Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Regulatory Issues Around Branchless Banking


Published on

  • Be the first to comment

  • Be the first to like this

Regulatory Issues Around Branchless Banking

  1. 1. Regulatory Issues Around Mobile BankingNew initiatives to bank the poor are straining the world’s financial regulatorysystems.byPaul Makinmailto: paul.makin@chyp.comhttp://www.chyp.comPrincipal Consultant,Consult HyperionThe rise of the mobile phone in emerging markets,particularly Africa and large parts of Asia, has beenwell documented, as has its use in an increasingnumber of initiatives as the means of increasing theavailability and variety of financial services inmany of these emerging economies. The UN Departmentof Economic and Social Affairs estimates that inAfrica there are 300 million reachable adults with nocurrent access to formal financial services, andthere are a variety of mobile services springing upto address their needs. Rather than true mobilebanking, most of these initiatives offer a subset ofbanking, though with the aim of evolving towards fullbanking services in the future, and are variouslyknown as “ b ranchless banking ” , “ 2G (secondgeneration) banking ” , “ mobile payments” , “ mobilemoney transfer” or “ mobile banking ” – which term isused depends on the audience. For the purpose of thispaper, we will use the term “ m obile banking ” , whilstacknowledging the limitations of the term. Page 1 of 13
  2. 2. Regulatory Issues Around Branchless Banking by Paul Makin, Consult HyperionThe financial services that may be delivered throughthe mobile channel are, in essence, no different tothose delivered through conventional banking channelsand the agent channels emerging in a number ofdeveloping markets. However, since the mobilechannel can reach a mass market beyond conventionalbanking networks, the particular types of financialservices offered across mobile will be optimised toserve that mass market: microfinance rather thantraditional bank credit, ad hoc bill payments (forexample, school fees) in addition to regular utilitypayments and low-cost saving products.Many of the mobile initiatives are partially – insome cases wholly – led by non-bank organisationsthat are traditionally outside the scope of financialregulation, and with whom the financial regulator hastraditionally had little or no contact. This hasnaturally led to concern amongst regulators, and, forgood or bad, threatens to disrupt the regulation ofthe financial sector in many of these countries.This paper explores relevant issues by building onConsult Hyperion‟s experiences from two directions:firstly, our involvement in the conception,development and deployment of M-PESA and otherbranchless banking initiatives; and secondly,conversations with a range of financial regulatorsfrom around the world. Page 2 of 13
  3. 3. Regulatory Issues Around Branchless Banking by Paul Makin, Consult Hyperion THE ROLE OF THE REGULATORThe financial regulator plays a crucial role in theeconomy of any country; for ordinary citizens, it isthe regulator that stands between them and financialchaos, by attempting to ensure the financialstability of the economy, and that those institutionswishing to offer financial services do so in aresponsible manner. So, in addition to his role inmaintaining financial stability, the regulator alsohas a key responsibility for consumer protection.There is a third role for the regulator, though, thatis particularly important for emerging economies;that of promoting a country‟s social objectives, byattempting to ensure that suitable financial servicesare available to as many of his fellow citizens aspossible, and that the range and sophistication ofthose services increases in step with the country‟sneeds. This third role is what we generally refer toas “ extending the reach and depth of financialservices ” .Quite reasonably, many regulators tend to view thisthird role as substantially subservient to the firsttwo – after all, the reasoning goes, if economicgrowth is threatened, who cares about whether or notthe entire population has a bank account? However,whilst there is a grain of truth in this particularworld view, it has the shortcoming that it can leadto a tendency towards conservatism, with theunintended consequence of raising the barrier toentry for new market entrants - effectively, closingthe door behind the existing financial serviceproviders, and protecting them against moreinnovative or more efficient competitors. REGULATORS’ ISSUES WITH BRANCHLESS BANKINGIn conversation with financial regulators around theworld, some common themes have emerged whendiscussing their concerns about branchless banking.It will come as no surprise to learn that the most Page 3 of 13
  4. 4. Regulatory Issues Around Branchless Banking by Paul Makin, Consult Hyperionfrequently raised is that schemes such as M-PESA,with no direct bank involvement, should not beallowed – instead, schemes should always be led by abank. As one regulator has put it, without a traceof irony, “ i n view of the recent global financialcrisis, we feel that only a bank provides thenecessary stability ” .A lack of familiarity with non-bank institutions hasalso been raised. Generally, regulators feelcomfortable with their existing relationships withthe banks and other financial institutions theyregulate – they know what figures and reports to lookat, and they are familiar with the levers availableto them to influence those institutions‟ operations.Of course, there is no reason why any otherinstitution should not be able to provide similarsatisfactory mechanisms, but this is a question