Mobile Financial Services

Working Group (MFSWG)

Mobile Financial Services

Regulatory Reporting
This guideline note was developed by AFI’s Mobile Financial
Services Working Group (MFSWG) to discuss effective methods
for adapting supervisory frameworks for financial services
delivered via mobile phones.

Guideline Note No.3

March 2013
Contents

Context 1

Purpose and critical issues 1

Minimum data and information requirements:

definition of variables and key data sets 2
Risk management 2
Operational risk
Liquidity risk
Anti-money laundering and counter financing of terrorism (AML/CFT) risks
Consumer protection 3
Public disclosure of information 3
Outreach and financial inclusion 3

Measurement and assumptions 4

Recognizing the potential of mobile financial services (MFS), the Mobile

Financial Services Working Group (MFSWG) was created to provide a platform
within the AFI network for policymaker discussion on regulatory issues related
to MFS. The working group promotes the broad use of MFS as a key solution for
greater financial inclusion in emerging and developing countries. The group
aims to stimulate discussion and learning among policymakers and promote
greater coordination between the many different MFS actors, such as financial
and telecommunications regulators and bank and non-bank providers.

© 2013 (March), Alliance for Financial Inclusion

Original edition published in September 2012.
All rights reserved.
Context Bank supervisors can adapt much of their existing
prudential supervision tools and expertise to mitigate
Mobile banking and mobile payments have filled an and monitor these risks effectively. Monitoring
important space in the financial services landscape, operational risks may be less familiar to payments
especially in transforming and driving financial systems regulators, who can borrow from the bank
inclusion. Financial services delivered via mobile supervisor’s toolkit to go deeper and improve how
phones can help to reach the large percentage of they oversee payment systems providers.
the world’s population that has access to these
devices but which remains unserved by formal Reporting requirements for MFS begin with
financial services providers. To fulfill the potential application and authorization. After a provider has
of these new and dynamic products and business been authorized, regular reporting requirements
models, however, financial authorities must adapt (which are aligned with the regulatory framework)
their supervisory frameworks. allow supervisors to ensure the compliance and
health of individual providers, and to broadly oversee
As traditional brick and mortar banking shifts toward the safety and efficiency of the system. First,
banking beyond branches,1 mobile financial services however, the specific purposes for this gathered
(MFS), and other innovative emerging channels, many information and how it will be used must be clearly
traditional supervision schemes become impractical identified.
and, in some cases, even pointless. In particular,
when seemingly intangible financial transactions are
Application and reporting requirements allow the
carried out through electronic channels, it becomes
supervisor to verify that regulatory requirements
critically important to collect timely, relevant,
are met and that the following objectives are
and accurate data.
achieved:

Reporting requirements must be clear and focus on

• to assess potential risk build-up for individual
the information needed to assess whether service
providers, as well as for the system as a whole;
providers are sound, risk management protocols
• to ensure that a provider’s financial condition
are effective, and consumer protection policies are
can adequately support its MFS activities and
adequate. This information will help supervisors
that it complies with prudential requirements
ensure that services are provided under secure,
(such as minimum capital), if applicable;
reliable, and transparent conditions. However,
• to promote stable and transparent market
regulators should be careful to avoid excessively
operations by enhancing public disclosure of
burdensome and overlapping requirements, which
information;
may stifle innovation and limit market competition.
• to ensure there are adequate risk management
processes to identify, assess, control, and
This document draws on common regulatory
monitor potential sources of risk arising from
practices within the AFI Mobile Financial Services
MFS provision, such as operational, liquidity, and
Working Group (MFSWG) to determine the most
money laundering risks;
effective ways to supervise mobile financial services.
• to verify that the rights and interests of financial
The goal is to identify the minimum data and
consumers are protected, product information
information that suppliers require from financial
and costs are transparent, and that customer
authorities to satisfactorily assess whether they
claims and redress mechanisms are reported;
comply with consumer protection and market
and
stability objectives.
• to assess the outreach of MFS so that the impact
of these services on financial inclusion can be
evaluated. Access and usage dimensions should
Purpose and critical issues
be considered.

MFS risks are primarily operational and raise new,

but manageable, supervisory concerns. These risks
apply to banks launching a new MFS business line
as well as to newly licensed payment providers.

