Policy Paper RF Mobile Banking 07-Jun-07
Policy Paper RF Mobile Banking 07-Jun-07
Policy Paper RF Mobile Banking 07-Jun-07
REGULATORY FRAMEWORK
FOR MOBILE BANKING
IN PAKISTAN
Executive Summary
Branchless/mobile banking models provide efficient and cost effective ways to extend financial
service outreach to the un-banked communities. Provision of enabling regulatory environment by
careful risk-reward balancing is necessary to use such models. These models can be classified into
three broad categories – Bank-Focused, Bank-Led and Nonbank-Led. Bank-focused model use
non-traditional low-cost alternate delivery channels (ADCs) to provide banking services to existing
banking customers. Examples include automatic teller machines (ATMs), internet banking, mobile
phone banking etc. Other Models offer a significantly cheaper alternative to conventional branch-
based banking by using delivery channels like retail agents, mobile phone etc. and can be used to
substantially increase the financial services outreach These models can be bank-led (where customer
account relationship rest with the bank and nonbank serves as the delivery channel) or Non-bank Led
(where Bank does not come in picture and the Non-Bank/Telco performs all the functions).
Risks Involved in branchless banking can be broadly classified into Agent-Related and E-Money
Risks. Agents Related Risks are common to all transformational models and arise from substantial
outsourcing of customer contact to retail agents, who may be operating in hard-to reach or dangerous
areas, lack physical security systems and specially trained personnel. When retail agents are used to
provide banking services, five of typical banking risk categories—credit, operational, legal, liquidity
and reputational—take on special importance beside elevated concerns regarding consumer protection
and compliance with rules for AML/CFT. E-Money Risks are typical to Nonbank-Led model and
relate to imprudent management of repayable deposits collected from retail customers by Non-bank
entities that are not subjected to prudential regulation and supervision.
Regulatory issues, from a financial regulator’s perspective, concerning mobile banking are related to
consumer protection, effect of m-banking on stability of banking & payment systems, legal definition
of deposit, e-money regulations, provisions for agency agreements and AML/CFT laws.
Bank-Focused model signify use of ADCs by banks as a cheap and convenient way to provide
banking services to their existing customers. This model can be used within existing regulatory frame
work and many banks have already started using it in varied extent.
Bank-Led (including JV based) Model is prone to agent-related risks. These risks can be mitigated
by making banks fully liable for actions of their agents and by giving regulators power to review
agents’ record of bank-related transactions. “Guidelines for Mobile Banking” covering various
aspects of this model may be issued for the purpose. Risk-based approach to Customer Due Diligence
(CDD) should be used to unleash true potential of this model.
As regards Nonbank-Led Model, the non-banks in Pakistan are subject to less stringent regulations
which may lead to significant risks w.r.t transaction security, documentation and AML/CFT beside e-
money related risks. For these reasons, Nonbank-Led model may only be allowed at a later stage after
we have sufficient experience in mitigating agent related risks using bank led model and need to think
about mitigating e-money related risks only. At that stage we may do so by making regulatory
changes giving these entities special status of some sort of quasi-bank/remittance agent etc. requiring
them to meet pre-specified standards of transparency, financial strength and liquidity and to follow
certain activity guidelines.
A careful, step-by-step approach, starting from basic bank led models and gradually adding more
activities as experience matures is the best approach.
SBP 1 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
Introduction
Extending the outreach of financial services to the un-banked/underserved/areas and people -
belonging mostly to the low income strata of the society - in a cost effective manner is viewed as
a big step towards poverty alleviation. Emerging advances in information and communication
technologies and their widespread usage offer tremendous opportunity to achieve this much
desired goal by making available non-traditional ways of providing financial services. However
these alternate delivery channels should be looked into prudently and adopted only after careful
balancing of risks and rewards. As regulators our role is not to try to eliminate these risks, but to
balance them appropriately with the benefits of using these new channels and to create an
enabling regulatory environment where new technologies are put to use on the efficient frontiers
of the risk-return tradeoff.