offamiliarity.Finally, some regulators were concerned about theeffect that the failure of a branchless bankingscheme would have on customers, and the widereconomy. This is a legitimate concern, and indeed itis one that has been raised by representatives of anumber of established branchless banking schemes,when they look at some of their competitors‟ newofferings. We believe there is scope here for a newmarket opportunity for some of the global andnational insurance organisations, and would hope tosee them examining this market in the near future. THE M-PESA EXPERIENCEFollowing its remarkable success, it seems unlikelythat an audience such as this will be completelyunfamiliar with M-PESA. To briefly summarise: M-PESAis a money transfer service, initially deployed inKenya, which allows ordinary Kenyans to send moneyacross the country (or indeed face to face), cheaplyand reliably, using their mobile phones. They canalso use their M-PESA account as a safe place tostore small amounts of money (an aspect that rather Page 4 of 13
  5. 5. Regulatory Issues Around Branchless Banking by Paul Makin, Consult Hyperionexercises some commentators, but which is verydesirable to those with no access to a true bankaccount). This is a clear example of “ extending thereach of depth of financial services ” , with obviousbenefits for ordinary Kenyan citizens.M-PESA was developed and deployed by Vodafone, inpartnership with Safaricom, the leading Kenyan mobileoperator. It‟s been live for almost two and a halfyears, and, at last count, M-PESA had more than 7million registered customers, who were transferringUS$2 million a day between themselves. A substantialbusiness, indeed.We at Consult Hyperion are very proud of our role inthe conception and development of M-PESA. With ourbackground in payments in general, and paymentssecurity in particular, we were involved from theearliest stages in conceiving the ideas and helpingthose ideas become reality. Our involvement hascontinued, in undertaking reviews of the security ofthe latest versions of the M-PESA service.Notable by its absence from the list of partners inM-PESA is any member of the Kenyan financialcommunity, with the exception of the Commercial Bankof Africa (CBA), who provide commercial bankingservices to M-PESA. This absence has caused somethingapproaching outrage in some of the regulators we havespoken to. This was not for want of trying. The M-PESA team spent many hours, over a period of weeks,talking to as many high-profile members of the Kenyanfinancial community as possible, in the hope ofrecruiting a partner. Perhaps they were suspiciousof becoming involved with a mobile operator, orperhaps they felt that the proposal was too radical,and doomed to fail. Whatever the reason, no suitablefinancial sector partner could be found, and soeventually Vodafone and Safaricom decided to go aheadwithout one.This clearly posed a problem with regard to financialregulation. Page 5 of 13
  6. 6. Regulatory Issues Around Branchless Banking by Paul Makin, Consult HyperionM-PESA‟s approach to financial regulation, right fromthe start, was one of engagement. The very first,tentative moves towards M-PESA consisted of meetingswith as many interested parties as possible – and, ofcourse, the regulator was one of those, and his viewsdiligently sought. But this was not a one-offprocess, and the team were very keen to ensure thatthe regulator was regularly kept abreast ofdevelopments. In this regard, the team were veryfortunate to have a regulator who was not onlycareful to ensure that his responsibilities to theKenyan economy in general, and to the financialsector in particular, were fully satisfied, but whoalso viewed the aim of “ extending the reach and depthof financial services ” as a high priority, and tothat end was willing to explore new ideas, and listento potential new market entrants.Of course, the M-PESA team were aware that noregulator is completely happy to act alone, and thatthey generally consult amongst their peers when a newdevelopment is proposed. It is for that reason thatthe team engaged with other regulators, such as theUK‟s Financial Services Authority (FSA), explainingthe ideas behind M-PESA and what we were trying toachieve. The team were trying to create a feeling ofnormal progression, of sensible development, aroundM-PESA, and diminish any view of it as dangerouslyavant garde.But talking is not enough to satisfy any responsiblefinancial regulator. Coming from the payments world,one of our priorities as members of the M-PESA teamwas to endeavour to ensure that M-PESA would meet theexacting requirements of that sector – and there is alot that the branchless banking sector can learn fromcard industry initiatives such as the Payment CardIndustry Security Standards Council (PCI – SSC). Sothere are a lot of concepts borrowed from the cardindustry that are embedded in M-PESA, such as trueend-to-end encryption (with all confidential databeing held within the only secure storage on themobile handset, the SIM), the use of hardware Page 6 of 13
