Client Protection

Where are the consumers in this picture? In an ideal world they would be able to protect themselves and advocate on their own behalf for a fair environment, but most countries do not have strong consumer protection movements and many do not even have a solid civil society tradition to build on. It’s particularly difficult to build a consumer movement around financial services. Financial products can be complex and opaque, and individuals may be reluctant to share sensitive personal financial problems, making it hard for consumers to act collectively. The situation is especially tough for BoP customers new to financial services.

Consumers International (CI) advocates for stable, secure, and fair financial services, and their work on this issue ranges from financial education projects to global campaigning, including with the G20. But CI is a federation of over 240 member organizations, and it is no surprise that the strongest ones are in high income countries and often focused on middle-class consumers. One CI member in India, MoneyLife Foundation, was launched by Moneylife media group in 2010 as a “fiercely independent, non-partisan and always pro-saver” NGO that works on financial literacy, consumer awareness, safe and fair market practices, and grievance redressal. Another member, Tanzania Consumers Advocacy Services (TCAS), works to build consumer capacity and make consumer voices heard. TCAS submits complaints about financial service providers’ misuse of power to the Bank of Tanzania—but its tiny staff can only do so much.

A public sector example is INDECOPI, the Peruvian Consumer Protection Agency, which has the power to apply fines for violations of consumer protection law. Half of the money from a sanction is awarded to the consumer organization that assisted in filing the complaint. This provides funding for educational and advocacy campaigns for consumers and supplements the regulator’s market conduct policing. But these models are rare in developing countries, especially for the base of the pyramid. Governments and donor organizations should help by funding and building the capacity of financial consumer organizations.

Understanding consumer behavior can be helpful in shaping consumer protection mechanisms. In carrying out demand-side research, the Smart Campaign observed something that is obvious when you think of it: poor people experience poor treatment from most of the formal institutions they interact with—schools, hospitals, police, and government agencies. Many customers feel that complaining is an exercise in futility and may have had little experience with standing up for their rights. Recent CGAP customer research also shows that people who are primed to expect negative experiences won’t even try—they are afraid they will be ignored or dismissed, or their issue will not be resolved in their favor. Customers believe that hidden fees and bad service are simply a cost of doing business with financial institutions. CGAP found that customers are more likely to advocate on their own behalf if they are able to recall an example of someone else voicing a concern or filing a complaint.

It’s a lot easier for consumers to advocate for themselves when there is a clear path and an open door. Many customers are not aware of the client protection resources, channels, or mechanisms within their institutions. If they had a problem, they wouldn’t even know the process to address it. And that brings us to the role of providers.

Providers make up an essential leg of the client protection stool—and this leg poses great untapped potential for impact. A recent survey conducted by the Aspen Institute on behalf of the Smart Campaign, a global effort to strengthen client protection practices in financial institutions serving the poor, asked financial inclusion stakeholders to rank the importance of providers, regulation, and consumers in advancing consumer protection. Industry-led initiatives came in last place, with 24 percent of the vote. This reflects a prevailing view that consumer protection is synonymous with regulation. Yet we believe the financial services industry is a vital missing link.

Providers have been reluctant to embrace client protection due to a mix of issues—including lack of incentives and capacity, and uneasy relationships with regulators. They feel pressure to focus on short-term profitability and don’t always see the business case for investing in the kind of customer relationships that build loyalty. They face operational challenges and lack practical tools. They may simply not have knowledge of what works in general, much less what works for different customer segments. See CGAP’s Applying Behavioral Insights in Consumer Protection Policy for more. In some cases, regulators could do more to create a level playing field—for instance, to ensure that providers that are more transparent are not at a competitive disadvantage, or to ensure sanctions for those that don’t comply. As a result of the often fraught regulatory dialogue, much of the progress from the providers has been compliance-driven rather than incorporated into provider culture.