This Policy Paper presents a brief overview of various models of mobile/branchless banking
followed by a discussion of the risks attached to each model and finally, an analysis – from a
financial regulator’s perspective - of the regulatory issues and required changes in regulations to
implement these models. For preparing this paper we used information from several studies
conducted on other countries’ experiences with mobile banking and websites of existing mobile
banking services providers in those countries besides data from SPB payment systems
department, banking laws, regulations & policies, and other sources.
SBP 2 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
Nonbank-Led Model is where bank does not come in picture (except possibly as a safe-
keeper of surplus funds) and the Non-Bank/Telco performs all the functions.
Both Bank-Led and Nonbank-Led models are transformational in scope but the former is much
less risky. Table 1 summarizes various models of branchless banking.
1
In Pakistan ATM banking has taken off by two interlinked switches. Many banks also offer limited banking
services like balance enquiry, mini-statement etc over mobile phone and restricted fund-transfer over internet.
2
In Brazil, private and state-owned banks deliver financial services through retail agents including small
supermarkets and pharmacies, post offices, and lottery kiosks (Kumar et al. 2006).
3
MTN Banking of South Africa is joint venture between Standard Bank and MTN Mobile offering the MobileMoney
account which gives customer access to limited banking facilities, using Wap enabled cellphone.
(http://www.mtnbanking.co.za/)
4
WIZZIT is a cellphone-based banking facility provider operating as a division of South African Bank of Athens. It
does not require users to have a prior bank account and is compatible with early generation cell phones popular in
low-income communities. In addition to being able to conduct cellphone-to-cellphone transactions, WIZZIT account
holders are issued Maestro debit cards that can be used at any ATM or retailer. WIZZIT charges per-transaction fees
that range from 99c (USD 0.15) to R4.99 (USD 0.78) and does not charge a monthly fee nor require a minimum
balance. There are no transaction limitations - the service is purely pay-as-you-go.
(http://www.nextbillion.net/activitycapsule/wizzit)
5
In Philippine, Globe Telecom’s G-Cash service is an e-money account tied to a mobile phone subscriber
information module (SIM card). The account can be loaded and unloaded by depositing or withdrawing cash at a
SBP 3 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
Risks Involved7 in branchless banking can be broadly classified into Agent-Related and
E-Money Risks.
Agents Related Risks arise from substantial outsourcing of customer contact to retail
agents. From a typical banking regulator’s perspective, entrusting retail customer contact to the
types of retail agents used in both the bank-led and nonbank-led models would seem riskier than
these same functions in the hands of bank tellers in a conventional bank branch. These retail
agents may operate in hard-to reach or dangerous areas & they lack physical security systems and
specially trained personnel. The lack of expert training may seem a particular problem if retail
agents’ functions range beyond the cash-in/cash-out transactions of typical bank tellers to include
a role in credit decisions.
Banking regulation typically recognizes multiple categories of risk that bank regulators and
supervisors seek to mitigate. Five of these risk categories—credit risk, operational risk, legal risk,
liquidity risk, and reputation risk—take on special importance when customers use retail agents
rather than bank branches to access banking services. The use of retail agents also potentially
raises special concerns regarding consumer protection and compliance with rules for combating
money laundering and financing of terrorism. These Risks are further explained in Appendix - 1.
E-Money Risks relates to acceptance of repayable funds from retail customers by Non-Bank
entities that are not subjected to prudential regulation and supervision. Risk is that an unlicensed,
unsupervised Non-Bank will collect repayable funds from the public in exchange for e-money
and will either steal these funds or will use them imprudently, resulting in insolvency and the
inability to honor customers’ claims.
wide range of retail agents and the mobile operator’s own dealers. Customers can store cash (in the form of e-
money), send funds from person to person, pay bills and make loan repayments, and purchase goods at shops using
the e-money value in their G-Cash accounts. (Lyman et al., 2006)
6
Celpay, allows registered customers to use their cell phones for merchant transactions, monthly bill payments, and
fund transfer between participating phones using a secure SIM card, adding a menu to their cellphones that facilitates
the payments and providing access to their Celpay accounts. Money can be added to Celpay accounts via transfers
from a bank account, or by depositing cash or a check at a participating Celpay partner bank. Transfers made using
Celpay are free to the payer, while the payee is charged a small fee for each transaction. Celpay, recently purchased
by South African FirstRand bank, is currently functioning in Zambia and the Democratic Republic of Congo (DRC).
