It’s Time to Deregulate Agent Cash In/Cash Out
Regulations allowing banks and nonbank e-money issuers to appoint agents have been in place for a decade in quite a few countries. These regulations were often inspired by Brazil’s experience dating back as far as the 1970s. In 2006, for example, India first adopted its “business correspondent” (agent) regulations. Many countries’ original regulations, such as India’s, envisaged agents performing multiple branch-like functions, including sales, account opening and cash in/cash out (CICO).
The early thinking on this was grounded in a mindset that agents are like extensions of bank branches. CGAP even used the term “branchless banking” for a time. The original mindset meant that regulations focused on holding the principal, often a bank or nonbank e-money issuer, responsible for the actions of agents. But the regulations often went further by outlining the eligibility criteria for becoming an agent (such as being a registered business) and requiring prospective agents to submit financial statements and other paperwork.
The early approach was understandably cautious, but the financial inclusion community has learned a lot about agents over the past decade. It’s time to recalibrate. It has become more evident that. Below are three learnings about agent operations that imply different levels of risks and support the deregulation of some categories of agents.
The risk of agents misappropriating customer funds is lower than many had feared
One early concern of regulators was that transactions outside of banking halls, between agents and customers, would create greater opportunities for misappropriation. This concern has been largely allayed by the fact that customers complete transactions in real time and in an exchange with the agent’s own account funds (prefunding). For example, to cash in, a customer hands over cash and the agent moves the electronic value to the customer’s account, subtracting the sum from his or her own account. The opposite flow of cash and electronic value happens when a customer cashes out.
Where customers are well acquainted with agents and CICO occurs in real-time, the risk of misappropriation is reasonably low because neither the customer nor the agent holds each other’s funds. The risk is especially low when redressal avenues are in place.
Agents that perform only CICO are in a much lower risk category
In some countries, agents focus primarily on CICO transactions. For example, many agents in Tanzania and Bangladesh do not market credit products or other services on behalf of providers. E-money issuers sell their products using banners, call centers, SMS and other mass market tools. In other countries, only a subset of agents open new accounts for customers. The reality is that there is a variety of important agent functions, and it is helpful to segment agents by the functions and risks they present.
Agents who do only CICO (Tiers 3 and 4) carry low risk since they transact on their own prefunded accounts and in real time. Therefore, regulation for this type of agent should be lighter and proportional to its low risk. In many markets, agents have been present for years, and customer education is well established. Many of these agents are required by their principals to ensure transactions are transparent, to display printed materials on fees and customers’ rights and to ensure a viable means of redress. Yet even these obligations to the principal may be less and less useful as customers gain experience and learn which agents they trust with regular service.
Agents have limited power to assist with AML/CFT
The principal is the account issuer and, therefore, has primary responsibility for anti-money laundering and combatting the financing of terrorism (AML/CFT) on the accounts they issue. For example, the opening of accounts is approved by the principal, though agents may assist. Many principals require agents to bear significant responsibility in properly identifying customers when they open new accounts. Yet some regulatory regimes go further and imply that agents must help principals to report suspicious transactions and undertake proper identification of the account holders and beneficial owners, obligations informed by the global AML/CFT standards set by the Financial Action Task Force. Experience shows this is impractical and unrealistic in many markets.
As a practical matter, many agents don’t perform the full array of branch-like functions that regulators thought they would; they do only CICO. As a result, they see only the CICO transactions completed at their own outlets. Most transactions are done with two-factor authentication (e.g., a phone plus a PIN). In this common scenario, the agent is not responsible for authenticating the customer; this is done with the principal confirming the phone and PIN digitally.
The important point is that agents doing only CICO are of limited practical utility to the policy makers and principals who bear the heavier burden of AML/CFT. CICO agents are not very useful for enforcing AML/CFT. Most of the power lies with the principals who can track and monitor the wide range of transactions that pass over their platforms.
Should we deregulate CICO?
Most regulations limit CICO to agents who act on behalf of a principal. This approach, considered necessary a decade ago to ensure principals would oversee the functions of agents, is harder to justify in today's more mature markets. The risks associated with CICO are extremely low. Why can't a small shop or individual decide on their own to take up the role of providing CICO services? What is the regulatory justification for requiring CICO be done only by an agent chosen by the principal, rather than on one’s own initiative?
Despite regulatory resistance, a new application in India called Fundu is trying to offer cash-out by individuals independently as agents. Could services like Fundu open new opportunities for individuals or businesses to offer basic services that do cash-out? Will new, more efficient business models emerge by lightening regulations and allowing such services to be done as an independent business, rather than under an agent contract? Given what we have learned so far, we think the likely answer to these questions is yes.
We are not the first to propose deregulating CICO, but enough global experience has been accumulated for thoughtful policy makers to embrace deregulation.
Compliance obligations for CICO payment service agents are not strict like the banking services. The agents have very limited information about the customer. Rather the service providers have identity and transaction related information of the customers which enable them to analyse suspicious transaction.
However, the CICO agent must identify the customer 'properly' and pass the information to the service provider. Otherwise, service providers can't do the necessary monitoring. But, Anonymous Transaction poses a major ML/TF risk for MFS in many countries including Bangladesh and agents are knowingly involved with it through direct deposit and operating multiple personal wallets. Analysis by FIU shows that MFS is used for transfer of proceeds of crime and agents themselves are involved with it.
Secondly, agents come across face-to-face contact with the customers as well as a big portion of the customers and agents live in the same locality and know each other. So, agents have some additional information about the customers and they can provide suspicious activity/transaction related information to the service providers. FIU have received some STR originated MFS agents in Bangladesh. So, the expectation is not wrong.
So, arguments for deregulation of CICO agents theoretically sounds good, but practical scenario is different. The minimum compliance obligation for MFS agents should be:
a) Proper authentication of customer during Cash In and Cash Out;
b) Minimum background check of agents before agency contract; and
c) Send suspicious transaction/activity report to the service provider.
Branchless or Agent banking have higher transaction limits than MFS. Customers can open account, make deposit (including online deposit), withdraw money, receive remittance, transfer money from Agent point through bio-metric authentication. Even the same customer can take full banking services from the bank branch. So, FIU seek opinion about simplified KYC for agent banking customers, but commercial banks oppose it considering full access to banking services of those customers.
Rashed, I think you are making some good points. I have some questions:
1. With two factor authentication of MFS (Phone + PIN),this is only known and checked by the provider and not by the agent. So I am not sure what you mean when you say the agent must "identify" the customer. The agent is not privy to the authentication, that is only done by the provider.
2. Regarding suspicious transactions, the agent may know suspicious PEOPLE in their area. But the agent would not see electronic deposits or withdrawals from accounts. Or money moving across the country. Agents would only see cash in and out from their one shop. So they can identify suspicious individuals but are not so well equipped to spot transaction patterns.