121010_Mobile Banking & Payments for Emerging Asia Summit 2012_Unleashing the...
121010_Mobile Banking & Payments for Emerging Asia Summit 2012_A Risk-Based Approach to Mobile Financial Services Regulation
1. A Risk-Based Approach to Mobile
Financial Services Regulation
Mobile Banking and Payments for Emerging Asia Summit, Bali, October 2012
Michael Joyce, Mobile Money Policy Advisor, TNP2K
mike@joyce.net
www.linked.in.com/mikejoycenet
@mjoyce_au
2. The First Question a Regulator asks.
• Who is providing the service? A bank or a
telco?
• If it’s a telco, how can I regulate it? Is it
banking?
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 2
3. Regulatory Approaches to Mobile
Money
• In reality, all mobile financial services need
both a bank and a telco at some level.
• Financial regulators are the appropriate
body for all cases where safeguarding of
money is an issue, whether it is the form of
banking laws, payments laws or some
combination of these.
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 3
4. Models of Mobile / Branchless
Communications
Banking Customer Transaction Account
Settlement
Channel Interface Processing Management
Wireless or remote Often delivered on Movement of money Maintenance of Movement of funds
link provided to mobile phones, but between accounts. account balances. between mobile
connect customer could also involve Must be done in real- May be performed money and other
with systems. EDCs, POS, tablets time, online within a Core financial system
or computers. environment. Banking System or a participants. Includes
May be accessed by “wallet” system. input and output of
customers or agents. funds at a macro
“Telco-Led”, i.e. M-Pesa Kenya; Smart and Globe Philippines level.
Telco Telco Telco Telco Bank
“Bank-Led”, i.e. DBBL Bangladesh, UBL Omni Pakistan, Indian “Business Correspondent” mod
Telco Bank Bank Bank Bank
Other models – Hybrid or third party models (WING Cambodia, Indian Business Correspondent
Telco Third Party Third Party Third Party Bank
Telco Third Party Third Party Bank Bank
Telco Subsidiary Subsidiary Subsidiary Bank
Telco Third Party Bank Bank Bank
Model Source: Protecting Mobile Money Against Financial Crimes, Chatain et Al, World Bank 2011
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 4
5. Deposit taking vs E-Money
Deposit taking – accepting funds from the public with a view to deploying
them as lending or investment.
E-money – a surrogate for coins or notes intended to be stored on an
electronic device and used for immediate payments at any time1.
• Deposit taking is higher risk than e-money as the funds are
leveraged. This requires a higher degree of prudential
supervision.
• Regulators need to monitor risks associated with e-money-
ensure it is kept segregated from other business accounts.
• KYC requirements may be lesser for e-money, but this is
dependent on what can be done with the e-money (cashing
out, transferral to bank accounts, system limits).
1: GSMA “Understanding Financial Regulation and How it Works” 2008
http://www.gsma.com/developmentfund/wp-content/uploads/2012/06/gsmaunderstanding_financial_regulation_0908.pdf
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 5
6. Examples of regulations for banking and
payments
• Banking and Prudential • Data privacy
Supervision Regulation
• Electronic security / E-
• Anti-Money-Laundering and commerce
Counter-Terrorist-Financing
• Foreign exchange
(AML / CTF)
• Consumer protection
• Payment Regulation
• Taxation
• E-Money
• Rural Banks / Microfinance
• Remittance
• Islamic Banking
• Outsourcing
• Payment system rules
• Agents / Branchless Banking
(RTGS, retail switches,
SWIFT, Card Schemes)
• Accounting Standards
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 6
7. Why take a risk-based approach?
• Benefits of a risk-based approach
– Balances risks against the benefits of new
services.
– Regulators often have a commitment to financial
inclusion
– Allows businesses to make their own decisions,
within guidelines
– Best use of limited resources
• Principles for risk-based approaches
– Compare risks with the risk of cash or existing
practices
– Continuous communication, monitoring and
flexibility
– Clarity is important to prevent “over-compliance”
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 7
8. What are the risks of mobile banking and
payments?
Fraud Most frauds are variants of existing vulnerabilities. Mobile
payments generally have better fraud protection than
magnetic card-based payments.
Technical failures Mobile money technology is maturing. MNO's are used to
dealing with large scale transaction bases.
Process failure Internal processes can be a weakness for new
operations. Many bank-standard processes are new to
telco operators.
Business Continuity Redundancy and availability are critical to real-time
systems with no paper trail.
Money Laundering / System limits are typically low, and transactions are
Terrorist Financing inherently easier to trace than cash or existing inter-bank
transfers.
Customer Protection Use of agents creates new risks. Simple processes and
good education are important.
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 8
9. What are the risks of mobile banking and
payments?
Credit Risks No new credit risks in most mobile banking operations.
Can lead to improved credit assessments if mobile
usage patterns are considered.