(http://www.nextbillion.net/activitycapsule/1873)
7
Lyman et al. 2006
SBP 4 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
Banking Companies Ordinance, 1962 (BCO) and the State Bank of Pakistan Act, 1956 (SBP Act)
provide the main legal structure under which the banking system of Pakistan operates9. Banking
Companies are licensed under section 27 of BCO and in terms of the Licensing Criteria for
Commercial Banks. Once licensed, banks are scheduled under section 37 (2) of SBP Act after
they meet strict requirements of capital adequacy, cash and liquid reserves maintenance,
transactional record keeping, and upholding financial and managerial discipline. They are also
required to establish internal control, internal audit and compliance systems. Banks are under
vigilant supervision by SBP and are required to follow the guidelines/rules/regulations issued by
it in letter and spirit or be ready to face severe penalties (upto the extent of a change of
management or winding up of business). In return, they are allowed to take deposits for the
purpose of lending or investment and can avail SBP discount window, lender of last resort
facilities etc. In addition, SBP also licenses Microfinance Banks under the Microfinance
Institutions Ordinance (2000-2001) in terms of the licensing criteria for micro-finance banks.
Commercial Banks are also allowed to undertake microfinance banking activities through a range
of options for conducting the microfinance business. Further, SBP is also looking out for options
for introducing Islamic Microfinance by banks.
8
Non-banking Finance Companies (NBFCs) (leasing companies, Investment Banks, Discount Houses, Housing
Finance Companies, Venture Capital Companies, Mutual Funds), Modarabas, Stock Exchange and Insurance
Companies.
9
There are other laws applicable to certain financial institutions or groups of institutions, like Bank Nationalization
Act,1974, Microfinance Institutions Ordinance, 2001, etc.
10
Porteous D. 2006
SBP 5 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
financial literacy the risks become even higher. These risks can be mitigated by entering into
mobile banking activities through known, already regulated players (banks) and by issuing
adequate guidelines regarding privacy protection, network security and complaint redressal.
How do m-payments affect the stability of the banking system and national
payment system?
Soundness and stability of the banking system and national payment system are central to our
mandate as financial regulator of the country. However, the question whether or not mobile
banking, particularly at its initial stage, becomes a systemically important payment system, needs
deliberations. Answer to this question helps in determining the timing and extent of applicability
of Core Principals for Systemically Important Payment Systems to mobile banking.
11
BCO 62 defines banking to mean “the accepting, for the purpose of lending or investment, of deposits of money
from the public, repayable on demand or otherwise, and withdrawable by cheque, draft, and order or otherwise.”
12
“deposits of money” shall be deemed to include money called, invited or collected for the purpose, or declared
object, of investment or borrowing in any business carried on, or proposed to be carried on, by the company, firm or
person by whom, or on whose behalf, such money is called, invited, collected or received irrespective of the nature of
the relationship, arrangement or terms offered or provided by such company, firm or person to the person making the
investment, deposits of money or payment or of the basis or understanding or which the money is so called, invited,
collected or received. (Explanation – Section 27A, BCO 1962)
13
E-money, according to the Basel Committee’s definition, is “a stored value or prepaid product in which a record of
the funds or value available to the consumer for multipurpose use is stored on an electronic device in the consumer’s
possession.” A legal definition of electronic money is included in Article 1 of European Parliament and Council
Directive 2000/46/EC (OJ L 275 of 27 October 2000, pp 39-43). The definition states that “electronic money shall
mean monetary value as represented by a claim on the issuer which is: (i) stored on an electronic device; (ii) issued
on receipt of funds of an amount not less in value than the monetary value issued; (iii) accepted as means of payment
by undertakings other than the issuer”. (Bank for International Settlements 2004).
14
Section 16(2)(c)(iii), Electronic Transaction Ordinance, 2001.
