You are on page 1of 23

Evolution of Mobile Banking Regulations

Arvind Ashta1
Burgundy School of Business (Groupe ESC Dijon-Bourgogne), CEREN, CERMi
29 rue Sambin, 21000 Dijon


Legislation takes place slowly and incrementally, much like evolution. Ideas in one field get
transferred to others. New innovations create new mutations and new fusions take place with
apparently dissimilar partners creating a need for other adaptations. Such a fusion is now
occurring between the banking industry and the telecommunication industry, creating a
concept called mobile banking, which would enable transaction cost reduction and increase in
outreach to enable poor unbanked people to access micro financial services. This fusion is
necessitating a change in the regulatory institutional environment to accommodate and adapt
to this fusion. This paper studies the evolution of the mobile banking regulations in five zones
(Kenya, South Africa, Philippines, India and European Union) in different stages of economic
development and offers possible reasons for such differing evolutions. The reasons are
couched in terms of loss aversion of regulators of developed economies and the spread of
regulations internationally, by imitation, to nurture an enabling environment to permit
innovation to succeed. Future research directions are also indicated.

Keywords: microfinance, telecommunications, evolutionary economics, regulation,

institutions, loss aversion,
JEL : E4, E5, G21, G29, K00, K2, D72

My thanks to Banque Populaire for financing the Microfinace Chair of the Burgundy School of Business. This
paper was presented at the Journe de recherch CEREN-CERMi on 18th March 2010 and I would like to thank
Claude Gnos, Jean-Michel Servet, Marek Hudon and Christine Sinapi for helping us further deal with these
comments. I would like to specially thank Martina Rani Kopala of Vignana Jyothi Institute of Management,
Hyderabad, India for her encouragement and company in the initial stages of this research and understand her
decision to withdraw from this owing to many other commitments.

Evolution of Mobile Banking Regulations

INTRODUCTION: Microfinance boosted by Mobile Banking

Evolution takes place slowly and incrementally. Ideas in one field get transferred to others.
Unmet needs lead to new inventions and innovations and these create new economic
relationships. New mutations and new fusions take place with apparently dissimilar partners
creating a need for other institutional adaptations. Such a fusion is now occurring between the
banking industry and the telecommunication industry, creating a concept called mobile
banking. This sector is being constrained by the slower development of regulatory framework
owing to conservatism and loss aversion.
One such unmet need was the inability of banking services to poor people, which led, first to
the development of microfinance (Yunus 2003; Armendariz and Morduch 2005).
Microfinance is the provision of financial services (savings, credit, payment mechanisms) to
poor people. This microfinance sector has been growing at 30% per annum over the last few
decades and has become a possible source of hope to drive out poverty, combined with many
other governmental and NGO actions. However, the sector has touched less than 200 million
people, (at best 1 billion people considering a family size of five). There are probably 4
billion unbanked 2 people in the world and the others are still waiting for microfinance to
arrive to their doors. A second area of concern is that the small transaction size entails high
proportional costs to the poor (Shankar 2007; Ashta 2009). For example, worldwide
microcredit rates were as high as 28% in 2006 (Rosenberg et al. 2009). It is hoped that
technology will help to increase outreach as well as reduce operating costs (Ashta In Press).
One such technology is mobile banking (Bhavnani et al. 2008).
There are an estimated 4 billion people with mobile telephones. Of these, 2 billion are
unbanked. It is expected that mobile banking could drive down the cost of delivering financial
services to these people. For the poor, savings have a huge impact because they provide

The unbanked are people without formal bank accounts who operate in a cash economy; they are
limited in their ability to take out loans, maintain savings, or make remote payments, and these
constraints can inhibit their economic opportunities Mas I (2008) Realizing the Potential of Branchless
Banking: Challenges Ahead. In: Focus Note 50. Consultancy Group to Assist the Poor (CGAP),
Washington, D.C..

interest income, consumption smoothening and also constitute a less risky alternative than
borrowing to financing asset-building activities (Dowla and Alamgir 2003).
Governments may also be interested in developing mobile payments as a stakeholder in
Government to consumer payments of minimum social security which a lot of developing
countries have introduced in the last decade (Pickens et al. 2009). Mobile payment facilities
would considerably reduce the costs compared to dispensing cash for such transfers, including
time spent by poor people in travelling to the payment point, queuing, cash dispensing,
identity checks at the time of each payment, record keeping and fraud. In addition, there
would be no need for overhead expenses in creating payment points and staffing them.
Mobile banking has already started in a number of countries(Lyman et al. 2008). The
forerunners have been Kenya, Philippines, South Africa and India. Two different models
seem to be emerging. One is the bank led model and the other is a telecom led model.
Essentially, in the former, the bank is the mobile banker and the platform. In this model, the
telecom is just an agent of the bank. However, in the telecom-led model, the value is stored
directly with the telecom operator. Although the telecom may be required to store aggregate
value with a bank to respect prudential norms, the last mile connection belongs to the
operator. Thus, both banks and telecoms are lobbying in different countries to be the leaders
in mobile banking, in order to capture the client base.
As indicated in the table below, South Africa and India have opted for a bank led model,
whereas, Kenya has a telecom led model. In Philippines, we see the coexistence of bank led
and telecom led models. Bank led models have emerged in Kenya also. Since Telecoms
cannot accept deposits and pay interest, they can informally offer only prepaid stored value
features which permit making transfers and payments (Mas and Rotman 2008). As indicted
earlier, savings channels are very important to poor people, even if they do not provide
interest, because they permit consumption smoothening, future investment and increased
security (than the mattress). Thus, secure stored value accounts of telecom operators are
snatched up .


