Issue guidelines to streamline procurement of third-party payment services by Tier 3 & 4 NBFIs – Tunka Institute to BoG

0

The adoption of digital business models, and with it, digital payments, accelerated tremendously during the outbreak of COVID-19 in Q1 2020. As at January 2020, active electronic money customers in Ghana were 14,130,350, with total transactions valued at GH¢30.2billion (data source: Fintech and Innovation Unit, Bank of Ghana). By January 2023, the number of active electronic money customers had sky-rocketed to 20,551,466, with transactions valued at GH¢130.05billion, a whopping growth of 62.69 percent (CAGR) over the 3-year period. Ahoy to financial inclusion, forward ever, backwards never. Except that there is still friction in parts of the financial market where digitisation matters most; micro-savings and micro-credit. That friction, in part, is caused by regulatory complexity. It may be fair to remark, however, that the temptation to sacrifice regulatory rigour in order to satisfy the need for financial inclusion may in itself exacerbate risks related to money laundering and terrorist financing. Further, a robust regulatory regime helps to mitigate systemic risks, something that is good for all – market actors, regulators, and policy-makers. Despite this, there are concerns about some aspects of financial sector regulations regarding digital financial services that are still not clear. A simple question should help clarify this concern. Question: is it permissible for Tier 4 NBFIs – for instance, micro-credit or Susu enterprises – to procure payment services from duly licensed PSPs, and utilise the latter’s technological platform to deliver digital financial services to clients? Those who may argue no would cite as reference, (a) Rule11(3) of the Business Rules and Sanctions for MFIs, (b) Section 7(2) of the Payment Systems and Services Act 2019, (Act 987), and (c) public alerts issued by the bank warning the unsuspecting public about the activities of certain errant (usually illegal) organisations. However, a critical review of the corpus of regulatory notices, directives and guidelines on the subject matter may suggest the need for further stakeholder engagement to sufficiently put to rest all doubts. This article is intended to achieve two objectives: (a) critically review and point out the tension between the letter and spirit of regulatory instruments on DFS; and  (b) to make recommendations on how to balance AML/CFT risks with financial inclusion in a way that is consistent with the size, business mix and complexity of NBFIs.

Review of DFS regulatory landscape

First things first; let’s start with definitions. What is Digital Financial Service (DFS)? Permit me to cite Bank of Ghana’s own literature – Disclosure and Transparency Directives for Digital Financial Services and Products provided by Banks, Specialised Deposit-Taking Institutions and Non-Bank Financial Institutions, 2022. In the afore-cited directive, DFS is defined as “financial products or services accessed and/or delivered through digital channels, including storing and transfer of funds; making and receiving payments; borrowing; saving; insurance and investment”. Digital credit is also defined as “a credit product or service that uses smart or feature phone technology, web platforms or any digital channel to register, score, approve and disburse”. By the way, these same definitions are reflected in the interpretations section of a related document – Disclosure and Transparency Guidelines for Digital Financial Services and Products Provided by Payment Service Providers, 2022. (Important information: both documents are exposure drafts; hence, the final version may differ in content, albeit not materially, we expect.)



It is important to note that using a purposive interpretation of Section (7)(2) of Act 987 as context, the emphasis of these definitions focuses on the electronic transfer of funds regarding savings, credit, insurance or investments, whether it relates to making or receiving payment. It is vitally important to make this point so as to clarify that the mere operation of a digital channel – for instance, website or mobile app – does not amount to providing Digital Financial Services, except if it involves electronic funds transfer between counterparties. With this foundation being laid, let’s now deal with the substantive question, which is: is it permissible for Tier 4 NBFIs, for instance micro-credit or Susu enterprises, to procure payment services from duly licensed PSPs and utilise the latter’s technological platform to deliver Digital Financial Services to clients?

Permissible or not permissible: decoding the text

The objectives of the Disclosure and Transparency Directives for Digital Financial Services and Products provided by Banks, Specialized Deposit-Taking Institutions and Non-Bank Financial Institutions, 2022 are:

  1. provide a framework to guide providers with regards to the disclosure of information pertaining to digital financial services and products […], and
  2. protect consumers of digital financial services and products by ensuring that institutions that provide these services, do so in a transparent and fair manner by disclosing to the consumers and prospective consumers all the information that is necessary to enable consumers make informed decisions.

Curiously, the scope of the directive’s application includes “non-bank financial institution licensed under the Non-Bank Financial Institutions Act, 2008, (Act 774)”. That means Tier 4 NBFIs too. More curious even, is the content of Notice No. BG/GOV/SEC/2019/16. The afore-mentioned public notice, titled Licensing and Authorization of Payment Service Providers, was issued by Bank of Ghana on September 12, 2019, which notice provided, inter alia, particulars concerning permissible activities for various categories of payment service providers. See Table for details.