SBP 6 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
15
Section 11 (1) (b) (ii) (b) of Banking Companies Ordinance, 1962.
16
Microfinance Institutions are already allowed to extend micro-credit by establishing identity through other
appropriate means in far-flung and remote areas where people, particularly women, don’t have identity cards as per
Prudential Regulation No. 17 for microfinance banks/institutions.
17
Source: Retail Payment Systems of Pakistan, 1st Quarterly Report 2006-2007.
SBP 7 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
Bank-Led Model: In this model, agents like mobile operators and retail outlets (departmental
stores, mobile card sellers, small shop-keepers etc.) generally play a significant role in provision
of banking services to end customers. This model is, therefore, prone to agent-related risks. These
agent-related risks can be mitigated by making banks fully liable for actions of their agents and
by giving regulators power to review agents’ record of bank-related transactions. “Mobile
Banking Guidelines” may be issued for banks. These guidelines should include “Minimum
Requirements for setting up a Grievance Redressal Function”, “Security Requirements for the
transaction processing and recording system (capable of producing an undeniable proof of
transaction in case of any dispute)”, “Risk-Based Customers Due Diligence (CDD)
Requirements” etc. Separate guidelines may also be issued for “Selecting Banking
Correspondents/Agents” for banks who want to take up agent-based mobile banking.
Beauty of this model is that it can be implemented incrementally starting from most basic
activities and gradually adding more and more activities as market participants as well as
regulators become more experienced. An activity-based analysis of regulatory issues and required
changes for broad categories of banking activities is summarized in Table 3.
Table 3: Regulatory issues and required changes - Bank-led & JV-based Models
Function/Role: Performed By: Legal Issues and changes required
Product or Bank No Issue
Service Non-Bank Non-Bank may not be fully aware of existing legal
Designing requirements. This issue may be resolved by making
bank responsible for the product legality no matter who
designs it in the first place.
Product Bank / Non-Bank No issue.
Marketing
A/c Opening Bank No issue.
18
Negative growth of ATM only cards is due to the fact that these cards are being replaced either by debit cards or
credit cards.
SBP 8 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
SBP 9 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
Nonbank-Led Model:
In this model, customers do not deal with a bank, nor do they maintain a bank account. Instead,
customers deal with a Non-Bank firm—either a mobile network operator or prepaid card issuer—
and retail agents serve as the point of customer contact. Customers exchange their cash for e-
money stored in a virtual e-money account on the non-bank’s server, which is not linked to a
bank account in the individual’s name.
This model is riskier as the regulatory environment in which these non-banks operate in Pakistan
does not give much importance to issues related to customer identification, which may lead to
significant AML/CFT risks. Bringing in a culture of KYC to this segment will be a major
challenge. Further the non-banks are not much regulated in areas of transparent documentation
and record keeping which is a prerequisite for a safe financial system. Regulators also lack
experience in the realm. For these reasons, allowing nonbank-led model to operate will be an
unnecessarily big leap and an unjustifiably risky proposition. However this model may be
allowed at a later stage after we have sufficient experience in mitigating agent related risks using
bank led model and need to think about mitigating only e-money related risks.
To mitigate the e-money risks (which are peculiar to Nonbank-Led model only), necessary
changes in the existing regulations are required. So, for implanting this model we should start by
bringing Non-Banks under financial-regulatory net by giving these entities special status of some
sort of quasi-bank/remittance agent etc. Grant of this status should depend upon meeting pre-
specified standards of transparency, financial strength and liquidity. There should be clear, well-
defined limits on nature, type and volume of transactions that such entities can undertake. To
avoid insolvency, these entities may be required to deposit their net e-banking surplus funds with
scheduled banks meeting certain minimum rating criteria. They should also be told to follow clear
guidelines for AML/CFT and to establish a well-defined and efficient complaint redressal
mechanism.
SBP 10 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
workaround was found in Philippine by according Globe Telecom and SMART a rather loosely
defined status of “Remittance Agent”19. In Pakistan, Microfinance Institutions Ordinance, 2001
also defines Microfinance Institution as a deposit taking entity which is not a Banking
Company20. The banks may be allowed to establish banking agent relationships with other
market participants (Telcos/others) after issuing specific guidelines in this regard.
