulations, but same rules apply as for PSPs except for trust account rules

Uganda - yesMobile money service providers (MNOs and other nonbanks) can offer e-money services, but in partnership with banks as the entity receiving the regulator’s no objection

20

What do we want to see and how do we get there?

Nonbanks or limited purpose banks can issue e-money / stored value accounts / small savings accounts

Sufficient fundsafeguarding and fund isolation rules

Not subject to full range of prudential regulations applied to financial intermediaries

Appropriate e-money regulation National Payment

System Law or clear authority in another law to regulate payment system

Implementing regulations governing the issuance of e-money by nonbanks (and banks?)

Alternatively: Limited purpose banks (“differentiated banks”, niche banks)

Typical steps

required to get there

21

REGULATORY REFORM TO ADVANCE FINANCIAL INCLUSION:

A CASE STUDY OF GHANA

ELLY OHENE-ADU, BANK OF GHANAMARCH 2016

Background• During early to mid 2000s, Ghana recognised

the need to expand the boundaries of financial services

• MM technology was introduced in the same period providing a window of opportunity to extend financial services to rural areas

• In 2008, Ghana issued guidelines on Branchless Banking (BB) focused on a bank-led and bank-based approach to BB

Branchless Banking Guidelines

• Mobile money viewed as a channel for use by only banks and deposit-taking financial institutions to reach unbanked segments of the population

• MNOs and other Non-banks: Regarded as Agents to make their platforms available to banks to use

• Mandated that banks alone should lead the process, own the customers as well as the agents

• Interoperability: “Many-to-many” model - Group of banks to partner with a group of MNOs; agents were required to be shared

Poor incentives weakening supply-side deployments

• Banks were mostly disinterested; Happy to keep the float accounts

• Active banks reluctant to make investments in new developments for fear of free-riders

• MNOs made investments, did all the work butwere in contravention of the regulations

• Weak support of agents by banks stifled the adoption of Mobile Money by users

Low access to financial services

According to Finscope Report of 2010……• 59% of population lived in rural areas

• 56% adults had access to financial services– 41% formal, 15% informal

• 44% had no access at all and were financially excluded

• Only 34% of Ghanaians had a bank account

• However, 80% of population had access to mobile phones (Also in rural areas)

The Financial Landscape in Ghana2010

Finscope Survey, 2010

34% 7% 15% 44%

Bank Non-bank formal Informal only Excluded

The Solution:

• Innovation

• Incentives

• Security

• Risk Management

• Consumer Protection

• Well articulated sanctions

The Solution: Revise, Experiment, Monitor

• Introduce clear, pragmatic and flexible regulation that would enable and foster a healthy environment for financial inclusion to succeed

• Revise the BB Guidelines to fit market dynamics• Adopt flexible experimental stance (Kenya,

Philippines, Tanzania, Mexico)• Adopt proportionate risk-based approach to

regulation• Keep eyes on the ball: Monitor and manage

emerging risks

EMI GUIDELINES

Engineering Incentives• Allow non bank-led model but require them to

establish non-bank subsidiaries licensed and regulated by the central bank

• Abolish many-to-many requirement to free operators from tight and unmanageable relationships

• Mandate Non-banks to keep the float with RFIs

• Designate a 15% threshold beyond which the float should be split and transferred to other banks to safeguard against bank insolvency

Engineering IncentivesFinancial Inclusion:• A three-tiered account structure with related

transaction limits; risk-based approach to KYC and CDD so that Individuals with little ID could be included in the formal financial sector

• Require float-holding banks to pay interest on the float

• Require electronic money issuers to pay not less than 80% of interest to account holders

Engineering Incentives• Establish strong consumer protection,

complaints resolution structures to afford consumers safeguards against abuse

• Set technology, security and compliance framework with requirement for certification in PCI DSS and ISO 27001 standards

• Detailed reporting requirements

• Well articulated sanctions

Permissible Transactions

▪ Domestic payments▪ Domestic money transfers, including to and from

bank accounts▪ Bulk transactions (Salaries, benefits, pensions etc.)▪ Cash-in-cash out transactions ▪ Over-the-counter transactions ▪ Inward international remittances▪ Savings/credit products under-written by

Regulated Financial Institutions (RFIs) ▪ Insurance products under-written by duly licensed

insurers.

Implementation Challenges

• Negative reaction from banks• Requirement for agents to take images of

photo IDs of customers upon presentment• Requirement for compliance with ISO and PCI

DSS standards• Interest payment and its sharing between

DEMIs and account holders

A changed picture in 2015

Access Strand in FII 2015 vs FinScope 2010

Note: Figures show access to services, not accounts

34%

36%

7%

22%

15%

17%

44%

25%

2010

2015


The main driver in Ghana has been nonbank formal servicesAccess to these services tripled in five years

34%

36%

7%

22%

15%

17%

44%

25%

2010

2015


3x

Exercise

The Central Bank of Gagastan

AML/CFT: do transaction

limits provide sufficient comfort?

