As with conventionally delivered financial services, consumers using branchless banking services face risks and challenges as well as benefits. Transformational branchless banking heightens the consumer-related concerns of regulators and supervisors, because it combines the use of agents and technology-enabled devices to serve large numbers of less-educated and inexperienced customers, potentially in a short period of time.
However, even in markets where they have achieved massive scale, the benefits of such innovative models seem to outweigh the risks for consumers so far. Consumer protection regulation of this sector should obey two principles: proportionality and effectiveness. But how can these goals of proportionality and effectiveness be achieved? What priorities and trade-offs should policy makers, regulators and supervisors focus on? This paper seeks to shed light on these questions, drawing on insights gained from recent consumer experience research and studies of the regulatory and institutional setup for financial consumer protection in four countries - Brazil, India, Kenya and Peru - and the experience of other countries - the Philippines, South Africa, Russia, Colombia and Mexico. Since each country context calls for a customized approach, we do not prescribe uniform measures; rather, we discuss policy objectives and the regulatory options available to achieve such objectives.
Which Concerns Trigger Consumer Protection Regulation in Branchless Banking?
From a regulatory and supervisory perspective, the key risks of branchless banking derive from the extensive use of outsourcing - more specifically the use of agents  - and technology-enabled devices. The risks of outsourcing can be classified as falling into one of four categories: strategic risk, reputation risk, compliance risk and operational risk. These four risks offer a framework for how regulators and supervisors can assess new businesses relying on outsourcing and having potential to scale up rapidly.
Some regulators may perceive that financial services delivery though branchless channels and non-bank providers is higher risk than traditional banking. In the M-PESA case in Kenya, an innovative business emerged and scaled rapidly in a safe manner in the absence of an elaborate consumer protection framework. This challenges the premise that substantial consumer protection rules are a precondition for healthy development of branchless banking. The Kenya case suggests that there can be providers that have their own (non-regulatory) incentives - such as reputation and the need to build trust in the market for a new service - to act responsibly. However, as the market grows, the number of users accelerates, sometimes very rapidly,  and new providers emerge. Thus, the case for regulation becomes more compelling. It is necessary to set common minimum standards for a variety of providers offering similar services and to encourage the emergence of a healthy competitive market.
Balancing Innovation and Protection: Policy Objectives and Regulatory Options
The consumer issues identified in our research correlate with seven policy objectives: protecting client funds held as electronically stored value; ensuring safety and reliability of services; reducing opportunities for agent fraud and other harmful conduct; ensuring clear and effective disclosure; protecting clients' personal information; ensuring clients have knowledge of and access to effective redress and complaint procedures; and keeping providers liable for agents' compliance with regulations. The priorities, as well as the approach to implementation of regulatory and non-regulatory measures to achieve each objective, will differ from country to country, according to the emerging models and types of services being offered, the prudential framework, the level of financial system development and the alternatives currently available to low-income and unbanked consumers.
1. Protecting Client Funds Held as Electronically Stored Value
In emerging branchless banking models, non-banks may collect funds in exchange for electronically stored-value, without being subject to the full range of prudential rules imposed on banks. Also, client funds may sit in a bank account but receive different regulatory treatment than deposit accounts.  To safeguard client funds, regardless of the country context, any regulation should provide simple and clear rules that ensure:
a. Liquidity of Funds: Examples include requiring providers to keep the equivalent of the outstanding electronic value issued in a bank account; limiting investment of the funds to low-risk, highly liquid assets; and prohibiting use of the funds for purposes other than withdrawals and transfers according to customer request.
b. Ownership of Funds: This could include requiring the accounts where funds are deposited to be individual accounts in the name of the customers or pooled trust accounts to the benefit of the customers; prohibiting providers from pledging the funds as collateral; and offering legal protection against other creditors in the case of insolvency of the issuer or the bank where the funds are deposited.
2. Ensuring Safety and Reliability of Services
Evidence from the four country studies suggests that technical failures are not a major issue in branchless banking. Less than 5 percent of consumers surveyed in Brazil reported having made errors or had a payment or deposit not processed, and 1 percent of users in Kenya report having lost money when sending it to someone else.  Nor does lack of cash at cash points appear to be a widespread problem at this time, according to our in-country studies. Regulations to ensure safety and reliability vary greatly by country, including requiring real-time, online transactions or next day deposit in a bank any cash received by agents. Regulation should require providers to ensure reliability, continuity and safety of their services and channels while refraining from prescribing specific technology, systems and procedures, as such prescriptive rules can create complexity, rigidity and even confusion amongst users and agents.