Prudential Regulations
If the bank-led model is followed, prudential regulations relating to ‘Know Your Customer
(KYC)’, ‘Anti Money Laundering (AML)’ and ‘undertaking of cash payments outside the bank’s
authorized place of business’ need modifications.
Regulations M-1 (KYC) and M-2 (AML) describe ‘the minimum identification / introduction
requirements for taking in a new customer’ and ‘measures to safe guard against Money
Laundering activities’ respectively. To facilitate rapid take-off of mobile banking and to extend
its outreach to the unbanked communities, we may consider adopting a risk-based KYC system
where identification requirements vary according to the nature of account operations. Accounts
with restricted transaction volume/turnover limits should have lower KYC requirements.
Similarly, requirements for ascertaining customer’s status and his source of earnings (M-2(b))
may be relaxed for these restricted accounts. Microfinance Institutions are already allowed to
extend micro-credit by establishing identity through other appropriate means in far-flung and
remote areas where people, particularly women, don’t have identity cards21. Appendix-2 presents
reduced AML / KYC requirements as adopted by other countries to extend financial services
outreach.
Regulation O-1 allows banks to facilitate cash withdrawals through authorized merchant
establishments at various point of sale (POS) upto a maximum limit of Rs. 10,000. This
regulation may be modified to include cash deposit facilitations upto a certain maximum limit
(not exceeding the per transaction limit of that particular account holder) using similar
arrangements.
In case the mobile banking activities are performed under a Nonbank-led model, these Non-
Banks should first be given some special status and then either a special set of prudential
regulations specific to them be framed or modification in existing prudential regulations be made.
19
Bangko Sentral ng Pilipinas. 2004. “Circular 471, Section 3.” Bangko Sentral ng Pilipinas.
(http://www.bsp.gov.ph/regulations/regulations.asp?type=1&id=116)
20
Microfinance Institutions Ordinance, 2001 Sections 2 and 3.
21
Prudential Regulations No. 17 for microfinance banks/institutions
(http://www.sbp.org.pk/publications/prudential/micro_prs.pdf)
SBP 11 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
Broad steps needed for implementing various models of branchless banking are summarized in
Table 4.
Bank Led 1. Mobile Banking Guidelines for Banks should be issued. These guidelines
Model should include minimum requirements for;
a. Setting up Grievance Redressal Function
b. Security of the Transaction Processing and Recording System
c. Customer Relationship levels (transaction and turnover limits for
various account types)
d. Risk-Based Customers Due Diligence (CDD) Requirements
2. Agent assisted mobile banking services may be allowed after;
a. Making banks fully liable for actions of their agents.
b. Giving regulators power to review agents’ record of bank-related
transactions. And after
c. Issuing guidelines for;
• Selecting Banking Correspondents/Agents.
• Cash deposit and withdrawal operations using agents.
• Lending operations using agents.
Nonbank Led 1. Non-banks should be brought under financial regulatory net by giving
Model these entities special status of some sort of quasi-bank/remittance agent
etc. This may be done either by amending BCO or by enacting some
special law.
SBP 12 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
Conclusion
Bank-Focused model, though less risky, does not offer much when it comes to extending
financial service outreach to the poor and unbanked. Both Bank-Led and Nonbank-Led Models
offer a greater potential to achieve this objective. These models, however, vary in their potential
as well as risks. The decision as to which model must be adopted should be made after
carefully weighing the risk-return tradeoff. A careful approach may be adopted to start
with the less risky bank-led model and gradually adding more options as the players and
stakeholders become more experienced. Once a model of branchless banking is decided
upon, work towards creating an enabling regulatory environment for implementation of
that model should start. Many components of such an environment are already in place if
SBP 13 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
bank-led model is adopted. However, Clear guidelines regarding various aspects of allowable
activities should be issued to avoid uncertainties. Further, a forceful eradication of any unlawful
and unauthorized services and offerings (generally provided by unlicensed players) - which may
sprout up - is a must to promote and safeguard the interest of genuine players (who will be
investing in the new technologies) and the overall system.