1
New channels that are different from branches are primarily referred to as ‘branchless banking’, although they complement branches
and do not replace them, argue C. Alexandre, I. Mas, and D. Radcliffe (2009) in “Regulating New Banking Models that can Bring
Financial Services to All”. They therefore suggest the term ‘banking beyond branches’.

Mobile Financial Services I Regulatory Reporting I 1

These objectives must help financial authorities requiring daily or weekly reporting as part of their
to carry out the licensing or registration process oversight procedures for MFS activities.2
of potential MFS providers and to monitor MFS
development within each country’s Periodic reports should encourage standardization of
regulatory framework. data requirements, as well as convergence across the
diverse models adopted for MFS provision. Reporting
requirements for non-banks may be expansive, given
Application and licensing requirements build the they are newly supervised and do not already meet
foundation for reporting requirements. Through the same requirements as banks. MFS bring risks
this process, applicants submit both financial and that are unfamiliar, but they are not inherently more
non-financial information about the proposed risky. With this in mind, regulators may ask for more
operations, including, but not limited to: up front regulatory reporting in the initial stages
after a provider is licensed. Regular interaction also
•  usiness plans and intended services;
b allows the regulator and provider to develop
• operating models and key outsourcing alliances a common understanding.
or agreements;
• financial and general business information about
major shareholders and officials, as required; Based on collective experience, the group has
• financial and general business information about identified data and information requirements in
major providers or outsourcers; and four key areas that should be captured in MFS
• a financial feasibility study. regulatory reporting:

• risk management frameworks and resulting

The required information should allow supervisors to data for risks pertaining to operations, liquidity,
assess whether the provider is fit and proper and if money laundering, and terrorist financing;
the MFS project is viable and ready for deployment. • consumer protection;
If the information submitted to fulfill entry • public disclosure of information; and
requirements changes, the new information should • outreach and financial inclusion.
be provided to the supervisor. After authorization is
given, the company must inform the regulator about
any significant change or modification to its business
or operating model. Risk management

Data reporting requirements for risk management

Minimum data and information may apply differently to banks and non-banks,
requirements: definitions of depending on the business model in question and the
variables and key data sets functions that are being performed.

Once MFS providers are licensed and incorporated Operational risk

into the regulated market, minimum data and
information usually includes qualitative and Qualitative information
quantitative requirements. Qualitative requirements
should be provided on an occasional basis, while • policies, procedures, and tools for managing risk;
quantitative requirements should be sent to • significant changes to company operations,
regulators on a regular, periodic basis. Overall, indicating the main activities undertaken to
the timing of reporting and requirements for MFS mitigate the associated operational risks;
should be in proportion to the regulator’s capacity • overview of the business continuity management
to review reports. MFS reporting should be aligned plan and the main scenarios tested;
with existing reporting systems and requirements • overview of the information security management
to maximize efficiency for both regulators and plan; and
providers. In a recent survey of the MFSWG, the • major risks covered by insurance or another
majority of regulators (57%) indicated that they equivalent means.
require monthly reporting, with the minority

2
MFSWG, “Policy Approaches for Mobile Financial Services: Working Group Survey Analysis”, May 2011.

2 I Mobile Financial Services I Regulatory Reporting

Quantitative information Consumer protection

• major operational risk losses reported in number Qualitative information

and amount, as well as by type of event (i.e.
Basel II categories: Internal or External Fraud, • overview of the process for disseminating
Clients, Products & Business Practice, Damage information to consumers: rates, fees, and
to Physical Assets, Business Disruption & expenses through all available channels
System Failures, Execution, Delivery & (branches, agents, website, etc.); and
Process Management); and • overview of the customer service system.
• major business continuity disruptions (i.e.
number and duration of business interruption Quantitative information
events caused by information system failures or
other reasons). • number and amount of unacknowledged
operations reported by clients (per channel and
Liquidity risk type of operation);
• number of clients that reported claims other
Qualitative information than unacknowledged operations;
• percentage of claims resolved in favor of the
• liquidity contingency plan in case of sudden consumer; and
demand for cash-outs, as well as information • resolution status and date of claims made by
about related agreements with liquidity suppliers. clients.