  7. 7. Regulatory Issues Around Branchless Banking by Paul Makin, Consult Hyperionsecurity modules (HSMs) at the M-PESA servers, asecurity focus on business processes, etc.This was all backed up by a remarkably comprehensiveset of reporting and management tools, which allowdetailed views and reporting of every aspect of everytransaction, both individually and en masse.In an attempt to ensure that M-PESA was „covering allthe bases‟, one of our consultants was given the taskof going through the then-draft Kenyan Anti MoneyLaundering legislation, with the aim of ensuring thatall of the necessary controls and reportingmechanisms were in place, and that all of thenecessary management functions were filled andprocesses in place – steps which helped to ease therelationship with the regulatory authorities, bybringing a familiar structure to the relationship.All of this was not intended merely to convince theregulator to allow M-PESA to launch – though, ofcourse, it helped, and M-PESA was launched under aspecial licence – rather, it was done primarilybecause the team felt that, although M-PESA is not afully-regulated financial institution, to behave likeone is the only responsible approach. It had theadded benefit of preparing M-PESA for any futureregulatory developments, and the not inconsequentialeffect of changing the mindset of staff, away fromthat of a mobile operator, and towards that of aquasi-financial institution.An issue that causes problems for many emergingbranchless banking schemes is that of the know yourcustomer (KYC) regulations, which require that everynew customer‟s identity be verified before they areable to use the service. The M-PESA team were luckyin Kenya – there is an established national ID cardscheme in place, and so M-PESA is able to rely onthat (as an aside, many have suggested that theKenyan ID card scheme is less than perfect. Itdoesn‟t matter; it‟s a national ID scheme, and theKenyan Government stands behind it, and that‟s Page 7 of 13
  8. 8. Regulatory Issues Around Branchless Banking by Paul Makin, Consult Hyperionsufficient). The advantage this confers on a schemebecomes obvious when the difficulties experienced byschemes launched in other countries without ID cardsare examined, such as M-PESA‟s own launch inTanzania. REGULATORY DEVELOPMENTSThe success of branchless banking schemes in general,and M-PESA in particular, has driven some recentdevelopments in regulation. Some of these are basedaround the view that only a bank should be allowed tooffer such services, which suggests that someregulators do not understand how the same regulatoryenvironment can apply to non-bank institutions. Tosome degree, this view is based on a lack ofvisibility of, and familiarity with, the capabilitiesof mobile operators, an issue addressed in detail bymy colleague Neil McEvoy in his recent paper in theGSMA‟s MMU Annual Report.In Kenya, the Finance Minister recently launched anaudit of M-PESA, in order to verify that it cannot beused by money launderers and pyramid schemes (indeed,the false accusation was made that M-PESA itself isnothing more than a ponzi scheme). This move was veryunpopular amongst ordinary Kenyans, as can be seenfrom numerous Kenyan media reports and blogs, whocommonly appeared to view it as an attempt by thebanks – who, the majority of ordinary Kenyans appearto feel, were never interested in providing servicesto them anyway – to shut down M-PESA. ConsultHyperion were asked to contribute to the response tothis audit by carrying out a new audit of securitycountermeasures and procedures, and we were againable to certify that M-PESA offers bank-gradesecurity and controls to its customers. At the end ofthe process, M-PESA was given a clean bill of health,and continues to operate.We understand that it is only a matter of time beforeM-PESA is brought under the full regulatory umbrellaof Kenya‟s laws, and it is likely to be regulated as Page 8 of 13
  9. 9. Regulatory Issues Around Branchless Banking by Paul Makin, Consult Hyperionan electronic money issuer. This is expected to besome way short of full regulation as a bank – afterall, M-PESA doesn‟t offer credit, and it certainlydoesn‟t lend out (multiples of) its customers‟ funds.Europe‟s approach, in creating a separate regulatorycategory of Payment Institutions and separating theregulation of payment services from the regulation ofcredit institutions, might be a very useful model inthis regard.In what might be perceived as a quid pro quo, Kenya‟sbanks will be allowed, like M-PESA, to offer theirservices through agents, rather than the currentsituation of being required to limit their servicesto their own fully-fledged branches, with all of thesubstantial costs that entails. Again, this isnothing new – it is an approach that has reapedsubstantial benefits for both banks and customers ina number of countries, with Brazil having aparticularly high profile in this regard. If thebanks grasp this opportunity, then this will have asignificant benefit for ordinary Kenyans – especiallyif, rather than seeing M-PESA as a competitor, theycan begin to view it as an opportunity. After all, ifthey chose to offer their services – loans, savingsaccounts etc – to M-PESA customers via the mobilephone, then they would instantly have access to morethan 11,000 access points – M-PESA agents – acrossKenya, with cash handling and movements in and out oftheir accounts being carried out by M-PESA,potentially saving the banks significant sums ofmoney.Meanwhile, in India, the development of thebranchless banking sector has been stalled. Around ayear ago, the Reserve Bank of India introducedregulatory changes for the sector which, as well asrequiring that schemes be operated by a bank, alsointroduced a requirement for end-to-end encryption(something only a mobile operator can offer usingcurrent technology), thus creating something of aninsoluble problem. This effectively closed the doorfor all new market entrants, and a number of schemes Page 9 of 13