3. Reducing Opportunities for Agent fraud and Other Harmful Conduct
In all countries reviewed for this publication, cases of agent fraud and misbehavior were evident, although at relatively low levels of incidence. Two effective measures to help reduce fraud and other harmful conduct are to require providers to screen, qualify and monitor their agents and enact regulation that holds them liable for agent compliance with applicable regulations. Even if the regulation is not explicit on this aspect, it can be an important incentive for providers to screen and monitor agents, as well as answer consumer claims arising from agent transactions and acts even when agents behave fraudulently (excepting cases of "fake agents" not authorized by the provider).
4. Ensuring Clear and Effective Disclosure
Transformational branchless banking can exacerbate information asymmetry when it involves multiple entities that charge separate fees for their services. This makes it challenging for customers to figure out the final costs of a financial transaction. Approaches to making sure pricing, key terms and recourse channels are clearly and effectively disclosed include the following:
a. Pricing Transparency: Brazil and Mexico prescribe specific rules for price transparency at agents (e.g., agents should post signage with fees), whereas in India and Peru, such standards are set in general consumer protection regulations. In India and Brazil, agents are prohibited from charging fees directly to customers, though banks may charge more for agent transactions, in comparison with branch transactions, so long as the customer is informed. Regulations should require contracts to be as short and simple in language as possible and to include all fees and charges.
b. Key Terms and Product Features: Regulators also should consider how providers communicate product features to their clients, especially in the case of electronic stored-value services. If the customer loses the device, this may lead to loss of the funds in some models but not in others. Regulators should be aware of these differences when creating disclosure rules.
c. Agent Affiliation and Recourse Channel: In Peru, Brazil, Colombia and Mexico, agents must disclose their status as an agent of a licensed financial institution. This is done through signage posted at agents and printed marketing materials, as well as in-transaction receipts that contain information about each transaction. This disclosure helps consumers identify the responsible entity when problems arise, thereby facilitating complaint filing.
5. Protecting Clients' Personal Information
Branchless banking presents a set of unique challenges for protecting client privacy: transaction and personal data transmitted through means such as mobile phone networks; handling of data by third parties such as agents; remote access by customers and financial institution employees; and many consumers' lack of education and experience with formal financial services and technology may all raise data security risks. Data privacy and bank secrecy regulations in developing countries exhibit a patchwork of rules issued by a variety of agencies with overlapping jurisdiction and oversight in areas, such as bank secrecy and data privacy regulations and their applicability to agents. 
While regulation will not eliminate security risks of branchless banking, there are several important steps regulators should take to limit risks: hold providers responsible for data privacy and liable for privacy breaches and misuse of customer data; and hold agents accountable, although the provider should be primarily responsible for addressing consumer grievances in this area. But regulation should be technology neutral, since imposition of specific standards and protocols in a rapidly evolving industry is likely to hinder innovation. Supervisors should evaluate the provider's risk management and mitigation systems and its procedures to handle cases of privacy and security breach.
6. Ensuring Clients Have Knowledge of and Access to Effective Redress and Complaint Procedures
Even when providers are compliant with consumer-related regulations and offer out-of-court complaint and redress procedures, consumers may face barriers in getting a problem resolved. Available recourse mechanisms may not be effective, convenient, widely publicized or affordable. Problems can be exacerbated when the customer interface is done exclusively by third-party agents, and customers are less educated and experienced in the use of formal financial services. Holding providers liable for complying with applicable regulations when they use agents is an important step for ensuring adequate redress, but it is not sufficient. Regulations can set minimum standards for internal dispute resolution channels and procedures, and some standards will need to be tailored to branchless banking. For example, modes of redress should be consistent with modes of transacting. If the only client interfaces are mobile phones and agents, customers should be able to use these channels to file complaints.  Each transaction should also produce an electronic or paper-based receipt, which can be used to document complaints for purposes of internal dispute resolution or in the courts or alternative dispute resolution mechanisms.
Minimum requirements for publicizing redress mechanisms can also be set by regulation (e.g., requiring agents and other transaction points to post prominent signs with the provider's customer service number and other means for making inquiries and filing complaints). Attention should also be given to potential lack of clarity regarding the applicability of recourse standards, especially when the provider is a non-financial firm. For example, mobile network operators offering financial services may claim that a regulation issued by a financial consumer protection body - as opposed to a telecommunications regulator - does not apply to them regardless of the type of service being offered. Also, even if there is clarity regarding applicability, some pre-existing rules may need clarification when applied to branchless banking. For instance, if the legal text requires disclosure of redress channels at "bank premises," does this include agents? Lastly, supervisors should be able to evaluate and require improvements in complaint handling policies and procedures of firms under their supervisory scope.