And, we must acknowledge cases in which providers have not even complied with the law. In 2005, the Reserve Bank of India mandated that banks should offer no-frills accounts (Basic Savings Bank Deposit Accounts). A 2014-2015 audit study found that in more than half of the bank branches visited, customers were turned away when they tried to open one of these accounts. Even in the 45 percent of cases in which accounts were opened, banks demanded excessive documentation, were not transparent about terms and fees, and made the process hard for the customer.

But a compliance-driven approach is not enough. Alexandra Fiorillo, a financial inclusion expert, points out, “It’s not just that financial service providers need to incorporate client protection into their practices, but they also need to adopt best practices. Many providers are doing something in client protection but it’s generally not a very good practice. For instance, almost every provider I’ve visited has a suggestion box and thinks that is effective client protection.”

Some institutions have made genuine progress. Microfinance has been a bright spot fueled by the Smart Campaign (see “The Smart Campaign’s Theory of Change”), which has worked with the industry to establish principles, and has developed resources that address operational capacity and a certification program to provide public recognition. GSMA has shown impressive leadership with its Code of Conduct for Mobile Money Providers launched in 2014 and endorsed by leading mobile money networks. The Code focuses on soundness of services, security of the mobile network and channel, and fair treatment of customers. Many other individual institutions and industry groups have established codes of conduct as well.

Investors in financial institutions are in a unique position to support a thriving client protection ecosystem by spurring their investees to improve their client protection practices. Leaders such as FMO, Deutsche Bank, Oikocredit, and IFC have given dozens of providers the incentives to move their practices forward.

One of the challenges of client protection is that regulation is seen as the answer, absolving other actors of responsibilities other than compliance. Certainly, regulators play a vital role. Transparency in particular depends on regulation. Good regulation is necessary to set minimum standards for providers, but regulators can also go further by helping encourage a national culture of protecting the dignity and rights of consumers. The Smart Campaign’s recent study on the treatment of defaulting clients identifies well-implemented consumer protection regulation together with effective credit reporting as important to protect both the provider and the customer, not only preventing harsh tactics but also allowing providers to negotiate with customers with greater confidence.

In several of the countries rated highly by the Global Microscope, regulators treat providers as partners in customer protection, working to build capacity and fostering communication between the public and private sectors.

Among the questions leading regulators ask themselves in this regard are:

Do we have effective relationships with providers? The Financial Consumer Agency of Canada (FCAC) takes pride in fostering strong relationships with its regulated entities. In the agency’s early years, their consumer protection policies were sometimes thwarted by misunderstandings and disagreements with providers. After assigning dedicated relationship managers to work closely with specific regulated entities, the agency found a dramatic increase in compliance, with greater collaborative problem-solving. FCAC also actively reaches out before enacting policies to ensure their compliance materials are practical, effective, and engender corporate acceptance and support.

Are we promoting good practices by providers? Some regulators have put emphasis on “change on the ground” by encouraging codes of good practice and complaint procedures. (See “Codes of Conduct, Client Bills of Rights, and Culture.”)

Do we understand customers? Client protection regulation requires regulators to understand what is happening to clients in the market. Some have carried out behavioral research and impact studies on issues including: organizational practices on disclosure and recourse; why specific demographics complain; the impact of different delivery channels; consumer lending; emerging risks of digital financial services; and borrowing habits. CONDUSEF, the Mexican consumer protection agency, worked with the World Bank and CGAP to carry out mystery shopping in which 31 financial institutions were visited by 21 mystery shoppers. The exercise yielded important, if depressing, insights on how customers were treated, including lack of transparency, misleading information, and poor customer service. The Association of Bank Supervisors of the Americas (ASBA) identifies helping members understand the base-of-the-pyramid market better as one of its high priorities.

Are we taking advantage of self-regulation? In some cases, regulators have acknowledged their own lack of capacity to regulate services at the base of the pyramid, and have created mechanisms for monitored self-regulation. The most notable example, still in its early days, is the limited authority as a Self-Regulatory Organization (SRO) given by the Reserve Bank of India to MFIN, the Microfinance India Network, and later to Sa-Dhan. (See “The Great Indian Self-Regulation Experiment.”)