  10. 10. Regulatory Issues Around Branchless Banking by Paul Makin, Consult Hyperionthat were close to launch were cancelled, or at leastput on hold. We understand some relaxation of theseregulations may be on the way, and this is to bewelcomed. The Indian situation may be contrastedwith Mexico, where the central bank has said thatagents, including banks and retailers, can openmobile banking accounts for their customers becauseagent networks are (rightly) seen as key financialinclusion given the scarcity of branches in rural andsemi-urban areas.The establishment of the Alliance for FinancialInclusion (AFI) at the end of 2008, with funding fromthe Bill & Melinda Gates Foundation, is a positivedevelopment. As a forum for financial regulators andothers representing emerging markets, it presents anopportunity for policy makers to review the issuesaround areas such as branchless banking. Results fromtheir Global Policy Forum next week in Nairobi willbe watched with interest. PRINCIPAL TECHNICAL ISSUESThere are one or two technical issues aroundbranchless banking solutions that impinge on theirregulation. These revolve around security, andconcern the mobile handset‟s SIM and end-to-endencryption, essential for bank-grade security oftransactions.As technology stands today, there is only one way ofdoing end-to-end encryption for branchless banking –using the SIM. Since the SIM is under the control ofthe mobile operator, this effectively means that onlya mobile operator-led scheme can offer full security.There are two means of resolving this situation,rather than accepting this unsatisfactory status quo:  Relaxation of SIM controls. There is an argument that the SIM will, at some point in the relatively near future, achieve the status of a public utility. This would imply that complete Page 10 of 13
  11. 11. Regulatory Issues Around Branchless Banking by Paul Makin, Consult Hyperion control of the SIM should be taken away from the mobile operator, and some portion of its capabilities made available, through the mobile operator, to third parties.  Relaxation of security. Without access to the SIM, comprehensive security is not possible. But it is not acceptable that only mobile operators should be able to deploy branchless banking solutions. So perhaps the lower security of SIM- less schemes should be accepted, subject to suitable controls – such as a maximum number of customers, a smaller maximum transaction size, and enhanced server-based controls.In fact, these are not purely technical issues.Instead, they demonstrate the intricate connectionsbetween issues of public policy and technicalminutiae, and that neither should be fixed withoutconsideration for the other. PRINCIPAL REGULATORY ISSUESThe principal regulatory issues around branchlessbanking and its regulation can be summarised as:  The risk of a high profile failure. If a high profile scheme were to fail, that would inevitably sully the reputation of all branchless banking schemes, and may set back the sector by years.  Non-bank institutions leading schemes. Provided a scheme can demonstrate that it can offer the regulator suitable visibility and the necessary levers, why must it be bank-led? After all, I trust my mobile operator not to lend out my money to a destitute South Carolinian, but I can‟t necessarily say the same of my bank. And a mobile operator can offer facilities such as geographical traceability of transactions that a bank could never – after all, I‟m using my mobile Page 11 of 13
  12. 12. Regulatory Issues Around Branchless Banking by Paul Makin, Consult Hyperion phone, so the mobile operator knows exactly who I sent the money to, and where they where when they received it!  Suitability of KYC Regulation. KYC requirements are undoubtedly holding back the branchless banking sector. Whilst they are, in some form, absolutely necessary, consideration should be given to whether or not their current application is appropriate. For example, if I send $20 once a week to my relatives up-country, is it really necessary that I undergo the same KYC checks as someone who wants to send $10,000? Perhaps a more limited form of KYC could be applied to the poorest customers – up until the time when they reach a certain transaction threshold, at which point full KYC would apply. It is difficult to see, for example, how such a relaxation would increase the risk from terrorist attacks.The regulators in general, and the AFI in particular,need to give due consideration to these issues. Intheir consideration, they also need to be convincedthat branchless banking schemes are trustworthy:  That the appropriate reporting channels are in place, and that the regulator will have access to the necessary levers;  That a scheme is fully auditable, and that KYC/AML controls are in place;  That a scheme is properly secure, and presents little risk to customers.With regard to this final point, there is a clearmarket opportunity here for one or more largeinsurance organisations, though we understand theconcerns they have about entering this nascentmarket. Hopefully a means of addressing this marketneed, and opportunity, will be found in the nearfuture. Page 12 of 13
  13. 13. Regulatory Issues Around Branchless Banking by Paul Makin, Consult HyperionWe hope the AFI forum makes progress on some of theissues raised in this document.Analysts Gartner project that the mobile paymentindustry will experience steady growth from thecurrent 73m users worldwide to almost 200m usersworldwide in 2012. One might expect a wide variety ofmobile financial service providers springing up todeliver financial inclusion on this “ p latform ” ,given regulatory stability, foresight andimagination. REFERENCES1. McEvoy, N.A. Capabilities of mobile operators from the perspective of a financial regulator in the GSMAs Mobile Money for the Unbanked Annual Report. (July 2009) Page 13 of 13