Model (led Service





Stored Value


Philippines Telecom

Stored Value


Philippines Bank


















As technology changes and a new economic activity evolves, in different models depending
on country environments, different legislative accommodation and adaption responses take
place. The study of economics as an evolutionary science probably started with Veblen
(Veblen 1898) and today there are many different streams of evolutionary economics such as
Universal Darwinism, Schumpetarian, neo-Schumpetarians and Naturalistic approaches (Witt
2008). "Evolutionary theories of institutional change try to capture the idea that there is a
diversity of potential and actual institutions, which allows for their selection. Moreover, new
institutions arise, often unplanned, through innovation, regrouping of individuals, or
integration of different levels or scales of human organization (local to international). Often
this happens in response to changes in other areas of the economy or even the environment"
(Van Den Bergh and Stagl 2003). Evolutionary economists propose a two way interaction
between technologies and institutions (Pelikan 2003). In this paper, we look at one technology
and one aspect of institutions (regulation).
We contend that the slow pace of technological diffusion is constrained by enabling
legislation and that this is related to loss aversion (Kahneman and Tversky 1979). Loss aversion is
a dislike for downside risk, especially pronounced if it means losing money. In prospect theory,
people become risk seeking in loss making situations (Kahneman and Tversky 1979). Since then, a
number of studies have incorporated the concept of loss aversion in decision making (Rivers and
Arvai 2007), in marketing (Hardie et al. 1993; Genesove and Mayer 2001), in portfolio management
(Haigh and List 2005), in forecasting (Kermer et al. 2006), in risk (Quattlebaum 1988; Thaler et al.
1997; Rivers and Arvai 2007), in employment (Dickinson and Oaxaca 2009) and other areas. Closer to

our domain, the loss aversion concept of prospect theory has been used to explain government
behavior: why do superpowers prefer to have continued risky military interventions in the periphery
(Taliaferro 2004). In this paper, we extend these loss aversion explanation of government behavior
to legislation.

The competition of the two mobile banking models raises the questions of what regulation
permits and enables each model and how legislation has evolved in these countries. These are
the central questions treated in this paper. In this paper, we first provide a background to the
different risks inherent in mobile banking and conventional ways to treat them through
regulation. We then examine the recent changes in banking regulations in these four countries
to study the similarities and differences and to see if we can link the evolution in regulation to
the mobile banking model opted by the country. We provide a few directions for future
research directions before concluding.

BACKGROUND: Risks in Mobile Banking

The purpose of regulation is to reduce risk. This could be by reducing conflicts between the
different parties involved and reducing the risk of failure of the parties. The risks which are
inherent in mobile banking are those inherited from both banking and from telephoning, as
well as new risks unique to mobile banking. We will first overview the risks inherent in
banking and telecommunication and the normal banking regulations and telecom regulations
which are introduced to overcome these, before examining new risks introduced by mobile

Risks related to banking

Banking has developed over many centuries and therefore a good deal is known about the
risks involved, even though recurrent financial crisis may suggest that either regulations or
observance is inappropriate. We could separate the risks inherent in banking as risks for the
bank, the risks for its clients and the risk for the economy. The risks for the parties are often a
function of who is giving the cash. In lending money, the bank is taking the risk; in depositing
money, the client is taking the risk.
There is a vast literature on banking risks: the banker's risks include credit risks, liquidity
risks, solvability risk, operational risks, interest rate risks, foreign exchange risks and

reputation risks (Godlewski 2005; Irina and Irina-Stefana 2008). The credit risk is related to
loans and is the possibility or probability of non-repayment by the client/ counterparty and
concerns adverse selection as well as moral hazard. The liquidity risk is introduced by the fact
that banks have used depositor's money to lend money. If the depositors all come back on the
same day to withdraw the money, the bank would not have the means to honor its
commitments and would go bankrupt. The operational risk is the risk of losses from
operations owing to drastic increases in costs or falls in revenues as a result of inadequate or
failed internal processes, people and systems or from external events (Sathye 2005)
The interest rate risk is related to loans and interest bearing deposit accounts. An example of
such a risk is that the bank lends to a customer at a certain rate and thereafter the rates of
interest for the economy increase. The bank would therefore have made, at least, an
opportunity loss. In international transactions, interest rate risk is compounded by fluctuations
in foreign exchange rates since the loan is taken in one currency and repayments may have to
be translated back to that currency and because governments may not allow transfers
(Wetmore and Brick 1994; Staikouras 2005). There are also broader risks for the bank related
to its governance and its reputation.

The banking risks that the client may face include perceived moral hazard as well as fraud.
Moral hazard, in this case, would be the risk that the bank goes bankrupt or does not have
enough liquidity. Thus, if a depositor wants to withdraw cash, it is the risk that the bank or the
particular branch does not have adequate cash. This may be either because the bank's reserve
is inadequate or because the bank does not want to keep cash in many different outlets
because of risk of theft or because of the costs of idle cash lying around. In any case, the
result for the depositor is the same. A second risk is an identity risk: what if someone else
withdraws the money in his name and the bank gives that money to the person?