Progress in Establishing Effective Consumer Protection Regulatory Frameworks.

The Center for Financial Inclusion couples quality and access as the double heart of financial inclusion. The forces pushing for access, allowing freedom for innovation in the market, are often seen as incompatible with the forces pushing for protection. Regulators in a number of countries are steadily working toward stronger consumer protection policies and supervision—a process in which urgency must be coupled with patience. African countries noted as having made strong progress in recent years include Rwanda, Mozambique, Zambia, Ethiopia, Ghana, and South Africa. (See “Different Paths to Regulatory Progress,” which looks at the journeys of Ghana, Mozambique, Vietnam, and Uruguay.)

Indonesia is lauded for its new Financial Services Authority, OJK, established in 2011. The OJK has issued a framework for consumer protection (Financial Services Sector Consumer Protection Regulation, 2013) and has one dedicated directorate for consumer education and protection. A review by the World Bank found strong capacity in consumer protection and financial literacy in the government. Indonesia’s National Strategy for Financial Inclusion has a strong emphasis on consumer protection, to be implemented through OJK’s National Financial Literacy Blueprint and OJK’s specific financial consumer protection function. Consumer protection, financial capability, and financial inclusion efforts are integrated and create a virtuous cycle.

In countries where gaps are present, regulators can turn to a number of global resources, one of the newest of which is the Model Legal Framework developed by the Microfinance CEOs Working Group (MCWG) in concert with expert lawyers. The Model Legal Framework provides sample regulatory language with commentary for financial client protection based on the seven Client Protection Principles promoted by the Smart Campaign.

In insurance supervision, consumer protection and prudential issues have long been seen as inseparable. (See CGAP’s Global Standard-Setting Bodies and Financial Inclusion for the Poor for more.) That means that the relatively new field of microinsurance began with a concept of the importance of fair treatment of consumers of insurance and responsible market conduct, and with a view that consumer protection is necessary to advance access to insurance. (See GIZ’s and Microinsurance Network’s Discussion Paper Consumer Protection in Microinsurance for more.)

Yet despite this frame of reference, the industry still has far to go. A significant challenge is finding a sustainable balance between the complexity and cost of consumer protection, on the one hand, and the small size and often low margins of microinsurance products on the other. In some contexts, there is also a lack of regulatory and supervisory capacity related to microinsurance, including lack of experience with new products, new consumers, and new delivery channels. Microinsurance is typically not delivered by insurers themselves, meaning that the actions of deliverers (such as public utility companies, mobile network operators, retailers, microfinance institutions, cooperatives, and money transfer agencies) must be considered, along with those of insurers. Non-traditional channels are often subject to very little oversight. Furthermore, “consumers” of insurance include not only the policy-holders, but the beneficiaries. New insurance policy-holders must understand the importance of informing the beneficiaries of the policy. While these issues are not unique to base-of-the-pyramid customers, they are particularly challenging when consumers lack exposure to insurance and the skills to evaluate and use products.

The risks of purchasing microinsurance are heightened when the product is digital, mostly due to: lack of knowledge on the part of consumers or their beneficiaries; lack of capability when purchasing the products; and complex claims processes. (See GIZ’s Responsible Mobile Insurance for more). And the potential collapse of the insurance scheme is always an underlying risk.

The Consumer Protection Task Force of the Microinsurance Network is currently reviewing global consumer protection principles in the insurance industry and other financial services to determine what (if any) adjustments and additions are needed to address inclusive insurance. We also look forward to guidance for regulation on inclusive insurance being developed by the International Association of Insurance Supervisors (IAIS). And we echo the call of the Microinsurance Network for donors and other international stakeholders to invest in developing and sharing good practices, supporting regulatory developments, and building supervision expertise.

