The recently launched GSM Association Code of Conduct for Mobile Money Providers is a welcome initiative. There is increasing recognition of the economic benefits that digital financial services can bring, along with an understanding that achieving ambitious financial inclusion targets may well depend on their rapid rollout. Such targets are being proposed by the World Bank, under the Maya Declaration and in other forums.
At the same time, there is a recognition that consumer protection is a critical element in building trust in the use of such services. See, for example, Principle 4 of the G20 Principles for Innovative Financial Inclusion and the recently held Responsible Finance Forum, as well as the outcomes of the 2014 deliberations of the 2014 Global Partnership on Financial Inclusion.
The code of conduct will apply to “mobile money providers” and to “mobile money.” The former term is not defined (could a bank be a provider?), whilst the latter term has a broad definition that provides (in summary) that “mobile money is a transformational service that uses information and communication technologies (ICIs) and non-bank retail channels to extend the delivery of financial services to clients who cannot be reached profitably with traditional branch-based financial services.” The example given (in summary) is an e-wallet, payments-related service.
The object of the code is expressed as being, in short, to support the continued development of the industry by:
- "Improving [the] quality of services and customer satisfaction;
- "Facilitating the implementation of trusted partnerships; and
- "Building trust with regulators and encouraging the implementation of appropriate and proportional regulatory standards.”
To support these objectives, there are eight principles dealing with safeguarding client funds; measures to combat money laundering and terrorism financing; monitoring of staff, agents and entities providing outsourced services; reliable service provision; security of the mobile network and channel; the provision of information to customers; complaints and personal data.
But does the code go far enough to protect the consumers of digital financial services?
Whilst there is no doubt that the GSMA Code covers important issues of concern to consumers, there are some aspects that could be clarified as well as additional issues to be considered. Some of them might be clarified by guidelines, others by future amendments. Examples of such issues follow.
How will the code be enforced and supervised? The Frequently Asked Questions for the Code (FAQ) propose that there will initially be a self-assessment process and that eventually a “robust certification regime” will be developed. One option in this regard might be for GSMA members to agree that providers will include in their terms and conditions with customers a contractually binding undertaking to comply with the code. The Australian E-Payments Code is a relevant example of such an approach, under which subscribers must warrant that they will comply with that code in the terms and conditions they give consumers.
Who will monitor compliance with the code? It could be helpful if a body such as GSMA could regularly survey its members on compliance arrangements and complaints statistics and publish at least annual reports of their findings, including issues of systemic concern.
Why is the definition of “mobile money” not broader? The definition would, for example, not appear to cover consumers who use mobile money services in areas that already have branch-based banking services. Ideally the code would clearly apply to anyone who uses mobile money services, regardless of whether the service is an additive or a transformational service. It would also be helpful if there were clarity as to whether the code is intended to apply to services provided by GSMA members in partnership with financial institutions and, if so, how the code might apply in that context.
What does Principle 2 add to existing obligations to comply with AML / CFT laws? Principle 2 contains detailed obligations concerning compliance with Anti-Money Laundering and Combatting the Financing of Terrorism (AML/CFT) obligations. However it is not clear how this principle adds to compliance with local AML/CFT laws or relates to theFinancial Action Task Force Recommendations 2012.
Do the provisions concerning liability for agents go far enough? Principle 3 seems to contemplate that there will always be a contract between a provider and an agent -- that is, that each provider will have its own contract with an agent. It would be helpful to clarify what the position is when the provider contracts with an agent network provider rather than individual agents.
Are there additional consumer protection issues that might be addressed? The ranges of issues covered by the code are all important. However, there are other consumer protection issues that might usefully be addressed as well. They include, for example:
- Liability: What is the proposed regime as to allocation of liability for fraud (e.g., by an agent or a third-party hacker), for unauthorized and mistaken payments, for system delays and malfunctions, for identity theft and for lost or stolen devices? Should liability be shared with the consumer and, if so, how should loss be allocated?
- Electronic contracts: How can account contracts be formed in an electronic environment?
- Statements of account: Should there be an obligation on providers to issue regular reports as to account transactions and balances over a specified period?
- Education: How can consumers be educated on the importance of keeping their PIN and device secure?
- Electronic disclosures: How can such disclosures be made effectively so that consumers get simple, legible, standardized information in a form that they can keep? This issue is of particular concern where the only method of communicating with a customer is via a mobile phone with a tiny screen.
We look forward to seeing the level of commitment to the code from providers, as well as the clarification of the abovementioned issues.