The risks to the economy in general are resulting from the money creation function as well as
the money distribution function. The former risk is because by giving credit, the bank is
creating money and this adds to the money supply and can create inflation. The distribution
risk is that the bank may be a conduit for laundering money from illicit activities or that it
may be used to finance terrorist activities. The Financial Action Task Force (FATF) sets
international AML/CFT standards and oversees compliance monitoring. It calls for national-level
regulatory regimes to require that adequate customer due diligence (CDD) be undertaken on all new
accounts. CDD is also known as You're your Customer (KYC) norms (Isern and Koker 2009).

To overcome banking risks to bankers as well as the economy, governments put in force
regulations such as Minimum capital requirements, governance requirements, capital
adequacy norms, Reserve and liquidity norms, licenses, benchmarks for asset quality, antimoney laundering laws, laws combating terrorism and limitations on risk exposure and insider
lending. The bank's internal governance procedure also requires identity checks. These are
reinforced with reporting requirements, sanctions and corrective actions, deposit insurance
schemes and institutional overview and off-site surveillance.

Risks Related to Telecommunications

The risks related to telecommunications could also, similarly, be divided into three categories:
risk for the telecom operator, risks for telephone users and risks for the system.

The telecom industry is notable for the high fixed costs of entry. The biggest fixed cost is
laying down telephone wires. The development of mobile phones has helped get over this
huge cost. Nevertheless, there are still costs of relaying towers or satellite connections, as well
as all the software required, which can be major investments. Second, as in any high
technology field, the risks of obsolescence can be very high. At the same time, to succeed, a
large outreach is required. The returns to networks are a power function and each new
customer adds considerably to the value of the network.

For customers, the risks associated with telephoning can be labeled as interoperability issues,
lock-in clauses, identification or billing costs and privacy costs. Interoperability, the basis for
sharing is a key consideration of any networked business. Once the customers have an account, they
will want to use it for many types of payments. The value to customers of joining the network depends
on how many of their friends, business counter parties, agents are connected to the network. Hence
interoperability of mobile banking service provider should be a equalizer. Interoperability is
required for Terminal equipment, Transaction switching, Interbank clearing and Interbank settlement
(Lyman et al. 2008). Interoperability issues arise if the user's telecom only allows users to

contact users in the same network or limited networks who have an agreement with the
telecom on a bilateral basis. Lock-in clauses mean that it is costly for unsatisfied customers to
exit for some predetermined period of time. Identification costs are based on the need for
billing to ensure that one does not get billed for calls that one does not make and that the call
duration is reported correctly and that all discounts offered have been incorporated in the bill.

Privacy issues mean that it should not be possible for others to listen in to the conversation
and that nobody should have access to statistics on who is calling whom. This kind of data is
very useful to marketers who would like to target specific persons to call.

Systematic risks are those which can impact the whole economy. This could be the high cost
of allowing multiple operators to enter, in which case all of them have high entry costs, no
one reaches break-even and most are forced to exit. The economy pays a high price. A second
systematic risk is if the telecom network is being used by people to organize terrorism.
Thanks to telecommunications, terrorists do not need to physically meet. This means that it is
more difficult to identify them and catch them. Police officials usually demand access to data
on who suspected terrorists are calling on their phones. Therefore, there is some conflict
between privacy and public interest needs.

Telecommunication regulations usually provide strict guidelines on interoperability, universal

operators who provide common services, identification and privacy issues. A certain amount
of encrypting may be required to ensure confidentiality of SMS messages.

New risks introduced by Mobile Banking

Mobile banking has all the above risks, both of banking and telecommunications. However,
putting the two together upscales some of the risks and adds new dimensions of fears. Mobile
banking is not the first technological innovation in banking. Internet transaction banking, a
recent application, had led to fears that it would increase operational risk, but this was not
justified (Sathye 2005). However, the mobile telephone aspect may create different problems,
especially if it is not bank controlled. It is appropriate therefore to examine these risks and

First, banks are regulated by the Central Bank who is in charge of monetary policy including
money creation. In classical economic terms (MV=PT), mobile banking speeds up the
velocity of money (V increases) and this would lead to inflation (P increases), if the supply of
money (M) and the effective demand (T) remains the same. However, many more transactions
can take place since people have funds faster. Therefore, both the velocity of money (V) and
the number of real transactions (T) work faster and both the total money supply (MV) and

total demand increase simultaneously (PT). While this can usher in growth in Transactions
(T) as assumed above, but it may also lead to inflation (P) if there is full employment and full
capacity (conditions which seldom exist in poor countries) or if there are structural rigidities
preventing the effective demand meeting real supply (conditions which often exist), and
which therefore still needs to be monitored by the central bank. However, if the central bank
controls only the banks and not the telecom, a whole new sector is now financially included,
but is out of control of the monetary policy maker. This is especially true of telecom led
systems where cards or phones may be used to store value, effectively working as deposits. 3
However, economics has evolved and today it is believed that money creation is through the
money multiplier based on the credit function used by commercial banks rather than the
printing of notes by the central bank or deposits with it (Holbecq and Derudder 2008) 4 .
Therefore, until such time that mobile operators provide credit, there is no fear on the money
supply function. It may be noted that the Central Bank may require the Telecom to deposit the
float amount with a bank. Of course the bank could then use this deposit to multiply the
credit, but banks are within the ambit of existing monetary regulations.
Nevertheless, in view of the fact that there continues to be debate between economists on the
causes of inflation and its link to money supply, there is some uncertainty and risk and the
professional Central Bank Manager, would like to ensure that he has some control on Money
supply and would like only those within its purview to make money.
Second, prudential regulation using Basle 2 or earlier guidelines, protects banks and,
ultimately, their clients from the risk of banks going bankrupt. These regulations apply to
neither microfinance institutions nor telecoms. Since there is immense competition in the
telecom space, what would happen if one telecom operator decides to exit? The small savers
lose their deposits. Some of these problems exist with prepaid telecom cards. This is why
telephone cards in Europe, for example, are now required to indicate expiry dates. Thus,
people who could buy cards only for rainy days are now discouraged from investing in them.
Thus, if telephone cards have to play a part in the savings for precautionary motive, the
depositor must be protected from telecoms who could shut down.