Quantitative information Public disclosure of information

• information about deposits or e-money balances • overview of mission, purpose, and general
by region or geographic jurisdiction if needed, business and risk management practices;
according to country circumstances. • audited financial statements;
• capital base; and
Anti-Money Laundering and Counter Financing of • additional capital requirement for operational
Terrorism Risks (AML/CFT) risk, if applicable.

Qualitative information Outreach and financial inclusion

• overview of AML/CFT programs, including Access

description of the main policies and strategies,
as well as the main risk mitigation tools; • number, geographical distribution, and type of
• specific risk analysis for products and/or channel, business of retail agents; and
including product design characteristics that • number and geographical distribution of cash
mitigate risks (such as simplified measures for merchants.
low-risk products);
• records of electronic money operations, by Use
owner; and
• evaluation procedures for unusual operations • number of customers: registered and active
and reporting of suspicious operations. customers;
• number of active accounts (bank-based),
Quantitative information if applicable;
• number of dormant accounts (bank-based),
• reports of suspicious operations, if any, in a if applicable;
simplified way; and • number of e-wallets, if applicable;
• statistics of unusual operations to appropriate • number of new accounts in a given period of
regulators, aggregated by product, channel, time, if applicable;
and geographical region. • number of e-wallets opened in a given period
of time, if applicable;

Mobile Financial Services I Regulatory Reporting I 3

• number of operations per type,* per channel; Considering that MFS, with a few exceptions, are
• operation amount per type,* per channel in a still in initial stages of development, gathering
given period of time; and reliable information is a challenge. The data and
• outstanding balance per account/e-wallet. general information will come from the supply
side − that is, from the service providers. From the
*  onsider the following for type of operation,
C regulator’s perspective, this should be sufficient
when applicable: to monitor operations and the soundness of
the provider. However, this information may be
i) local transfers (in/out) and international insufficient to measure the impact on financial
transfers (in/out); and inclusion. For example, if the purpose is to measure
ii) payments from: person-to-business (P2B), whether services are adequate for the needs of
business-to-person (B2P), government-to- the population, particularly the poor, additional
person (G2P), and person-to-government demand-side data may need to be gathered. Because
(P2G). collecting this type of information is costly, the
decision to undertake surveys or similar activities
should be based on a cost-benefit analysis.
Measurement and assumptions
The information identified in this report is general
Mobile financial services vary greatly in terms of and aimed at serving the regulator’s main objectives.
their business models and degree of regulation, However, each country should decide what its
among other things. This document assumes that MFS priorities are based on its particular risks, legal
are supervised and the regulator has the power to environment, and stage of MFS development.
demand data reporting. It also takes diverse business
models into account when identifying the relevant
data that need to be gathered.

4 I Mobile Financial Services I Regulatory Reporting

About AFI Mobile Financial Services
Working Group Guideline Notes
The AFI Mobile Financial Services Working Group
guideline notes are based on the experience of group
members and attempt to provide guidance
on the definition of common standards, approaches,
and practices for MFS regulation and supervision
within AFI member institutions. The notes are not
summaries of best practices nor do they propose new
principles or revisions to existing core principles.
Instead, they highlight key MFS policy and regulatory
issues and identify challenges to be addressed.
The definitions here are intended to complement
rather than replace similar MFS definitions drafted
by International Standard Setting Bodies (SSBs).
About AFI
The Alliance for Financial Inclusion (AFI) is a global network
of financial inclusion policymaking bodies, including central
banks, in developing countries. AFI provides its members
with the tools and resources to share, develop and
implement their knowledge of financial inclusion policies.
We connect policymakers through online and face-to-face
channels, supported by grants and links to strategic
partners, so that policymakers can share their insights and
implement the most appropriate financial inclusion policies
for their countries’ individual circumstances.

Learn more: www.afi-global.org

Alliance for Financial Inclusion

AFI, 399 Interchange Building, 24th floor, Sukhumvit Road, Klongtoey – Nua, Wattana, Bangkok 10110, Thailand
t +66 (0)2 401 9370 f +66 (0)2 402 1122 e info@afi-global.org www.afi-global.org
www.facebook.com/AFI.History @NewsAFI

AFI is funded by the Bill & Melinda Gates Foundation and administered by GIZ (German International Cooperation)