References
1. Lyman, T, Ivatury & Staschen (2006) “Use of Agents in Branchless Banking for the Poor:
Rewards, Risks, and Regulation”, CGAP Fosus Note No 38
(www.cgap.org/portal/binarycom.epicentric.contentmanagement.servlet.ContentDeliverySe
rvlet/Documents/FocusNote_38.pdf)
2. Kumar, Anjali, Ajai Nair, Adam Parsons, and Eduardo Urdapilleta. 2006. “Expanding Bank
Outreach through Retail Partnerships: Correspondent Banking in Brazil.” World Bank
Working Paper No. 85.
(http://siteresources.worldbank.org/INTTOPCONF3/Resources/363980Retail0p101OFFICI
AL0USE0ONLY1.pdf.)
3. Porteous, D (2006) “The Enabling Environment for Mobile Banking in Africa”, Report
commissioned by DFID,
(www.bankablefrontier.com/assets/ee.mobil.banking.report.v3.1.pdf)
4. Retail Payment Systems of Pakistan, 1st Quarterly Report FY2006-07, Payment Systems
Department, State Bank of Pakistan
5. 2004. “Survey of developments in electronic money and internet and mobile payments.”
Basel, Switzerland: Bank for International Settlements.
(http://www.bis.org/publ/cpss62.pdf.)
SBP 14 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
Appendices
Appendix 1: Banking Risks Relevant to Agent-assisted Branchless
Banking Models22.
Credit risk. Credit risk, simply stated, is the risk that one party to a financial transaction will not
receive the money he or she is owed when it is due. When banking transactions do not settle
immediately, and when additional parties are interposed between the customer and the bank,
opportunities for credit risk multiply. For example, when a customer makes a deposit at a bank
branch, she receives a deposit receipt immediately and can be fairly certain that the funds will be
credited to her account and will be available for withdrawal when desired (assuming the bank is
solvent and liquid). But when a customer makes a deposit into her bank account through a retail
agent, even if she receives a receipt immediately, she bears the risk that the transaction is not
communicated to the bank. Her account may not be credited. On the other hand, when the retail
agent processes a cash withdrawal for a customer, it is the retail agent who takes credit risk—the
risk that the bank won’t reimburse him the cash he disbursed from his till. Institutions face credit
risk with agent-assisted branchless banking whenever they must collect customer deposits or
payments from their retail agents. Obviously, they also face credit risk whenever they decide to
grant a customer a loan, and this latter form of credit risk may be enhanced in the agent assisted
branchless banking context if the bank has outsourced some or all aspects of loan underwriting or
collection to its retail agents.
Operational risk. Operational risk refers to potential losses resulting from “inadequate or failed
internal processes, people and systems or from external events.” For banks and Non-Banks that
use retail agents and rely on electronic communications to settle transactions, a variety of
potential operational risks arise. For example, customers or retail agents could commit fraud, or a
bank’s equipment or other property could be stolen from a retail agent’s premises. Financial loss
for banks or Non-Banks (and also potentially for customers) can also occur from data leaks or
data loss from hacker attacks, inadequate physical or electronic security, or poor backup systems.
Anecdotal evidence from Brazil, which has the longest track record with agent-assisted
branchless banking, suggests that operational risk is significant. Banks in Brazil have reported
losses because of retail agent fraud and robberies, which reportedly occur with great predictability
when word gets around that a particular agent is handling an increased volume of cash.
Legal risk. Financial service providers will invest in a new delivery model only if they can
predict and manage how relevant laws, regulations, and legal agreements will be applied and
enforced, and how these things may change over time. In the countries studied, the banks and
Non-Banks involved undoubtedly devoted significant effort to researching the relevant laws and
regulations before investing in agent-assisted branchless banking approaches, and in most cases,
they also consulted with regulatory authorities to understand better how authorities were likely to
apply existing rules to the new model. But because regulators have had little experience with both
models and are still adjusting existing rules to address them (or have yet to begin this process),
22
(Lyman, et al. 2006)
SBP 15 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
some level of legal and regulatory uncertainty and ambiguity for both the banks and Non-Banks
(and to a lesser extent also for retail agents) remains. Once a model becomes widely used in a
country, these uncertainties and ambiguities could take on a systemic dimension if, for example,
several banks with significant operations conducted through retail agents suddenly face an
unfavorable interpretation that challenges their authority to transact business through retail agents
or the enforceability of related legal agreements.