For improving this paragraph and helping improve our understanding, our thanks to Claude Gnos and JeanMichel Servet who pointed out that there was a problem with the previous version and our understaning.
Thanks to Marek Hudon who sent us the book and to Christine Sinapi who more or less summarized this view
in a paragraph.

In a microfinance-poor-consumer setting, although the amounts saved will not be large in

absolute terms, they may represent a substantial proportion of wealth. So the issue of
consumer protection arises. What would happen in the event that Safaricom became
insolvent? Is the M-PESA e-money float held with Central Bank of Africa (CBA) safeguarded
for "depositors" or is it at the mercy of the creditors of Safaricom?

The billing risk in telecommunications becomes a banking transaction risk in mobile banking.
Thus, identification risk multiplies in importance because a wrong number dialed means
money has been sent and needs to be brought back before the wrong recipient spends it. One
possibility is that the sender should know not only his bank account number but also the
account number of the recipient, in addition to his telephone number. Also, a new system of
codes is required to ensure that the person who is using the phone is also the person whose
bank / telecom account is being used to make a payment. This verification of identity is
especially important if the telephone is being shared by people for different bank accounts.

The risk of fraud is based on elusiveness and rapidity. Elusiveness is because one can use
hundreds of small mobile transactions to cover up huge movements of funds for illegal or
terrorism purposes. Their origins and destinations cannot be traced without some invasion of
privacy. Rapidity adds to this scenario because the transactions are real time and may be
completed and the account closed before the bank or the telecom operator can conform to any
anti-money laundering or anti-terrorist guidelines. Thus, the float time which can be used by
banks to address these issues ex-ante is lost to mobile bankers who can do this check only expost. One way to do this is to have an authentication check of an id with photo (and keeping a
copy on record) at the time each new mobile telephone is put into use and each time a new
stored value or deposit account is opened.

The risk of privacy of information also increases. Now, the mobile operator, is not only privy
to the conversations of a person, but all his financial information transacted online as well. All
these risks increase if monopoly power of the leading mobile banker, often the universal
operator, increases. Another type of risk faced is delay in the receipt of SMSs during peak
texting hours (Morawczynski and Miscione 2008).

Interoperability, so useful to network power-functions, dynamically increases mobile banking

risks. Just as the strength of a chain is based on its weakest link, it is sufficient for one

telecom operator to be weak (operationally or financially) for the whole network to be

impacted. Each operator would be content to supervise it's own users. This is why both
GCASH and SMART in the Philippines prefer to limit their services to people in their own
network. However, when the system is based on interoperations of payments between
operators, as is the case with Wizzit in South Africa, new opportunities arise but risks also
multiply, necessitating supervising authorities. The largest player usually does not want
interoperability because the others have more to gain from its system than it has to gain by
using the smaller systems. Interoperability has technological problems of telephoning but also
problems of banking such as clearing and settlement challenges and consumer protection
(including mechanisms to cater for disputes, warranties and claims), besides the special
encrypting and decrypting which may be necessary for SMS based mobile banking transfers.
Interoperability is required for terminal equipment, transaction switching, interbank clearing
and interbank settlement. The risk here is non-co-operation among the providers to build a
broad basis of an interoperable network (Mas 2008).

A large part of these risks depends on the ability of the government to impose financial
service regulations and supervision on Mobile Bankers.

MAIN TOPIC: Mobile banking Regulation as a response to these risks

It is generally agreed that mobile banking, despite all the risks, needs to be encouraged to
permit the unbanked to avail of financial services, which could reduce the cost of living for
them as well as allow banks and telecom realize their fortune at the bottom of the pyramid.
Therefore, any regulation to this sector should be enabling, ie. open to the startup and growth
of new and varied models and inducing certainty, both for providers investing capital taking
risk, as well as consumers entrusting funds to new m-banking providers, whether banks,
telcos or other entities. This openness may require a new look at what constitutes e-money
and how it might impact money supply, inflation and other economic indicators. It should also
insist on interoperability so that money can be transferred between operators, even if doing so
increases the risks and costs of supervision.

At the same time, if the regulation does not significantly reduce the risks, initial losses caused
to poor people may spread the word and the intended benefits would neither be reaped for the

poor nor for industry. Therefore, any intended regulation needs to be conservative because we
are dealing with money, which is the essential core of an economy. This tradeoff between the
need for conservatism and the need for enabling is often referred to as proportional regulation.
The key feature of proportional regulations would be that restrictions imposed on an industry
should be related to the benefits expected from those restrictions.