Technology Can Decrease Fraud and Increase Protection

Digital payments protect customers from the theft of cash, and the increased traceability of the payment process also helps to protect senders and receivers from fraud. The Better Than Cash Alliance has dramatic stories about the ways biometric identification linked to G2P payments have eliminated “ghost” beneficiaries from the system and decreased leakage (payments that do not reach the recipient in full). Evidence from India shows that making social security pension payments digitally via smart cards compared to manual cash payout by a government official results in a 47 percent decrease in bribe demands in addition to reducing ghost recipients. South Africa eliminated 850,000 bogus social grant recipients—out of 16 million—when the government began delivering the grants through the MasterCard SASSA card in 2012.

Technology also brings about the potential for the democratization of client protection. The web platform I Paid a Bribe leverages the transparency and anonymity of the Internet to encourage private citizens in India who have been the victims of corruption to self-report details of bribes. The website came on strong when it launched in 2011 and gave a lift to anti-corruption efforts, but traffic has fallen off since then. The Voice of the Client project tested the use of mobile phones as a source of client feedback for financial services in Uttar Pradesh. Three different survey modes were tested: call center, face-to-face interview, and an Interactive Voice Response (IVR) automated survey, pre-recorded in the local language. On the most sensitive questions – such as, "Do you ever face mistreatment by your loan officer?" - the automated mobile survey had nine times more respondents answering "Yes," compared with call center or face-to-face interview.

Many on-line platforms are available to help middle-class customers in high income countries compare services, and rate the quality of services they receive. Yelp and Trip Advisor offer crowd-sourced reviews mainly for the hospitality industry. In 2014, NerdWallet offered comparison shopping tools on financial products, from health insurance, to credit cards, and college loans to 30 million site visitors. Credit Karma is a free credit and financial management platform for U.S. consumers.

But what about the base of the pyramid? Will a platform emerge that can help BoP consumers navigate financial services? Service Info, a “Yelp for refugees” in Lebanon, is a new pilot website for refugees to find out about, and rate, resources to ease the transition to life a new country. The hope of the sponsors, the International Rescue Committee and USAID, is that feedback will improve the quality of services, as well as broadcast the services that are available. We would like to see more investment in platforms that give consumers a voice.

At the same time, channels such as these have a different function from and are therefore not a substitute for the grievance channels that providers and governments create to address and resolve individual customer complaints.

Yet Technology Brings New Dangers

Despite actual and potential benefits to client protection, the introduction of digital financial services also brings new problems. In Doing Digital Finance Right, CGAP identifies the following problems:

1. Inability to transact due to network/service downtime
2. Insufficient agent liquidity or float, which also affects ability to transact
3. User interfaces that many find complex and confusing
4. Poor customer recourse
5. Nontransparent fees and other terms (for example, only available through a website, but not on the phone itself)
6. Fraud that targets customers
7. Inadequate data privacy and protection

Everyone in the system is scrambling to address data security. The risk of stolen identities is just one of many. A Gallup Poll found that U.S. consumers are not adopting digital wallets due to security concerns and lack of confidence in the apps.

And going digital can obfuscate as well as clarify: for some digital products in Kenya, Tanzania, and the Philippines, the terms and conditions are not built into the platform, requiring people to visit a separate website to review them, creating a barrier rather than using technology to make it more user-friendly.

Agent Banking Challenges

A favorite vision for financial inclusion enthusiasts, including banks, card providers (MasterCard and Visa), and mobile network operators is that the owners of mom-and-pop stores around the world will become ambassadors of financial inclusion for their communities. This may be one of the best bets for bringing a human touch to digital financial services. Yet agent banking also introduces the possibility of agents failing (due to lack of knowledge, lack of availability, or fraud), technology failing (e.g connectivity problems), and consumers failing (due to lack of capability). In addition to inconveniences such as service downtime and agent illiquidity (which prevent customers from transacting and accessing their money), customers are vulnerable to the risk of agents sending money to the wrong number (and thus losing it). A risk mapping study showed that customers have often given their PIN numbers to agents to do transactions for them when the service is down. Transparency is also an issue, with many agents charging fees on top of the official tariff rate (which is often not displayed at agents’ outlets) or compromising the confidentiality of their customers’ PINs. (See MicroSave’s A Question of Trust: Mitigating Customer Risk in Digital Financial Services for more.) Aside from the potential for abuse by agents, connectivity failures mean that customers may not even know if their transactions have been completed.

