Page 64 - ITU-T Focus Group Digital Financial Services – Recommendations
P. 64
ITU-T Focus Group Digital Financial Services
Recommendations
Title of recommendation Demarcation of provider liability
Working Group/Work Stream Consumer Experience and Protection
Theme General
Audience for recommendation Regulators
Regulators should delineate situations in which DFS providers are liable for outcomes that negatively affect con-
sumers, including, but not limited to: Acts and omissions of agents, employees, and third-party service providers
(e.g. agent network managers), including cases of fraud; loss or harm due to network issues such as network
downtime; and fraud related to DFS systems/platform, including system or data breaches.
To promote an enabling DFS environment, regulators should clearly define and enforce provider liability for
negative outcomes that affect consumers, including losses due to fraud, staff, or agent misconduct, and network
and security issues. This is emphasized in the G20 High-Level Principles on Financial Consumer Protection,
13
which cite the need for strong and effective legal, judicial and/or supervisory mechanisms to protect consumers
from fraud, abuse, errors, and enforce sanctions for such misconduct.
Customers may sustain losses from agent misconduct, such as agents charging extra “informal” fees, and from
employee misconduct, such as unauthorized access to account data and identity theft. Quality of service (QoS)
issues such as network downtime also open the door to losses due to fraud and erroneous transactions. For
example, when a network is down, a customer may leave money with an agent to complete the transaction
later, increasing the risk of agent mishandling. Less sophisticated or secure systems and equipment also
present QoS issues with the potential for loss, for example, inadequate encryption standards may expose
users to identity theft.
Regulators should hold DFS providers liable for losses due to acts or omissions of their agents, employees,
network quality, and third-party service providers they engage with. For example, when DFS providers are
liable for agent wrongdoing, they will have increased incentives to monitor their actions. Agents in turn will
have incentives to act appropriately if they will be held accountable to the provider for losses due to their
misconduct. Where multiple players are involved in different aspects of a DFS transaction, regulators should
ensure that the primary service provider is liable for customer losses, and that service provider may work out
alternative liabilities with third parties with whom they contract.
Bangladesh Bank’s agent banking guidance , for example, spells out various technical and data security
14
requirements (e.g., real-time processing, end-to-end encryption) for agent banking transactions to help ensure
secure and reliable QoS. The guidance requires banks to submit copies of agreements signed between banks
and their agents before launching a new product and specifies that banks must bear all the liabilities that arise
from any improper action on the part of their engaged agents.
14 Guidelines on Agent Banking for the Banks https:// www. bb. org. bd/ aboutus/ regulationguideline/ psd/ agentbanking_ banks_ v13.
pdf
58