In the financial industry sense, Lyman et al (2008) provided an example of the conflict
between enabling and conservative concerns. The development of microfinance through
mobile banking requires building agent networks to go where banks do not. These agents need
to be regulated. At the same time,KYC norms applied to banks would not allow them to use
agents. Perhaps, this could be balanced by proportionality in as much as regulations on the
stored value accounts of GCash in the Philippines and MPESA in Kenya may need to be
lighter than the prudential norms applied to a full banking transaction account (Lyman et al.

Hannes interprets proportional in this sense and looks at identity risk in terms of Know Your
Customer requirements related to anti-money-laundering and combating financial terrorism
legislations. He suggests that the lowest layer or tier should provide for very little KYC (or
client identification), but should be very strict regarding limits and functionality. With higher
levels of compliance, more rigor could be added to the registration and client management
process, but at the same time, more functions and higher limits are associated with the

We will now look at the legislation relating to mobile banking passed in the European Union
and in four developing countries that have been early innovators in this field, note their
similarities and propose a possible theoretical conceptualizing to cover regulation for mobile

A. Case Studies in Mobile Banking Regulations

The mobile banking regulations need to be researched piece-meal and put together since they
come from many different laws, decrees and circulars which essentially modify the existing
banking and telecom laws to permit the additional activity of mobile banking. In different
countries, the evolution of the law may permit only some banking activities and not others.

The areas we looked at our whether agents are allowed to open accounts, who can issue
emoney, KYC legislation, transaction sizes limits and balance limits. To the extent that KYC
regulation is often required for all telephone numbers, no additional mobile banking impact is
required. However, in countries where you can buy Sims cards and prepaid telephone cards
from street hawkers, KYC legislation may be a bit lax.

Our investigation concerned the four countries (Kenya, Philippines, South Africa and India)
where mobile microfinance is emerging as well as a rich group of countries (the European
Union) to benchmark and act as a control to generalizations.

The new Directive 2009/110/EC 5 on the taking up, pursuit and prudential supervision of the
business of electronic money institutions replaces the existing Directive 2000/46/EC. The
revised directive seeks to remove the high regulatory barriers preventing the development of
an electronic money market in the EU and seeks to set reasonable conditions for the business
operations of electronic money institutions.
European regulators try to distinguish between spending products (electronic money) and
savings products (deposit taking). For this reason, interest on electronic money balances is
banned in Europe.
An important change to the EU regulation came from the legalization of hybrid electronic
money institutions, i.e. institutions that perform other activities in addition to the issuance of
electronic money. The funds of emoney custormers have to be separated from that of the rest
of the business, according to the 2009 directive.
In this 2009 directive, agents are allowed to distribute emoney but not to issue new emoney.
Electronic money institutions are subjected to effective anti-money laundering and antiterrorist financing rules
Another fundamental change in the 2009 directive is the reduction in the regulatory burden
placed on electronic money institutions and the convergence of their status with the conditions
for payment institutions under the Payment Services Directive. In terms of capital
5, (official Journal of

European Union dated 10/10/2009)

requirements, initial capital is reduced from the current EUR 1 million to EUR 350,000, i.e. to
approximately one-third.
There is no protection for consumers against the failure of an electronic money issuer in
Europe because the authorities assume that the products will be used for spending and not for
saving and that therefore substantial balances will not be carried. However, this distinction,
however valid it may be in Europe, is not helpful when discussing the needs of poor
consumers in developing countries who may use the same electronic purse for spending,
budgeting and saving, whether legally permitted or not.

In the Philippines, too, emoney is not considered as deposits. E-money can be issued by
banks, NBFIs as well as other institutions (money transfer agents). It has to be issued and
redeemed at par and cannot earn interest nor have insurance attached to it. Redemption fees
need to be indicated in advance.
The Money transfer institutions have to be large enough to be considered safe. As a result,
they need to have a minimum capital of 100 million pesos (about 45 pesos to a dollar). Their
activities are limited to e-money issuance and related activities such as money transfer/
remittances, but not credit.
E money issuers have to maintain the equivalent of the money issued either in bank deposits
or in government securities. They also have to obtain a quasi-banking license from the central
The issuer has to ensure that their distributors/ agents comply with the requirements of AML
In 2006, the Central Bank of Philippines passed a circular 6 for consumer protection from
electronic banking, relating to the requirements to safeguard customer information; prevention
of money laundering and terrorist financing; reduction of fraud and theft of sensitive customer
information; and promotion of legal enforceability of banks electronic agreements and
A key aspect of this policy is to remind top management of banks that the oversight for
mobile banking was their responsibility. A special emphasis was given on managing risks
linked to increased complexity associated with outsourcing and third-party dependencies to
perform critical e-banking functions.

Risk management and internal controls had to be established to ensure information security
including authentication, account origination and customer verification, and monitoring and
reporting of E-banking transactions. In the internet and wireless banking measures of this
circular, the bank requires network controls, operating system controls, encryption,
authentication and appropriate anti-virus programs as well as intrusion detection programs to
be installed to ensure security of data and money. It also requires audit trails to record
movement of money as well as dropped transactions.
Layered encryption: Where risk assessments indicate that the use of single-factor
authentication is inadequate, banks should implement multifactor authentication (e.g., ATM
card and PIN), layered security, or other controls reasonably calculated to mitigate those risks.
End to end encryption was recommended for highly sensitive data such as customer's
Moreover, the banks have to implement a consumer awareness program. Examples of such
awareness are "Do not disclose your Mobile Banking Pin (MPIN) to anyone; regularly change
the PIN; if the phone is stolen, report the incident to the bank; and keep a copy of the
transaction number."
Finally, the 2006 circular covered disclosure polices as well as record keeping. The disclosure
policies include who is liable for unauthorized or fraudulent transactions.