Liquidity risk. Retail agents - especially those that are relatively small, unsophisticated and
remote - may not have enough cash to meet customers’ requests for withdrawals and may lack
experience in the more complex liquidity management required for offering financial services. To
manage liquidity effectively, retail agents must balance several variables, including turnover of
cash, ease of access to the retail agent’s bank account, and processing time of transactions, among
others.
Reputation risk. When retail agents underperform or are robbed, banks’ public image may suffer.
Many operational risks mentioned (such as the loss of customer records or the leakage of
confidential customer data) also can cause reputation risk, as can liquidity shortfalls in the retail
agent’s cash drawer. The prospects for damage to the financial institution’s reputation from
problems of this sort should not be underestimated, because many retail agents may be
inexperienced in providing financial services, may not be accustomed to maintaining adequate
cash to settle customer withdrawals, and may lack the physical security to protect the increased
levels of cash they will have on hand if things are going well. Moreover, reputation risk can
spread from one bank or Non-Bank to another and take on systemic dimensions. In South Africa,
mobile phone banking providers expressed concern that if even one young initiative failed, it
could jeopardize customers’ trust in the entire mobile phone banking business.
SBP 16 BPRD
DRAFT: POLICY PAPER ON REGULATORY FRAMEWORK FOR MOBILE BANKING IN PAKISTAN
In South Africa, banks and money transfer companies are not required to obtain and verify a
customer’s income tax registration number and residential address, provided that certain
requirements are met (transactions limited to approximately US$800 per day and approximately
US$4,000 per month; maximum account balance of approximately US$4,000 at any time; no
international transfers, with limited exceptions). However, institutions must still obtain and verify
a customer’s full name, date of birth, and identity number, using an official identity document for
verification. Because approximately 1.5 million eligible South Africans lack such an identity
document, the rules still exclude many low-income people from financial services.
In India, the central bank has emphasized that AML/CFT requirements should not limit poor
customers’ access to financial services. For all accounts, identity and address requirements can be
met through documentation such as ration cards or letters from public authorities or employers. In
addition, for certain low-value accounts (maximum account balance of approximately US$1,100;
maximum total annual credit of approximately US$2,300), prospective customers lacking
necessary documentation can be introduced by another customer in good standing who was
subjected to full “know your customer” procedures and who can confirm the prospective
customer’s address. Alternatively, for these low-value accounts, banks can accept any form of
documentation that satisfies them as to the identity and address of the customer.
In Brazil, poor customers must meet the same identification requirements as any other customers.
However, customers may open low-value accounts (generally, maximum balance of
approximately US$500) using records provided by the National Social Security Institute, as long
as all of the necessary identification information is contained in these documents. In addition,
customers may temporarily open a low-value account using only their Social Identity Number,
but full documentation must be provided within six months, or the account will be closed. This
gives agents operating in remote areas more time to submit the required information.
Sources: Amended Exemption 17 to the Financial Intelligence Centre Act (November 1, 2004), http://www.fic.gov.za/info/Revised%20exem
ption%2017%20+%202nd%20reporting%20exemption.pdf; Genesis Analytics Ltd., Legislative and Regulatory Obstacles to Mass Banking,
p. 54, http://www.finmark.org.za/documents/2003/SEPTEMBER/MassBanking.pdf; Circular RBI/2004-05/284, “Know Your Customer” (KYC)
Guidelines—Anti Money Laundering Standards, pp. 6 and 15 (November 29, 2004), http://www.rbi.org.in/scripts/BS_CircularIndexDisplay.
aspx?Id=2039; Resolution 3,211, http://www.bcb.gov.br/?BUSCANORMA (in Portuguese; English copy on file with authors).
23
(Lyman, et al. 2006)
SBP 17 BPRD