Many of these issues are solvable. CGAP notes that providers can work on improving service reliability, the customer interface, and the quality and liquidity of agents—all issues directly affecting the user experience. Providers can directly fight fraud, both through building customer awareness and through improved systems. And, as always, recourse is important for resolving problems and restoring trust.

Big Data Raises New Questions

Data is constantly emerging as transactions of all kinds are digitized, but there is no clarity about who owns it and who has the rights to monetize it. The data is so desirable to companies that some offer free services in order to get access to it. A whole industry has risen around the need for a stewardship model to identify, define, and protect client data and for data custodians to oversee the safe transport and storage of data. But this kind of data governance—widely found among large corporations--is hardly on the radar for BoP customers nor for microfinance institutions and many others that serve them.

The image of many in financial inclusion is that regulators are the great protectors against abuses by the private sector. Yet government access to financial data can also make consumers vulnerable. It’s not hard to imagine a scenario in which some governments use financial data about their citizens for political ends, or, more likely, simply don’t do a good job of safeguarding the data they collect. This possibility is heightened in countries where state banks are major providers.

China’s e-Finance Explosion

The International Institute for Finance reported in November 2014 on the particular challenges of exponential growth in financial services through e-finance in China. The report lauded the great promise of e-finance for improving financial inclusion, but noted concerns about consumer protection. In the midst of stratospheric growth of P2P lending, China has seen many P2P lenders abruptly closing shop and vanishing. In 2014 alone, 275 P2P platforms in China failed. China has proposed regulations designed to crack down on platforms that are not sufficiently capitalized or are at higher risk of default. In the meantime, individual investors are at risk. In some of the most egregious cases, P2P fraudsters absconded with investors' money on the first day that they opened for business.

Keeping Pace with the Changes

It’s a challenge for regulators to keep up with the consumer protection implications of digital innovation—even for basic issues such as safeguarding customer money. The balancing act of access and protection continues, only now they are being played out on new channels.

Bangko Sentral ng Pilipinas (BSP) has adopted a “watch, dialogue, and learn” approach regarding the e-money industry and non-banks providing these services. BSP engages with the private sector to understand the practical issues of implementation and has invested in learning about technology, for instance through a well-regarded training delivered by Bankable Frontier Associates. Nigeria and Kenya have developed deposit insurance for e-money and stored value—but they are currently the only two countries that have done so. In many cases, new providers of digital financial services may be unregulated.

We don’t yet know the impact of access through new channels—agents, mobile financial services, crowdfunding—on consumer behavior, and how that affects consumer protection. But we do know the link to financial capability is especially important with digital financial services, as consumers encounter barriers to their safe use. And electronic transactions come with transparency challenges. Pervez Goiporia, a vice president at Oracle, highlighted the challenges of bringing 75 million unbanked households into the banking system through India’s Jan Dhan Yojana scheme: “The biggest gap is going to be the lack of familiarity with the technology and processes—both for banks and the end customer.” Banks are more familiar with an educated, urban clientele, and rolling out mobile and other digital channels to less experienced groups creates a “a vector for social engineering attacks.” In the context of cyberattacks on every kind of database—payroll systems, credit card holders, health care providers—the fact that millions of new and vulnerable customers are entering a porous system needs to be addressed.

No matter what technology is involved, the bottom line is that customer protection policies need to develop alongside technology innovations. And if the first experience of a new customer is negative—whether due to a serious issue such as fraud or an inconvenience such as lack of connectivity—it may take a long time to restore trust. In a rapidly changing world, we simply don’t know the impacts of the new technologies and new actors. The good news is that solutions are emerging, and that groups such as the Alliance for Financial Inclusion (AFI), CGAP, GSMA, GIZ, the Microinsurance Network, MicroSave, the International Telecommunication Union (ITU), the World Bank, and many others, are developing insights, guidelines, and tools to address consumer protection issues related to digital financial services.