The Philippines central bank has placed restriction on the amount that can be maintained in
SMART Cash and G-Cash accounts. In 2009, the BSP (Bangko Sentral ng Pilipinas), fixed
emoney per customer as 100,000 pesos. In case a bank issues more than one kind of emoney,
it has to ensure that the total of money issued to one customer is less than this limit.
In the Philippines, receipt of cross border remittance is also permitted.

In Kenya, for non face-to-face contacts, two cross verification identification checks are
required. These could be one for the address and one for the identity. For non-residents, an
introduction from a banker in the home country can be sought.
Receipts of cross border remittances are allowed
A law on mobile banking is expected.

South Africa

It is interesting to note the differences between the earlier positions on electronic money with
that used by South Africa in an updated position paper (2009) on electronic money. "For
purposes of this position paper, e-money is defined as monetary value represented by a claim
on the issuer. This money is stored electronically and issued on receipt of funds, is generally
accepted as a means of payment by persons other than the issuer and is redeemable for
physical cash or a deposit into a bank account on demand." Thus, consistent with a bank led
model, South Africa accepts that the money can be placed in a bank account.

What complicates the South African position is that payment of bills are considered payment
services, but transfer payments between people (remittences) are considered deposits. As a
result only banks can issue e-money!
The South African regulation on Mobile banking7, called Cell-phone banking by the Reserve
Bank of South Africa, is quite interesting in respect to the procedure for respecting reduced
AML requirements.

For AML, mobile banking can be exempt for the face-to-face account opening and is thus
subject to lower requirements. But because of these lower requirements, it is limited to very
certain conditions. For example, only South African citizens and residents are allowed to be
offered a mobile bank account since they have a South African identity number. Verification
of the identity is cross-verified using other data bases such as those of the department of
Home Affairs. Moreover, if there is no face-to-face verification of the initial account opening,
transactions are limited to Rial 1000 per day. To exceed this limit, a face to face verification is
required. A person can open only one account using non face-to-face account opening

Otherwise, even with face to face verification, there is no need to check the physical address
if the accounts have overall daily limits for transactions of 5000 Rials per day within a limit
of 25000 rials per month for payments and 20000 per month for receipts, and a maximum
balance of 25000 rials per month. This is done because many people don't have a formal
address as they are living in unauthorized housing.

See also Porteous, David Porteous D (2006) Enabling Environment for Mobile Banking in Africa. In. DFID
available at


The objective of opening low cost bank accounts for the unbanked started in 2005 when the
RBI introduced its policy to encourage no frills accounts. Although, Indian public and
private banks have opened 15.8 million accounts (Ramji 2009), more than 85 percent are
dormant, primarily due to distance from bank branches, low financial literacy, and poor
marketing by banks in terms of communicating the purpose of the account (Venkatesan and

In 2006, following the example of Brazil, the RBI allowed banks to appoint certain types of
agents. Notably, FINO (a financial services technology provider) emerged and in little more
than three years, FINO has reached 10 million8 poor clients with various financial services on
behalf of banks.
Mobile banking guidelines came out in 20089 and were modified in 200910. Only banks who
have received one time approval from Reserve Bank are permitted to provide this facility to
customers. Banks can extend this facility only to their customers and their holders of
debit/credit cards. Banks can extend this facility through their business correspondents also in
order to promote financial inclusion.
Minimum Technology and Security Standards have been prescribed in the guidelines. Such
securities are to be viewed within the context of overall limits. Banks are now permitted (after
the 2009 modification) to offer this service to their customers subject to a daily cap of
Rs.50,000/- per customer for both funds transfer and transactions involving purchase of
goods/ services. Transactions up to Rs.1000/- can be facilitated by banks without end-to-end
encryption. Fund transfer service shall be provided by banks but the maximum value of such
transfers shall be Rs.5000/- per transaction and Rs.25,000/- per month, per customer. Blog dated Jan 21, 2010, consulted on Feb 18, 2010.

The original operative guidelines (RBI/2008-09/208 DPSS.CO.No.619/02.23.02/2008-09, October.8,

2008) can be found at
December 2009 Guidelines (RBI/2009-10/273 DPSS.CO.No.1357/02.23.02/2009 dated 24
Decemeer) were issued to amend some of the limits imposed by Mobile banking Transactions in
India Operative Guidelines for Banks/Press Release 2008-09 dated 19, 2008, of which one limit was
transaction limits of Rs.5000 for fund transfers and Rs.10,000 for purchase of goods and services.

The guidelines mandate interoperability among service providers to ensure prevention of

monopoly by one or a few mobile operators.

B. Findings: Comparison of legislations

In the different legislations, we find some common features between a few countries, but
rarely is the legislation the same in all the countries.
Most countries have placed some regulation on security norms. However, the regulation is
broad and does not indicate which technology is to be used for identification or
authentication. Instead, it imposes the burden of security on the supplier of the mobile
banking service.

In case of fraud, and the breaching of the security regulation, the courts will undoubtedly need
to fill in the law and decide on a case to case basis, on who is responsible. Obviously, if the
consumer is lax and divulges his code, he is responsible. Yet, it is important, in a setting of
illiterate poor consumers, that the mobile banker participates actively in educating the
consumer on his responsibility in keeping codes confidential. Since business correspondents
play a huge role in disseminating mobile banking, it is important that these agents apply
standardized protocols in educating clients. A key role is therefore being played on
identification of appropriate agents.