Table: List of licensed payment service providers in Ghana

S/N Permissible Activities No. of Licensed Institutions
PSP Dedicated Electronic Money Issuer Issuance of electronic money, recruitment and management of agents, creation and management of wallet. Wallet-based domestic money transfers, including transfers to and from bank accounts, cash-in and cash-out transactions, investment, savings, credit products only in partnership with banks, insurance and pension products only with authorised insurance and pension companies  4
PSP Scheme Routing of payment transactions, authorisation and settlement request from merchants, acquiring and issuing banks 1
PSP (Enhanced License) Aggregation of merchant services, processing services, provision of hardware and software, printing and personalisation of EMV cards, inward international remittances services, merchant acquiring, POS deployment, payment aggregation 34
PSP (Medium License) Payment Gateway and Portals/Payment aggregation which is connected to Enhanced PSP. Training and support of merchants. Printing of non-cash payment instrument, development of market platforms, payment application/ solution for credit, savings and investment products in partnership with banks. 4
PSP (Standard License) A payment application solution/ development, merchant development platform, a payment solution 2
Payment and Financial Technology Service Provider Digital product development, delivery and support services,

credit scoring predictive analytics, AML/CFT centralised platform, fraud management services, know your customer (KYC) and customer due diligence (CDD) authentication services, permitted to connect to DEMIs, PSPs, banks and financial institutions

1

Source: Fintech and Innovation Unit, Bank of Ghana

Take note that the permissible activities for PSPs with Medium License include “payment application for credit, savings and investment in partnership with Banks”. Albeit it does not mention SDIs, it is reasonable to infer that SDIs are included given the tone and texture of the Disclosure and Transparency Directive for DFS Services and Products by Banks and SDIs, 2022 in the same vein that inference can be extended to cover NBFIs, albeit not mentioned therein. Here, then, is the third curiosity: currently, there are (and this is a fact) certain duly licensed NBFIs (Tier 4) that are using the services of licensed PSPs to provide Digital Financial Services. Stemming from the analysis presented thus far, pinning the liability on either the NBFI or the PSP for regulatory violation, seeing that the regulations (with its directives and guidelines) has a gap lacuna may not be entirely justified. This in no way excuses entities that are not duly licensed by the Bank of Ghana, and are providing Digital Financial Services with the assistance of licensed PSPs (see Figure 1). This second category, particularly the PSPs, clearly, are in breach of the Anti-money Laundering Act 2020 (Act 1044), and Bank of Ghana’s Anti-Money Laundering/Combating the Financing of Terrorism & The Proliferation of Weapons of Mass Destruction Guidelines, 2022, which enjoins them to conduct due diligence on counterparties before on-boarding. Ignorance of the law is no excuse. The real issue is what to do with the first category, the duly licensed NBFIs doing legitimate business and using the platform of a duly licensed Payment Service Provider who, for all intents and purposes, is not acting ultra vires judging by Notice No. BG/GOV/SEC/2019/16. The current state of affairs is understandable given the immense risk of money laundering and terrorist financing that DFS may introduce, especially for entities with weak corporate governance and risk controls. So how should policy-makers and financial sector regulators approach the question of AML/CFT risk management without decelerating the momentum toward greater financial inclusion? I proffer six (6) recommendations for further discussion. But first, let me summarise and recap the main arguments of this article:

  1. Due to the increasing volatility and uncertainty characterising global business supply chains, digitised business models – including electronic payment services – offer a pathway to efficiency optimisation by reducing transaction cost.
  2. This trend (digital payments) is even more crucial in the non-bank financial sector, particularly for MFIs that ply their trade at the bottom of the pyramid to oil the wheels of financial inclusion with capital and financial literacy education for low-income populations.
  3. From a regulatory standpoint, there are legitimate concerns about how to balance AML/CFT risks with financial inclusion outcomes for RFIs that provide Digital Financial Services. This notwithstanding, the corpus of regulatory tools that govern the DFS space is characterised by tension between the letter of the text and the spirit of it.
  4. The lack of clarity on the question of whether a duly licensed Tier 4 NBFI could procure third-party payment services from a duly licensed PSP must be addressed.

Policy recommendations:

  1. Third-Party Service-Level Agreement (SLA): The relevant units within the Bank of Ghana (OFISD, Fintech and Innovation Unit) should engage key stakeholders within the PSP and Tier 3, 4 NBFI nexus to fashion out guidelines that will govern SLAs related to Digital Financial Services.
  2. Compliance reviews by apex bodies: Per paragraph 2.7.5 of the AML/CFT Guidelines 2022, accountable institutions relying on intermediaries or other third parties service providers must ensure enhanced due diligence is performed. Apex bodies in the NBFI sector must take the lead in this enhanced due diligence process to develop a preferred supplier list, out of which their member-institutions could source third-party services related to payments.
  3. Regulatory disclosures: Implement a sunshine policy to promote market transparency. Section 42 of the Payment Systems and Services Act 2019, Act 987, empowers the Bank of Ghana to mandate prudential reporting by PSPs in a manner and format it deems fit. As part of its risk controls toolkit, the bank should direct all PSPs to publish the names of NBFI customers that are using its platform for Digital Financial Services. This will have a positive impact on market conduct.
  4. AML/CFT policy: All NBFIs that choose to provide Digital Financial Services must have AML/CFT policies as an integral component of their risk management framework.
  5. Enhanced supervision: Due to the high-risk situation posed by providers of Digital Financial Services, enhanced supervision by OFISD, though sector apex bodies, is reasonable and consistent with FATF recommendation 26.

About Tunka Institute

Tunka Institute for Policy and Program Evaluation is an independent non-profit, non-partisan research organisation dedicated to promoting evidence-based policy-making through rigorous empirical inquiry and dissemination of evaluative findings to the relevant stakeholders. Founded in 2015 as Rural Heights Foundation, it transitioned from being a direct social interventions platform to a policy think tank in 2017. The institute’s research and evaluation work focuses on three areas: monetary policy, financial markets, and private enterprise development.

The author is a research fellow at Tunka Institute.

Leave a Reply