ITU-T Focus Group Digital Financial Services
                                                      Executive summary



               network downtime or system error. They may experience dishonest agents and question the safety of their
               funds when agents lack sufficient liquidity to facilitate cash-out transactions. Even if they trust their local
               agent(s), network downtime and agent liquidity problems may prevent them from accessing their funds when
               needed. In addition, poor literacy may leave them more susceptible to fraud. The lack of high-speed mobile
               data access in rural areas also leaves those with data-hungry smartphones with a poor DFS user experience.
               Efforts by authorities in many markets to combat the proliferation of fake or fraudulently registered phones
               also impact the reliability and safety of DFS for low-income customers. The trend by authorities to switch
               off mobile phones with fraudulent or stolen international mobile equipment identity (IMEI) numbers could
               deprive users of access to their DFS funds until they purchase a phone with valid IMEI numbers.  In addition,
                                                                                               43
               phones lacking proper IMEI numbers may prevent MNOs from performing over the air (OTA) remote setup
               of phones for DFS use, which can impact DFS access via bearer channels and UIs such as wireless application
               protocol (WAP), general packet radio service (GPRS), and enhanced data for global evolution (EDGE).

               When customers face these issues, they may be unsure of where to turn for redress. For example, M-Shwari is
               a DFS account that is branded and marketed by an MNO (Safaricom) but formally issued by a bank (Commercial
               Bank of Africa, CBA). In cases like these, customers may be unaware of who formally issues the product and
               to whom they should complain in the event of a problem. 44

               One way for authorities to improve consumer confidence in DFS reliability and safety is to clearly assign
               liability and responsibility among providers and consumers. For example, authorities should clarify that
               DFS providers are liable to customers with respect to: (i) harm caused by acts or omissions of their agents,
               employees, and third-party SPs; and (ii) loss/harm due to network issues such as network downtime. They
               should hold DFS providers liable for fraud related to issues with DFS systems, platforms, staff, and agents,
               while holding consumers liable for fraud due to their own negligence, such as sharing personal identification
               numbers (PINs). In addition, they should regularly review provider-customer contracts to ensure compliance
               with relevant laws and to identify and prohibit the use of unconscionable or unfair terms.

               Consumer trust can be further strengthened through the development of effective recourse mechanisms
               that are properly disclosed to consumers. Authorities should ensure that DFS providers establish free,
               effective internal complaints handling mechanisms that are available in all commonly spoken languages in
               the jurisdiction and accessible via multiple channels. They should also require that DFS providers use multiple
               channels to inform consumers of: (i) their right to file a complaint; and (ii) the internal and external recourse
               mechanisms available to them.

               Authorities can also require DFS providers to take steps to improve the reliability and ensure the safety
               of DFS. Telecommunication authorities should establish QoS standards for DFS networks, platforms, and
               other technical elements in consultation with financial authorities and with the input of DFS providers and
               other stakeholders. They should also monitor telecommunications infrastructure to identify vulnerabilities,
               particularly in markets with high DFS uptake and usage. Financial authorities should ensure that DFS providers:
               (i) have robust system security and policies and processes in place for fraud detection, management, and
               mitigation; (ii) properly train and monitor agents; (iii) take steps to safeguard customer funds, including full
               liquidity backing, isolating and ring-fencing funds, and protection against loss in the event of bank failure; (iv)
               implement transaction verification measures to mitigate the risk of loss of funds due to mistaken transactions;
               (v) maintain secure vendor infrastructures, payments infrastructures, and user application interfaces; and (vi)
               establish and implement effective security risk management frameworks. Furthermore, authorities should
               establish bilateral or multilateral MoUs to ensure proper coordination in preventing and responding to security
               incidents and breaches.








               43   Perlman, Leon (2017), Access at the Frontline (forthcoming).
               44   In the case of M-Shwari, the terms and conditions state that customers should address complaints to CBA but should use Safa-
                  ricom’s retail shops to do so. See Commercial Bank of Africa, Terms and Conditions for the Opening and Use of the M-Shwari
                  Account, https:// www. safaricom. co. ke/ images/ Downloads/ Terms_ and_ Conditions/ M- SHWARI_ TERMS_ AND_ CONDITIONS. pdf.



                                                                                                       13