However, for hacking, the mobile banker may be responsible. The mobile banker may itself
need to turn to the telephone operator to share a part of this responsibility. This sharing is not
clear from existing laws on mobile banking, but contract law would undoubtedly be applied.
Most countries which have legislated on the subject, using the banking correspondent model,
have indicated limits for transactions so that lower level of security is applicable to lower
levels of transactions. They have waived face to face authentication for low value accounts.
The exact numbers vary from country to country. Thus KYC norms pertaining to AML rules
are applied on a proportional basis. If there are transaction fees applied on each SMS/ phone
call, it is unlikely that money-launderers and terrorists will use a series of phone calls to
transfer small balances, because the system would have taxed them.

C. Conceptual evolution of regulatory design

To the extent that the evolution of regulation has been different in each of the countries
studied, we can say that there is some amount of path-dependency in the sense that history reinforces existing institutions. Since the money market is an established institution, and the
banking system is an institution on which a lot of trust and faith is reposed, it is normal that
many countries have been loss averse and preferred to reinforce the bank-led model.

As opposed to this conservative loss aversion, on the flip side, people like option value and
positive side volatility. This volatility would favour new innovations, especially if downside
systemic risk can be limited. This would explain that the EU has favored the operator led
model and has permitted stored value in non-bank operating cards and devices. To limit the
risk, it has ring-fenced its directive and excluded the possibility of e-money issuers taking
deposits which could have created interactions with the existing known money supply and
monetary policy options.

In Microfinance, it is well known that the poor have limited liability since they don't have the
possibility to lose anything. Thus in poor countries, loss aversion may be low and they may be
more open to experimenting with new notions of mobile banking. The laws created are to
provide certainly, required for private investors to invest. However, as the case of the absence
of legislation in Kenya illustrates, entrepreneurs may not wait for such laws, if they think they
can gain enough. Thus, innovation is preceding legislation, which is emerging in a protective


The Background section has already enumerated the risks to be covered by mobile banking.
Many of these risks are either covered by extant legislation, or need to be covered by new
legislations. Here are some regulatory issues which will probably need to be addressed.

The fist series of question pertains to proof. This may depend on the definition of an
electronic signature. Is the PIN a signature or less than a digital signature? When you pay be
credit card and you type your code, is it a signature? Are computer records admissible in court
(Kilonzo 2007)? Till recently, photocopies were not admitted in many countries.
The second is a series of questions relating to moral hazard. Can banks or telephone operators
or agents run away with the money? What if the ATM does not give money and you are

debited? In mobile banking, what about wrong numbers and the money transferred as a result?
Who has the burden of proof? (Kilonzo 2007). What happens if telecoms don't survive in the
face of competition? What happens if there is a failure of the system? In cheques and paper,
there is a receipt. In electronic transfers, there is no tangible receipt. Suddenly; the customer
has to beware and report any errors in the bank statement, within a specified period (60 days?)
(Kilonzo 2007).

A third series of issues stem from the fact that intangibles are the source of most of the value
of a firm. These intangibles include goodwill or the customer base. In a joint operation
between a bank and a telephone operator (no matter who is the leader), the question which is
emerging is who owns the customers (the last mile)? The answer may determine who has
access to the mailing lists, who can advertise to them and who can influence them.

A final series of questions pertains to the distribution of benefits between the private equity
investors of mobile banking and the customers, especially the poor customers. These are
broad question of economic policy and economic regulation of the system and pose large
question whether the fortune at the bottom of the pyramid if for rich people with the latest
technology to exploit.


New technology of mobile telecommunication has enabled new economic relationships with
unbanked as well as the banked, called mobile banking. These new economic relationships are
being constrained by the existing institutional framework of banks and central bank
supervision which may be constraining development. At the same time, government
regulators seem to be learning from experiences in other parts of the world to create enabling
environments to permit this innovation.

This paper has looked at the risks involved in mobile banking, this new sector coming from a
fusion between mobile and banking. It has then surveyed some of the key aspects of
regulatory response to these risks in a few countries. This regulatory evolution is based on
conservative evolution, mimetic influence of legislative developments in other countries and

the desire to create huge gains from latest technological evolution. We find that mobile
banking regulation has covered some of the new risks created by this new technology.
However, the risks covered and the regulations used vary from country to country, even
though common recourse to limits of transaction sizes is made.

The two models, bank led model and telecommunication led model require different kinds of
legislations. Relatively advanced countries like India and South Africa have a lot to lose and
would like to ensure that banking is safely entrusted to bankers. Countries in which the
proportion of banked people are much less, can afford to experiment with other operators
coming in. Very advanced countries, such as the EU, can ring fence their banking operations
and can thus play on the upside potential of telecommunications led payment systems.

