Pitfalls in MFI Digitization: Overlooking the Regulatory Environment

Microfinance institutions (MFIs) that are in the process of digitizing often discover that regulations pose a whole host of unanticipated challenges to implementation, especially when regulations do not allow for some important part of a digital channel or product.

Part of the challenge has to do with regulatory uncertainty. Microfinance, by virtue of not being regulated in the same way as traditional intermediaries in the banking sector or being subject to different rules, is more susceptible to uncertainty about what may be allowed. This in turn increases perceived risks and creates organizational resistance and squashes innovation.

The challenge may also have to do with regulations not keeping pace with innovation. For example, digitization implies a departure from traditional ways of engaging with clients at fixed locations like branches and through personal interaction, on which legacy regulation might still be built. It also means changes in back-end operations such as increasing use of cloud services and APIs, which often fall afoul of regulatory restrictions.

There are also consumer protection issues at play. Digitizing has implications for how MFIs engage with customers and how they run their operations, which are both areas subject to regulatory provisions such as customer due diligence (CDD) rules and operational risk management.

Regardless of the scope or scale, digitization has to consider the regulatory environment in which an MFI operates. While MFIs need to digitize within the existing regulatory framework, there might also be cases where they want to play an active role in how regulations are shaped.

A pitfall in digitizing can be ignoring or pushing the limits without a proper understanding of regulations that are limiting the extent of digitization. In some cases, the pitfall can be interpreting regulations too conservatively, even when they allow MFIs to digitize more.

Below are three regulatory aspects of digitization that MFIs should consider to set themselves up for success and reach more low-income customers .

1. Remote onboarding

For MFIs to become more efficient and achieve scale, they must digitize their onboarding processes. This means replacing in-person ID verification, account opening, account maintenance and collection processes at brick-and-mortar branches with remote, digital onboarding, but this introduces regulatory complexity.

For anti-money laundering/combatting the financing of terrorism (AML/CFT) reasons, most jurisdictions have specific rules for conducting remote customer due diligence (CDD). MFIs must be clear on where their jurisdiction stands. For example, some countries might allow for remote onboarding of lower-tier accounts with stricter limits, while requiring customers who plan to make higher-value transactions to sign up for their accounts at a branch or agent location. The availability of a digital ID and its potential use in remote onboarding plays a crucial role in this.

Another important element to remote onboarding is the ability to fully integrate digital signatures and electronic file sharing. Some jurisdictions still require hard copies of onboarding documents and signatures instead of, or in addition to, electronic versions. In these situations, MFIs need to plan for physical document submission requirements in their outreach strategies to new customers and determine how accounts can be opened remotely.

2. Agent networks

Last year, CGAP published a paper detailing cases of MFIs that have successfully digitized various aspects of their businesses. All five of the MFIs we studied are using agent networks for delivering their services. This is no coincidence. Most people in emerging markets are paid in cash and frequently need to carry out cash-based transactions. Even if highly digitized in their customer interactions, MFIs still need physical touch points to enable their customers to cash-in and cash-out to meet their needs. Agents have proven viable where costlier branches are not and have helped MFIs become more efficient and achieve scale.

However, regulations across the globe do not uniformly permit the use of agents. As an MFI, one of the first questions to ask when considering digital services is: Are MFIs allowed to have agents in our market? If the answer is yes, other questions remain: What can the agents do and not do? For example, are they able to onboard customers? What are the rules around agent exclusivity? For example, must MFIs have proprietary agents, or can agents be shared? Who is eligible to become an agent? Do regulations allow for different levels of agents, including the use of agent network managers to recruit and manage agent networks?

3. Cloud computing and open APIs

MFIs looking to maximize the technologies available to them will invariably look into cloud computing. With cloud computing, MFIs have an opportunity to procure cloud infrastructure on a private, community or public basis depending on their resources, risk appetite, aspirations and regulatory context. Cloud computing can provide MFIs with cheaper and less demanding options to scale and adapt products to customer needs.

Data security, privacy and compliance are the main risks that concern regulators around cloud computing. If using cloud-based services is part of your MFI’s digitization strategy, take care that you understand the regulator’s position on data localization. Some regulators are requiring financial providers and their third-party partners to store all operational data, especially customer data, in the country of operation because of concerns about data security and privacy. Whether those concerns are well-founded is irrelevant. MFIs must plan for and abide by the rules.

An MFI looking to open APIs to grow its agent network, expand its customer base, increase activity rates or generate new revenue streams should confirm that data security and privacy rules in its jurisdiction allow it to do so. It is also important to understand the terms and degree of data aggregation and customer consent that is required. Some of these rules might be set by other authorities than the financial regulator (e.g., by a data protection authority or the authority in charge of cybersecurity).

The importance of engaging with regulatory authorities

The regulatory issues associated with digitization may seem daunting and hard to navigate. But by understanding the relevant laws and regulations and engaging early with authorities, MFIs can avoid expensive mistakes  like procuring technology that cannot be fully exploited or forming partnerships that do not deliver value to the business or its customers due to regulatory limitations.

Sometimes the rules are not clear, do not exist or are downright prohibitive. In those instances, MFIs should use the structures available to them to push the boundaries and gain a stronger voice in shaping the regulatory environment. Regulators have become increasingly open to dialogue with providers, and MFIs should take advantage of the opportunity to engage with them.

Losing sight of the regulatory environment is a common pitfall in MFI digitization, but it is not the only one. To learn about other common yet avoidable issues, see the other posts in CGAP's blog series, "Pitfalls in MFI Digitization: What They Are and How to Avoid Them." Also see our publication, “Digitization in Microfinance: Case Studies of Pathways to Success,” which offers an in-depth look at the journeys of MFIs that have digitized successfully.