Liquidity Risk: Agents Operators must have good processes in place for agent
liquidity- often the number one problem for customers.
Liquidity Risk: Operator could go bankrupt or be unable to service all
Operator cash-out requests (“bank run”). Placement and
monitoring of security / pool / trust account is vital for e-
money systems.
Systemic Risks Closed-loop systems may lead to anti-competitive
behaviour or unfair pricing.
Inflationary Risks Uncertain if this is an issue - value is small compared to
other institutional payments systems.
Reputational Risks Mobile services need a high level of trust in order to
succeed.
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 9
10. Which risks should most concern
• Approvals to launch
regulators?
• Risk Management Framework of the Operator / Bank
• Compliance with AML / CTF
• Deposit of funds for e-money providers
• Use of agents
• Consumer protection
• Minimum technical standards
• Reporting
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 10
11. Common controls in mobile financial
•
services
Transaction and value limits
• PINs and PIN reset processes
• Customer Due Diligence
• Agent Due Diligence
• Agent compliance monitoring
• Customer and agent training
• Transaction reporting
• Transaction alert systems
• Segregation of Duties
• Complaint handling
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 11
12. Examples of risk-based approach: KYC and
limits
• CBNV (Mexico) implemented a tiered approach to KYC,
matching deposit limits to socio-economic income levels.
ID type Monthly deposit limit (USD)
Level Anonymous 285 Can be opened through retailers, web or agents,
1 but cannot be used on mobile.
Level Self-reported name 570 Can be opened remotely, paper records are not
2 and details necessary. 24 months to migrate to full KYC.
Level Self-reported, with 1140 Can be opened remotely, paper records are not
3 identification validated necessary. 24 months to migrate to full KYC.
against public
database.
Level Face-to-face 3800 Can be opened at branches, agents and
4 verification of ID enterprises. No paper records necessary.
Level Full bank account N/A Only at branches.
5
http://technology.cgap.org/2011/05/19/a-bold-move-toward-simplifying-amlcft-lessons-from-mexico/
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 12
13. Pakistan – willingness to allow changes
• SBP Initially released Branchless Banking Regulations in
2008
• Significant expansion in number of agents, but was not
leading to financial inclusion – low activity rates, many
customers were over-the-counter rather than account
based.
• Issued new guidelines in 2011.
– Introduced “Level 0” accounts with no paper required.
– Simplified account opening requirements (previously required
biometrics)
– Increased account limits
• Guidelines are very detailed and written in “Plain
English”
• Publishes very detailed quarterly reports
http://technology.cgap.org/2011/07/25/state-bank-of-pakistan-removes-barriers-to-branchless-banking/
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 13
14. Dangers of over-compliance
• Colombia has a widespread Conditional Cash Transfer program in
place “Familias en Accíon”. It reaches about 2.5 million families.
About 2.4 million use a no-frills bank account to receive their
payment.
• Simplified account opening is allowable for customers of these
payment schemes and for low-value electronic accounts opened
at agents.
• In 2008, a tender was awarded to Union Temporal, an alliance of
Banco Agrario and Assenda, a company that provides logistics,
cards and merchant services.
• The responsible bank decided to use a more complex process
than required by regulations, including fingerprint scanning and
taking of photographs. The fingerprints are not used for any
transactional purposes.
• The process cost an average of 9,900 pesos ($5.50) per account
Assenda estimates that a simplified processed would have been
http://www.cgap.org/gm/document-1.9.57010/Colombia_Public_G2P_Country_Report_Final.pdf
http://www.cgap.org/gm/document-1.9.42397/Updated_Notes_On_Regulating_Branchless_Banking_Colombia.pdf
30-40% less costly. The project is being re-tendered.
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 14
15. Ongoing regulatory capacity
Four key requirements to capture in regulatory reporting1
• Risk management frameworks and resulting data for risks pertaining
to operations, liquidity, money laundering, and terrorist financing;
• consumer protection;
• public disclosure of information; and
• outreach and financial inclusion.
Other Regulatory activities
• Receive lists of agents
• Monitor transaction values, volumes and activity
• Receive audit reports
• Conducts audits of relevant bodies
• Review and approval of major changes to products and services
• Report information to the public and relevant audiences
1: AFI Guideline Note on Mobile Financial Services: Regulatory Reporting September 2012
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 15
16. Future issues and groundwork for
successful mobile financial services
• Interoperability
• Fees and interchange costs
• Exclusivity
• Financial inclusion – does Mobile Money lead to this?
• Moving to cash-less (or less-cash) societies (G2P, value
chain)
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN 16
17. Summary
• Financial regulators will need to understand the
complexities of different business models of mobile
financial services.
• A risk-based approach will enable the right balance
between service growth, financial inclusion and
protection of the financial system and consumers.
• Good communication is essential for a risk-based
approach to succeed.
TIM NASIONAL PERCEPATAN PENANGGULANGAN KEMISKINAN