Many problems remain to be resolved. Regulations, like other institutions, evolve

incrementally. Moreover, since the concord of a number of actors has to be achieved through,
perhaps, horse-trading, only those aspects get covered by legislation as are subject to broad

Armendariz B, Morduch J (2005) The Economics of Microfinance. MIT Press, Cambridge, MA
Ashta A (2009) Creating a World Without Poverty: Social Business and the Future of Capitalism.
Journal of Economic Issues (M.E. Sharpe Inc.) 43: 289-290
Ashta A (ed) (In Press) Advanced technologies for microfinance: Solutions and challenges. IGI Global,
Hershey, PA
Bhavnani A, Chiu RW-W, Janakiram S, Silarszky P (2008) The Role Of Mobile Phones In Sustainable
Rural Poverty Reduction. In. World Bank, ICT Policy Divisin, GICT
Dickinson DL, Oaxaca RL (2009) Statistical Discrimination in Labor Markets: An Experimental Analysis.
Southern Economic Journal 76: 16-31
Dowla A, Alamgir D (2003) From microcredit to microfinance: evolution of savings products by MFIs
in Bangladesh. Journal of International Development 15: 969-988
MARKET. Quarterly Journal of Economics 116: 1233-1260
Godlewski CJ (2005) Bank capital and credit risk taking in emerging market economies. Journal of
Banking Regulation 6: 128-145
Haigh MS, List JA (2005) Do Professional Traders Exhibit Myopic Loss Aversion? An Experimental
Analysis. Journal of Finance 60: 523-534
EFFECTS ON BRAND CHOICE. Marketing Science 12: 378

Holbecq A-J, Derudder P (2008) La dette publique, une affaire rentable: A qui profite le systme?
Editions Yves Michel, Gap, France
BANKING ACTIVITY. Annals of the University of Oradea, Economic Science Series 17: 701-704
Isern J, Koker LD (2009) AML/CFT: Strengthening Financial Inclusion and Integrity. In: Focus Note 56.
Consultative Group to Assist the Poor (CGAP), Washington D.C.
Kahneman D, Tversky A (1979) Prospect Theory: An Analysis Of Decision Under Risk. Econometrica
47: 263-291
Kermer DA, Driver-Linn E, Wilson TD, Gilbert DT (2006) Loss Aversion Is an Affective Forecasting
Error. Psychological Science 17: 649-653
Kilonzo KD (2007) An Analysis of the Legal Challenges posed by Electronic Banking. Kenya Law Review
1: 323-341
Lyman TR, Pickens M, Porteous D (2008) Regulating Transformational Branchless Banking: Mobile
Phones and Other Technology to Increase Access to Finance. In: Focus Note 43. Consultative
Group to Assist the Poor (CGAP), Washington, DC
Mas I (2008) Realizing the Potential of Branchless Banking: Challenges Ahead. In: Focus Note 50.
Consultancy Group to Assist the Poor (CGAP), Washington, D.C.
Mas I, Rotman S (2008) Going Cashless at the point of sale : Hits and Misses in Developing Countries.
In: Focus Note 51. Consultative Group to Assist the Poor (CGAP), Washington D.C.
Morawczynski O, Miscione G (2008) Exploring Trust In Mobile Banking Transactions: The Case Of MPesa In Kenya. In: C. Avgerou M, Smith L, Besselaar Pvd (eds) Social Dimensions of
Information and Communication Technology Policy. Springer, Boston, pp 287-298
Pelikan P (2003) Bringing institutions into evolutionary economics: another view with links to
changes in physical and social technologies. Journal of Evolutionary Economics 13: 237
Pickens M, David Porteous a, Rotman S (2009) Banking the Poor through G2P Payments. In: Focus
Note. CGAP and DFID, Washington, D.C
Porteous D (2006) Enabling Environment for Mobile Banking in Africa. In. DFID
Financial Planning 1: 66
Ramji M (2009) Financial Inclusion in Gulburga: Finding Usage in Access. In: IFMR Working paper 26.
Institute of Financial Management and Research, Chennai, India
Rivers L, Arvai J (2007) Win Some, Lose Some: The Effect of Chronic Losses on Decision Making Under
Risk. Journal of Risk Research 10: 1085-1099
Rosenberg R, Gonzalez A, Narain S (2009) The New Moneylenders: Are the Poor Being Exploited by
High Microcredit Interest Rates? In: Occasional Paper 15. Consultancy Group to Assist the
Poor (CGAP), Washington, D.C.
Sathye M (2005) The impact of internet banking on performance and risk profile: Evidence from
Australian credit unions. Journal of Banking Regulation 6: 163-174
Shankar S (2007) Transaction costs in group microcredit in India. Management Decision 45: 13311342
Staikouras SK (2005) Multinational Banks, Credit Risk, and Financial Crises. Emerging Markets Finance
& Trade 41: 82-106
Taliaferro JW (2004) Power Politics and the Balance of Risk: Hypotheses on Great Power Intervention
in the Periphery. Political Psychology 25: 177-211
Thaler RH, Tversky A, Kahneman D, Schwartz A (1997) The Effect of Myopia and Loss Aversion on Risk
Taking: An experimental Test. Quarterly Journal of Economics 112: 647-661
Van Den Bergh JCJM, Stagl S (2003) Coevolution of economic behaviour and institutions: towards a
theory of institutional change. Journal of Evolutionary Economics 13: 289
Veblen T (1898) Why Is Economics Not an Evolutionary Science? Quarterly Journal of Economics 12:
Venkatesan J, Thyagarajan S CostBenefit and Usage Behaviour Analysis of No Frills Accounts.

Wetmore JL, Brick JR (1994) Commercial Bank Risk: Market, Interest Rate, and Foreign Exchange.
Journal of Financial Research 17: 585
Witt U (2008) What is specific about evolutionary economics? Journal of Evolutionary Economics 18:
Yunus M (2003) Banker to the Poor: Micro-Lending and the Battle Against World Poverty, . Public
Affairs., New York