Need of regulatory

oversight for simple

“payment services”?

Interest payment and

deposit insurance on e-

money accounts?

Transaction limits as sufficient AML/CFT measure?

Rules on use of prepaid funds?

GMB Akash, 2011 CGAP Photo Contest

Regulating bank and nonbank agents

41

Regulating agents as a new channel

FSP ClientAgent

DFS participant





4

42


Which risks are regulators most concerned about?

Operational risk Agents as a new channel give rise to new operational

risks Issues such as IT continuity, contingency planning, and

internal controlsConsumer risks

The other main concern of supervisors and one that receives increasing attention

Issues such as fraud, unauthorized fees, lack of receipt, lack of liquidity (cash at agent), system downtimes, inadequate dispute resolution, abusive treatment

Money laundering and terrorist financing risks The supervisors’ focus on this depends on importance of

the topic more generally (e.g., a high priority in Pakistan)

43

Authorizing the use of agents: Observed tools and techniques and recommendations

Current practice Recommendation

Authorization of channel use and of individual agents

• 1 or 2 stage (channel authorization and authorization of individual agents)

• Risk of delaying agent rollout/closure; overstretching supervisory capacity no approval of individual agents and only new authorization for significant changes to original agent business proposal

What to check at time of authorization?

• Contract review• Business and

operational plan• Financial projections• Agent due diligence

docs and agent roll-outplan

• IT infrastructure

• Opportunity to bar poorly designed agent businesses

• Use model agent contract to be approved by supervisor or min. standard clauses

• Check contracts with third parties such as aggregators

• Look at agents as part of broad operational risk review of the supervised entity

45

Ongoing supervision: Observed tools and techniques and recommendations

Current practice RecommendationInspecting providers

• Targeted inspection vs. being part of regular inspections

• Transaction simulations• Agent due diligence

procedures• Internal controls• Access rules to IT system• Transaction simulation• Etc.

• Consider materiality of agent business for the provider

• Make use of offsite analysis and previous onsite inspections to plan for visits

• Focus on headquarters and review of risk management program

• Also visit agent network managers if heavily involved in operation of agents

• Check quality of reporting process

Offsite surveillance • Wide range of intensity from detailed database with data on agent level to no regular reporting on agent activities

• Only collect information that feeds into the risk assessment or serves other regulatory purposes (e.g., financial inclusion monitoring)

• Automated process• At a minimum quarterly reporting on

aggregate level

46

Ongoing supervision: Observed tools and techniques and recommendations (contd.)

Current practice RecommendationInspecting agents • Random sample

• Targeted samples according to certain criteria (top/worst performers, most fraud cases, most complaints, etc.)

• Mystery shopping• Most countries don’t do this

on a regular basis

• Inspect individual agents only with very clear supervisory purpose (e.g. To check price disclosure, conduct transaction similations, audit particularly problematic agents) and prioritize targeted sampling

Enforcement actions • Wide range of measures available vs. only withdrawal of letter of no objection

• No serious enforcement actions have been taken yet

• Sufficient enforcement powers needed including changes in contracts, suspending or prohibiting certain practices, and penalties

47

Two important issues to consider in agent regulations

How to ensure level playing field between bank and nonbank agents?

Who can be an agent?

• No material difference between bank and nonbank agents’ regulatory treatment (but bank agents might be permitted to do more)

• Best achieved by single regulation covering both types of agents or by identical regulations applying to both types

• Otherwise risk of regulatory arbitrage and contradictorytreatment of shared agents

• Liability of the provider core element of both agent types

• Set minimum standards without unnecessarily circumscribing growth potential

• Business registration?• Length of operations?• Credit history?• Criminal record?

• Avoid geographic restrictions or barring certain legal entities from operating as agents

• Allow for tiered agent structure and use of agent network managers

48

Exclusivity Non-exclusivity

Should providers be allowed to impose exclusivity on agents?

There is a trade off between different considerations and no simple answer

Some countries have opted for limited exclusivity periods

Require technological capability to interconnect with other payment systems

How does M-Shwari fit Kenya’s current legal framework?