7. Keeping Providers Liable for Agents' Compliance with Regulation
The seventh policy objective is a fundamental, overarching one that, if achieved, facilitates implementation of the six objectives described so far. Since many transformational branchless banking models rely on agents for customer interface, it is necessary to ensure that providers comply with applicable regulations when using third parties, just as if the services were rendered directly by the providers. Legal liability for agents simply means limiting opportunities for providers to circumvent applicable regulations, including conduct-of-business rules. In Brazil, regulations hold financial firms "fully responsible for services provided by agents,"  while Colombian regulation holds the provider "fully responsible to the client, for the services offered through the agent."  This type of regulatory provision intends to clarify that there is one single legal provider of the services, even though third parties are involved in service delivery. Failure to hold providers liable for agent compliance may hinder regulators' ability to achieve the policy objectives discussed in this paper, as implementing rules for protecting customers when third parties are involved in service delivery becomes challenging in practice. Lack of liability essentially shifts the burden for monitoring agents from the supervised entity to the supervisor and consumers.
Some Thoughts on Legal Authority for Enforcement
Few of the policy objectives and regulatory measures mentioned can be pursued or implemented effectively without the legal authority to regulate and supervise branchless banking providers - particularly non-financial firms, such as mobile network operators and technology companies that transmit or manage transaction details. Some emerging models may fall within a gray area between those sectors subject to supervision by a financial authority and those not. Yet regulators should monitor market developments, focusing on types of services rather than on types of entities, and take action as necessary to ensure similar rules are applied to firms providing similar services. In some jurisdictions, the regulator will also need clear authority to issue and enforce consumer protection rules in financial services. This is particularly important to limit overlapping or unclear authority, which creates opportunities for undesirable business practices and can potentially cause supervisors' actions to be questioned by providers.
Conclusion and New Frontiers
There is no single regulatory approach to consumer protection that will work in all contexts, and none will fully eliminate risks. The evidence to date shows that the benefits of branchless banking far outweigh the risks, and they can even reduce shortcomings commonly associated with informal providers, such as loss of customers' funds or service discontinuity. This calls for a balance between allowing innovation that increases financial access and ensuring a minimum level of consumer protection. Based on insights gained from diverse country contexts, this paper has identified seven priority policy objectives to guide consumer protection regulation in transformational branchless banking. This includes one overarching policy objective - holding providers liable for compliance with applicable regulations when using agents - that can affect the ability to use regulation to reach other objectives. In all cases, when creating new rules, regulators should obey two principles: proportionality and effectiveness.
However, we should also caution that regulation and supervision are not sufficient on their own to deal with all consumer protection problems in branchless banking. For example, some problems are rooted in consumers' lack of understanding, knowledge and awareness with regard to financial service mechanisms. Well-targeted initiatives to improve financial capability and increased awareness can play an important role in reducing risks for consumers and increasing effectiveness of regulatory action. There are also several "next-generation" consumer protection regulatory topics in branchless banking that require further research and experimentation, including customer mobility, cross-selling of services, product suitability and deposit insurance in non-bank e-money issuing. This future regulation and supervision agenda will need to be informed by analysis that quantifies and explores in more depth the behavior and perceptions of branchless banking consumers, and the nature, incidence and consequence of the problems they face in different markets.
 The word "agent" is used in this Focus Note to include any type of outsourcing of client interface activities to third parties, be it through a formal agency relationship, a joint venture or other type of business arrangement.
 M-PESA users, for example, grew from 0 to over 12 million in less than four years, rapidly surpassing the total number of bank account holders in Kenya.
 The services referred to in this section may be called e-money in some jurisdictions, but there is no broadly accepted definition of e-money. This section focuses on account-based services provided by non-financial firms (i.e., funds that are entrusted by users to a non-bank entity to be converted into electronic value linked to an account issued by the non-bank), as well as models where the accounts are issued by banks, but the funds are not considered bank deposits for regulatory purposes.
 Collins, Daryl 2010. "Consumer Experience in Branchless Banking." Presentation at the III Windsor Global Leadership Seminar in Regulating Transformational Branchless Banking. Oakley Court Hotel, Windsor, United Kingdom, 8-10 March
 Lyman, Timothy, Mark Pickens, David Porteous. 2008. "Regulating Transformational Branchless Banking: Mobile Phones and Other Technology to Increase Access to Finance." Focus Note 43. Washington, D.C.: CGAP/DFID.
 Although physical distance between the legal service provider and the customer may exacerbate weaknesses in redress, agents in some instances may play an important and positive role in customer care. One common way complaints are reported to Safaricom is through M-PESA agents, who often present the complaint by phone on behalf of the client. M-PESA agents were also found to be resolving client complaints and problems directly. In such cases, the complaints never reach the provider's customer care service.
 Resolution CMN 3110/2003, Art. 3.
 Decree 2233/2006, Art. 3, 1.