Bank product: The provider is a bank (CBA) and the customers open bank accounts with CBA no e-money involved

No direct physical channel for redeeming funds: M-Shwari customers are not permitted to use CBA branches. There are no M-Shwari agents. Customers can only move money into and out of their account by first transferring it to M-Pesa (with a corresponding change in the M-Pesafloat as the aggregate amount of e-money issued changes)

50

Neither agency banking nor e-money regulations apply, M-Shwaricustomers use M-Pesa agents, but only after bank money has been converted to e-money (or vice versa)

India - yesHave had agent rules for a long time (since 2006), but restrictions were only lifted

over time

Kenya, Tanzania, Bangladesh - yesDifferent rules for bank and nonbank

agents potentially leading to level playing field issues

Uganda - noOnly for nonbanks (MFSPs), but not permitted for banksMyanmar - yes

Mobile Banking Directive permits agents, but lacks clarity (e.g. on exclusivity,

tiered agent structure)

Basic enabler #2: Regulations permitting and governing the use of agents by banks and nonbanks

51


Use of agents permitted by range of relevant providers

Provider liability clearly stated

Preferably other relevant elements clearly prescribed

Appropriateagent

regulations First step is to permit agents (Uganda example for what happens if not) and to establish general principal agent principles

Second step is to define clear rules

Other relevant issues: (i) exclusivity; (ii) level playing field for different types of agents; (iii) tiered agent structure; (iv) use of prefunded accounts; etc.

Typical steps


52

KYC RegulationBir Azam, 2013 CGAP Photo Contest 53

Responding to AML/CFT concerns

FSP ClientAgent

DFS participant





4

54


The Financial Access Task Force (FATF) stipulates that a risk-based approach may be taken to KYC requirements

The regulation provides guidance at very high level, leaving room for interpretation under local market conditions

Countries and FI’s are required to “identify, assess and understand their ML/TF risk”

1. “Identified Higher Risk”:

Enhanced measures must be applied (i.e. obtaining additional information on customer (occupation, volume of assets, source of funds, etc.) and more frequent updates)

2. “Identified Lower Risk”: Countries may simplify measures to be applied by FIs

3. “Proven Low Risk”: Countries may exempt FIs from certain recommendations

Who determines the regulation? What does the regulation say?

The FATF is an Intergovernmental body

which develops international standards on

combating:

• Money laundering

• Terrorist financing, and

• Proliferation of weapons of mass

destruction

• Feb 2012: Issue of Revised Standards

• 40 Recommendations + Interpretive Notes

55

Source: Banxico Circular 2019/95 as modified by Circular 14/2011

Level 1 Level 2 Level 3Level 4

Traditional bank account

Max amount in monthlytransactions

US$ 280 + max balance of US$ 370 US$1,110 US$3,700 No limit

Customer information required to open account

NoneBasic Information(Name, Address,

Gender)Full customer information required

Documentation N.A. No paper copy required Paper copyrequired

Customer present at opening No

No (but bank has theoption to request

it)

Yes Yes

Access point Only debit card. No mobile

Mobile, card, bank transfer

Mobile, card, bank transfers

The same plus cheques

Tiered account structureThe example of Mexico

59

Using biometrically verified SIMs for account openingThe case of Pakistan

439 665 929 1,060 1,447 1,761

2,112 2,399 2,643 2,966 3,475

3,832 4,238

4,713 5,415

7,538

10,881

13,192

15,322

-

2,000

4,000

6,000

8,000

10,000

12,000

14,000

16,000

18,000

Branchless Banking Accounts(in thousands)

Basic enabler #3: Tiered, risk-based KYC structures

Pakistan - yesSeparate KYC rules for

branchless banking, while in most other countries existing rules for banks apply mutatis

mutandis

Bangladesh - yesCentral bank-issued rules vs.

general rules under AML Law: One can be better at defining

proportionality than the other, but AML Law generally prevails

India and Pakistan - yese-KYC allows customers to

open accounts at agents (and in Pakistan even on the phone

with biometrically verified SIMs)

Kenya - yesCoverage of ID and

accessibility of database: if good, even low risk accounts

can make use of official ID and the need for alternative forms of identification for low

risk accounts is less important

Rwanda - noNot clear whether PSPs (and

thus EMIs) fall under definition of “reporting entity” in the AML

Law

62


Simplified CDD for low risk accounts

The extent to which KYC/CDD is a problem strongly depends on the quality of the ID system

Biometric verification of SIMs can be a game changer

Risk-based KYC rules

Ideally the AML law provides room for simplified CDD

The question of how simplificationwill look like strongly depends on quality of ID system

Pakistan as example that pricingcan also play important role

Typical steps


63

GHANA’S AGENT GUIDELINES

Agent Guidelines

• Serves to regulate both banking agents as well as agents of e-money issuers

• Requirement for central bank authorisation to use agents with submission of ADD, AML, risk-assessment and conflict resolution policies

• Specifies strict agent eligibility and due diligence requirements

• Non-exclusivity of agents• Strict adherence to consumer protection

regulations set forth in the EMI Guidelines

Agent GuidelinesPermissible Activities: E-Money

• Opening of Minimum and Medium KYC e-money accounts on behalf of principals

• In addition, master-agents may open Enhanced KYC e-money accounts

• Balance inquiry and provision of account statements

• Cash-in and cash-out to/from the customer’s own account

Agent Guidelines

Permissible Activities: E-Money

• Cash-out of direct transfers not received to an account, including international remittances, salaries, benefits, loan disbursements

• Funds transfers, domestic remittances, • Inward international remittances• Marketing of credit, savings and insurance

products offered and provided by licensed financial institutions

Agent GuidelinesPermissible Activities: Banks

• All functions analogous to those under e-money, except the opening of bank accounts

• Receipt, verification and forwarding of applications for credit, savings, investment and insurance products to principals

• Receipt and forwarding of applications for credit cards and check books to principals

• Delivery of bank mail and check books to bank customers

Threats• Lack of reliable national personal identification

system • System related fraud: Systems should be secure

and robust to prevent fraudulent access• Agent related fraud: Some agents access

customer accounts while supporting them and withdraw additional funds when not authorized

• Consumer related fraud: PIN secrecy rules are not enforced and therefore relatives and agents get access to consumer account and defraud them

• Cybercrime and Money Laundering

The Way Forward• National strategy on financial inclusion to

address some payment related issues• Build capacity, strengthen regulation &

supervision to check abuses• Set up an agent registry to take stock of all

financial agents in Ghana• Continuous and closer collaboration with

other regulators in the financial space • Set up Payment System Council to continue to

drive payments ecosystem

Consumer protection regulation in DFS

Sumon Yusuf, 2013 CGAP Photo Contest 71

Protecting consumers

FSP ClientAgent

DFS participant





4

72


Whose job is it to protect DFS customers?

Providers

Regulator

Customers73

Responsible finance stakeholder survey Summer 2014

What level of responsibility do each of the following actors have to mitigate consumer risks?

0 10 20 30 40 50 60 70

Consumer Advocates

Donors

International SSBs

Consumers

Regulators

Providers

Results from Pulse Survey Summer 2014

primary responsibility medium responsibility no responsibility74

Seven Key Concerns of DFS Customers

1. Inability to transact due to network/service downtime

2. Inability to transact due to insufficient agent liquidity/float

3. Complex and confusing user interface

Source: CGAP

76

Seven Key Concerns of DFS CustomersCont’d.

4. Inadequate provider recourse

5. Lack of transparency

6. Fraud perpetrated on the customer

7. Inadequate data privacy and protection

Source: FSD Kenya

77

Some insights from CGAP research: Inconsistent disclosure practices

79

Recourse in Digital Finance: Emerging good practices

Opportunities: Increased consumer touch points and choice; SMS transaction records and confirmations

Good practices seen amongst DFS providers: Specialized DFS line and staff Specialized desks for common complaint types:

Reversals, lost SIM/PIN, non-payment products Dedicated agent hotline Training of agents on complaints handling and fraud

detection Enforcement of prominent display of hotline signage at

agent locations

82

Basic Enabler #4: Consumer protection rules considering specific risks in DFS

What is special about consumer protection in DFS?Effectiveness of CP rules on fair treatment, disclosure, redress in

practice?

Tanzania, Ghana, India, Myanmar (no), and Pakistan

(yes)A few lines in the relevant

regulations – is this enough? Or do we need a dedicated

financial consumer protection law?

KenyaRelevance of other regulators beyond financial regulator (in

particular Competition Authority of Kenya)

Kenya, TanzaniaDigital credit as newly

emerging area

84


Consumer protection rules specific to the provision of digital financial services

This could be part of a broad FCP regime or something specific for agents / e-money / digital credit etc.

Appropriate consumer protection regulation Broad authority in

law (increasingly under stand-alone FCP law)

Rules tailored to the specific consumerprotection risks in DFS

Typical steps


85

Some lessons from BoG’s experience with introducing regulatory changes

• Leadership important• Market driven • Partnership with private sector:

– Provides visibility – Lends credibility and trust– Raises understanding and cooperation and collaboration – Ensures sustainability of innovations

• Incorporate incentives that create win-win situations • Should cross-reference with existing and planned

laws• Access without usage does not promote financial

inclusion consumer education highlighting benefits of electronic payments and transactions as well as key consumer-related risks and how to mitigate them

86

Some lessons from CGAP work on creating enabling environment for DFS

• Takes time (often two steps forward, one step back)

• Important to buildtrust with regulatorsand industry

• Requires good under-standing of local market

• Draw on deep expertise and global knowledge of basic enablers

87

Advancing financial inclusion to improve the lives of the poor

www.cgap.org 88

http://www.themastercardfoundation.com/

http://www.themastercardfoundation.com/

the enabling environment for digital financial services

Economy & Finance